X-Git-Url: https://git.grml.org/?p=grml-debootstrap.git;a=blobdiff_plain;f=grml-debootstrap;h=823d876768eadab34bb5ae766e38043ac909feae;hp=1c5d8b7e7bb0b02bb6217fdf3834ce82f55e526a;hb=d59f0ebfda66926978b24482ede6b43e9ad51d5a;hpb=1fcd407ef06d457126c089c53b40a0af4a0acf2b diff --git a/grml-debootstrap b/grml-debootstrap index 1c5d8b7..823d876 100755 --- a/grml-debootstrap +++ b/grml-debootstrap @@ -2,7 +2,7 @@ # Filename: grml-debootstrap # Purpose: wrapper around debootstrap for installing plain Debian via Grml # Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ +# Bug-Reports: see https://grml.org/bugs/ # License: This file is licensed under the GPL v2+ ################################################################################ @@ -72,7 +72,7 @@ MNTPOINT="/mnt/debootstrap.$$" [ -n "$POST_SCRIPTS" ] || POST_SCRIPTS='yes' [ -n "$PRE_SCRIPTS" ] || PRE_SCRIPTS='yes' [ -n "$RECONFIGURE" ] || RECONFIGURE='console-data' -[ -n "$RELEASE" ] || RELEASE='stretch' +[ -n "$RELEASE" ] || RELEASE='buster' [ -n "$RM_APTCACHE" ] || RM_APTCACHE='yes' [ -n "$SCRIPTS" ] || SCRIPTS='no' # deprecated, replaced by POST_SCRIPTS [ -n "$SECURE" ] || SECURE='yes' @@ -80,6 +80,7 @@ MNTPOINT="/mnt/debootstrap.$$" [ -n "$TUNE2FS" ] || TUNE2FS='tune2fs -c0 -i0' [ -n "$UPGRADE_SYSTEM" ] || UPGRADE_SYSTEM='yes' [ -n "$VMSIZE" ] || VMSIZE="2G" +[ -n "$GRUB_INSTALL" ] || GRUB_INSTALL='yes' # inside the chroot system locales might not be available, so use minimum: export LANG=C @@ -102,7 +103,7 @@ Bootstrap options: -m, --mirror Mirror which should be used for apt-get/aptitude. -i, --iso Mountpoint where a Debian ISO is mounted to, for use instead of fetching packages from a mirror. - -r, --release Release of new Debian system (default: stretch). + -r, --release Release of new Debian system (default: buster). -t, --target Target partition (/dev/...) or directory where the system should be installed to. -p, --mntpoint Mountpoint used for mounting the target system, @@ -154,6 +155,8 @@ Configuration options: --hostname Hostname of Debian system. --nopassword Do not prompt for the root password. --password Use specified password as password for user root. + --sshcopyauth Use ${HOME}/.ssh/authorized_keys to authorise root login on the target system. + --sshcopyid Use locally available public keys to authorise root login on the target system. --bootappend Add specified appendline to kernel whilst booting. --chroot-scripts Execute chroot scripts from specified directory. --pre-scripts Execute scripts from specified directory (before chroot-scripts). @@ -168,7 +171,7 @@ Other options: -V, --version Show summary of options and exit. Usage examples can be found in the grml-debootstrap manpage. -Send bugreports to the grml-team: bugs (at) grml.org || http://grml.org/bugs/ +Send bugreports to the grml-team: bugs (at) grml.org || https://grml.org/bugs/ " } @@ -265,7 +268,7 @@ cleanup() { # ugly, but make sure we really don't leave anything (/proc /proc and # /dev /dev are intended, trying to work around timing issues, see #657023) - for ARG in /sys /proc /proc /dev/pts /dev/pts /dev /dev ; do + for ARG in /run/udev /sys /proc /proc /dev/pts /dev/pts /dev /dev ; do [ -x "$MNTPOINT"/bin/umount ] && chroot "$MNTPOINT" umount $ARG >/dev/null 2>&1 umount "$MNTPOINT"/$ARG >/dev/null 2>&1 done @@ -298,7 +301,13 @@ cleanup() { if [ -n "${ORIG_TARGET}" ] ; then einfo "Removing loopback mount of file ${ORIG_TARGET}." - kpartx -d "${ORIG_TARGET}" ; eend $? + kpartx -d "${ORIG_TARGET}" + # Workaround for a bug in kpartx which doesn't clean up properly, + # see Debian Bug #891077 and Github-PR grml/grml-debootstrap#112 + if dmsetup ls | grep -q "^${LOOP_PART} "; then + kpartx -d "/dev/${LOOP_DISK}" >/dev/null + fi + eend $? fi } @@ -327,10 +336,6 @@ stage() { } # }}} -# make sure we have what we need {{{ -check4progs debootstrap || bailout 1 -# }}} - # source main configuration file {{{ if [ -r /etc/debootstrap/config ] ; then # shellcheck disable=SC1091 @@ -339,7 +344,7 @@ fi # }}} # cmdline handling {{{ -CMDLINE_OPTS=mirror:,iso:,release:,target:,mntpoint:,debopt:,defaultinterfaces,interactive,nodebootstrap,nointerfaces,nokernel,nopackages,filesystem:,config:,confdir:,packages:,chroot-scripts:,scripts:,post-scripts:,pre-scripts:,debconf:,vm,vmfile,vmsize:,keep_src_list,hostname:,password:,nopassword,grmlrepos,backportrepos,bootappend:,grub:,efi:,arch:,insecure,verbose,help,version,force,debug,contrib,non-free,remove-configs +CMDLINE_OPTS=mirror:,iso:,release:,target:,mntpoint:,debopt:,defaultinterfaces,interactive,nodebootstrap,nointerfaces,nokernel,nopackages,filesystem:,config:,confdir:,packages:,chroot-scripts:,scripts:,post-scripts:,pre-scripts:,debconf:,vm,vmfile,vmsize:,keep_src_list,hostname:,password:,nopassword,grmlrepos,backportrepos,bootappend:,grub:,efi:,arch:,insecure,verbose,help,version,force,debug,contrib,non-free,remove-configs,sshcopyid,sshcopyauth _opt_temp=$(getopt --name grml-debootstrap -o +m:i:r:t:p:c:d:vhV --long \ $CMDLINE_OPTS -- "$@") @@ -453,6 +458,12 @@ while :; do --nopassword) # Skip password dialog _opt_nopassword=T ;; + --sshcopyid) # Use locally available public keys to authorise root login on the target system + _opt_sshcopyid=T + ;; + --sshcopyauth) # Use .ssh/authorized_keys to authorise root login on the target system + _opt_sshcopyauth=T + ;; --grmlrepos) # Enable Grml repository _opt_grmlrepos=T ;; @@ -553,6 +564,8 @@ done [ "$_opt_defaultinterfaces" ] && USE_DEFAULT_INTERFACES="true" [ "$_opt_nointerfaces" ] && NOINTERFACES="true" [ "$_opt_nokernel" ] && NOKERNEL="true" +[ "$_opt_sshcopyid" ] && SSHCOPYID="true" +[ "$_opt_sshcopyauth" ] && SSHCOPYAUTH="true" [ "$_opt_bootappend" ] && BOOT_APPEND=$_opt_bootappend [ "$_opt_grub" ] && GRUB=$_opt_grub [ "$_opt_efi" ] && EFI=$_opt_efi @@ -581,6 +594,18 @@ if [ "$_opt_grub" ] && [ "$_opt_vmfile" ] ; then bailout 1 fi +if [ "${_opt_sshcopyid}" ] && [ "${_opt_sshcopyauth}" ] ; then + eerror "The --sshcopyid option is incompatible with --sshcopyauth, please drop either of them from your command line." + eend 1 + bailout 1 +fi + +if [ -n "$ISO" ] && [[ "$DEBOOTSTRAP" =~ mmdebstrap$ ]] ; then + eerror "The ISO option is incompatible with usage of mmdebstrap for bootstrapping." + eerror "Either drop the --iso ... option or use plain debootstrap instead." + eend 1 + bailout 1 +fi if [ "$DEBUG" = "true" ] ; then set -x @@ -594,7 +619,7 @@ fi [ "$_opt_version" ] && { einfo "$PN - version $VERSION" - einfo "Send bug reports to bugs@grml.org or http://grml.org/bugs/" + einfo "Report bugs via https://github.com/grml/grml-debootstrap/ or https://grml.org/bugs/" eend 0 exit 0 } @@ -608,6 +633,8 @@ fi # }}} # make sure we have what we need {{{ +check4progs "${DEBOOTSTRAP}" || bailout 1 + if [ -n "$VIRTUAL" ] ; then check4progs kpartx parted qemu-img || bailout 1 fi @@ -752,15 +779,17 @@ prompt_for_bootmanager() # ask for Debian release {{{ prompt_for_release() { - [ -n "$RELEASE" ] && DEFAULT_RELEASE="$RELEASE" || DEFAULT_RELEASE='stretch' + [ -n "$RELEASE" ] && DEFAULT_RELEASE="$RELEASE" || DEFAULT_RELEASE='buster' RELEASE="$(dialog --stdout --title "${PN}" --default-item $DEFAULT_RELEASE --menu \ "Please enter the Debian release you would like to use for installation:" \ - 0 50 5 \ + 0 50 8 \ lenny Debian/5.0 \ squeeze Debian/6.0 \ wheezy Debian/7.0 \ jessie Debian/8.0 \ stretch Debian/9.0 \ + buster Debian/10.0 \ + bullseye Debian/11.0 \ sid Debian/unstable)" [ $? -eq 0 ] || bailout } @@ -1129,7 +1158,7 @@ fi # Support for generic release codenames is unavailable. {{{ if [ "$RELEASE" = "stable" ] || [ "$RELEASE" = "testing" ] ; then eerror "Generic release codenames (stable, testing) are unsupported. \ -Please use specific codenames such as lenny, squeeze, wheezy, jessie or stretch." ; eend 1 +Please use specific codenames such as stretch or buster." ; eend 1 bailout 1 fi # }}} @@ -1180,6 +1209,12 @@ set_target_directory(){ if [ -b "$TARGET" ] || [ -n "$VIRTUAL" ] ; then PARTITION=1 else + # $TARGET was not detected as block device, but we do not want to create target directory in /dev/ + if [[ $TARGET == "/dev/"* ]]; then + eerror "Error: Will not create target directory $TARGET in /dev." + eerror " Please check the partition(s) of the blockdevice."; eend 1 + bailout 1 + fi set_target_directory fi # }}} @@ -1387,6 +1422,21 @@ prepare_vm() { bailout 1 fi + # make sure loop module is present and a usable loop device exists + modprobe -q loop + if ! losetup -f >/dev/null 2>&1; then + eerror "Error finding usable loop device" ; eend 1 + bailout 1 + fi + + # if dm-mod isn't available then kpartx will fail with + # "Is device-mapper driver missing from kernel? [...]" + modprobe -q dm-mod + if ! grep -q 'device-mapper' /proc/misc >/dev/null 2>&1 ; then + eerror "Device-mapper support missing in kernel." ; eend 1 + bailout 1 + fi + ORIG_TARGET="$TARGET" # store for later reuse if [ -n "$VMFILE" ]; then @@ -1404,25 +1454,6 @@ prepare_vm() { parted -s "${TARGET}" 'mkpart primary ext4 2M -1' parted -s "${TARGET}" 'set 1 boot on' - # if dm-mod isn't available then kpartx will fail with - # "Is device-mapper driver missing from kernel? [...]" - if ! kpartx -av "$TARGET" >/dev/null 2>&1 || ! grep -q 'device-mapper' /proc/misc >/dev/null 2>&1 ; then - einfo "Device-mapper not ready yet, trying to load dm-mod module." - modprobe dm-mod ; eend $? - fi - - # make sure loop module is present - if ! losetup -f >/dev/null 2>&1; then - einfo "Can not find a usable loop device, retrying after loading loop module." - modprobe loop - if losetup -f >/dev/null 2>&1; then - einfo "Found a usable loop device now, continuing." - else - eerror "Error finding usable loop device" ; eend 1 - bailout 1 - fi - fi - DEVINFO=$(kpartx -asv "$TARGET") # e.g. 'add map loop0p1 (254:5): 0 20477 linear 7:0 3' if [ -z "${DEVINFO}" ] ; then eerror "Error setting up loopback device." ; eend 1 @@ -1432,6 +1463,7 @@ prepare_vm() { # hopefully this always works as expected LOOP_PART="${DEVINFO##add map }" # 'loop0p1 (254:5): 0 20477 linear 7:0 3' LOOP_PART="${LOOP_PART// */}" # 'loop0p1' + LOOP_DISK="${LOOP_PART%p*}" # 'loop0' export TARGET="/dev/mapper/$LOOP_PART" # '/dev/mapper/loop1p1' if [ -z "$TARGET" ] ; then @@ -1441,11 +1473,15 @@ prepare_vm() { } # }}} -# make VM image bootable and unmount it {{{ -finalize_vm() { +# make VM image bootable {{{ +grub_install() { if [ -z "${VIRTUAL}" ] ; then return 0 fi + if [ "${GRUB_INSTALL}" != "yes" ] ; then + einfo "Not installing GRUB as requested via \$GRUB_INSTALL=$GRUB_INSTALL" + return 0 + fi if ! mount "${TARGET}" "${MNTPOINT}" ; then eerror "Error: Mounting ${TARGET} failed, can not continue." ; eend 1 @@ -1488,10 +1524,16 @@ if [[ -z "${GRUB}" ]] || ! dd if="${GRUB}" bs=512 count=1 2>/dev/null | cat -v | rm -f "${MNTPOINT}/tmp/core.img" fi - einfo "Updating grub configuration file." - if [ -n "$BOOT_APPEND" ] ; then - sed -i "/GRUB_CMDLINE_LINUX_DEFAULT/ s#\"\$# ${BOOT_APPEND}\"#" "${MNTPOINT}"/etc/default/grub + # workaround for Debian bug #918590 with lvm + udev: + # WARNING: Device /dev/... not initialized in udev database even after waiting 10000000 microseconds + if [ -d /run/udev ] ; then + einfo "Setting up bind-mount /run/udev" + mkdir -p "${MNTPOINT}"/run/udev + mount --bind /run/udev "${MNTPOINT}"/run/udev + eend $? fi + + einfo "Updating grub configuration file." chroot "${MNTPOINT}" update-grub case "$RELEASE" in @@ -1510,12 +1552,35 @@ fi sed -i "s;root=[^ ]\\+;root=UUID=$TARGET_UUID;" "${MNTPOINT}"/boot/grub/grub.cfg fi + # workaround for Debian bug #918590 with lvm + udev: + # WARNING: Device /dev/... not initialized in udev database even after waiting 10000000 microseconds + if mountpoint "${MNTPOINT}"/run/udev &>/dev/null ; then + einfo "Unmounting bind-mount /run/udev" + umount "${MNTPOINT}"/run/udev + eend $? + fi + umount "${MNTPOINT}"/proc umount "${MNTPOINT}"/sys umount "${MNTPOINT}"/dev/pts try_umount 3 "${MNTPOINT}"/dev + +} +# }}} + +# unmount VM image {{{ +umount_target() { + if [ -z "${VIRTUAL}" ] ; then + return 0 + fi + umount "${MNTPOINT}" kpartx -d "${ORIG_TARGET}" >/dev/null + # Workaround for a bug in kpartx which doesn't clean up properly, + # see Debian Bug #891077 and Github-PR grml/grml-debootstrap#112 + if dmsetup ls | grep -q "^${LOOP_PART} "; then + kpartx -d "/dev/${LOOP_DISK}" >/dev/null + fi } # }}} @@ -1573,6 +1638,7 @@ preparechroot() { # e.g. not with 4.2.37(1)-release (a.k.a 4.2+dfsg-0.1+deb7u3) of Debian wheezy [ -n "$ARCH" ] && echo "ARCH='$(sed "s,','\\\\'',g" <<<"${ARCH}")'" >> "$CHROOT_VARIABLES" [ -n "$BACKPORTREPOS" ] && echo "BACKPORTREPOS='$(sed "s,','\\\\'',g" <<<"${BACKPORTREPOS}")'" >> "$CHROOT_VARIABLES" + [ -n "$BOOT_APPEND" ] && echo "BOOT_APPEND='$(sed "s,','\\\\'',g" <<<"${BOOT_APPEND}")'" >> "$CHROOT_VARIABLES" [ -n "$CHROOT_SCRIPTS" ] && echo "CHROOT_SCRIPTS='$(sed "s,','\\\\'',g" <<<"${CHROOT_SCRIPTS}")'" >> "$CHROOT_VARIABLES" [ -n "$COMPONENTS" ] && echo "COMPONENTS='$(sed "s,','\\\\'',g" <<<"${COMPONENTS}")'" >> "$CHROOT_VARIABLES" [ -n "$CONFFILES" ] && echo "CONFFILES='$(sed "s,','\\\\'',g" <<<"${CONFFILES}")'" >> "$CHROOT_VARIABLES" @@ -1654,7 +1720,7 @@ preparechroot() { cp $VERBOSE -a -L "${CONFFILES}"/extrapackages/ "${MNTPOINT}"/etc/debootstrap/ - # make sure we can access network [relevant for cdebootstrap] + # make sure we can access network [relevant for cdebootstrap/mmdebstrap] [ -f "${MNTPOINT}"/etc/resolv.conf ] || cp $VERBOSE /etc/resolv.conf "${MNTPOINT}"/etc/resolv.conf # setup default locales @@ -1686,29 +1752,120 @@ allow-hotplug eth0 iface eth0 inet dhcp " + # add dhcp setting for Predictable Network Interface Names + if [ -x /bin/udevadm ]; then + tmpfile=$(mktemp) + for interface in /sys/class/net/*; do + udevadm info --query=all --path="${interface}" > "${tmpfile}" + # skip virtual devices, like bridges, vboxnet,... + if grep -q 'P: /devices/virtual/net/' "${tmpfile}" ; then + continue + fi + + # iterate over possible naming policies by precedence (see udev/net/link-config.c), + # use and stop on first match to have same behavior as udev's link_config_apply() + for property in ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH ID_NET_NAME_MAC ; do + if grep -q "${property}" "${tmpfile}" ; then + interface=$(grep "${property}" "${tmpfile}" | sed -n -e "s/E: ${property}=\([^\$*]\)/\1/p") + DEFAULT_INTERFACES="${DEFAULT_INTERFACES} +allow-hotplug ${interface} +iface ${interface} inet dhcp +" + break + fi + done + done + rm -f "${tmpfile}" + fi + if [ -n "$NOINTERFACES" ] ; then einfo "Not installing /etc/network/interfaces as requested via --nointerfaces option" ; eend 0 elif [ -n "$USE_DEFAULT_INTERFACES" ] ; then einfo "Installing default /etc/network/interfaces as requested via --defaultinterfaces options." + mkdir -p "${MNTPOINT}/etc/network" echo "$DEFAULT_INTERFACES" > "${MNTPOINT}/etc/network/interfaces" eend $? elif [ -n "$VIRTUAL" ] ; then einfo "Setting up Virtual Machine, installing default /etc/network/interfaces" + mkdir -p "${MNTPOINT}/etc/network" echo "$DEFAULT_INTERFACES" > "${MNTPOINT}/etc/network/interfaces" eend $? elif [ -r /etc/network/interfaces ] ; then einfo "Copying /etc/network/interfaces from host to target system" + mkdir -p "${MNTPOINT}/etc/network" cp $VERBOSE /etc/network/interfaces "${MNTPOINT}/etc/network/interfaces" eend $? else ewarn "Couldn't read /etc/network/interfaces, installing default /etc/network/interfaces" + mkdir -p "${MNTPOINT}/etc/network" echo "$DEFAULT_INTERFACES" > "${MNTPOINT}/etc/network/interfaces" eend $? fi # install config file providing some example entries if [ -r /etc/network/interfaces.examples ] && [ ! -r "$MNTPOINT/etc/network/interfaces.examples" ] ; then - cp /etc/network/interfaces.examples "$MNTPOINT/etc/network/interfaces.examples" + mkdir -p "${MNTPOINT}/etc/network" + cp /etc/network/interfaces.examples "$MNTPOINT/etc/network/interfaces.examples" + fi + + if [ -n "${SSHCOPYID}" ] ; then + AUTHORIZED_KEYS_SOURCE=${AUTHORIZED_KEYS_SOURCE:-$HOME/.ssh/authorized_keys} + AUTHORIZED_KEYS_TARGET=${AUTHORIZED_KEYS_TARGET:-$MNTPOINT/root/.ssh/} + if ssh-add -L >/dev/null 2>&1 ; then + einfo "Use locally available public keys to authorise root login on the target system as requested via --sshcopyid option." + mkdir -p "${MNTPOINT}"/root/.ssh + chmod 0700 "${MNTPOINT}"/root/.ssh + if ssh-add -L >> "${MNTPOINT}"/root/.ssh/authorized_keys ; then + eend 0 + else + eerror "Error: executing 'ssh-add -L' failed." + eend 1 + bailout 1 + fi + elif [ -f "$AUTHORIZED_KEYS_SOURCE" ]; then + einfo "copying '$AUTHORIZED_KEYS_SOURCE' to '$AUTHORIZED_KEYS_TARGET' as requested via --sshcopyid option." + mkdir -p "$AUTHORIZED_KEYS_TARGET" + chmod 0700 "$AUTHORIZED_KEYS_TARGET" + if cp "$AUTHORIZED_KEYS_SOURCE" "$AUTHORIZED_KEYS_TARGET" ; then + eend 0 + else + eerror "Error: copying '$AUTHORIZED_KEYS_SOURCE' to '$AUTHORIZED_KEYS_TARGET' failed" + eend 1 + bailout 1 + fi + else + eerror "Error: Could not open a connection to your authentication agent or the agent has no identities." + eend 1 + bailout 1 + fi + fi + + if [ -n "${SSHCOPYAUTH}" ] ; then + AUTHORIZED_KEYS_SOURCE=${AUTHORIZED_KEYS_SOURCE:-${HOME}/.ssh/authorized_keys} + + if ! [ -f "${AUTHORIZED_KEYS_SOURCE}" ]; then + eerror "Error: could not read '${AUTHORIZED_KEYS_SOURCE}' for setting up SSH key login." + eend 1 + bailout 1 + fi + + AUTHORIZED_KEYS_TARGET="${MNTPOINT}/root/.ssh/" + einfo "Copying '${AUTHORIZED_KEYS_SOURCE}' to '${AUTHORIZED_KEYS_TARGET}' as requested via --sshcopyauth option." + mkdir -m 0700 -p "${AUTHORIZED_KEYS_TARGET}" + if cp "${AUTHORIZED_KEYS_SOURCE}" "${AUTHORIZED_KEYS_TARGET}" ; then + eend 0 + else + eerror "Error: copying '${AUTHORIZED_KEYS_SOURCE}' to '${AUTHORIZED_KEYS_TARGET}' failed." + eend 1 + bailout 1 + fi + fi + + if [ -d /run/udev ] ; then + einfo "Setting up bind-mount /run/udev" + mkdir -p "${MNTPOINT}"/run/udev + mount --bind /run/udev "${MNTPOINT}"/run/udev + eend $? fi eend 0 @@ -1835,6 +1992,12 @@ umount_chroot() { fi if grep -q "$MNTPOINT" /proc/mounts ; then + if mountpoint "${MNTPOINT}"/run/udev &>/dev/null ; then + einfo "Unmounting bind-mount /run/udev" + umount "${MNTPOINT}"/run/udev + eend $? + fi + if [ -n "$PARTITION" ] ; then einfo "Unmount $MNTPOINT" umount "$MNTPOINT" @@ -1881,7 +2044,7 @@ remove_configs() { for i in format_efi_partition prepare_vm mkfs tunefs \ mount_target mountpoint_to_blockdevice debootstrap_system \ preparechroot execute_pre_scripts chrootscript execute_post_scripts \ - remove_configs umount_chroot finalize_vm fscktool ; do + remove_configs umount_chroot grub_install umount_target fscktool ; do if stage "${i}" ; then if "$i" ; then stage "${i}" 'done' && rm -f "${STAGES}/${i}"