X-Git-Url: https://git.grml.org/?p=grml-live.git;a=blobdiff_plain;f=etc%2Fgrml%2Ffai%2Fconfig%2Fhooks%2Finstsoft.GRMLBASE;h=f5c22d8c1d1d670e6e98d24b2a07e5c9b08543ad;hp=1b97e9ba2d7f17c68002f491ca237248838c51b0;hb=4585f1e73a919832d6431f5333821dae6f0e411d;hpb=14e56253bc02d4b362856a282915d03737441963 diff --git a/etc/grml/fai/config/hooks/instsoft.GRMLBASE b/etc/grml/fai/config/hooks/instsoft.GRMLBASE index 1b97e9b..f5c22d8 100755 --- a/etc/grml/fai/config/hooks/instsoft.GRMLBASE +++ b/etc/grml/fai/config/hooks/instsoft.GRMLBASE @@ -1,85 +1,127 @@ -#!/bin/sh -# Filename: /etc/grml/fai/config/hooks/instsoft.GRML -# Purpose: grml specific Debian installation in the chroot +#!/bin/bash +# Filename: ${GRML_FAI_CONFIG}/hooks/instsoft.GRMLBASE +# Purpose: Grml specific software installation in the chroot, executed after updatebase # Authors: grml-team (grml.org), (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2 or any later version. -# Latest change: Sun Nov 04 14:37:26 CET 2007 [mika] ################################################################################ set -u set -e -# visualize chroot inside zsh: -echo grml_chroot > $target/etc/debian_chroot +# if hooks/updatebase.GRMLBASE fails for whatever reason +# and can't skip instsoft.GRMLBASE we have to make sure +# we exit here as well +if [ -n "$BUILD_ONLY" ] ; then + "Exiting hooks/instsoft.GRMLBASE as BUILD_ONLY environment is set." + exit 0 +fi if [ "$FAI_ACTION" = "softupdate" ] ; then - echo "Softupdate of FAI via grml-live running" - - if [ -r /etc/resolv.conf ] ; then - if [ -r $target/etc/resolvconf/run/resolv.conf ] ; then - cat /etc/resolv.conf >> $target/etc/resolvconf/run/resolv.conf - else - cat /etc/resolv.conf >> $target/etc/resolv.conf - fi - fi + echo "Action $FAI_ACTION of FAI (hooks/instsoft.GRMLBASE) via grml-live running" + + # /etc/resolv.conf is usually a symlink, pointing out of the chroot. + # Make it a file with known contents. + rm -f "${target}"/etc/resolv.conf + cat /etc/resolv.conf >> "$target"/etc/resolv.conf if [ -r $target/etc/policy-rc.d.conf ] ; then sed -i "s/EXITSTATUS=.*/EXITSTATUS='101'/" $target/etc/policy-rc.d.conf fi - # make sure we prefer grml repository: - if [ -r /etc/grml/fai/apt/preferences ] ; then - cp /etc/grml/fai/apt/preferences $target/etc/apt/preferences + # we definitely don't want to fail running fai sofupdate just + # because of some well known bugs: + [ -d $target/etc/apt/apt.conf.d ] || mkdir $target/etc/apt/apt.conf.d + cat > $target/etc/apt/apt.conf.d/10apt-listbugs << EOF +// Check all packages whether they has critical bugs before they are installed. +// If you don't like it, comment it out. +//DPkg::Pre-Install-Pkgs {"/usr/sbin/apt-listbugs apt || exit 10"}; +//DPkg::Tools::Options::/usr/sbin/apt-listbugs ""; +//DPkg::Tools::Options::/usr/sbin/apt-listbugs::Version "2"; +EOF + + # work around /etc/kernel/postinst.d/zz-update-grub failing + # inside openvz environment, see #597084 + if ! $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/update-grub' ; then + echo "Diverting update-grub executable" + $ROOTCMD dpkg-divert --rename --add /usr/sbin/update-grub + $ROOTCMD ln -s /bin/true /usr/sbin/update-grub fi - if [ -r /etc/grml/fai/apt/sources.list ] ; then - if [ -L $target/etc/apt/sources.list ] ; then - rm $target/etc/apt/sources.list - fi - cp /etc/grml/fai/apt/sources.list $target/etc/apt/sources.list + # work around a bug which causes openvz to freeze when grub-probe is invoked + if ! $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/grub-probe' ; then + echo "Diverting grub-probe executable" + $ROOTCMD dpkg-divert --rename --add /usr/sbin/grub-probe + $ROOTCMD ln -s /bin/true /usr/sbin/grub-probe fi - # FAI softupdate does not execute upgrade, so let's do it on our own: + # Update package lists (so they exist at all), so we actually can + # install software. $ROOTCMD apt-get update - if [ -x $target/usr/bin/aptitude ] ; then - if $target/usr/bin/aptitude --help | grep safe-upgrade ; then - $ROOTCMD aptitude safe-upgrade + + if ! $ROOTCMD test -x /usr/bin/aptitude ; then + $ROOTCMD apt-get -y install aptitude + fi + + # newer aptitude versions won't remove essential packages using + # 'aptitude -f -y install file-rc' anymore, therefore force it: + $ROOTCMD aptitude -o Aptitude::ProblemResolver::Keep-All-Tier=60000 -f -y install file-rc + + # make sure we can upgrade automatically, + # even with unsigned repos, but only if user wants it + if [ "${FAI_ALLOW_UNSIGNED:-}" = "1" ] ; then + APTGET_OPTS="${APTGET_OPTS:-} --allow-unauthenticated" + APTITUDE_OPTS="${APTITUDE_OPTS:-} --allow-untrusted" + fi + + # make sure we don't fail when configuration files changed + APTGET_OPTS="${APTGET_OPTS:-} -o DPkg::Options::=--force-confdef -o DPkg::Options::=--force-confmiss -o DPkg::Options::=--force-confnew" + APTITUDE_OPTS="${APTITUDE_OPTS:-} -o DPkg::Options::=--force-confdef -o DPkg::Options::=--force-confmiss -o DPkg::Options::=--force-confnew" + + if $ROOTCMD test -x /usr/bin/aptitude ; then + if $ROOTCMD aptitude --help | grep -q safe-upgrade ; then + APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none $ROOTCMD aptitude -y $APTITUDE_OPTS safe-upgrade else - $ROOTCMD aptitude upgrade + APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none $ROOTCMD aptitude -y $APTITUDE_OPTS upgrade fi else - $ROOTCMD apt-get upgrade + APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none $ROOTCMD apt-get -y $APTGET_OPTS --force-yes upgrade fi -else # no softupdate but fresh installation - -# work around http://trac.lighttpd.net/trac/ticket/657 -# should be removed later on: -echo "Acquire::http::Pipeline-Depth "0"; // added by grml-live" >> $target/etc/apt/apt.conf + exit # make sure we don't continue behind the following "fi" +fi -# Recommends just pull in way tooooo much packages, so disable it: -echo "APT::Install-Recommends "false"; // added by grml-live" >> $target/etc/apt/apt.conf +# no softupdate but fresh installation +echo "Action $FAI_ACTION of FAI (hooks/instsoft.GRMLBASE) via grml-live running" -# install grml keys: -gpg --keyserver subkeys.pgp.net --recv-keys F61E2E7CECDEA787 || \ -gpg --keyserver blackhole.pca.dfn.de --recv-keys F61E2E7CECDEA787 -gpg --export F61E2E7CECDEA787 > $target/etc/apt/grml.key -$ROOTCMD apt-key add /etc/apt/grml.key +# work around /etc/kernel/postinst.d/zz-update-grub failing +# inside openvz environment, see #597084 +if ! $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/update-grub' ; then + echo "Diverting update-grub executable" + $ROOTCMD dpkg-divert --rename --add /usr/sbin/update-grub + $ROOTCMD ln -s /bin/true /usr/sbin/update-grub +fi -# make sure we prefer grml repository: -if [ -r /etc/grml/fai/files/etc/apt/preferences ] ; then - cp /etc/grml/fai/apt/preferences $target/etc/apt/preferences +# work around a bug which causes openvz to freeze when grub-probe is invoked +if ! $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/grub-probe' ; then + echo "Diverting grub-probe executable" + $ROOTCMD dpkg-divert --rename --add /usr/sbin/grub-probe + $ROOTCMD ln -s /bin/true /usr/sbin/grub-probe fi -# make sure we have file-rc available before -# package_config/GRML is being executed: -$ROOTCMD apt-get update -$ROOTCMD aptitude -f -y install file-rc +# make sure we have file-rc available before package_config/GRML* is being executed {{{ +# the apt-get update might return an error if there's for example +# a hashsum mismatch on Debian mirror sources, we might want to continue +# but should warn the user +if ! $ROOTCMD apt-get update ; then + echo "Warning: there was an error executing apt-get update, continuing anyway." + echo "Warning: there was an error executing apt-get update, continuing anyway." >&2 +fi -# Workaround #443481 of snort for Debian/etch: -mkdir -p $target/etc/snort -echo 'LOGDIR=/var/log/snort' >> $target/etc/snort/snort.common.parameters +# newer aptitude versions won't remove essential packages using +# 'aptitude -f -y install file-rc' anymore, therefore force it via: +$ROOTCMD aptitude -o Aptitude::ProblemResolver::Keep-All-Tier=60000 -f -y install file-rc +# }}} # we definitely don't want to fail running fai dirinstall just # because of some well known bugs: @@ -103,7 +145,5 @@ if [ -L "$target"/usr/sbin/invoke-rc.d ] ; then $ROOTCMD dpkg-divert --package fai --rename --remove /usr/sbin/invoke-rc.d fi -fi # end of FAI_ACTION = softupdate - ## END OF FILE ################################################################# -# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=3 +# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2