diff options
Diffstat (limited to '')
-rwxr-xr-x | share/scripts/curl | 328 | ||||
-rwxr-xr-x | share/scripts/curl.d/0001-debconf | 53 | ||||
-rw-r--r-- | share/scripts/curl.d/0001-debconf.templates | 11 |
3 files changed, 343 insertions, 49 deletions
diff --git a/share/scripts/curl b/share/scripts/curl index a338020..709e59c 100755 --- a/share/scripts/curl +++ b/share/scripts/curl @@ -21,13 +21,14 @@ set -e SCRIPT="${0}" HOOKS="/etc/container-tools/hooks" +KEYS="/etc/container-tools/keys" MACHINES="/var/lib/machines" -CACHE="/var/cache/container-tools/images" +CACHE="/var/cache/container-tools/system" Parameters () { - GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,clean,image:,server:,password:" - GETOPT_OPTIONS="b:,s:,n:,p:" + GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,architecture:,clean,password:,server:,setup:,system:," + GETOPT_OPTIONS="b:,s:,n:,a:,p:" PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${SCRIPT} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -72,13 +73,18 @@ Parameters () shift 2 ;; + -a|--architecture) + ARCHITECTURE="${2}" + shift 2 + ;; + --clean) CLEAN="true" shift 1 ;; - --image) - IMAGE="${2}" + -p|--password) + PASSWORD="${2}" shift 2 ;; @@ -87,8 +93,13 @@ Parameters () shift 2 ;; - -p|--password) - PASSWORD="${2}" + --setup) + SETUP="${2}" + shift 2 + ;; + + --system) + SYSTEM="${2}" shift 2 ;; @@ -107,7 +118,7 @@ Parameters () Usage () { - echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [--image IMAGE] [--server SERVER] [-p|--password PASSWORD}" >&2 + echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [-p|--password PASSWORD] [--server SERVER] [--setup SETUP] [--system SYSTEM]" >&2 exit 1 } @@ -136,13 +147,73 @@ then exit 1 fi -ARCHITECTURE="${ARCHITECTURE:-$(dpkg --print-architecture)}" -IMAGE="${IMAGE:-debian-stretch-${ARCHITECTURE}.tar.xz}" -SERVER="${SERVER:-https://files.open-infrastructure.net/images/container-tools/current}" +COMPRESSIONS="" + +if [ -x /usr/bin/lzip ] +then + COMPRESSIONS="${COMPRESSIONS} lz" +fi + +if [ -x /usr/bin/xz ] +then + COMPRESSIONS="${COMPRESSIONS} xz" +fi + +if [ -x /bin/gzip ] +then + COMPRESSIONS="${COMPRESSIONS} gz" +fi + +if [ -z "${COMPRESSIONS}" ] +then + echo "'${NAME}': no supported compressor available (lz, xz, gz)." + exit 1 +fi + +SERVER="${SERVER:-https://files.open-infrastructure.net/system/container/debian}" PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}" VERSION="$(container version)" +export SERVER + +Debconf () +{ + # Configure local debconf + mkdir -p "${DEBCONF_TMPDIR}/debconf" + +cat > "${DEBCONF_TMPDIR}/debconf.systemrc" << EOF +Config: configdb +Templates: templatedb + +Name: config +Driver: File +Mode: 644 +Reject-Type: password +Filename: ${DEBCONF_TMPDIR}/debconf/config.dat + +Name: passwords +Driver: File +Mode: 600 +Backup: false +Required: false +Accept-Type: password +Filename: ${DEBCONF_TMPDIR}/debconf/passwords.dat + +Name: configdb +Driver: Stack +Stack: config, passwords + +Name: templatedb +Driver: File +Mode: 644 +Filename: ${DEBCONF_TMPDIR}/debconf/templates.dat +EOF + + DEBCONF_SYSTEMRC="${DEBCONF_TMPDIR}/debconf.systemrc" + export DEBCONF_SYSTEMRC +} + # Pre hooks for FILE in "${HOOKS}/pre-${SCRIPT}".* "${HOOKS}/${NAME}.pre-${SCRIPT}" do @@ -154,65 +225,189 @@ done # Run -# FIXME: Show available image directories on server -# FIXME: Fetch debconf-choices.txt to show debconf select -# FIXME: gpg verification against debian-keyring or local keyring # FIXME: default server via configuration file -echo "Downloading ${IMAGE}" -mkdir -p "${CACHE}" +CURL_OPTIONS="" -if [ -e "${CACHE}/${IMAGE}" ] +if curl -V | grep -qs http2 then - CURL_OPTIONS="--time-cond ${CACHE}/${IMAGE}" + CURL_OPTIONS="${CURL_OPTIONS} --http2" fi -if curl -V | grep -qs http2 +if [ -z "${SYSTEM}" ] then - CURL_OPTIONS="${CURL_OPTIONS} --http2" + # Downloading container list + if curl --fail --head --output /dev/null --silent "${SERVER}/container-list.txt" + then + mkdir -p /tmp/container-tools + DEBCONF_TMPDIR="$(mktemp -d -p /tmp/container-tools -t $(basename ${0}).XXXX)" + export DEBCONF_TMPDIR + + if [ -z "${ARCHITECTURE}" ] + then + case "$(dpkg --print-architecture)" in + amd64) + GREP_PATTERN="(amd64|i386)" + ;; + esac + fi + + GREP_PATTERN="${GREP_PATTERN:-${ARCHITECTURE}}" + + echo "Downloading $(echo ${SERVER} | awk -F/ '{ print $3 }') container list" + curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} \ + "${SERVER}/container-list.txt" | grep -E "${GREP_PATTERN}" > "${DEBCONF_TMPDIR}/container-list.txt" + + umask 0022 + + Debconf + + # Run debconf parts + for DEBCONF_SCRIPT in /usr/share/container-tools/scripts/curl.d/* + do + if [ -x "${DEBCONF_SCRIPT}" ] + then + # FIXME + # debconf -ocontainer-tools "${DEBCONF_SCRIPT}" + "${DEBCONF_SCRIPT}" + fi + done + + # Read-in configuration from debconf + . "${DEBCONF_TMPDIR}/debconf.default" + + # Remove debconf temporary files + rm --preserve-root --one-file-system -rf "${DEBCONF_TMPDIR}" + rmdir --ignore-fail-on-non-empty /tmp/container-tools 2>&1 || true + fi fi -curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} \ - "${SERVER}/${IMAGE}" -o "${CACHE}/${IMAGE}" +for COMPRESSION in ${COMPRESSIONS} +do + if curl --fail --head --output /dev/null --silent "${SERVER}/${SYSTEM}.${COMPRESSION}" + then + SYSTEM="${SYSTEM}.${COMPRESSION}" + break + fi +done + +# Downloading container files +mkdir -p "${CACHE}" + +SETUP="${SETUP:-$(echo ${SYSTEM} | sed -e 's|.system.tar.|.setup.tar.|')}" -curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} \ - "${SERVER}/${IMAGE}.sha512" -o "${CACHE}/${IMAGE}.sha512" +for FILE in "${SYSTEM}" "${SYSTEM}.gpg" "${SYSTEM}.sha512" \ + "${SETUP}" "${SETUP}.gpg" "${SETUP}.sha512" +do + if curl --fail --head --output /dev/null --silent "${SERVER}/${FILE}" + then + case "${FILE}" in + *.sha512) + if [ -e "${CACHE}/$(basename ${FILE} .sha512).gpg" ] + then + continue + fi + ;; + esac + + if [ -e "${CACHE}/${FILE}" ] + then + CURL_TIME_COND="--time-cond ${CACHE}/${FILE}" + else + CURL_TIME_COND="" + fi + + echo "Downloading ${FILE}" + curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} ${CURL_TIME_COND} \ + "${SERVER}/${FILE}" -o "${CACHE}/${FILE}" + fi +done -echo -n "Verifying ${IMAGE}.sha512" cd "${CACHE}" -set +e -sha512sum --check "${IMAGE}.sha512" --status -SHA512SUM="${?}" +for FILE in "${SYSTEM}" "${SETUP}" +do + if [ ! -e "${FILE}" ] + then + continue + fi -case "${SHA512SUM}" in - 0) - echo " ok." - ;; + if [ -e "${FILE}.gpg" ] + then + echo -n "Verifying ${FILE}:" - *) - echo " failed." - exit 1 - ;; -esac + set +e + gpg --homedir "${KEYS}" --verify "${FILE}.gpg" "${FILE}" > /dev/null 2>&1 + GNUPG="${?}" + set -e -set -e -cd "${OLDPWD}" + case "${GNUPG}" in + 0) + echo " gpg ok." + continue + ;; + + *) + echo " gpg failed." + exit 1 + ;; + esac + elif [ -e "${FILE}.sha512" ] + then + echo -n "Verifying ${FILE}:" -echo "Unpacking ${IMAGE}" -mkdir -p "${MACHINES}/${NAME}" + set +e + sha512sum --check "${FILE}.sha512" --status + SHA512SUM="${?}" + set -e -case "${IMAGE}" in + case "${SHA512SUM}" in + 0) + echo " sha512 ok." + ;; + + *) + echo " sha512 failed." + exit 1 + ;; + esac + fi +done + +cd "${OLDPWD}" + +case "${SYSTEM}" in *.gz) TAR_OPTIONS="--gzip" + + if [ ! -e /bin/gzip ] + then + echo -en "\n" + echo "'${NAME}': /bin/lzip - no such file." >&2 + exit 1 + fi ;; *.lz) TAR_OPTIONS="--lzip" + + if [ ! -e /usr/bin/lzip ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/lzip - no such file." >&2 + exit 1 + fi ;; *.xz) TAR_OPTIONS="--xz" + + if [ ! -e /usr/bin/xz ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/xz - no such file." >&2 + exit 1 + fi ;; *) @@ -220,11 +415,46 @@ case "${IMAGE}" in ;; esac -if [ -e /usr/bin/pv ] +for FILE in "${SYSTEM}" "${SETUP}" +do + if [ ! -e "${CACHE}/${FILE}" ] + then + continue + fi + + case "${FILE}" in + *.system.tar.*) + DIRECTORY="${MACHINES}/${NAME}" + ;; + + *.setup.tar.*) + DIRECTORY="${MACHINES}/${NAME}/setup" + ;; + esac + + mkdir -p "${DIRECTORY}" + + if [ -e /usr/bin/pv ] + then + echo "Unpacking ${FILE}" + pv --format '%p' --width 77 "${CACHE}/${FILE}" | tar xf - ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + else + echo -n "Unpacking ${FILE}:" + tar xf "${CACHE}/${FILE}" ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + echo " ok." + fi +done + +if [ -x "${MACHINES}/${NAME}/setup/container" ] then - pv --format '%p' --width 77 "${CACHE}/${IMAGE}" | tar xf - ${TAR_OPTIONS} -C "${MACHINES}/${NAME}" --strip 1 -else - tar xf "${CACHE}/${IMAGE}" ${TAR_OPTIONS} -C "${MACHINES}/${NAME}" --strip 1 + chroot "${MACHINES}/${NAME}" /usr/bin/env -i \ + LC_ALL="C" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games" TERM="${TERM}" \ + DEBIAN_FRONTEND="dialog" DEBIAN_PRIORITY="low" \ + DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" \ + NAME="${NAME}" \ + /setup/container + + rm -rf "${MACHINES}/${NAME}/setup" fi # Creating machine-id @@ -240,11 +470,11 @@ cp -L /etc/resolv.conf "${MACHINES}/${NAME}/etc/resolv.conf" echo root:${PASSWORD} | chroot "${MACHINES}/${NAME}" chpasswd echo "${NAME}: root password set to '${PASSWORD}'." -# Reove cache +# Remove cache case "${CLEAN}" in true) - rm -f "${CACHE}/${IMAGE}" - rm -f "${CACHE}/${IMAGE}.sha512" + rm -f "${CACHE}/${SYSTEM}" "${CACHE}/${SYSTEM}.sha512" + rm -f "${CACHE}/${SETUP}" "${CACHE}/${SETUP}.sha512" ;; esac diff --git a/share/scripts/curl.d/0001-debconf b/share/scripts/curl.d/0001-debconf new file mode 100755 index 0000000..184a5ed --- /dev/null +++ b/share/scripts/curl.d/0001-debconf @@ -0,0 +1,53 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +DEBCONF_NOWARNINGS="true" +export DEBCONF_NOWARNINGS + +. /usr/share/debconf/confmodule + +System () +{ + TITLE="$(echo ${SERVER} | awk -F/ '{ print $3 }')" + + SYSTEMS="$(for SYSTEM in $(cat ${DEBCONF_TMPDIR}/container-list.txt | cut -d\| -f2 | sed -e 's| |#|g'); do echo -n "$(echo ${SYSTEM} | sed -e 's|#| |g'), "; done | sed -e 's|, $||')" + SYSTEMS_C="$(for SYSTEM_C in $(cat ${DEBCONF_TMPDIR}/container-list.txt | cut -d\| -f1); do echo -n "${SYSTEM_C}, "; done | sed -e 's|, $||')" + + db_subst cnt-curl/title TITLE "${TITLE}" + + db_subst cnt-curl/system CHOICES "${SYSTEMS}" + db_subst cnt-curl/system CHOICES_C "${SYSTEMS_C}" + + db_fset cnt-curl/system seen false + + db_settitle cnt-curl/title + db_input high cnt-curl/system || true + db_go + + db_get cnt-curl/system + SYSTEM="${RET}" # select + + echo "SYSTEM=\"${SYSTEM}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + export SYSTEM +} + +System + +db_stop diff --git a/share/scripts/curl.d/0001-debconf.templates b/share/scripts/curl.d/0001-debconf.templates new file mode 100644 index 0000000..c87e47e --- /dev/null +++ b/share/scripts/curl.d/0001-debconf.templates @@ -0,0 +1,11 @@ +Template: cnt-curl/title +Type: title +Description: ${TITLE} + +Template: cnt-curl/system +Type: select +Default: +Choices-C: ${CHOICES_C} +Choices: ${CHOICES} +Description: Container list: + Select the system to use for creating the container. |