From 098f18a504d97fec24bbe619370cdd2ca0d5b500 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 23 Jul 2017 10:28:46 +0200 Subject: Merging upstream version 20170722. Signed-off-by: Daniel Baumann --- share/scripts/curl | 328 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 279 insertions(+), 49 deletions(-) (limited to 'share/scripts/curl') diff --git a/share/scripts/curl b/share/scripts/curl index a338020..709e59c 100755 --- a/share/scripts/curl +++ b/share/scripts/curl @@ -21,13 +21,14 @@ set -e SCRIPT="${0}" HOOKS="/etc/container-tools/hooks" +KEYS="/etc/container-tools/keys" MACHINES="/var/lib/machines" -CACHE="/var/cache/container-tools/images" +CACHE="/var/cache/container-tools/system" Parameters () { - GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,clean,image:,server:,password:" - GETOPT_OPTIONS="b:,s:,n:,p:" + GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,architecture:,clean,password:,server:,setup:,system:," + GETOPT_OPTIONS="b:,s:,n:,a:,p:" PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${SCRIPT} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -72,13 +73,18 @@ Parameters () shift 2 ;; + -a|--architecture) + ARCHITECTURE="${2}" + shift 2 + ;; + --clean) CLEAN="true" shift 1 ;; - --image) - IMAGE="${2}" + -p|--password) + PASSWORD="${2}" shift 2 ;; @@ -87,8 +93,13 @@ Parameters () shift 2 ;; - -p|--password) - PASSWORD="${2}" + --setup) + SETUP="${2}" + shift 2 + ;; + + --system) + SYSTEM="${2}" shift 2 ;; @@ -107,7 +118,7 @@ Parameters () Usage () { - echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [--image IMAGE] [--server SERVER] [-p|--password PASSWORD}" >&2 + echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [-p|--password PASSWORD] [--server SERVER] [--setup SETUP] [--system SYSTEM]" >&2 exit 1 } @@ -136,13 +147,73 @@ then exit 1 fi -ARCHITECTURE="${ARCHITECTURE:-$(dpkg --print-architecture)}" -IMAGE="${IMAGE:-debian-stretch-${ARCHITECTURE}.tar.xz}" -SERVER="${SERVER:-https://files.open-infrastructure.net/images/container-tools/current}" +COMPRESSIONS="" + +if [ -x /usr/bin/lzip ] +then + COMPRESSIONS="${COMPRESSIONS} lz" +fi + +if [ -x /usr/bin/xz ] +then + COMPRESSIONS="${COMPRESSIONS} xz" +fi + +if [ -x /bin/gzip ] +then + COMPRESSIONS="${COMPRESSIONS} gz" +fi + +if [ -z "${COMPRESSIONS}" ] +then + echo "'${NAME}': no supported compressor available (lz, xz, gz)." + exit 1 +fi + +SERVER="${SERVER:-https://files.open-infrastructure.net/system/container/debian}" PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}" VERSION="$(container version)" +export SERVER + +Debconf () +{ + # Configure local debconf + mkdir -p "${DEBCONF_TMPDIR}/debconf" + +cat > "${DEBCONF_TMPDIR}/debconf.systemrc" << EOF +Config: configdb +Templates: templatedb + +Name: config +Driver: File +Mode: 644 +Reject-Type: password +Filename: ${DEBCONF_TMPDIR}/debconf/config.dat + +Name: passwords +Driver: File +Mode: 600 +Backup: false +Required: false +Accept-Type: password +Filename: ${DEBCONF_TMPDIR}/debconf/passwords.dat + +Name: configdb +Driver: Stack +Stack: config, passwords + +Name: templatedb +Driver: File +Mode: 644 +Filename: ${DEBCONF_TMPDIR}/debconf/templates.dat +EOF + + DEBCONF_SYSTEMRC="${DEBCONF_TMPDIR}/debconf.systemrc" + export DEBCONF_SYSTEMRC +} + # Pre hooks for FILE in "${HOOKS}/pre-${SCRIPT}".* "${HOOKS}/${NAME}.pre-${SCRIPT}" do @@ -154,65 +225,189 @@ done # Run -# FIXME: Show available image directories on server -# FIXME: Fetch debconf-choices.txt to show debconf select -# FIXME: gpg verification against debian-keyring or local keyring # FIXME: default server via configuration file -echo "Downloading ${IMAGE}" -mkdir -p "${CACHE}" +CURL_OPTIONS="" -if [ -e "${CACHE}/${IMAGE}" ] +if curl -V | grep -qs http2 then - CURL_OPTIONS="--time-cond ${CACHE}/${IMAGE}" + CURL_OPTIONS="${CURL_OPTIONS} --http2" fi -if curl -V | grep -qs http2 +if [ -z "${SYSTEM}" ] then - CURL_OPTIONS="${CURL_OPTIONS} --http2" + # Downloading container list + if curl --fail --head --output /dev/null --silent "${SERVER}/container-list.txt" + then + mkdir -p /tmp/container-tools + DEBCONF_TMPDIR="$(mktemp -d -p /tmp/container-tools -t $(basename ${0}).XXXX)" + export DEBCONF_TMPDIR + + if [ -z "${ARCHITECTURE}" ] + then + case "$(dpkg --print-architecture)" in + amd64) + GREP_PATTERN="(amd64|i386)" + ;; + esac + fi + + GREP_PATTERN="${GREP_PATTERN:-${ARCHITECTURE}}" + + echo "Downloading $(echo ${SERVER} | awk -F/ '{ print $3 }') container list" + curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} \ + "${SERVER}/container-list.txt" | grep -E "${GREP_PATTERN}" > "${DEBCONF_TMPDIR}/container-list.txt" + + umask 0022 + + Debconf + + # Run debconf parts + for DEBCONF_SCRIPT in /usr/share/container-tools/scripts/curl.d/* + do + if [ -x "${DEBCONF_SCRIPT}" ] + then + # FIXME + # debconf -ocontainer-tools "${DEBCONF_SCRIPT}" + "${DEBCONF_SCRIPT}" + fi + done + + # Read-in configuration from debconf + . "${DEBCONF_TMPDIR}/debconf.default" + + # Remove debconf temporary files + rm --preserve-root --one-file-system -rf "${DEBCONF_TMPDIR}" + rmdir --ignore-fail-on-non-empty /tmp/container-tools 2>&1 || true + fi fi -curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} \ - "${SERVER}/${IMAGE}" -o "${CACHE}/${IMAGE}" +for COMPRESSION in ${COMPRESSIONS} +do + if curl --fail --head --output /dev/null --silent "${SERVER}/${SYSTEM}.${COMPRESSION}" + then + SYSTEM="${SYSTEM}.${COMPRESSION}" + break + fi +done + +# Downloading container files +mkdir -p "${CACHE}" + +SETUP="${SETUP:-$(echo ${SYSTEM} | sed -e 's|.system.tar.|.setup.tar.|')}" -curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} \ - "${SERVER}/${IMAGE}.sha512" -o "${CACHE}/${IMAGE}.sha512" +for FILE in "${SYSTEM}" "${SYSTEM}.gpg" "${SYSTEM}.sha512" \ + "${SETUP}" "${SETUP}.gpg" "${SETUP}.sha512" +do + if curl --fail --head --output /dev/null --silent "${SERVER}/${FILE}" + then + case "${FILE}" in + *.sha512) + if [ -e "${CACHE}/$(basename ${FILE} .sha512).gpg" ] + then + continue + fi + ;; + esac + + if [ -e "${CACHE}/${FILE}" ] + then + CURL_TIME_COND="--time-cond ${CACHE}/${FILE}" + else + CURL_TIME_COND="" + fi + + echo "Downloading ${FILE}" + curl --fail --location --progress-bar --user-agent container-tools/${VERSION} ${CURL_OPTIONS} ${CURL_TIME_COND} \ + "${SERVER}/${FILE}" -o "${CACHE}/${FILE}" + fi +done -echo -n "Verifying ${IMAGE}.sha512" cd "${CACHE}" -set +e -sha512sum --check "${IMAGE}.sha512" --status -SHA512SUM="${?}" +for FILE in "${SYSTEM}" "${SETUP}" +do + if [ ! -e "${FILE}" ] + then + continue + fi -case "${SHA512SUM}" in - 0) - echo " ok." - ;; + if [ -e "${FILE}.gpg" ] + then + echo -n "Verifying ${FILE}:" - *) - echo " failed." - exit 1 - ;; -esac + set +e + gpg --homedir "${KEYS}" --verify "${FILE}.gpg" "${FILE}" > /dev/null 2>&1 + GNUPG="${?}" + set -e -set -e -cd "${OLDPWD}" + case "${GNUPG}" in + 0) + echo " gpg ok." + continue + ;; + + *) + echo " gpg failed." + exit 1 + ;; + esac + elif [ -e "${FILE}.sha512" ] + then + echo -n "Verifying ${FILE}:" -echo "Unpacking ${IMAGE}" -mkdir -p "${MACHINES}/${NAME}" + set +e + sha512sum --check "${FILE}.sha512" --status + SHA512SUM="${?}" + set -e -case "${IMAGE}" in + case "${SHA512SUM}" in + 0) + echo " sha512 ok." + ;; + + *) + echo " sha512 failed." + exit 1 + ;; + esac + fi +done + +cd "${OLDPWD}" + +case "${SYSTEM}" in *.gz) TAR_OPTIONS="--gzip" + + if [ ! -e /bin/gzip ] + then + echo -en "\n" + echo "'${NAME}': /bin/lzip - no such file." >&2 + exit 1 + fi ;; *.lz) TAR_OPTIONS="--lzip" + + if [ ! -e /usr/bin/lzip ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/lzip - no such file." >&2 + exit 1 + fi ;; *.xz) TAR_OPTIONS="--xz" + + if [ ! -e /usr/bin/xz ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/xz - no such file." >&2 + exit 1 + fi ;; *) @@ -220,11 +415,46 @@ case "${IMAGE}" in ;; esac -if [ -e /usr/bin/pv ] +for FILE in "${SYSTEM}" "${SETUP}" +do + if [ ! -e "${CACHE}/${FILE}" ] + then + continue + fi + + case "${FILE}" in + *.system.tar.*) + DIRECTORY="${MACHINES}/${NAME}" + ;; + + *.setup.tar.*) + DIRECTORY="${MACHINES}/${NAME}/setup" + ;; + esac + + mkdir -p "${DIRECTORY}" + + if [ -e /usr/bin/pv ] + then + echo "Unpacking ${FILE}" + pv --format '%p' --width 77 "${CACHE}/${FILE}" | tar xf - ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + else + echo -n "Unpacking ${FILE}:" + tar xf "${CACHE}/${FILE}" ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + echo " ok." + fi +done + +if [ -x "${MACHINES}/${NAME}/setup/container" ] then - pv --format '%p' --width 77 "${CACHE}/${IMAGE}" | tar xf - ${TAR_OPTIONS} -C "${MACHINES}/${NAME}" --strip 1 -else - tar xf "${CACHE}/${IMAGE}" ${TAR_OPTIONS} -C "${MACHINES}/${NAME}" --strip 1 + chroot "${MACHINES}/${NAME}" /usr/bin/env -i \ + LC_ALL="C" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games" TERM="${TERM}" \ + DEBIAN_FRONTEND="dialog" DEBIAN_PRIORITY="low" \ + DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" \ + NAME="${NAME}" \ + /setup/container + + rm -rf "${MACHINES}/${NAME}/setup" fi # Creating machine-id @@ -240,11 +470,11 @@ cp -L /etc/resolv.conf "${MACHINES}/${NAME}/etc/resolv.conf" echo root:${PASSWORD} | chroot "${MACHINES}/${NAME}" chpasswd echo "${NAME}: root password set to '${PASSWORD}'." -# Reove cache +# Remove cache case "${CLEAN}" in true) - rm -f "${CACHE}/${IMAGE}" - rm -f "${CACHE}/${IMAGE}.sha512" + rm -f "${CACHE}/${SYSTEM}" "${CACHE}/${SYSTEM}.sha512" + rm -f "${CACHE}/${SETUP}" "${CACHE}/${SETUP}.sha512" ;; esac -- cgit v1.2.3