3 # Set up a size-reduced chroot of the system for use in FusionForge
4 # Christian Bayle, Roland Mas, debian-sf (Sourceforge for Debian),
9 if [ $(id -u) != 0 ] ; then
10 echo "You must be root to run this, please enter passwd"
15 CHROOTDIR=$(forge_get_config chroot)
19 echo "Installing chroot environnement at $CHROOTDIR"
20 test -d "$CHROOTDIR" || install -d -m 755 "$CHROOTDIR"
21 test -d "$CHROOTDIR" || exit 1
46 test -d "$CHROOTDIR/$dir" || mkdir "$CHROOTDIR/$dir"
48 rm -rf "$CHROOTDIR/tmp"
49 install -d -m 1777 "$CHROOTDIR/tmp"
50 [ -L "$CHROOTDIR/var/lib/gforge/chroot" ] && rm "$CHROOTDIR/var/lib/gforge/chroot"
51 [ -d "$CHROOTDIR/var/lib/gforge/chroot" ] && rmdir "$CHROOTDIR/var/lib/gforge/chroot"
52 ln -s ../../.. "$CHROOTDIR/var/lib/gforge/chroot"
54 # Copy needed binaries
55 # For testing /bin/ls /bin/su
56 # Maybe needed /bin/chgrp
57 # Could be restricted /bin/bash
58 # TODO: remove unneeded stuff from that list
64 /lib/security/pam_pgsql.so \
65 /lib64/security/pam_pgsql.so \
70 if [ -e "$binary" ]; then
72 ldd "$binary" | awk '/=>/ { print $3 }' | grep '^/'
73 ldd "$binary" | awk '{ print $1 }' | grep '^/'
77 | cpio --quiet -pdumVLB "$CHROOTDIR/"
80 /etc/nss-pgsql-root.conf \
87 /etc/pam.d/ssh-nonfree \
89 /etc/security/*.conf \
97 /usr/lib/libcom_err* \
100 /usr/lib/libk5crypto* \
102 /usr/lib/libnss_pgsql* \
106 test -e "$i" || continue
107 cp "$i" $CHROOTDIR/"$i"
110 # Create devices files
111 [ -c "$CHROOTDIR/dev/null" ] || mknod "$CHROOTDIR/dev/null" c 1 3 || true
112 [ -c "$CHROOTDIR/dev/urandom" ] || mknod "$CHROOTDIR/dev/urandom" c 1 9 || true
113 [ -c "$CHROOTDIR/dev/console" ] || mknod "$CHROOTDIR/dev/console" c 5 1 || true
115 if [ -e /etc/default/syslogd ] \
116 && [ ! -e /etc/rsyslog.conf ] \
117 && ! grep -q "^SYSLOGD.*/var/lib/gforge/chroot/dev/log.*" /etc/default/syslogd ; then
118 echo '######################################################################################################'
119 echo 'WARNING: you must have SYSLOGD="-p /dev/log -a /var/lib/gforge/chroot/dev/log" in /etc/default/syslogd'
120 echo 'To have cvs pserver running correctly'
121 echo '######################################################################################################'
127 cat >"$CHROOTDIR/etc/nsswitch.conf" <<-FIN
132 # Copy miscellaneous files
133 [ -d /etc/ssh ] && find /etc/ssh | cpio --quiet -pdumLB "$CHROOTDIR/"
134 [ -d /etc/ssh-nonfree ] && find /etc/ssh-nonfree | cpio --quiet -pdumLB "$CHROOTDIR/"
136 # # Libnss-ldap related stuffs
138 # /usr/bin/ldapsearch ; do
139 # if [ -x "$binary" ] ; then
141 # ldd $binary | cut -d" " -f3
145 # | cpio --quiet -pdumVLB $CHROOTDIR
147 # #cp -r /etc/ldap $CHROOTDIR/etc
148 # [ -e /etc/libnss-ldap.conf ] && cp /etc/libnss-ldap.conf $CHROOTDIR/etc
149 # [ -e /etc/libnss-pgsql.conf ] && cp /etc/libnss-pgsql.conf $CHROOTDIR/etc
150 # [ "$(echo /lib/libnss_ldap*)" != "/lib/libnss_ldap*" ] && cp /lib/libnss_ldap* $CHROOTDIR/lib
151 # [ "$(echo /usr/lib/libnss_ldap*)" != "/usr/lib/libnss_ldap*" ] && cp /usr/lib/libnss_ldap* $CHROOTDIR/usr/lib
154 # [ -f /etc/ldap.secret ] && cp /etc/ldap.secret $CHROOTDIR/etc && chmod 600 /etc/ldap.secret
156 # Libnss-pgsql related stuffs
157 [ -f /usr/lib/libcom_err.so ] && cp /usr/lib/libcom_err.so "$CHROOTDIR/usr/lib/libcom_err.so.2"
161 # Now this never change
162 cat >"$CHROOTDIR/etc/passwd" <<-FIN
163 root:x:0:0:Root:/:/bin/bash
164 nobody:x:65534:65534:nobody:/:/bin/false
166 getent passwd sshd | sed "s:$CHROOTDIR::g" >>"$CHROOTDIR/etc/passwd"
167 getent passwd scm-gforge | sed "s:$CHROOTDIR::g" >>"$CHROOTDIR/etc/passwd"
168 getent passwd anonscm-gforge | sed "s:$CHROOTDIR::g" >>"$CHROOTDIR/etc/passwd"
169 cat >"$CHROOTDIR/etc/shadow" <<-FIN
170 root:*:11142:0:99999:7:::
171 nobody:*:11142:0:99999:7:::
173 cat >"$CHROOTDIR/etc/group" <<-FIN
177 getent group anonscm-gforge >>"$CHROOTDIR/etc/group"
182 echo "Usage: $0 {configure}"