File: install-chroot.sh

package info (click to toggle)
gforge 4.5.14-22etch13
  • links: PTS
  • area: main
  • in suites: etch
  • size: 13,004 kB
  • ctags: 11,918
  • sloc: php: 36,047; sql: 29,050; sh: 10,538; perl: 6,496; xml: 3,810; makefile: 341; python: 263; ansic: 256
file content (192 lines) | stat: -rw-r--r-- 6,249 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
 
#! /bin/sh
# 
# $Id: install-chroot.sh 5857 2006-11-09 20:29:51Z lo-lan-do $
#
# [Blah blah blah, here should be a description of what this script does]
# Christian Bayle, Roland Mas, debian-sf (Sourceforge for Debian)

set -e

if [ $(id -u) != 0 ] ; then
    echo "You must be root to run this, please enter passwd"
    exec su -c "$0 $1"
fi

CHROOTDIR=/var/lib/gforge/chroot

case "$1" in
    configure)
	echo "Installing chroot environnement at $CHROOTDIR"
	[ -d $CHROOTDIR ] || install -d -m 755 $CHROOTDIR
	for dir in \
	    bin \
	    usr \
	    usr/bin \
	    usr/lib \
	    etc \
	    etc/pam.d \
	    etc/security \
	    lib \
	    lib/security \
	    dev \
	    var \
	    var/run \
	    var/run/sshd \
	    var/lib \
	    var/lib/gforge \
	    cvsroot \
	    home \
	    home/users \
	    home/groups
	  do
	  [ -d $CHROOTDIR/$dir ] || mkdir $CHROOTDIR/$dir
	done
	install -d -m 1777 $CHROOTDIR/tmp
	[ -L $CHROOTDIR/var/lib/gforge/chroot ] && rm $CHROOTDIR/var/lib/gforge/chroot
	[ -d $CHROOTDIR/var/lib/gforge/chroot ] && rmdir $CHROOTDIR/var/lib/gforge/chroot
	ln -s ../../../ $CHROOTDIR/var/lib/gforge/chroot
	
	# Copy needed binaries
	# For testing /bin/ls /bin/su
	# Maybe needed /bin/chgrp
	# Could be restricted /bin/bash
	# TODO: remove unneeded stuff from that list
	for binary in \
	    /usr/sbin/sshd \
	    /usr/bin/cvs \
	    /usr/bin/svnserve \
	    /bin/ls \
	    /bin/sh \
	    /bin/bash \
	    /bin/chgrp \
	    /lib/security/pam_pgsql.so ; do
	  if [ -f "$binary" ] ; then
	      echo "$binary"
	      ldd $binary | cut -d" " -f3
	  fi
	done \
	    | sort -u \
	    | cpio --quiet -pdumVLB $CHROOTDIR

	cp -d /lib/ld-* $CHROOTDIR/lib

	# sshd extras
	# pthread cancel
	cp /lib/libgcc_s* $CHROOTDIR/lib
	
	# pam extras 
	# pam_limits.so
	cp /lib/libcap* $CHROOTDIR/lib
        
	# nss extras
	# /lib/libnss_pgsql ?
	cp /lib/libcom_err* $CHROOTDIR/lib

	# Create devices files
	[ -c $CHROOTDIR/dev/null ] || mknod $CHROOTDIR/dev/null c 1 3
	[ -c $CHROOTDIR/dev/urandom ] || mknod $CHROOTDIR/dev/urandom c 1 9
	[ -c $CHROOTDIR/dev/console ] || mknod $CHROOTDIR/dev/console c 5 1
	# For /dev/log
	if ! grep -q "^SYSLOGD.*/var/lib/gforge/chroot/dev/log.*" /etc/init.d/sysklogd ; then 
		echo '######################################################################################################'
		echo 'WARNING: you must have SYSLOGD="-p /dev/log -a /var/lib/gforge/chroot/dev/log" in /etc/init.d/sysklogd'
		echo 'To have cvs pserver running correctly'
		echo '######################################################################################################'
	fi

	
	# To get uid/gid
	# Maybe ldap later
	cat > $CHROOTDIR/etc/nsswitch.conf <<-FIN
passwd:         files pgsql 
group:          files pgsql
shadow:         files pgsql
FIN
	# Copy miscellaneous files
	[ -d /etc/ssh ] && find /etc/ssh | cpio --quiet -pdumLB $CHROOTDIR
	[ -d /etc/ssh-nonfree ] && find /etc/ssh-nonfree | cpio --quiet -pdumLB $CHROOTDIR
	[ -f /etc/pam.d/ssh ] && cp /etc/pam.d/ssh $CHROOTDIR/etc/pam.d
	[ -f /etc/pam.d/ssh-nonfree ] && cp /etc/pam.d/ssh-nonfree $CHROOTDIR/etc/pam.d
	[ -f /etc/pam.d/login ] && cp /etc/pam.d/login $CHROOTDIR/etc/pam.d
	[ -f /etc/pam.d/su ] && cp /etc/pam.d/su $CHROOTDIR/etc/pam.d
	[ -f /etc/pam.d/cvs ] && cp /etc/pam.d/cvs $CHROOTDIR/etc/pam.d
	[ -f /etc/pam.d/other ] && cp /etc/pam.d/other $CHROOTDIR/etc/pam.d
	cp /etc/pam.d/common* $CHROOTDIR/etc/pam.d
	cp /lib/libpam* $CHROOTDIR/lib
	
	cp /lib/libnss_files* $CHROOTDIR/lib
	cp /lib/security/* $CHROOTDIR/lib/security
	cp /etc/security/*.conf $CHROOTDIR/etc/security

#	# Libnss-ldap related stuffs
#	for binary in \
#	    /usr/bin/ldapsearch ; do
#	  if [ -x "$binary" ] ; then
#	      #echo "$binary"
#	      ldd $binary | cut -d" " -f3
#	  fi
#	done \
#	    | sort -u \
#	    | cpio --quiet -pdumVLB $CHROOTDIR
#	
#	#cp -r /etc/ldap $CHROOTDIR/etc
#	[ -e /etc/libnss-ldap.conf ] && cp /etc/libnss-ldap.conf $CHROOTDIR/etc
#	[ -e /etc/libnss-pgsql.conf ] && cp /etc/libnss-pgsql.conf $CHROOTDIR/etc
#	[ "$(echo /lib/libnss_ldap*)" != "/lib/libnss_ldap*" ] && cp /lib/libnss_ldap* $CHROOTDIR/lib
#	[ "$(echo /usr/lib/libnss_ldap*)" != "/usr/lib/libnss_ldap*" ] && cp /usr/lib/libnss_ldap* $CHROOTDIR/usr/lib
#
#	# Libpam-ldap
#	[ -f /etc/ldap.secret ] && cp /etc/ldap.secret $CHROOTDIR/etc && chmod 600 /etc/ldap.secret

	# Libnss-pgsql related stuffs
	[ -e /etc/nss-pgsql.conf ] && cp /etc/nss-pgsql.conf $CHROOTDIR/etc
	[ -e /etc/pam_pgsql.conf ] && cp /etc/pam_pgsql.conf $CHROOTDIR/etc
	[ "$(echo /lib/libnss_pgsql*)" != "/lib/libnss_pgsql*" ] && cp /lib/libnss_pgsql* $CHROOTDIR/lib
	[ "$(echo /usr/lib/libnss_pgsql*)" != "/usr/lib/libnss_pgsql*" ] && cp /usr/lib/libnss_pgsql* $CHROOTDIR/usr/lib
	[ "$(echo /usr/lib/libdb*)" != "/usr/lib/libdb*" ] && cp /usr/lib/libdb* $CHROOTDIR/usr/lib
	[ "$(echo /usr/lib/libssl*)" != "/usr/lib/libssl*" ] && cp /usr/lib/libssl* $CHROOTDIR/usr/lib
	[ "$(echo /usr/lib/libcrypto*)" != "/usr/lib/libcrypto*" ] && cp /usr/lib/libcrypto* $CHROOTDIR/usr/lib

	[ "$(echo /usr/lib/libpq*)" != "/usr/lib/libpq*" ] && cp /usr/lib/libpq* $CHROOTDIR/usr/lib
	[ "$(echo /usr/lib/libkrb5*)" != "/usr/lib/libkrb5*" ] && cp /usr/lib/libkrb5* $CHROOTDIR/usr/lib
	[ "$(echo /usr/lib/libk5crypto*)" != "/usr/lib/libk5crypto*" ] && cp /usr/lib/libk5crypto* $CHROOTDIR/usr/lib
	[ "$(echo /usr/lib/libcom_err*)" != "/usr/lib/libcom_err*" ] && cp /usr/lib/libcom_err* $CHROOTDIR/usr/lib
	[ -f /usr/lib/libcom_err.so ] && cp /usr/lib/libcom_err.so $CHROOTDIR/usr/lib/libcom_err.so.2



	# Now this never change
	cat > $CHROOTDIR/etc/passwd <<-FIN
root:x:0:0:Root:/:/bin/bash
nobody:x:65534:65534:nobody:/:/bin/false
FIN
	getent passwd | grep sshd >> $CHROOTDIR/etc/passwd
	getent passwd | grep anonscm-gforge >> $CHROOTDIR/etc/passwd
	cat > $CHROOTDIR/etc/shadow <<-FIN
root:*:11142:0:99999:7:::
nobody:*:11142:0:99999:7:::
FIN
	cat > $CHROOTDIR/etc/group <<-FIN
root:x:0
nogroup:x:65534:
FIN
	getent group | grep anonscm-gforge >> $CHROOTDIR/etc/group
	cat > $CHROOTDIR/etc/hosts <<-FIN
127.0.0.1       localhost

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
FIN

	;;

    *)
	echo "Usage: $0 {configure}"
	exit 1
	;;

esac