summaryrefslogtreecommitdiffstats
path: root/main/alpine-conf/0001-setup-disk-fix-running-update-extlinux-in-chroot.patch
blob: d22db9e98d2e220eb743d2745f3bc991c2926e01 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
From c9533d0ea64f29de872e48be67b6eaa10b7e2ca3 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 2 Oct 2013 07:51:33 +0000
Subject: [PATCH] setup-disk: fix running update-extlinux in chroot

When installling the packages in new root, the update-extlinux trigger
script will be executed. We make sure this does not fail by:
 - run extlinux --install before we install packages
 - mount /dev and /proc for the chroot
 - temprorary disable grsecurity's chroot_caps
---
 setup-disk.in | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/setup-disk.in b/setup-disk.in
index d3a4500..8d3e14d 100644
--- a/setup-disk.in
+++ b/setup-disk.in
@@ -160,6 +160,31 @@ find_pvs_in_vg() {
 	pvs --noheadings | awk "\$2 == \"$vg\" {print \$1}"
 }
 
+# echo current grsecurity option and set new
+set_grsec() {
+	local key="$1" value="$2"
+	if ! [ -e /proc/sys/kernel/grsecurity/$key ]; then
+		return 0
+	fi
+	cat /proc/sys/kernel/grsecurity/$key
+	echo $value > /proc/sys/kernel/grsecurity/$key
+}
+
+init_chroot_mounts() {
+	local mnt="$1" i=
+	for i in proc dev; do
+		mkdir -p "$mnt"/$i
+		mount --bind /$i "$mnt"/$i
+	done
+}
+
+cleanup_chroot_mounts() {
+	local mnt="$1" i=
+	for i in proc dev; do
+		umount "$mnt"/$i
+	done
+}
+
 install_mounted_root() {
 	local mnt="$1" mnt_boot= boot_fs= root_fs=
 	local initfs_features="ata base ide scsi usb virtio"
@@ -266,15 +291,15 @@ install_mounted_root() {
 /dev/fd0	/media/floppy	vfat	noauto	0 0
 /dev/usbdisk	/media/usb	vfat	noauto	0 0
 EOF
-
 	# remove the installed db in case its there so we force re-install
 	rm -f "$mnt"/var/lib/apk/installed "$mnt"/lib/apk/db/installed
 	echo "Installing system on $rootdev:"
+	extlinux $extlinux_raidopt --install "$mnt"/boot
+
 	# apk reads config from target root so we need to copy the config
 	mkdir -p "$mnt"/etc/apk/keys/
 	cp /etc/apk/keys/* "$mnt"/etc/apk/keys/
 
-
 	local apkflags="--initdb --quiet --progress --update-cache --clean-protected"
 	local pkgs=$(cat "$mnt"/etc/apk/world "$mnt"/var/lib/apk/world 2>/dev/null)
 	pkgs="$pkgs acct linux-$KERNEL_FLAVOR alpine-base"
@@ -287,10 +312,14 @@ EOF
 		repoflags="$repoflags --repository $i"
 	done
 	
+	chroot_caps=$(set_grsec chroot_caps 0)
+	init_chroot_mounts "$mnt"
 	apk add --root "$mnt" $apkflags --overlay-from-stdin \
-		$repoflags $pkgs <$ovlfiles>/dev/null || return 1
-	echo ""
-	extlinux $extlinux_raidopt --install "$mnt"/boot
+		$repoflags $pkgs <$ovlfiles>/dev/null
+	local ret=$?
+	cleanup_chroot_mounts "$mnt"
+	set_grsec chroot_caps $chroot_caps > /dev/null
+	return $ret
 }
 
 unmount_partitions() {
-- 
1.8.4