From 745207a5370af663ac3715b1985521dca13e05e4 Mon Sep 17 00:00:00 2001 From: GrabbenD Date: Mon, 20 May 2024 12:30:52 +0200 Subject: [PATCH] CachyOS and NoExtract fix (#2) * Fixed missing files due to NoExtract option * Added CachyOS base * Fix *.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). * Fix WARNING: Possibly missing firmware for module: * * Use EEVDF-BORE, LTO & V3 optimized kernel * Drop obsolete dependency * Use dedicated directory for each base * Fix broken HW due to x86_64-v4 packages * Update usage with CachyOS * Use global CDN * Fix "invalid or corrupted package (PGP signature)" * Use newer archlinux builder * Improve IO performance of example * Use long form arguments for Pacman * Improve syntax of Containerfile * Update OSTree GRUB2 * Allow a existing OSTree system to build another * Improve readability of help command * Use Bash exit code for unknown commands * Fix check for read-only filesystem * Added scope to global variables * Fix missing export for Podman in Archiso * Use TMPDIR for cache * Use single quotes fro consistency * Use Arch Linux in usage example * Use OSTree bootloader scripts automatically * Fix inconsistent breakage from pipefail * Drop unused dependency --- Containerfile.host.example | 64 ++++++++++++++--- README.md | 3 +- archlinux/Containerfile.base | 82 +++++++--------------- cachyos/Containerfile.base | 43 ++++++++++++ cachyos/etc/pacman.conf | 130 +++++++++++++++++++++++++++++++++++ ostree.sh | 107 ++++++++++++++-------------- 6 files changed, 308 insertions(+), 121 deletions(-) create mode 100644 cachyos/Containerfile.base create mode 100644 cachyos/etc/pacman.conf diff --git a/Containerfile.host.example b/Containerfile.host.example index 8c1acf7..e74c885 100644 --- a/Containerfile.host.example +++ b/Containerfile.host.example @@ -1,22 +1,66 @@ ## | -## | CUSTOMIZE INSTALLATION +## | OSTREE ## | -# Extend any base image with this -FROM localhost/ostree/base AS host +# Customize your system here +FROM localhost/ostree/base:latest AS host + +# Prepre OSTree integration (https://wiki.archlinux.org/title/Mkinitcpio#Common_hooks) +RUN mkdir -p /etc/mkinitcpio.conf.d \ + && echo "HOOKS=(base systemd ostree autodetect modconf kms keyboard sd-vconsole block filesystems fsck)" > /etc/mkinitcpio.conf.d/ostree.conf + +# Install kernel, firmware, microcode, filesystem tools, bootloader & ostree and run hooks once: +RUN pacman --noconfirm --sync \ + linux \ + linux-headers \ + \ + linux-firmware \ + amd-ucode \ + \ + dosfstools \ + xfsprogs \ + \ + grub \ + mkinitcpio \ + \ + podman \ + ostree \ + which + +# OSTree: Prepare microcode and initramfs +RUN moduledir=$(find /usr/lib/modules -mindepth 1 -maxdepth 1 -type d) \ + && cat /boot/*-ucode.img \ + /boot/initramfs-linux-fallback.img \ + > ${moduledir}/initramfs.img + +# OSTree: Bootloader integration +RUN cp /usr/lib/libostree/* /etc/grub.d \ + && chmod +x /etc/grub.d/15_ostree + +# Podman: native Overlay Diff for optimal Podman performance +RUN echo "options overlay metacopy=off redirect_dir=off" > /etc/modprobe.d/disable-overlay-redirect-dir.conf + +## | +## | CUSTOMIZE +## | # Mount disk locations ARG OSTREE_SYS_BOOT_LABEL ARG OSTREE_SYS_ROOT_LABEL ARG OSTREE_SYS_HOME_LABEL -RUN echo "LABEL=${OSTREE_SYS_ROOT_LABEL} / xfs rw,relatime 0 1" >> /etc/fstab && \ - echo "LABEL=${OSTREE_SYS_HOME_LABEL} /var/home xfs rw,relatime 0 2" >> /etc/fstab && \ - echo "LABEL=${OSTREE_SYS_BOOT_LABEL} /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2" >> /etc/fstab +RUN echo "LABEL=${OSTREE_SYS_ROOT_LABEL} / xfs rw,relatime,noatime 0 1" >> /etc/fstab \ + && echo "LABEL=${OSTREE_SYS_HOME_LABEL} /var/home xfs rw,relatime,noatime 0 2" >> /etc/fstab \ + && echo "LABEL=${OSTREE_SYS_BOOT_LABEL} /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2" >> /etc/fstab + +# Networking +RUN pacman --noconfirm --sync networkmanager \ + && systemctl enable NetworkManager.service \ + && systemctl mask systemd-networkd-wait-online.service -# Root password (todo move to secret) +# Root password RUN echo "root:ostree" | chpasswd # SSHD -RUN pacman --noconfirm -S openssh && \ - systemctl enable sshd && \ - echo "PermitRootLogin yes" >> /etc/ssh/sshd_config +RUN pacman --noconfirm -S openssh \ + && systemctl enable sshd \ + && echo "PermitRootLogin yes" >> /etc/ssh/sshd_config diff --git a/README.md b/README.md index a1e8bad..a39ab15 100644 --- a/README.md +++ b/README.md @@ -156,6 +156,5 @@ $ ostree admin unlock Your persistent cache is out of sync with upstream, this can be resolved with: ```console -$ ./ostree.sh upgrade --no-cache +$ ./ostree.sh upgrade --no-podman-cache ``` - diff --git a/archlinux/Containerfile.base b/archlinux/Containerfile.base index 91d8d97..2e60e76 100644 --- a/archlinux/Containerfile.base +++ b/archlinux/Containerfile.base @@ -1,66 +1,36 @@ -## | -## | BASE INSTALLATION -## | +# | +# | ROOTFS +# | -# Reusable base template -FROM docker.io/library/archlinux AS base +# Build a clean system in /mnt to avoid missing files from NoExtract option in upstream +FROM docker.io/archlinux/archlinux:latest AS rootfs + +# Build in chroot to correctly execute hooks, this uses host's Pacman +RUN curl https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/pacman/trunk/pacman.conf -o /etc/pacman.conf \ + && pacman --noconfirm --sync --needed --refresh archlinux-keyring + +# Perform a clean system installation with latest Arch Linux packages in chroot to correctly execute hooks, this uses host's Pacman +RUN pacman --noconfirm --sync --needed arch-install-scripts \ + && pacstrap -K -P /mnt base \ + && cp -av /etc/pacman.d/ /mnt/etc/ -# Remove container specific storage optimization in Pacman -RUN sed -i -e "s|^NoExtract.*||g" /etc/pacman.conf && \ - pacman --noconfirm -Syu +# | +# | BASE +# | + +# Reusable base template +FROM scratch AS base +COPY --from=rootfs /mnt / # Clock ARG SYSTEM_OPT_TIMEZONE -RUN ln -sf /usr/share/zoneinfo/${SYSTEM_OPT_TIMEZONE} /etc/localtime +RUN ln --symbolic --force /usr/share/zoneinfo/${SYSTEM_OPT_TIMEZONE} /etc/localtime # Keymap hook ARG SYSTEM_OPT_KEYMAP -RUN echo "KEYMAP=${SYSTEM_OPT_KEYMAP}" | tee /etc/vconsole.conf +RUN echo "KEYMAP=${SYSTEM_OPT_KEYMAP}" > /etc/vconsole.conf # Language -RUN echo "LANG=en_US.UTF-8" | tee /etc/locale.conf && \ - echo "en_US.UTF-8 UTF-8" | tee /etc/locale.gen && \ - locale-gen - -# Networking -RUN pacman --noconfirm -S networkmanager && \ - systemctl enable NetworkManager.service && \ - systemctl mask systemd-networkd-wait-online.service - -## | -## | OSTREE INSTALLATION -## | - -# Prepre OSTree integration (https://wiki.archlinux.org/title/Mkinitcpio#Common_hooks) -RUN mkdir -p /etc/mkinitcpio.conf.d && \ - echo "HOOKS=(base systemd ostree autodetect modconf kms keyboard sd-vconsole block filesystems fsck)" >> /etc/mkinitcpio.conf.d/ostree.conf - -# Install kernel, firmware, microcode, filesystem tools, bootloader, depndencies and run hooks once: -RUN pacman --noconfirm -S \ - linux \ - linux-headers \ - linux-firmware \ - amd-ucode \ - \ - dosfstools \ - xfsprogs \ - \ - grub \ - mkinitcpio \ - \ - podman \ - ostree \ - which - -# OSTree: Prepare microcode and initramfs -RUN moduledir=$(find /usr/lib/modules -mindepth 1 -maxdepth 1 -type d) && \ - cat /boot/*-ucode.img \ - /boot/initramfs-linux-fallback.img \ - > ${moduledir}/initramfs.img - -# OSTree: Bootloader integration -RUN curl https://raw.githubusercontent.com/ostreedev/ostree/v2023.6/src/boot/grub2/grub2-15_ostree -o /etc/grub.d/15_ostree && \ - chmod +x /etc/grub.d/15_ostree - -# Podman: native Overlay Diff for optimal Podman performance -RUN echo "options overlay metacopy=off redirect_dir=off" > /etc/modprobe.d/disable-overlay-redirect-dir.conf +RUN echo 'LANG=en_US.UTF-8' > /etc/locale.conf \ + && echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen \ + && locale-gen diff --git a/cachyos/Containerfile.base b/cachyos/Containerfile.base new file mode 100644 index 0000000..5939b64 --- /dev/null +++ b/cachyos/Containerfile.base @@ -0,0 +1,43 @@ +# | +# | ROOTFS +# | + +# Build a clean system in /mnt to avoid missing files from NoExtract option in upstream +FROM docker.io/archlinux/archlinux:latest AS rootfs + +# Generate a GPG secret key for signing and import CachyOS keys +RUN pacman-key --init \ + && pacman-key --recv-keys F3B607488DB35A47 --keyserver keyserver.ubuntu.com \ + && pacman-key --lsign-key F3B607488DB35A47 + +# Import CachyOS x86_64-v3 repositories to current package manager +COPY etc/pacman.conf /etc/ +RUN curl https://raw.githubusercontent.com/CachyOS/CachyOS-PKGBUILDS/master/cachyos-mirrorlist/cachyos-mirrorlist -o /etc/pacman.d/cachyos-mirrorlist \ + && curl https://raw.githubusercontent.com/CachyOS/CachyOS-PKGBUILDS/master/cachyos-v3-mirrorlist/cachyos-v3-mirrorlist -o /etc/pacman.d/cachyos-v3-mirrorlist \ + && pacman --noconfirm --sync --needed --refresh archlinux-keyring cachyos-keyring cachyos-mirrorlist cachyos-v3-mirrorlist cachyos-hooks + +# Perform a clean system installation with latest CachyOS packages in chroot to correctly execute hooks, this uses host's Pacman +RUN pacman --noconfirm --sync --needed arch-install-scripts \ + && pacstrap -K -P /mnt base \ + && cp -av /etc/pacman.d/ /mnt/etc/ + +# | +# | BASE +# | + +# Reusable base template +FROM scratch AS base +COPY --from=rootfs /mnt / + +# Clock +ARG SYSTEM_OPT_TIMEZONE +RUN ln --symbolic --force /usr/share/zoneinfo/${SYSTEM_OPT_TIMEZONE} /etc/localtime + +# Keymap hook +ARG SYSTEM_OPT_KEYMAP +RUN echo "KEYMAP=${SYSTEM_OPT_KEYMAP}" > /etc/vconsole.conf + +# Language +RUN echo 'LANG=en_US.UTF-8' > /etc/locale.conf \ + && echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen \ + && locale-gen diff --git a/cachyos/etc/pacman.conf b/cachyos/etc/pacman.conf new file mode 100644 index 0000000..d0169ec --- /dev/null +++ b/cachyos/etc/pacman.conf @@ -0,0 +1,130 @@ +# +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +#CacheDir = /var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +#CleanMethod = KeepInstalled +#UseDelta = 0.7 +Architecture = x86_64 x86_64_v3 + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +#IgnorePkg = +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +Color +ILoveCandy +#NoProgressBar +#CheckSpace +VerbosePkgLists +DisableDownloadTimeout +ParallelDownloads = 10 + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +# Main (CachyOS) + +#[cachyos-testing-v3] +#Include = /etc/pacman.d/mirrorlist +[cachyos-v3] +Include = /etc/pacman.d/cachyos-v3-mirrorlist +[cachyos-core-v3] +Include = /etc/pacman.d/cachyos-v3-mirrorlist +[cachyos-extra-v3] +Include = /etc/pacman.d/cachyos-v3-mirrorlist +[cachyos-community-v3] +Include = /etc/pacman.d/cachyos-v3-mirrorlist +[cachyos] +Include = /etc/pacman.d/cachyos-mirrorlist + +# Fallback (Arch Linux) + +#[testing] +#Include = /etc/pacman.d/mirrorlist +[core] +Include = /etc/pacman.d/mirrorlist +[extra] +Include = /etc/pacman.d/mirrorlist +#[community-testing] +#Include = /etc/pacman.d/mirrorlist +[community] +Include = /etc/pacman.d/mirrorlist + +# If you want to run 32 bit applications on your x86_64 system, +# enable the multilib repositories as required here. + +# Wine +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist +[multilib] +Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs + +[options] +#NoExtract = usr/share/help/* !usr/share/help/en* !usr/share/help/C/* +#NoExtract = usr/share/gtk-doc/html/* usr/share/doc/* +#NoExtract = usr/share/locale/* usr/share/X11/locale/* usr/share/i18n/* +#NoExtract = !*locale*/en*/* !usr/share/i18n/charmaps/UTF-8.gz !usr/share/*locale*/locale.* +#NoExtract = !usr/share/*locales/en_?? !usr/share/*locales/i18n* !usr/share/*locales/iso* +#NoExtract = !usr/share/*locales/trans* +#NoExtract = !usr/share/X11/locale/C/* +#NoExtract = !usr/share/X11/locale/compose.dir !usr/share/X11/locale/iso8859-1/* +#NoExtract = !usr/share/*locales/C !usr/share/*locales/POSIX !usr/share/i18n/charmaps/ANSI_X3.4-1968.gz +NoExtract = usr/share/man/* usr/share/info/* +#NoExtract = usr/share/vim/vim*/lang/* +#NoExtract = etc/pacman.conf etc/pacman.d/mirrorlist diff --git a/ostree.sh b/ostree.sh index 8a41dff..1726aee 100755 --- a/ostree.sh +++ b/ostree.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash -#set -o pipefail # Exit code from last command -set -o errexit # Exit on non-zero status -set -o nounset # Error on unset variables +set -o errexit # Exit on non-zero status +set -o nounset # Error on unset variables # [ENVIRONMENT]: OVERRIDE DEFAULTS function ENV_CREATE_OPTS { @@ -11,48 +10,49 @@ function ENV_CREATE_OPTS { if [[ ! -d '/ostree' ]]; then # Do not touch disks in a booted system: - declare OSTREE_DEV_DISK=${OSTREE_DEV_DISK:="/dev/disk/by-id/${OSTREE_DEV_SCSI}"} - declare OSTREE_DEV_BOOT=${OSTREE_DEV_BOOT:="${OSTREE_DEV_DISK}-part1"} - declare OSTREE_DEV_ROOT=${OSTREE_DEV_ROOT:="${OSTREE_DEV_DISK}-part2"} - declare OSTREE_DEV_HOME=${OSTREE_DEV_HOME:="${OSTREE_DEV_DISK}-part3"} - declare OSTREE_SYS_ROOT=${OSTREE_SYS_ROOT:='/tmp/chroot'} + declare -g OSTREE_DEV_DISK=${OSTREE_DEV_DISK:="/dev/disk/by-id/${OSTREE_DEV_SCSI}"} + declare -g OSTREE_DEV_BOOT=${OSTREE_DEV_BOOT:="${OSTREE_DEV_DISK}-part1"} + declare -g OSTREE_DEV_ROOT=${OSTREE_DEV_ROOT:="${OSTREE_DEV_DISK}-part2"} + declare -g OSTREE_DEV_HOME=${OSTREE_DEV_HOME:="${OSTREE_DEV_DISK}-part3"} + declare -g OSTREE_SYS_ROOT=${OSTREE_SYS_ROOT:='/tmp/chroot'} fi - declare OSTREE_SYS_ROOT=${OSTREE_SYS_ROOT:='/'} - declare OSTREE_SYS_TREE=${OSTREE_SYS_TREE:='/tmp/rootfs'} - declare OSTREE_SYS_KARG=${OSTREE_SYS_KARG:=''} - declare OSTREE_SYS_BOOT_LABEL=${OSTREE_SYS_BOOT_LABEL:='SYS_BOOT'} - declare OSTREE_SYS_ROOT_LABEL=${OSTREE_SYS_ROOT_LABEL:='SYS_ROOT'} - declare OSTREE_SYS_HOME_LABEL=${OSTREE_SYS_HOME_LABEL:='SYS_HOME'} - declare OSTREE_OPT_NOMERGE=${OSTREE_OPT_NOMERGE='--no-merge'} - declare OSTREE_REP_NAME=${OSTREE_REP_NAME:='archlinux'} + declare -g OSTREE_SYS_ROOT=${OSTREE_SYS_ROOT:='/'} + declare -g OSTREE_SYS_TREE=${OSTREE_SYS_TREE:='/tmp/rootfs'} + declare -g OSTREE_SYS_KARG=${OSTREE_SYS_KARG:=''} + declare -g OSTREE_SYS_BOOT_LABEL=${OSTREE_SYS_BOOT_LABEL:='SYS_BOOT'} + declare -g OSTREE_SYS_ROOT_LABEL=${OSTREE_SYS_ROOT_LABEL:='SYS_ROOT'} + declare -g OSTREE_SYS_HOME_LABEL=${OSTREE_SYS_HOME_LABEL:='SYS_HOME'} + declare -g OSTREE_OPT_NOMERGE=${OSTREE_OPT_NOMERGE='--no-merge'} + declare -g OSTREE_REP_NAME=${OSTREE_REP_NAME:='archlinux'} if [[ -n ${SYSTEM_OPT_TIMEZONE:-} ]]; then # Do not modify host's time unless explicitly specified timedatectl set-timezone ${SYSTEM_OPT_TIMEZONE} timedatectl set-ntp 1 fi - declare SYSTEM_OPT_TIMEZONE=${SYSTEM_OPT_TIMEZONE:='Etc/UTC'} - declare SYSTEM_OPT_KEYMAP=${SYSTEM_OPT_KEYMAP:='us'} + declare -g SYSTEM_OPT_TIMEZONE=${SYSTEM_OPT_TIMEZONE:='Etc/UTC'} + declare -g SYSTEM_OPT_KEYMAP=${SYSTEM_OPT_KEYMAP:='us'} - declare PODMAN_OPT_BUILDFILE=${PODMAN_OPT_BUILDFILE:="${0%/*}/archlinux/Containerfile.base:ostree/base","${0%/*}/Containerfile.host.example:ostree/host"} - declare PODMAN_OPT_NOCACHE=${PODMAN_OPT_NOCACHE:='0'} - declare PACMAN_OPT_NOCACHE=${PACMAN_OPT_NOCACHE:='0'} + declare -g PODMAN_OPT_BUILDFILE=${PODMAN_OPT_BUILDFILE:="${0%/*}/archlinux/Containerfile.base:ostree/base","${0%/*}/Containerfile.host.example:ostree/host"} + declare -g PODMAN_OPT_NOCACHE=${PODMAN_OPT_NOCACHE:='0'} + declare -g PACMAN_OPT_NOCACHE=${PACMAN_OPT_NOCACHE:='0'} } -# [ENVIRONMENT]: BUILD DEPENDENCIES -function ENV_CREATE_DEPS { - # Skip in OSTree as filesystem is read-only - if [[ $(grep -L 'ostree' '/proc/cmdline') ]]; then - pacman --noconfirm --needed -S $@ - fi -} # [ENVIRONMENT]: OSTREE CHECK function ENV_VERIFY_LOCAL { if [[ ! -d '/ostree' ]]; then - printf >&2 '\e[31m%s\e[0m\n' 'Error: OSTree could not be found in: /ostree' - exit 1 + printf >&2 '\e[31m%s\e[0m\n' 'OSTree could not be found in: /ostree' + return 1 + fi +} + +# [ENVIRONMENT]: BUILD DEPENDENCIES +function ENV_CREATE_DEPS { + # Skip in OSTree as filesystem is read-only + if ! ENV_VERIFY_LOCAL 2>/dev/null; then + pacman --noconfirm --sync --needed $@ fi } @@ -85,7 +85,7 @@ function DISK_CREATE_MOUNTS { # [OSTREE]: FIRST INITIALIZATION function OSTREE_CREATE_REPO { - ENV_CREATE_DEPS ostree wget which + ENV_CREATE_DEPS ostree which ostree admin init-fs --sysroot="${OSTREE_SYS_ROOT}" --modern ${OSTREE_SYS_ROOT} ostree admin stateroot-init --sysroot="${OSTREE_SYS_ROOT}" ${OSTREE_REP_NAME} ostree init --repo="${OSTREE_SYS_ROOT}/ostree/repo" --mode='bare' @@ -95,9 +95,9 @@ function OSTREE_CREATE_REPO { # [OSTREE]: BUILD ROOTFS function OSTREE_CREATE_ROOTFS { # Add support for overlay storage driver in LiveCD - if [[ $(df --output=fstype / | tail -n 1) = 'overlay' ]]; then + if [[ $(df --output=fstype / | tail --lines 1) = 'overlay' ]]; then ENV_CREATE_DEPS fuse-overlayfs - local TMPDIR='/tmp/podman' + declare -x TMPDIR='/tmp/podman' local PODMAN_OPT_GLOBAL=( --root="${TMPDIR}/storage" --tmpdir="${TMPDIR}/tmp" @@ -109,9 +109,9 @@ function OSTREE_CREATE_ROOTFS { # Copy Pacman package cache into /var by default (to avoid duplication) if [[ ${PACMAN_OPT_NOCACHE} == 0 ]]; then - mkdir -p /var/cache/pacman + mkdir -p "${TMPDIR:-}/var/cache/pacman" local PODMAN_OPT_BUILD=( - --volume='/var/cache/pacman:/var/cache/pacman' + --volume="${TMPDIR:-}/var/cache/pacman:${TMPDIR:-}/var/cache/pacman" ) fi @@ -131,6 +131,7 @@ function OSTREE_CREATE_ROOTFS { ${PODMAN_OPT_BUILD[@]} \ --file="${PODMAN_OPT_IMG}" \ --tag="${PODMAN_OPT_TAG}" \ + --cap-add='SYS_ADMIN' \ --build-arg="OSTREE_SYS_BOOT_LABEL=${OSTREE_SYS_BOOT_LABEL}" \ --build-arg="OSTREE_SYS_HOME_LABEL=${OSTREE_SYS_HOME_LABEL}" \ --build-arg="OSTREE_SYS_ROOT_LABEL=${OSTREE_SYS_ROOT_LABEL}" \ @@ -255,27 +256,27 @@ function CLI_SETUP { # Options case ${CLI_ARG} in '-b' | '--base-os') - declare OSTREE_REP_NAME=${CLI_VAL} + declare -g OSTREE_REP_NAME=${CLI_VAL} ;; '-c' | '--cmdline') - declare OSTREE_SYS_KARG=${CLI_VAL} + declare -g OSTREE_SYS_KARG=${CLI_VAL} ;; '-d' | '--dev') - declare OSTREE_DEV_SCSI=${CLI_VAL} + declare -g OSTREE_DEV_SCSI=${CLI_VAL} ;; '-f' | '--file') - declare PODMAN_OPT_BUILDFILE=${CLI_VAL} + declare -g PODMAN_OPT_BUILDFILE=${CLI_VAL} ;; '-k' | '--keymap') - declare SYSTEM_OPT_KEYMAP=${CLI_VAL} + declare -g SYSTEM_OPT_KEYMAP=${CLI_VAL} ;; '-t' | '--time') - declare SYSTEM_OPT_TIMEZONE=${CLI_VAL} + declare -g SYSTEM_OPT_TIMEZONE=${CLI_VAL} ;; esac @@ -284,24 +285,24 @@ function CLI_SETUP { [[ ${CLI_VAL@L} == 'false' ]] && CLI_VAL='0' case ${CLI_ARG} in '-m' | '--merge') - declare OSTREE_OPT_NOMERGE=${CLI_VAL:-} + declare -g OSTREE_OPT_NOMERGE=${CLI_VAL:-} ;; '-n' | '--no-cache') - declare PACMAN_OPT_NOCACHE=${CLI_VAL:-1} - declare PODMAN_OPT_NOCACHE=${CLI_VAL:-1} + declare -g PACMAN_OPT_NOCACHE=${CLI_VAL:-1} + declare -g PODMAN_OPT_NOCACHE=${CLI_VAL:-1} ;; '--no-pacman-cache') - declare PACMAN_OPT_NOCACHE=${CLI_VAL:-1} + declare -g PACMAN_OPT_NOCACHE=${CLI_VAL:-1} ;; '--no-podman-cache') - declare PODMAN_OPT_NOCACHE=${CLI_VAL:-1} + declare -g PODMAN_OPT_NOCACHE=${CLI_VAL:-1} ;; '-q' | '--quiet') - declare CLI_QUIET=${CLI_VAL:-1} + declare -g CLI_QUIET=${CLI_VAL:-1} ;; esac @@ -324,7 +325,7 @@ function CLI_SETUP { ;; 'upgrade') - ENV_VERIFY_LOCAL + ENV_VERIFY_LOCAL || exit $? ENV_CREATE_OPTS OSTREE_CREATE_ROOTFS @@ -333,7 +334,7 @@ function CLI_SETUP { ;; 'revert') - ENV_VERIFY_LOCAL + ENV_VERIFY_LOCAL || exit $? ENV_CREATE_OPTS OSTREE_REVERT_IMAGE @@ -350,12 +351,12 @@ function CLI_SETUP { 'Options:' ' -b, --base-os string : (install/upgrade) : Name of OS to use as a base. Defaults to archlinux' ' -c, --cmdline string : (install/upgrade) : List of kernel arguments for boot' - ' -d, --dev string : (install) : Device SCSI (ID-LINK) for new installation' + ' -d, --dev string : (install ) : Device SCSI (ID-LINK) for new installation' ' -f, --file stringArray : (install/upgrade) : Containerfile(s) for new deployment' ' -k, --keymap string : (install/upgrade) : TTY keyboard layout for new deployment' ' -t, --time string : (install/upgrade) : Update host timezone for new deployment' 'Switches:' - ' -m, --merge : (upgrade) : Retain contents of /etc for existing deployment' + ' -m, --merge : ( upgrade) : Retain contents of /etc for existing deployment' ' -n, --no-cache : (install/upgrade) : Skip any cached data (note: implied for first deployment)' ' --no-pacman-cache : (install/upgrade) : Skip Pacman package cache' ' --no-podman-cache : (install/upgrade) : Skip Podman layer cache' @@ -366,8 +367,8 @@ function CLI_SETUP { *) if [[ ${CLI_VAL} != 'help' && -n ${CLI_VAL} ]]; then - printf >&2 '\n\e[31m%s\e[0m\n' "Error: unknown command: '${CLI_VAL}'" - exit 2 + printf >&2 '\n%s\n' "${0##*/}: unrecognized command '${CLI_VAL}'" + exit 127 fi ;; esac