V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m40s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m40s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -10,15 +10,13 @@ include_toc: true
|
||||
**Master Version**: 8.00<br>
|
||||
**Build**: V8.00.000.2025.06.17<br>
|
||||
|
||||
# 2. [1080_helper_chroot.sh](1080_helper_chroot.sh)
|
||||
# 2. [1080_helper_chroot.sh](../1080_helper_chroot.sh)
|
||||
**Scope:** This note explains *what to use when* among
|
||||
* `chroot_exec()`,
|
||||
* `chroot_script()`, and
|
||||
* `chroot_stdin()`.
|
||||
|
||||
|
||||
## 2.1. When to use what
|
||||
|
||||
- **`chroot_exec (target, argv...)`** — *Simple, argv-style commands.*
|
||||
Use it whenever you type a short command with discrete arguments (no shell features).
|
||||
Examples from the updated user provisioning flow: `getent`, `groupadd`, `useradd`, `usermod`, `chsh`.
|
||||
@@ -79,7 +77,6 @@ and are harder to lint. Prefer `chroot_stdin` for larger edits.
|
||||
surprises and keep editors/IDEs happy.
|
||||
|
||||
## 2.3. Common foundation across all helpers
|
||||
|
||||
- **Minimal, controlled environment via `env -i`**, whitelisting only the necessities (`HOME`, `PATH`, `TERM`, `LANG/LC_ALL`,
|
||||
noninteractive APT vars). This blocks noisy caller environments from leaking into the chroot and keeps behavior reproducible
|
||||
across systems.
|
||||
@@ -88,7 +85,6 @@ and are harder to lint. Prefer `chroot_stdin` for larger edits.
|
||||
- **Structured logging** for both success and failure paths, and an **interactive debug shell** when requested by the debug flags.
|
||||
|
||||
## 2.4. Decision guide
|
||||
|
||||
- **Is it a single command with clean argv?** → `chroot_exec`.
|
||||
- **Is it a short shell line with redirection/pipe/env assignment?** → `chroot_script`.
|
||||
- **Is it long, quote-heavy, or multi-line logic?** → `chroot_stdin` with a single-quoted heredoc.
|
||||
@@ -97,7 +93,6 @@ If in doubt, start with `chroot_exec`. The moment you need a shell feature, jump
|
||||
past comfort (readability, quoting, or length), upgrade to `chroot_stdin`.
|
||||
|
||||
## 2.5. Subtleties and gotchas (and how the helpers address them)
|
||||
|
||||
- **ARG_MAX and long `-c` strings:** `bash -c` places the entire script in `argv`. On typical Linux systems you effectively have
|
||||
≈2 MiB for argv+env; very long strings or large environments hit `E2BIG`. `bash -s` (stdin) avoids this entirely.
|
||||
|
||||
@@ -114,14 +109,12 @@ past comfort (readability, quoting, or length), upgrade to `chroot_stdin`.
|
||||
is enabled, enabling immediate forensics inside the target environment.
|
||||
|
||||
## 2.6. Antipatterns (what to avoid)
|
||||
|
||||
- **Using `chroot_exec` for anything involving the shell.** That defeats the argv-only contract and will either fail or behave unexpectedly.
|
||||
- **Packing large scripts into `-c` strings.** Hard to quote, hits argv limits, and clutters process lists. Prefer stdin.
|
||||
- **Relying on the caller’s ambient environment.** The helpers intentionally use `env -i` to avoid such a leakage; do not
|
||||
reintroduce it unless you must.
|
||||
|
||||
# 3. Appendix — Helper signatures & guarantees
|
||||
|
||||
- **`chroot_exec(target, argv...)`**
|
||||
- Preflights the binary using `which` inside the chroot; fails early if missing.
|
||||
- Runs with a minimal, deterministic environment.
|
||||
Reference in New Issue
Block a user