msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a50fc5050b76e3e96b7ea22f15865e5d9decacf8db0d9975c3dfd3a43ac0eba
CISS.debian.installer/func/cdi_1000_helper/1080_helper_chroot.sh
Marc S. Weidner ad4c56fdb5
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m31s
Details
V8.00.000.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-13 19:51:43 +01:00

271 lines
9.4 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Use chroot_exec() for:
# - Simple commands (e.g., dpkg, ln, mkdir, apt, etc.).
# Use chroot_script() for:
# - All shell scripts, redirects, pipes, conditions, loops, or subshells.
# Use chroot_stdin() for:
# - Long, multi-line payloads without argv/ARG_MAX pain. Use it to stream robust, quoting-safe scripts via stdin (bash -s).
# Ideal for multi-line awk/sed edits, or any content that would otherwise suffer from nested quoting or size limits if
# passed via -c.
#######################################
#######################################
# Wrapper for executing commands in the desired chroot environment.
# Globals:
# BASH_SOURCE
# TERM
# Arguments:
# 1: Target of the chroot environment.
# 2: Commands and options and parameters to be executed in chroot.
# Returns:
# 0: on success
# ERR_CHRT_COMMAND: on failure
#######################################
chroot_exec() {
### Declare Arrays, HashMaps, and Variables.
declare var_chroot_target="$1"; shift
declare -a ary_chroot_command=("$@")
declare -r var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
declare var_mod="${BASH_SOURCE[1]##*/}"; var_mod="${var_mod%%_*}()"
### Basic sanitation.
if (( ${#ary_chroot_command[@]} == 0 )); then
do_log "emergency" "file_only" "1080() Empty command passed to 'chroot_exec()'."
return "${ERR_CHRT_COMMAND}"
fi
if ! chroot "${var_chroot_target}" /usr/bin/env -i PATH="${var_default_path}" which "${ary_chroot_command[0]}" &>/dev/null; then
do_log "emergency" "file_only" "1080() Binary: '${ary_chroot_command[0]}' not found in target 'PATH=${var_default_path}'."
do_log "emergency" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i PATH=${var_default_path} which ${ary_chroot_command[0]} &>/dev/null]."
return "${ERR_CHRT_COMMAND}"
fi
### Main wrapper.
if ! chroot "${var_chroot_target}" /usr/bin/env -i \
HOME="/root" \
PATH="${var_default_path}" \
TERM="${TERM}" \
LANG="C.UTF-8" \
LC_ALL="C.UTF-8" \
DEBIAN_FRONTEND="noninteractive" \
APT_LISTCHANGES_FRONTEND="none" \
"${ary_chroot_command[@]}"
then
do_log "emergency" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] failed."
return "${ERR_CHRT_COMMAND}"
else
do_log "info" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] successful."
return 0
fi
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f chroot_exec
#######################################
# Run a complete shell script line inside the chroot using the command 'bash -c'.
# Globals:
# BASH_SOURCE
# TERM
# VAR_CHROOT_DEBUG
# VAR_DEBUG_TRACE
# VAR_DEBUG_TRAP
# VAR_IN_DIALOG_WR
# Arguments:
# 1: Target of the chroot environment
# 2: Command string to execute inside a shell (quoted)
# 3: Log level of command pipeline to be executed.
# Returns:
# 0: on success
# ERR_CHRT_COMMAND: on failure
#######################################
chroot_script() {
### Declare Arrays, HashMaps, and Variables.
declare var_chroot_target="$1"
declare var_chroot_script="$2"
declare var_log_level_on_error="${3:-emergency}"
declare -r var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
declare var_mod="${BASH_SOURCE[1]##*/}"; var_mod="${var_mod%%_*}()"
### Basic sanitation.
if [[ -z "${var_chroot_script}" ]]; then
do_log "emergency" "file_only" "1080() Empty command passed to 'chroot_script()'."
return "${ERR_CHRT_COMMAND}"
fi
### Main wrapper.
if ! chroot "${var_chroot_target}" /usr/bin/env -i \
HOME="/root" \
PATH="${var_default_path}" \
TERM="${TERM}" \
LANG="C.UTF-8" \
LC_ALL="C.UTF-8" \
DEBIAN_FRONTEND="noninteractive" \
APT_LISTCHANGES_FRONTEND="none" \
/bin/bash -o errexit -o errtrace -o functrace -o nounset -o pipefail \
-O inherit_errexit -O failglob -O lastpipe -c "${var_chroot_script}"
then
do_log "${var_log_level_on_error}" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] failed."
if [[ "${VAR_CHROOT_DEBUG}" == "true" ]]; then
if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then\
dump_vars_exiting
fi
case "${VAR_IN_DIALOG_WR}" in
box ) dialog_box_cleaner ;;
gauge ) dialog_gauge_cleaner ;;
text ) dialog_text_cleaner ;;
* ) : ;;
esac
do_log "emergency" "tty" "1080() Launching interactive debug shell in chroot: '${var_chroot_target}'."
chroot "${var_chroot_target}" /bin/bash -l
else
return "${ERR_CHRT_COMMAND}"
fi
else
do_log "info" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] successful."
return 0
fi
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f chroot_script
#######################################
# Run the installer-desired code incl. positional arguments via stdin (HEREDOC) inside the chroot with bash -s.
# Globals:
# BASH_SOURCE
# TERM
# VAR_CHROOT_DEBUG
# VAR_DEBUG_TRACE
# VAR_DEBUG_TRAP
# VAR_IN_DIALOG_WR
# Arguments:
# 1: Target of chroot environment
# 2: Command string to execute inside a shell (HEREDOC):
# chroot_stdin "${TARGET}" "__payload__" -- "${ARG1}" "${ARG2}" ... <<'EOF' ... EOF
# Returns:
# 0: on success
# ERR_CHRT_COMMAND: on failure
#######################################
chroot_stdin() {
### Declare Arrays, HashMaps, and Variables.
declare var_chroot_target="$1"; shift ### Consume 'TARGET'.
declare payload_marker="$1"; shift ### Consume marker (e.g. "__payload__").
declare var_log_level_on_error="emergency" ### Default.
declare var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
declare var_mod="${BASH_SOURCE[1]##*/}"; var_mod="${var_mod%%_*}()"
### Optional third parameter as log level, else we expect a '--' sentinel next.
if [[ "${1-}" != "--" && -n "${1-}" ]]; then
var_log_level_on_error="$1"
shift
fi
### If a '--' sentinel is present, drop it; the rest are payload args.
if [[ "${1-}" == "--" ]]; then
shift
fi
### Now: "$@" are exactly the arguments for the chroot payload ($1,$2,... inside bash -s)
### Basic sanitation
if [[ -z "${payload_marker}" ]]; then
do_log "emergency" "file_only" "1080() Empty command passed to 'chroot_script()'."
return "${ERR_CHRT_COMMAND}"
fi
### Main wrapper.
if ! chroot "${var_chroot_target}" /usr/bin/env -i \
HOME="/root" \
PATH="${var_default_path}" \
TERM="${TERM}" \
LANG="C.UTF-8" \
LC_ALL="C.UTF-8" \
DEBIAN_FRONTEND="noninteractive" \
APT_LISTCHANGES_FRONTEND="none" \
/bin/bash -o errexit -o errtrace -o functrace -o nounset -o pipefail \
-O inherit_errexit -O failglob -O lastpipe -s -- "$@"
then
do_log "${var_log_level_on_error}" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -s] failed."
if [[ "${VAR_CHROOT_DEBUG}" == "true" ]]; then
if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
dump_vars_exiting
fi
case "${VAR_IN_DIALOG_WR}" in
box ) dialog_box_cleaner ;;
gauge ) dialog_gauge_cleaner ;;
text ) dialog_text_cleaner ;;
* ) : ;;
esac
do_log "emergency" "tty" "1080() Launching interactive debug shell in chroot: '${var_chroot_target}'."
chroot "${var_chroot_target}" /bin/bash -l
else
return "${ERR_CHRT_COMMAND}"
fi
else
do_log "info" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -s] successful."
return 0
fi
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f chroot_stdin
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink