home-assistant-yellow/build-rootfs.sh

#!/bin/sh
# vim: set sw=4 ts=4 sts=4 et :

set -e

. "${CONFIGDIR:=${PWD}}"/config

mkdir -p \
    /mnt/gentoo/usr/bin \
    /mnt/gentoo/usr/lib \
    /mnt/gentoo/usr/lib64 \
    || exit
[ -h /mnt/gentoo/bin ] || ln -s usr/bin /mnt/gentoo/bin
[ -h /mnt/gentoo/sbin ] || ln -s usr/sbin /mnt/gentoo/sbin
[ -h /mnt/gentoo/usr/sbin ] || ln -s bin /mnt/gentoo/usr/sbin
[ -h /mnt/gentoo/lib ] || ln -s usr/lib /mnt/gentoo/lib
[ -h /mnt/gentoo/lib64 ] || ln -s usr/lib64 /mnt/gentoo/lib64

mkdir -p /mnt/gentoo/etc/portage
ln -snf \
    /var/db/repos/gentoo/profiles/${profile} \
    /mnt/gentoo/etc/portage/make.profile

ROOT=/mnt/gentoo \
PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/target \
< "${CONFIGDIR}"/install.packages xargs -ro \
${target}-emerge -KvnuUDj --rebuilt-binaries=y

ROOT=/mnt/gentoo \
PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/target \
< "${CONFIGDIR}"/installonly.packages xargs -ro \
${target}-emerge -vnuUDj

ROOT=/mnt/gentoo \
locale-gen

mkdir -p \
    /mnt/gentoo/boot/efi \
    /mnt/gentoo/dev \
    /mnt/gentoo/home \
    /mnt/gentoo/proc \
    /mnt/gentoo/sys \
    || exit

: > /mnt/gentoo/etc/machine-id

while read name; do
    if [ ! -h /mnt/gentoo/bin/"${name}" ]; then
        printf "'/bin/%s' -> 'busybox'\n" "${name}"
        ln -snf busybox /mnt/gentoo/bin/"${name}" \
            || printf 'Failed to create busybox symlink for %s\n' "${name}"
    fi
done < "${CONFIGDIR}"/busybox.symlinks

rsync -rltpDO overlay/ /mnt/gentoo/
if [ -d "${CONFIGDIR}"/overlay ]; then
    rsync -rltpDO "${CONFIGDIR}"/overlay/ /mnt/gentoo/
fi

cp -uv /usr/${target}/usr/bin/grub-editenv /mnt/gentoo/usr/bin/

find /mnt/gentoo/usr/${target}/usr/lib/udev/rules.d \
    -name '*.rules' \
    -exec mv -t /mnt/gentoo/usr/lib/udev/rules.d/ {} +

if [ -f /mnt/gentoo/etc/udev/hwdb.bin ]; then
    mv /mnt/gentoo/etc/udev/hwdb.bin /mnt/gentoo/usr/lib/udev/
fi

rm -f /mnt/gentoo/lib/tmpfiles.d/provision.conf
sed -i 's:d /var/log :v /var/log :' /mnt/gentoo/lib/tmpfiles.d/var.conf
systemd-tmpfiles --root=/mnt/gentoo -E --exclude-prefix=/var --create

systemctl preset-all --root=/mnt/gentoo
rm -f /mnt/gentoo/lib/systemd/system/sysinit.target.wants/ldconfig.service

systemd-sysusers --root=/mnt/gentoo
if grep -q '^root:.*/bin/bash$' /mnt/gentoo/etc/passwd; then
    sed -ri 's@(root:.*):/bin/bash@\1:/bin/sh@' /mnt/gentoo/etc/passwd
fi

if ! grep -q Include /mnt/gentoo/etc/ssh/sshd_config; then
    echo 'Include /etc/ssh/sshd_config.d/*.conf' \
        >> /mnt/gentoo/etc/ssh/sshd_config
fi

# Although `semanage` accepts a `--store` argument that supposedly
# instructs it to operate on an alternate SELinux policy store, it
# doesn't actually work.  As such, we have to run `semanage` in an
# alternate mount namespace with the target policy store bind-mounted
# at the default location so `semanage` can operate on it.
unshare -m sh -e <<EOF
mount -o bind /mnt/gentoo/var/lib/selinux /var/lib/selinux
mount -o bind /mnt/gentoo/etc/selinux /etc/selinux
semanage boolean -N -m --on ssh_sysadm_login
semanage login -N -m -s root root
semanage user -N -m -R sysadm_r root
EOF

setfiles \
    -p \
    -F \
    -m \
    -r /mnt/gentoo \
    -c /mnt/gentoo/etc/selinux/mcs/policy/policy.* \
    -e /mnt/gentoo/var/db/pkg \
    -e /mnt/gentoo/etc/portage \
    /mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
    /mnt/gentoo

touch /mnt/gentoo/usr