119 lines
3.4 KiB
Bash
Executable File
119 lines
3.4 KiB
Bash
Executable File
#!/bin/sh
|
|
# vim: set sw=4 ts=4 sts=4 et :
|
|
|
|
set -e
|
|
|
|
. "${CONFIGDIR:=${PWD}}"/config
|
|
|
|
mkdir -p \
|
|
/mnt/gentoo/usr/bin \
|
|
/mnt/gentoo/usr/lib \
|
|
/mnt/gentoo/usr/lib64 \
|
|
|| exit
|
|
[ -h /mnt/gentoo/bin ] || ln -s usr/bin /mnt/gentoo/bin
|
|
[ -h /mnt/gentoo/sbin ] || ln -s usr/sbin /mnt/gentoo/sbin
|
|
[ -h /mnt/gentoo/usr/sbin ] || ln -s bin /mnt/gentoo/usr/sbin
|
|
[ -h /mnt/gentoo/lib ] || ln -s usr/lib /mnt/gentoo/lib
|
|
[ -h /mnt/gentoo/lib64 ] || ln -s usr/lib64 /mnt/gentoo/lib64
|
|
|
|
mkdir -p /mnt/gentoo/etc/portage
|
|
ln -snf \
|
|
/var/db/repos/gentoo/profiles/${profile} \
|
|
/mnt/gentoo/etc/portage/make.profile
|
|
|
|
cat \
|
|
install.packages \
|
|
"${CONFIGDIR}"/install.packages \
|
|
| xargs -ro \
|
|
${target}-emerge \
|
|
--root=/mnt/gentoo \
|
|
--config-root="${CONFIGDIR}"/portage/target \
|
|
-KvnuUDj \
|
|
--rebuilt-binaries=y
|
|
|
|
< "${CONFIGDIR}"/installonly.packages xargs -ro \
|
|
${target}-emerge \
|
|
--root=/mnt/gentoo \
|
|
--config-root="${CONFIGDIR}"/portage/target \
|
|
-vnuUDj
|
|
|
|
ROOT=/mnt/gentoo \
|
|
locale-gen
|
|
|
|
mkdir -p \
|
|
/mnt/gentoo/boot/efi \
|
|
/mnt/gentoo/dev \
|
|
/mnt/gentoo/home \
|
|
/mnt/gentoo/proc \
|
|
/mnt/gentoo/sys \
|
|
|| exit
|
|
|
|
: > /mnt/gentoo/etc/machine-id
|
|
|
|
while read name; do
|
|
if [ ! -h /mnt/gentoo/bin/"${name}" ]; then
|
|
printf "'/bin/%s' -> 'busybox'\n" "${name}"
|
|
ln -snf busybox /mnt/gentoo/bin/"${name}" \
|
|
|| printf 'Failed to create busybox symlink for %s\n' "${name}"
|
|
fi
|
|
done < "${CONFIGDIR}"/busybox.symlinks
|
|
|
|
rsync -rltpDO overlay/ /mnt/gentoo/
|
|
if [ -d "${CONFIGDIR}"/overlay ]; then
|
|
rsync -rltpDO "${CONFIGDIR}"/overlay/ /mnt/gentoo/
|
|
fi
|
|
|
|
cp -uv /usr/${target}/usr/bin/grub-editenv /mnt/gentoo/usr/bin/
|
|
|
|
if [ -d /mnt/gentoo/usr/${target}/usr/lib/udev/rules.d ]; then
|
|
find /mnt/gentoo/usr/${target}/usr/lib/udev/rules.d \
|
|
-name '*.rules' \
|
|
-exec mv -t /mnt/gentoo/usr/lib/udev/rules.d/ {} +
|
|
fi
|
|
|
|
if [ -f /mnt/gentoo/etc/udev/hwdb.bin ]; then
|
|
mv /mnt/gentoo/etc/udev/hwdb.bin /mnt/gentoo/usr/lib/udev/
|
|
fi
|
|
|
|
rm -f /mnt/gentoo/lib/tmpfiles.d/provision.conf
|
|
systemd-tmpfiles --root=/mnt/gentoo -E --exclude-prefix=/var --create
|
|
|
|
systemctl preset-all --root=/mnt/gentoo
|
|
rm -f /mnt/gentoo/lib/systemd/system/sysinit.target.wants/ldconfig.service
|
|
|
|
systemd-sysusers --root=/mnt/gentoo
|
|
if grep -q '^root:.*/bin/bash$' /mnt/gentoo/etc/passwd; then
|
|
sed -ri 's@(root:.*):/bin/bash@\1:/bin/sh@' /mnt/gentoo/etc/passwd
|
|
fi
|
|
|
|
if ! grep -q Include /mnt/gentoo/etc/ssh/sshd_config; then
|
|
echo 'Include /etc/ssh/sshd_config.d/*.conf' \
|
|
>> /mnt/gentoo/etc/ssh/sshd_config
|
|
fi
|
|
|
|
# Although `semanage` accepts a `--store` argument that supposedly
|
|
# instructs it to operate on an alternate SELinux policy store, it
|
|
# doesn't actually work. As such, we have to run `semanage` in an
|
|
# alternate mount namespace with the target policy store bind-mounted
|
|
# at the default location so `semanage` can operate on it.
|
|
unshare -m sh -e <<EOF
|
|
mount -o bind /mnt/gentoo/var/lib/selinux /var/lib/selinux
|
|
mount -o bind /mnt/gentoo/etc/selinux /etc/selinux
|
|
semanage boolean -N -m --on ssh_sysadm_login
|
|
semanage login -N -m -s root root
|
|
semanage user -N -m -R sysadm_r root
|
|
EOF
|
|
|
|
setfiles \
|
|
-p \
|
|
-F \
|
|
-m \
|
|
-r /mnt/gentoo \
|
|
-c /mnt/gentoo/etc/selinux/mcs/policy/policy.* \
|
|
-e /mnt/gentoo/var/db/pkg \
|
|
-e /mnt/gentoo/etc/portage \
|
|
/mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
|
|
/mnt/gentoo
|
|
|
|
touch /mnt/gentoo/usr
|