Add sysvinit method to existing upstart support in script for native chroots to disable starting daemons. (Closes: #611188)

git-svn-id: http://emdebian.org/svn/current@7726 563faec7-e20c-0410-992a-a66f704d0ccd
This commit is contained in:
codehelp 2011-01-29 15:45:07 +00:00
parent 45486ea13e
commit 5d71a7fed3
6 changed files with 72 additions and 39 deletions

4
debian/changelog vendored
View file

@ -12,8 +12,10 @@ multistrap (2.1.9) experimental; urgency=low
(Closes: #610634) (Closes: #610634)
* Fix unpack option to look only for 'true' values. * Fix unpack option to look only for 'true' values.
* Experimental support for debconf preseed files (Closes: #610614) * Experimental support for debconf preseed files (Closes: #610614)
* Add sysvinit method to existing upstart support in script for native
chroots to disable starting daemons. (Closes: #611188)
-- Neil Williams <codehelp@debian.org> Fri, 28 Jan 2011 12:57:19 +0000 -- Neil Williams <codehelp@debian.org> Sat, 29 Jan 2011 15:43:39 +0000
multistrap (2.1.8) experimental; urgency=low multistrap (2.1.8) experimental; urgency=low

View file

@ -2,13 +2,13 @@ multistrap ./usr/sbin/
doc/multistrap/man/* ./usr/share/man/ doc/multistrap/man/* ./usr/share/man/
examples/device_table.txt ./usr/share/doc/multistrap/examples/ examples/device_table.txt ./usr/share/doc/multistrap/examples/
examples/multistrap-example.conf ./usr/share/doc/multistrap/examples/ examples/multistrap-example.conf ./usr/share/doc/multistrap/examples/
examples/setup.sh ./usr/share/doc/multistrap/examples/
examples/config.sh ./usr/share/doc/multistrap/examples/
examples/sid.conf ./usr/share/multistrap/ examples/sid.conf ./usr/share/multistrap/
examples/squeeze.conf ./usr/share/multistrap/ examples/squeeze.conf ./usr/share/multistrap/
examples/lenny.conf ./usr/share/multistrap/ examples/lenny.conf ./usr/share/multistrap/
examples/setup.sh ./usr/share/doc/multistrap/examples/
examples/config.sh ./usr/share/doc/multistrap/examples/
examples/chroot.sh ./usr/share/multistrap/ examples/chroot.sh ./usr/share/multistrap/
examples/chroot-policy.sh ./usr/share/multistrap/ examples/chroot.conf ./usr/share/multistrap/
check-deps.sh ./usr/share/multistrap/ check-deps.sh ./usr/share/multistrap/
device-table.pl ./usr/share/multistrap/ device-table.pl ./usr/share/multistrap/
update-rc.d ./usr/share/multistrap/ update-rc.d ./usr/share/multistrap/

View file

@ -1,18 +0,0 @@
#!/bin/sh
set -e
# The script is called with the following arguments:
# $1 = $DIR - the top directory of the debootstrapped system
# $2 = $ARCH - the specified architecture, already checked with dpkg-architecture.
# setup.sh needs to be executable.
if [ -d $1 ]; then
mkdir -p $1/usr/sbin/
cat > $1/usr/sbin/policy-rc.d << EOF
#!/bin/sh
echo "All runlevel operations denied by policy" >&2
EOF
chmod a+x $1/usr/sbin/policy-rc.d
fi

30
examples/chroot.conf Normal file
View file

@ -0,0 +1,30 @@
# Example multistrap configuration file for native chroots.
[General]
arch=
directory=
# same as --tidy-up option if set to true
cleanup=true
# same as --no-auth option if set to true
# keyring packages listed in each debootstrap will
# still be installed.
noauth=false
# whether to add the /suite to be explicit about where apt
# needs to look for packages. Default is false.
explicitsuite=false
# extract all downloaded archives (default is true)
unpack=true
# this setupscript is just for native chroots
# to stop daemons from starting during configuration.
setupscript=/usr/share/multistrap/chroot.sh
# the order of sections is not important.
# the debootstrap option determines which repository
# is used to calculate the list of Priority: required packages.
debootstrap=Debian
aptsources=Debian
[Debian]
packages=apt
source=http://ftp.uk.debian.org/debian
keyring=debian-archive-keyring
suite=squeeze

View file

@ -2,36 +2,40 @@
set -e set -e
# This setup script is an alternative method of adjusting the tarball
# contents immediately after multistrap has unpacked the packages.
# At this stage, any operations inside the rootfs must not try to
# execute any binaries within the rootfs.
# The script is called with the following arguments: # The script is called with the following arguments:
# $1 = $DIR - the top directory of the debootstrapped system # $1 = $DIR - the top directory of the debootstrapped system
# $2 = $ARCH - the specified architecture, already checked with dpkg-architecture. # $2 = $ARCH - the specified architecture, already checked with dpkg-architecture.
# setup.sh needs to be executable. # setup.sh needs to be executable.
TARGET=$1 TARGET=$1
# upstart support
if [ -x "$TARGET/sbin/initctl" ]; then if [ -x "$TARGET/sbin/initctl" ]; then
mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" echo "initctl: Trying to prevent daemons from starting in $TARGET"
echo \ mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
echo \
"#!/bin/sh "#!/bin/sh
echo echo
echo echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" echo echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
chmod 755 "$TARGET/sbin/start-stop-daemon" chmod 755 "$TARGET/sbin/start-stop-daemon"
fi fi
if [ -x "$TARGET/sbin/initctl" ]; then if [ -x "$TARGET/sbin/initctl" ]; then
mv "$TARGET/sbin/initctl" "$TARGET/sbin/initctl.REAL" echo "initctl: Trying to prevent daemons from starting in $TARGET"
echo \ mv "$TARGET/sbin/initctl" "$TARGET/sbin/initctl.REAL"
echo \
"#!/bin/sh "#!/bin/sh
echo echo
echo \"Warning: Fake initctl called, doing nothing\"" > "$TARGET/sbin/initctl" echo \"Warning: Fake initctl called, doing nothing\"" > "$TARGET/sbin/initctl"
chmod 755 "$TARGET/sbin/initctl" chmod 755 "$TARGET/sbin/initctl"
fi
# sysvinit support - exit value of 101 is essential.
if [ -x "$TARGET/sbin/init" && ! -f "$TARGET/usr/sbin/policy-rc.d" ]; then
echo "sysvinit: Using policy-rc.d to prevent daemons from starting in $TARGET"
mkdir -p $TARGET/usr/sbin/
cat > $TARGET/usr/sbin/policy-rc.d << EOF
#!/bin/sh
echo "sysvinit: All runlevel operations denied by policy" >&2
exit 101
EOF
chmod a+x $TARGET/usr/sbin/policy-rc.d
fi fi

View file

@ -350,6 +350,21 @@ A native multistrap can be used directly with chroot, so
C<multistrap> runs C<dpkg --configure -a> at the end of the C<multistrap> runs C<dpkg --configure -a> at the end of the
multistrap process. multistrap process.
=head1 Daemons in chroots
Depending on which system you using to provide the packages for
C<multistrap>, native chroots should generally not allow daemons to
start inside the chroot. Use the F</usr/share/multistrap/chroot.sh>
as your C<setupscript> or include that script in your own setup script.
setupscript=/usr/share/multistrap/chroot.sh
F<chroot.sh> copes with systems using F<sysvinit> and F<upstart>.
See also
http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt
=head1 Cascading configuration =head1 Cascading configuration
To support multiple variants of a basic (common) configuration, To support multiple variants of a basic (common) configuration,