Add sysvinit method to existing upstart support in script for native chroots to disable starting daemons. (Closes: #611188)
git-svn-id: http://emdebian.org/svn/current@7726 563faec7-e20c-0410-992a-a66f704d0ccd
This commit is contained in:
parent
45486ea13e
commit
5d71a7fed3
6 changed files with 72 additions and 39 deletions
4
debian/changelog
vendored
4
debian/changelog
vendored
|
@ -12,8 +12,10 @@ multistrap (2.1.9) experimental; urgency=low
|
||||||
(Closes: #610634)
|
(Closes: #610634)
|
||||||
* Fix unpack option to look only for 'true' values.
|
* Fix unpack option to look only for 'true' values.
|
||||||
* Experimental support for debconf preseed files (Closes: #610614)
|
* Experimental support for debconf preseed files (Closes: #610614)
|
||||||
|
* Add sysvinit method to existing upstart support in script for native
|
||||||
|
chroots to disable starting daemons. (Closes: #611188)
|
||||||
|
|
||||||
-- Neil Williams <codehelp@debian.org> Fri, 28 Jan 2011 12:57:19 +0000
|
-- Neil Williams <codehelp@debian.org> Sat, 29 Jan 2011 15:43:39 +0000
|
||||||
|
|
||||||
multistrap (2.1.8) experimental; urgency=low
|
multistrap (2.1.8) experimental; urgency=low
|
||||||
|
|
||||||
|
|
6
debian/multistrap.install
vendored
6
debian/multistrap.install
vendored
|
@ -2,13 +2,13 @@ multistrap ./usr/sbin/
|
||||||
doc/multistrap/man/* ./usr/share/man/
|
doc/multistrap/man/* ./usr/share/man/
|
||||||
examples/device_table.txt ./usr/share/doc/multistrap/examples/
|
examples/device_table.txt ./usr/share/doc/multistrap/examples/
|
||||||
examples/multistrap-example.conf ./usr/share/doc/multistrap/examples/
|
examples/multistrap-example.conf ./usr/share/doc/multistrap/examples/
|
||||||
|
examples/setup.sh ./usr/share/doc/multistrap/examples/
|
||||||
|
examples/config.sh ./usr/share/doc/multistrap/examples/
|
||||||
examples/sid.conf ./usr/share/multistrap/
|
examples/sid.conf ./usr/share/multistrap/
|
||||||
examples/squeeze.conf ./usr/share/multistrap/
|
examples/squeeze.conf ./usr/share/multistrap/
|
||||||
examples/lenny.conf ./usr/share/multistrap/
|
examples/lenny.conf ./usr/share/multistrap/
|
||||||
examples/setup.sh ./usr/share/doc/multistrap/examples/
|
|
||||||
examples/config.sh ./usr/share/doc/multistrap/examples/
|
|
||||||
examples/chroot.sh ./usr/share/multistrap/
|
examples/chroot.sh ./usr/share/multistrap/
|
||||||
examples/chroot-policy.sh ./usr/share/multistrap/
|
examples/chroot.conf ./usr/share/multistrap/
|
||||||
check-deps.sh ./usr/share/multistrap/
|
check-deps.sh ./usr/share/multistrap/
|
||||||
device-table.pl ./usr/share/multistrap/
|
device-table.pl ./usr/share/multistrap/
|
||||||
update-rc.d ./usr/share/multistrap/
|
update-rc.d ./usr/share/multistrap/
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# The script is called with the following arguments:
|
|
||||||
|
|
||||||
# $1 = $DIR - the top directory of the debootstrapped system
|
|
||||||
# $2 = $ARCH - the specified architecture, already checked with dpkg-architecture.
|
|
||||||
|
|
||||||
# setup.sh needs to be executable.
|
|
||||||
if [ -d $1 ]; then
|
|
||||||
mkdir -p $1/usr/sbin/
|
|
||||||
cat > $1/usr/sbin/policy-rc.d << EOF
|
|
||||||
#!/bin/sh
|
|
||||||
echo "All runlevel operations denied by policy" >&2
|
|
||||||
EOF
|
|
||||||
chmod a+x $1/usr/sbin/policy-rc.d
|
|
||||||
fi
|
|
30
examples/chroot.conf
Normal file
30
examples/chroot.conf
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Example multistrap configuration file for native chroots.
|
||||||
|
|
||||||
|
[General]
|
||||||
|
arch=
|
||||||
|
directory=
|
||||||
|
# same as --tidy-up option if set to true
|
||||||
|
cleanup=true
|
||||||
|
# same as --no-auth option if set to true
|
||||||
|
# keyring packages listed in each debootstrap will
|
||||||
|
# still be installed.
|
||||||
|
noauth=false
|
||||||
|
# whether to add the /suite to be explicit about where apt
|
||||||
|
# needs to look for packages. Default is false.
|
||||||
|
explicitsuite=false
|
||||||
|
# extract all downloaded archives (default is true)
|
||||||
|
unpack=true
|
||||||
|
# this setupscript is just for native chroots
|
||||||
|
# to stop daemons from starting during configuration.
|
||||||
|
setupscript=/usr/share/multistrap/chroot.sh
|
||||||
|
# the order of sections is not important.
|
||||||
|
# the debootstrap option determines which repository
|
||||||
|
# is used to calculate the list of Priority: required packages.
|
||||||
|
debootstrap=Debian
|
||||||
|
aptsources=Debian
|
||||||
|
|
||||||
|
[Debian]
|
||||||
|
packages=apt
|
||||||
|
source=http://ftp.uk.debian.org/debian
|
||||||
|
keyring=debian-archive-keyring
|
||||||
|
suite=squeeze
|
|
@ -2,36 +2,40 @@
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# This setup script is an alternative method of adjusting the tarball
|
|
||||||
# contents immediately after multistrap has unpacked the packages.
|
|
||||||
|
|
||||||
# At this stage, any operations inside the rootfs must not try to
|
|
||||||
# execute any binaries within the rootfs.
|
|
||||||
|
|
||||||
# The script is called with the following arguments:
|
# The script is called with the following arguments:
|
||||||
|
|
||||||
# $1 = $DIR - the top directory of the debootstrapped system
|
# $1 = $DIR - the top directory of the debootstrapped system
|
||||||
# $2 = $ARCH - the specified architecture, already checked with dpkg-architecture.
|
# $2 = $ARCH - the specified architecture, already checked with dpkg-architecture.
|
||||||
|
|
||||||
# setup.sh needs to be executable.
|
# setup.sh needs to be executable.
|
||||||
|
|
||||||
TARGET=$1
|
TARGET=$1
|
||||||
|
# upstart support
|
||||||
if [ -x "$TARGET/sbin/initctl" ]; then
|
if [ -x "$TARGET/sbin/initctl" ]; then
|
||||||
mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
|
echo "initctl: Trying to prevent daemons from starting in $TARGET"
|
||||||
echo \
|
mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
|
||||||
|
echo \
|
||||||
"#!/bin/sh
|
"#!/bin/sh
|
||||||
echo
|
echo
|
||||||
echo echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
|
echo echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
|
||||||
chmod 755 "$TARGET/sbin/start-stop-daemon"
|
chmod 755 "$TARGET/sbin/start-stop-daemon"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -x "$TARGET/sbin/initctl" ]; then
|
if [ -x "$TARGET/sbin/initctl" ]; then
|
||||||
mv "$TARGET/sbin/initctl" "$TARGET/sbin/initctl.REAL"
|
echo "initctl: Trying to prevent daemons from starting in $TARGET"
|
||||||
echo \
|
mv "$TARGET/sbin/initctl" "$TARGET/sbin/initctl.REAL"
|
||||||
|
echo \
|
||||||
"#!/bin/sh
|
"#!/bin/sh
|
||||||
echo
|
echo
|
||||||
echo \"Warning: Fake initctl called, doing nothing\"" > "$TARGET/sbin/initctl"
|
echo \"Warning: Fake initctl called, doing nothing\"" > "$TARGET/sbin/initctl"
|
||||||
chmod 755 "$TARGET/sbin/initctl"
|
chmod 755 "$TARGET/sbin/initctl"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# sysvinit support - exit value of 101 is essential.
|
||||||
|
if [ -x "$TARGET/sbin/init" && ! -f "$TARGET/usr/sbin/policy-rc.d" ]; then
|
||||||
|
echo "sysvinit: Using policy-rc.d to prevent daemons from starting in $TARGET"
|
||||||
|
mkdir -p $TARGET/usr/sbin/
|
||||||
|
cat > $TARGET/usr/sbin/policy-rc.d << EOF
|
||||||
|
#!/bin/sh
|
||||||
|
echo "sysvinit: All runlevel operations denied by policy" >&2
|
||||||
|
exit 101
|
||||||
|
EOF
|
||||||
|
chmod a+x $TARGET/usr/sbin/policy-rc.d
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -350,6 +350,21 @@ A native multistrap can be used directly with chroot, so
|
||||||
C<multistrap> runs C<dpkg --configure -a> at the end of the
|
C<multistrap> runs C<dpkg --configure -a> at the end of the
|
||||||
multistrap process.
|
multistrap process.
|
||||||
|
|
||||||
|
=head1 Daemons in chroots
|
||||||
|
|
||||||
|
Depending on which system you using to provide the packages for
|
||||||
|
C<multistrap>, native chroots should generally not allow daemons to
|
||||||
|
start inside the chroot. Use the F</usr/share/multistrap/chroot.sh>
|
||||||
|
as your C<setupscript> or include that script in your own setup script.
|
||||||
|
|
||||||
|
setupscript=/usr/share/multistrap/chroot.sh
|
||||||
|
|
||||||
|
F<chroot.sh> copes with systems using F<sysvinit> and F<upstart>.
|
||||||
|
|
||||||
|
See also
|
||||||
|
|
||||||
|
http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt
|
||||||
|
|
||||||
=head1 Cascading configuration
|
=head1 Cascading configuration
|
||||||
|
|
||||||
To support multiple variants of a basic (common) configuration,
|
To support multiple variants of a basic (common) configuration,
|
||||||
|
|
Loading…
Reference in a new issue