-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathlabel-install
executable file
·175 lines (154 loc) · 6.17 KB
/
label-install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#!/bin/sh -eu
# This is the install script for gdm when run in a privileged
# container.
#
# The host file system must be mounted at /host
cd /
PATH="/usr/bin:/usr/sbin"
MISSING_PACKAGES=0
: "${HOST:=/host}"
: "${ORIGIN:=}"
if [ ! -d $HOST/etc ] || [ ! -d $HOST/proc ] || [ ! -d $HOST/run ]; then
echo "gdm-install: host file system is not mounted at $HOST"
exit 1
fi
if [ -f $HOST/usr/bin/gdm ]; then
echo "gdm-install: gdm must not be installed in the host."
MISSING_PACKAGES=1
fi
if [ ! -f $HOST/usr/lib*/libnss_systemd.so.* ]; then
echo "gdm-install: nss-systemd package must be installed on host system."
MISSING_PACKAGES=1
fi
if [ ! -f $HOST/usr/lib/systemd/systemd-userdbd ]; then
echo "gdm-install: systemd-experimental package must be installed on host system"
MISSING_PACKAGES=1
fi
if [[ $(grep -e "enforcing=1" /proc/cmdline) || $(grep 1 /sys/fs/selinux/enforce) ]]; then
echo "In /etc/default/grub, please set option 'enforcing=0' from GRUB_CMDLINE_LINUX_DEFAULT"
echo "Then run"
echo " transactional-update grub.cfg"
echo "and reboot."
MISSING_PACKAGES=1
fi
# we need accountsservice on the host for now
if [ x$INSTALL_SYSTEM_EXT = x ]; then
if [ "${container:-}" = podman -a ! -f $HOST/usr/libexec/accounts-daemon ]; then
echo "gdm-install: accountsservice package must be installed on host system."
MISSING_PACKAGES=1
fi
fi
if [ $MISSING_PACKAGES -ne 0 ]; then
echo "gdm-install: Once missing packages are available on the system, please run again gdm container install script"
exit 1
fi
if [ ! -e $HOST/etc/nsswitch.conf ]; then
grep -q 'passwd.*systemd' $HOST/usr/etc/nsswitch.conf
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
cp $HOST/usr/etc/nsswitch.conf $HOST/etc/nsswitch.conf
cd $HOST/etc
patch -p0 -b -z .gdm-installer < $ORIGIN/container/nsswitch.conf.patch
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "unable to create /etc/nsswitch.conf with nss-systemd enabled "
echo "gdm-install: nss-systemd is not configured in /etc/nsswitch.conf nor /usr/etc/nsswitch.conf, check man nss-systemd "
echo "try applying the following patch to /etc/nsswitch.conf (/usr/etc/nsswitch.conf is the umodified file) "
cat $ORIGIN/container/nsswitch.conf.patch
exit 1
fi
cd -
fi
else
grep -q 'passwd.*systemd' $HOST/etc/nsswitch.conf
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "gdm-install: nss-systemd is not configured in /etc/nsswitch.conf nor /usr/etc/nsswitch.conf, check man nss-systemd "
echo "try applying the following patch to /etc/nsswitch.conf (/usr/etc/nsswitch.conf is the umodified file) "
cat $ORIGIN/container/nsswitch.conf.patch
exit 1
fi
fi
# install policies
if [ x$INSTALL_SYSTEM_EXT = x ]; then
# copy all dbus policies if not existing on host
for i in $ORIGIN/usr/share/dbus-1/system.d/gdm.conf ; do
dbus_policy=$(basename $i)
if [ ! -e $HOST/$i ] && [ ! -e $HOST/etc/dbus-1/system.d/$dbus_policy ] ; then
cp -av $i $HOST/etc/dbus-1/system.d/$dbus_policy
fi
done
fi
# For podman, install a systemd unit for starting on boot and userdb entries and default config files for gdm
if [ "${container:-}" = podman -a x$INSTALL_SYSTEM_EXT = x ]; then
if [ ! -e $HOST/etc/systemd/system/gdm.service ]; then
mkdir -p $HOST/etc/systemd/system/
sed -e "s,%IMAGE%,${IMAGE},g;s,%PODMAN_RUN_GDM_STANDALONE_OPTIONS%,_PODMAN_RUN_GDM_STANDALONE_OPTIONS_,g" $ORIGIN/container/systemd/gdm.service > $HOST/etc/systemd/system/gdm.service
fi
if [ ! -e $HOST/etc/systemd/system/gdm-systemd.service ]; then
mkdir -p $HOST/etc/systemd/system/
sed -e "s,%IMAGE%,${IMAGE},g;s,%PODMAN_RUN_GDM_SYSTEMD_OPTIONS%,_PODMAN_RUN_GDM_SYSTEMD_OPTIONS_,g" $ORIGIN/container/systemd/gdm-systemd.service > $HOST/etc/systemd/system/gdm-systemd.service
fi
fi
if [ x$INSTALL_SYSTEM_EXT = x ]; then
USERDB_PREFIX=$HOST/etc
else
USERDB_PREFIX=$ORIGIN/usr/lib
fi
if [ ! -e ${USERDB_PREFIX}/userdb/gdm.user ]; then
mkdir -p ${USERDB_PREFIX}/userdb/
read -a system_uids <<< "$(chroot $HOST userdbctl user --no-legend | tac | awk '$2 ~ /system/ { printf "%s ", $3 }')"
uids=${#system_uids[@]}
for (( i=0; i<${uids}; i++ ));
do
USERID=$(expr ${system_uids[$i]} - 1 )
if [[ $USERID > ${system_uids[$(expr i+1)]} ]]; then
break
fi
done
read -a system_gids <<< "$(chroot $HOST userdbctl group --no-legend | tac | awk '$2 ~ /system/ { printf "%s ", $3 }')"
gids=${#system_gids[@]}
for (( i=0; i<${gids}; i++ ));
do
GROUPID=$(expr ${system_gids[$i]} - 1 )
if [[ $GROUPID > ${system_gids[$(expr i+1)]} ]]; then
break
fi
done
sed -e "s,%USERID%,$USERID,g;s,%GROUPID%,$GROUPID,g" $ORIGIN/container/userdb/gdm.user > ${USERDB_PREFIX}/userdb/gdm.user
sed -e "s,%USERID%,$USERID,g;s,%GROUPID%,$GROUPID,g" $ORIGIN/container/userdb/gdm.group > ${USERDB_PREFIX}/userdb/gdm.group
if [ x$INSTALL_SYSTEM_EXT = x1 ]; then
mkdir -p $HOST/etc/userdb/
cp -ar ${USERDB_PREFIX}/userdb/* $HOST/etc/userdb/
fi
if [ x$INSTALL_SYSTEM_EXT = x -o x$PORTABLE = x1 ]; then
if [ x$PORTABLE = x1 ]; then
USERDB_PREFIX=$HOST/etc
fi
ln -f -s gdm.user ${USERDB_PREFIX}/userdb/$USERID.user
ln -f -s gdm.group ${USERDB_PREFIX}/userdb/$GROUPID.group
fi
fi
# ensure all directories used by gdm are created on the host
if [ ! -e $HOST/usr/lib/tmpfiles.d/gdm.conf -a ! -e $HOST/etc/tmpfiles.d/gdm.conf ]; then
cp -av $ORIGIN/usr/lib/tmpfiles.d/gdm.conf $HOST/etc/tmpfiles.d/
fi
if [ ! -d $HOST/etc/gdm ]; then
mkdir -p $HOST/etc/gdm
cp -avr $ORIGIN/etc/gdm/* $HOST/etc/gdm/
fi
if [ ! -e $HOST/etc/sysconfig/displaymanager ]; then
cp -avr $ORIGIN/etc/sysconfig/displaymanager $HOST/etc/sysconfig/
fi
if [ "${container:-}" = podman -a -e /run/dbus/system_bus_socket ]; then
systemctl -q is-active nscd && systemctl --quiet try-reload-or-restart nscd
chroot /host /usr/bin/systemd-tmpfiles -E --create /etc/tmpfiles.d/gdm.conf
systemctl daemon-reload
systemctl reload dbus
systemctl -q is-active accounts-daemon || systemctl restart accounts-daemon 2>/dev/null
fi
if [ ${INSTALL_SYSTEM_EXT}x = x ]; then
echo gdm container installed, to start it:
echo for running it in a container without systemd: systemctl start gdm
echo for running it in a container with systemd: systemctl start gdm-systemd
fi