mrrl-containers

MRRL version of container scripts
git clone https://ccx.te2000.cz/git/mrrl-containers
Log | Files | Refs
commit 214bcedf400595f5cab23734c9d4af9b5af8dde1
parent 47870fc3bd740c1a6f95878e2d454ad65494f4b0
Author: ccx <ccx@te2000.cz>
Date:   Sun, 17 Nov 2024 11:56:12 +0000

Gentoo nomultilib (glibc) + set uid/gid for portage

Diffstat:

Mzsh-functions/confz_containers_init | 67+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------


Mzsh-functions/confz_site_containers_init | 28+++++++++++++++-------------


2 files changed, 76 insertions(+), 19 deletions(-)

diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init
@@ -298,6 +298,46 @@ confz_container_image_owner_check() {
 	[[ $stat_info[uid] == $vars[uid] && $stat_info[gid] == $vars[gid] ]]
 }
 
+confz_container_image_user_uid_gid_check() {
+	checkvars containers_dir image_name uid gid
+	defvar user root
+	local user_bre=${vars[user]//(#b)([\[\]\\.*^$])/\\$match[1]}
+	do_command=(
+		sed -i "s/^$user_bre:\([^:]*\):[^:]*:[^:]*:/${vars[user]}:\1:${vars[uid]}:${vars[gid]}:/" $vars[containers_dir]/systems/$vars[image_name]/etc/passwd
+	)
+	grep -qe "^$user_bre:[^:]*:${vars[uid]}:${vars[gid]}:" $vars[containers_dir]/systems/$vars[image_name]/etc/passwd
+}
+
+confz_container_image_group_gid_check() {
+	checkvars containers_dir image_name gid
+	defvar group root
+	local -a entry
+	local line
+	<$vars[containers_dir]/systems/$vars[image_name]/etc/group while IFS= read line; do
+		entry=( "${${(s.:.)line}[@]}" )
+		# name:password:GID:user_list
+		# 1   :2       :3  :4
+		if [[ $entry[1] == $vars[group] ]]; then
+			if [[ $vars[gid] == $entry[3] ]]; then
+				return 0
+			fi
+			unify previous_gid $entry[3]
+			return 1
+		fi
+	done
+	# group not found
+	return 1
+}
+confz_container_image_group_gid_do() {
+	local group_bre=${vars[group]//(#b)([\[\]\\.*^$])/\\$match[1]}
+	if (($+vars[previous_gid])); then
+		sed -i 's|^\([^:]*:[^:]*:[^:]*\):'"${vars[previous_gid]}:|\1:${vars[gid]}:|" $vars[containers_dir]/systems/$vars[image_name]/etc/passwd || die
+		sed -i "s|^\\($group_bre:[^:]*\\):[^:]*:|\1:${vars[gid]}:|" $vars[containers_dir]/systems/$vars[image_name]/etc/group || die
+	else
+		printf '%s:x:%s:\n' $vars[group] $vars[gid] >>$vars[containers_dir]/systems/$vars[image_name]/etc/group || die
+	fi
+}
+
 confz_container_service_sysroot_check() {
 	local uid gid svc_dir container container_user_dir
 	local -a fstab
@@ -1521,21 +1561,26 @@ confz_container_nix_packages_installed_check() {
 # --- Gentoo ---
 confz_container_gentoo_from_snapshot_check() {
 	checkvars containers_dir svscan_dir image_name system
-	defvar build 20241006T144834Z
 	defvar checksum_algo sha256
 	#defvar mirror https://mirrors.gentoo.org/gentoo
 	defvar mirror http://ftp.fi.muni.cz/pub/linux/gentoo/
 
 	case $vars[system] in
-		(amd64-musl-hardened) case $vars[build] in
-			(20240128T165521Z)
-				defvar checksum ab0bcfe9001dc0fc612e92fb2ccbbf1e2c03fd5630712515b28a1362268e15f1
+		(amd64-musl-hardened) defvar build 20241006T144834Z; case $vars[build] in
+			(20241006T144834Z)
+				defvar checksum 8d53c2d6df66f5e0559541b31c1f6587339cc26640a74372449afeaac4ecc2fc
 				;;
 			(20240312T171909Z)
 				defvar checksum 2f3b224aeb231fec83652d9d9a5b9b80a28b46521bca7a0347a5ba212ae00e04
 				;;
-			(20241006T144834Z)
-				defvar checksum 8d53c2d6df66f5e0559541b31c1f6587339cc26640a74372449afeaac4ecc2fc
+			(20240128T165521Z)
+				defvar checksum ab0bcfe9001dc0fc612e92fb2ccbbf1e2c03fd5630712515b28a1362268e15f1
+				;;
+		esac
+		;;
+		(amd64-nomultilib-openrc) defvar build 20241110T170333Z; case $vars[build] in
+			(20241110T170333Z)
+				defvar checksum 3248000a2cc0f4df9fbc0bc4e4f2a2c1db7265b5c8c7cc116dcdc0fda5705f59
 				;;
 		esac
 		;;
@@ -1568,6 +1613,16 @@ confz_container_gentoo_image_check() {
 		:sysroot_user :containers_dir :root :filename
 
 	require container_generic_layout :uid :gid :root
+
+	require container_image_user_uid_gid \
+		:containers_dir :image_name :uid :gid user=root
+	require container_image_group_gid \
+		:containers_dir :image_name :gid group=root
+
+	require container_image_user_uid_gid \
+		:containers_dir :image_name :uid :gid user=portage
+	require container_image_group_gid \
+		:containers_dir :image_name :gid group=portage
 }
 
 confz_container_gentoo_stage3_installed_check() {
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init
@@ -348,7 +348,7 @@ confz_site_container_void_glibc_nonfree_check() {
 }
 
 confz_site_container_gentoo_check() {
-	checkvars containers_dir svscan_dir image_name
+	checkvars containers_dir svscan_dir image_name system
 	defvar system amd64-musl-hardened
 
 	require container_gentoo_from_snapshot \
@@ -384,21 +384,23 @@ confz_site_container_debian_puppetserver_check() {
 confz_site_container_images_check() {
 	checkvars containers_dir svscan_dir
 
-	require site_container_gentoo :containers_dir :svscan_dir \
-		image_name=gentoo-xorg
-
-	require site_container_gentoo :containers_dir :svscan_dir \
-		image_name=gentoo-video
-
-	require site_container_gentoo :containers_dir :svscan_dir \
-		image_name=gentoo-torbrowser
+	local -a gentoo_images_musl
+	gentoo_images_musl=(
+		xorg
+		video
+		torbrowser
+		mumble
+		dev
+	)
 
-	require site_container_gentoo :containers_dir :svscan_dir \
-		image_name=gentoo-mumble
+	local i
+	for i in $gentoo_images_musl; do
+		require site_container_gentoo :containers_dir :svscan_dir \
+			system=amd64-musl-hardened image_name=gentoo-$i
+	done
 
 	require site_container_gentoo :containers_dir :svscan_dir \
-		image_name=gentoo-dev
-
+		system=amd64-nomultilib-openrc image_name=gentoo-dev-glibc
 
 	local -a alpine_core=(
 		s6