Skip to content

L
lxc
Unverified Commit 832cb182 by Christian Brauner
Options

lxc-download: make POSIX shellcheck clean

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent b80f86f2
Showing with 51 additions and 60 deletions
templates/lxc-download.in
...@@ -74,7 +74,7 @@ cleanup() { ...@@ -74,7 +74,7 @@ cleanup() {
} }
wget_wrapper() { wget_wrapper() {
for i in $(seq 3); do for _ in $(seq 3); do
if wget "$@"; then if wget "$@"; then
return 0 return 0
fi fi
...@@ -94,8 +94,8 @@ download_file() { ...@@ -94,8 +94,8 @@ download_file() {
fi fi
elif [ "${DOWNLOAD_SHOW_HTTP_WARNING}" = "true" ]; then elif [ "${DOWNLOAD_SHOW_HTTP_WARNING}" = "true" ]; then
DOWNLOAD_SHOW_HTTP_WARNING="false" DOWNLOAD_SHOW_HTTP_WARNING="false"
echo "WARNING: Failed to download the file over HTTPs." 1>&2 echo "WARNING: Failed to download the file over HTTPs" 1>&2
echo " The file was instead download over HTTP. " 1>&2 echo " The file was instead download over HTTP " 1>&2
echo "A server replay attack may be possible!" 1>&2 echo "A server replay attack may be possible!" 1>&2
fi fi
fi fi
...@@ -132,7 +132,7 @@ gpg_setup() { ...@@ -132,7 +132,7 @@ gpg_setup() {
export GNUPGHOME="${DOWNLOAD_TEMP}/gpg" export GNUPGHOME="${DOWNLOAD_TEMP}/gpg"
success= success=
for i in $(seq 3); do for _ in $(seq 3); do
if gpg --keyserver "${DOWNLOAD_KEYSERVER}" \ if gpg --keyserver "${DOWNLOAD_KEYSERVER}" \
--recv-keys "${DOWNLOAD_KEYID}" >/dev/null 2>&1; then --recv-keys "${DOWNLOAD_KEYID}" >/dev/null 2>&1; then
success=1 success=1
...@@ -142,7 +142,7 @@ gpg_setup() { ...@@ -142,7 +142,7 @@ gpg_setup() {
done done
if [ -z "${success}" ]; then if [ -z "${success}" ]; then
echo "ERROR: Unable to fetch GPG key from keyserver." echo "ERROR: Unable to fetch GPG key from keyserver"
exit 1 exit 1
fi fi
...@@ -178,16 +178,17 @@ in_userns() { ...@@ -178,16 +178,17 @@ in_userns() {
fi fi
done < /proc/self/uid_map done < /proc/self/uid_map
[ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \ [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
{ echo userns-root; return; }
echo yes echo yes
} }
relevant_file() { relevant_file() {
FILE_PATH="${LXC_CACHE_PATH}/$1" FILE_PATH="${LXC_CACHE_PATH}/$1"
if [ -e "${FILE_PATH}-${DOWNLOAD_MODE}" ]; then if [ -e "${FILE_PATH}-${DOWNLOAD_MODE}" ]; then
FILE_PATH="${FILE_PATH}-${DOWNLOAD_MODE}" FILE_PATH="${FILE_PATH}-${DOWNLOAD_MODE}"
fi fi
if [ -e "${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}" ]; then if [ -e "${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}" ]; then
FILE_PATH="${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}" FILE_PATH="${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}"
fi fi
...@@ -200,8 +201,8 @@ usage() { ...@@ -200,8 +201,8 @@ usage() {
LXC container image downloader LXC container image downloader
Special arguments: Special arguments:
[ -h | --help ]: Print this help message and exit. [ -h | --help ]: Print this help message and exit
[ -l | --list ]: List all available images and exit. [ -l | --list ]: List all available images and exit
Required arguments: Required arguments:
[ -d | --dist <distribution> ]: The name of the distribution [ -d | --dist <distribution> ]: The name of the distribution
...@@ -275,7 +276,7 @@ done ...@@ -275,7 +276,7 @@ done
if [ "${DOWNLOAD_VALIDATE}" = "true" ]; then if [ "${DOWNLOAD_VALIDATE}" = "true" ]; then
if ! command -V gpg >/dev/null 2>&1; then if ! command -V gpg >/dev/null 2>&1; then
echo "ERROR: Missing recommended tool: gpg" 1>&2 echo "ERROR: Missing recommended tool: gpg" 1>&2
echo "You can workaround this by using --no-validate." 1>&2 echo "You can workaround this by using --no-validate" 1>&2
exit 1 exit 1
fi fi
fi fi
...@@ -283,7 +284,7 @@ fi ...@@ -283,7 +284,7 @@ fi
# Check that we have all variables we need # Check that we have all variables we need
if [ -z "${LXC_NAME}" ] || [ -z "${LXC_PATH}" ] || [ -z "${LXC_ROOTFS}" ]; then if [ -z "${LXC_NAME}" ] || [ -z "${LXC_PATH}" ] || [ -z "${LXC_ROOTFS}" ]; then
if [ "${DOWNLOAD_LIST_IMAGES}" != "true" ]; then if [ "${DOWNLOAD_LIST_IMAGES}" != "true" ]; then
echo "ERROR: Not running through LXC." 1>&2 echo "ERROR: Please pass the name, path, and rootfs for the container" 1>&2
exit 1 exit 1
fi fi
fi fi
...@@ -293,7 +294,7 @@ USERNS="$(in_userns)" ...@@ -293,7 +294,7 @@ USERNS="$(in_userns)"
if [ "${USERNS}" != "no" ]; then if [ "${USERNS}" != "no" ]; then
if [ "${USERNS}" = "yes" ]; then if [ "${USERNS}" = "yes" ]; then
if [ -z "${LXC_MAPPED_UID}" ] || [ "${LXC_MAPPED_UID}" = "-1" ]; then if [ -z "${LXC_MAPPED_UID}" ] || [ "${LXC_MAPPED_UID}" = "-1" ]; then
echo "ERROR: In a user namespace without a map." 1>&2 echo "ERROR: In a user namespace without a map" 1>&2
exit 1 exit 1
fi fi
DOWNLOAD_MODE="user" DOWNLOAD_MODE="user"
...@@ -304,8 +305,7 @@ if [ "${USERNS}" != "no" ]; then ...@@ -304,8 +305,7 @@ if [ "${USERNS}" != "no" ]; then
fi fi
fi fi
if [ -z "${DOWNLOAD_DIST}" ] || [ -z "${DOWNLOAD_RELEASE}" ] || \ if [ -z "${DOWNLOAD_DIST}" ] || [ -z "${DOWNLOAD_RELEASE}" ] || [ -z "${DOWNLOAD_ARCH}" ]; then
[ -z "${DOWNLOAD_ARCH}" ]; then
DOWNLOAD_INTERACTIVE="true" DOWNLOAD_INTERACTIVE="true"
fi fi
...@@ -324,8 +324,7 @@ else ...@@ -324,8 +324,7 @@ else
fi fi
# Simply list images # Simply list images
if [ "${DOWNLOAD_LIST_IMAGES}" = "true" ] || \ if [ "${DOWNLOAD_LIST_IMAGES}" = "true" ] || [ "${DOWNLOAD_INTERACTIVE}" = "true" ]; then
[ "${DOWNLOAD_INTERACTIVE}" = "true" ]; then
# Initialize GPG # Initialize GPG
gpg_setup gpg_setup
...@@ -333,13 +332,10 @@ if [ "${DOWNLOAD_LIST_IMAGES}" = "true" ] || \ ...@@ -333,13 +332,10 @@ if [ "${DOWNLOAD_LIST_IMAGES}" = "true" ] || \
DOWNLOAD_INDEX_PATH="/meta/1.0/index-${DOWNLOAD_MODE}" DOWNLOAD_INDEX_PATH="/meta/1.0/index-${DOWNLOAD_MODE}"
echo "Downloading the image index" echo "Downloading the image index"
if ! download_file "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}" \ if ! download_file "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}" "${DOWNLOAD_TEMP}/index" noexit ||
"${DOWNLOAD_TEMP}/index" noexit || ! download_sig "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc" "${DOWNLOAD_TEMP}/index.asc" noexit; then
! download_sig "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc" \
"${DOWNLOAD_TEMP}/index.asc" noexit; then
download_file "${DOWNLOAD_INDEX_PATH}" "${DOWNLOAD_TEMP}/index" normal download_file "${DOWNLOAD_INDEX_PATH}" "${DOWNLOAD_TEMP}/index" normal
download_sig "${DOWNLOAD_INDEX_PATH}.asc" \ download_sig "${DOWNLOAD_INDEX_PATH}.asc" "${DOWNLOAD_TEMP}/index.asc" normal
"${DOWNLOAD_TEMP}/index.asc" normal
fi fi
gpg_validate "${DOWNLOAD_TEMP}/index.asc" gpg_validate "${DOWNLOAD_TEMP}/index.asc"
...@@ -350,7 +346,6 @@ if [ "${DOWNLOAD_LIST_IMAGES}" = "true" ] || \ ...@@ -350,7 +346,6 @@ if [ "${DOWNLOAD_LIST_IMAGES}" = "true" ] || \
printf "DIST\tRELEASE\tARCH\tVARIANT\tBUILD\n" printf "DIST\tRELEASE\tARCH\tVARIANT\tBUILD\n"
echo "---" echo "---"
while IFS=';' read -r f1 f2 f3 f4 f5 f6; do while IFS=';' read -r f1 f2 f3 f4 f5 f6; do
[ -n "${DOWNLOAD_DIST}" ] && [ "$f1" != "${DOWNLOAD_DIST}" ] && continue [ -n "${DOWNLOAD_DIST}" ] && [ "$f1" != "${DOWNLOAD_DIST}" ] && continue
[ -n "${DOWNLOAD_RELEASE}" ] && [ "$f2" != "${DOWNLOAD_RELEASE}" ] && continue [ -n "${DOWNLOAD_RELEASE}" ] && [ "$f2" != "${DOWNLOAD_RELEASE}" ] && continue
[ -n "${DOWNLOAD_ARCH}" ] && [ "$f3" != "${DOWNLOAD_ARCH}" ] && continue [ -n "${DOWNLOAD_ARCH}" ] && [ "$f3" != "${DOWNLOAD_ARCH}" ] && continue
...@@ -426,20 +421,16 @@ if [ "${DOWNLOAD_USE_CACHE}" = "false" ]; then ...@@ -426,20 +421,16 @@ if [ "${DOWNLOAD_USE_CACHE}" = "false" ]; then
DOWNLOAD_INDEX_PATH="/meta/1.0/index-${DOWNLOAD_MODE}" DOWNLOAD_INDEX_PATH="/meta/1.0/index-${DOWNLOAD_MODE}"
echo "Downloading the image index" echo "Downloading the image index"
if ! download_file "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}" \ if ! download_file "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}" "${DOWNLOAD_TEMP}/index" noexit ||
"${DOWNLOAD_TEMP}/index" noexit || ! download_sig "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc" "${DOWNLOAD_TEMP}/index.asc" noexit; then
! download_sig "${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc" \
"${DOWNLOAD_TEMP}/index.asc" noexit; then
download_file "${DOWNLOAD_INDEX_PATH}" "${DOWNLOAD_TEMP}/index" normal download_file "${DOWNLOAD_INDEX_PATH}" "${DOWNLOAD_TEMP}/index" normal
download_sig "${DOWNLOAD_INDEX_PATH}.asc" \ download_sig "${DOWNLOAD_INDEX_PATH}.asc" "${DOWNLOAD_TEMP}/index.asc" normal
"${DOWNLOAD_TEMP}/index.asc" normal
fi fi
gpg_validate "${DOWNLOAD_TEMP}/index.asc" gpg_validate "${DOWNLOAD_TEMP}/index.asc"
# Parse it # Parse it
while IFS=';' read -r f1 f2 f3 f4 f5 f6; do while IFS=';' read -r f1 f2 f3 f4 f5 f6; do
if [ "${f1}" != "${DOWNLOAD_DIST}" ] || \ if [ "${f1}" != "${DOWNLOAD_DIST}" ] || \
[ "${f2}" != "${DOWNLOAD_RELEASE}" ] || \ [ "${f2}" != "${DOWNLOAD_RELEASE}" ] || \
[ "${f3}" != "${DOWNLOAD_ARCH}" ] || \ [ "${f3}" != "${DOWNLOAD_ARCH}" ] || \
...@@ -456,28 +447,24 @@ if [ "${DOWNLOAD_USE_CACHE}" = "false" ]; then ...@@ -456,28 +447,24 @@ if [ "${DOWNLOAD_USE_CACHE}" = "false" ]; then
done < "${DOWNLOAD_TEMP}/index" done < "${DOWNLOAD_TEMP}/index"
if [ -z "${DOWNLOAD_URL}" ]; then if [ -z "${DOWNLOAD_URL}" ]; then
echo "ERROR: Couldn't find a matching image." 1>&1 echo "ERROR: Couldn't find a matching image" 1>&1
exit 1 exit 1
fi fi
if [ -d "${LXC_CACHE_PATH}" ] && [ -f "${LXC_CACHE_PATH}/build_id" ] && \ if [ -d "${LXC_CACHE_PATH}" ] && [ -f "${LXC_CACHE_PATH}/build_id" ] && \
[ "$(cat "${LXC_CACHE_PATH}/build_id")" = "${DOWNLOAD_BUILD}" ]; then [ "$(cat "${LXC_CACHE_PATH}/build_id")" = "${DOWNLOAD_BUILD}" ]; then
echo "The cache is already up to date." echo "The cache is already up to date"
echo "Using image from local cache" echo "Using image from local cache"
else else
# Download the actual files # Download the actual files
echo "Downloading the rootfs" echo "Downloading the rootfs"
download_file "${DOWNLOAD_URL}/rootfs.tar.xz" \ download_file "${DOWNLOAD_URL}/rootfs.tar.xz" "${DOWNLOAD_TEMP}/rootfs.tar.xz" normal
"${DOWNLOAD_TEMP}/rootfs.tar.xz" normal download_sig "${DOWNLOAD_URL}/rootfs.tar.xz.asc" "${DOWNLOAD_TEMP}/rootfs.tar.xz.asc" normal
download_sig "${DOWNLOAD_URL}/rootfs.tar.xz.asc" \
"${DOWNLOAD_TEMP}/rootfs.tar.xz.asc" normal
gpg_validate "${DOWNLOAD_TEMP}/rootfs.tar.xz.asc" gpg_validate "${DOWNLOAD_TEMP}/rootfs.tar.xz.asc"
echo "Downloading the metadata" echo "Downloading the metadata"
download_file "${DOWNLOAD_URL}/meta.tar.xz" \ download_file "${DOWNLOAD_URL}/meta.tar.xz" "${DOWNLOAD_TEMP}/meta.tar.xz" normal
"${DOWNLOAD_TEMP}/meta.tar.xz" normal download_sig "$DOWNLOAD_URL/meta.tar.xz.asc" "${DOWNLOAD_TEMP}/meta.tar.xz.asc" normal
download_sig "$DOWNLOAD_URL/meta.tar.xz.asc" \
"${DOWNLOAD_TEMP}/meta.tar.xz.asc" normal
gpg_validate "${DOWNLOAD_TEMP}/meta.tar.xz.asc" gpg_validate "${DOWNLOAD_TEMP}/meta.tar.xz.asc"
if [ -d "${LXC_CACHE_PATH}" ]; then if [ -d "${LXC_CACHE_PATH}" ]; then
...@@ -523,8 +510,7 @@ fi ...@@ -523,8 +510,7 @@ fi
# is to use a function wrapper, but the latter can't be used here as the args # is to use a function wrapper, but the latter can't be used here as the args
# are dynamic. We thus need to ignore the warning brought by shellcheck. # are dynamic. We thus need to ignore the warning brought by shellcheck.
# shellcheck disable=SC2086 # shellcheck disable=SC2086
tar --anchored ${EXCLUDES} --numeric-owner -xpJf \ tar --anchored ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
"${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
mkdir -p "${LXC_ROOTFS}/dev/pts/" mkdir -p "${LXC_ROOTFS}/dev/pts/"
...@@ -537,35 +523,40 @@ if [ ! -e "${configfile}" ]; then ...@@ -537,35 +523,40 @@ if [ ! -e "${configfile}" ]; then
fi fi
## Extract all the network config entries ## Extract all the network config entries
sed -i -e "/lxc.net.0/{w ${LXC_PATH}/config-network" -e "d}" \ sed -i -e "/lxc.net.0/{w ${LXC_PATH}/config-network" -e "d}" "${LXC_PATH}/config"
"${LXC_PATH}/config"
## Extract any other config entry ## Extract any other config entry
sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" "${LXC_PATH}/config" sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" "${LXC_PATH}/config"
## Append the defaults ## Append the defaults
echo "" >> "${LXC_PATH}/config" {
echo "# Distribution configuration" >> "${LXC_PATH}/config" echo ""
cat "$configfile" >> "${LXC_PATH}/config" echo "# Distribution configuration"
cat "$configfile"
} >> "${LXC_PATH}/config"
## Add the container-specific config ## Add the container-specific config
echo "" >> "${LXC_PATH}/config" {
echo "# Container specific configuration" >> "${LXC_PATH}/config" echo ""
if [ -e "${LXC_PATH}/config-auto" ]; then echo "# Container specific configuration"
cat "${LXC_PATH}/config-auto" >> "${LXC_PATH}/config" if [ -e "${LXC_PATH}/config-auto" ]; then
cat "${LXC_PATH}/config-auto"
rm "${LXC_PATH}/config-auto" rm "${LXC_PATH}/config-auto"
fi fi
if [ -e "${fstab}" ]; then if [ -e "${fstab}" ]; then
echo "lxc.mount.fstab = ${LXC_PATH}/fstab" >> "${LXC_PATH}/config" echo "lxc.mount.fstab = ${LXC_PATH}/fstab"
fi fi
echo "lxc.uts.name = ${LXC_NAME}" >> "${LXC_PATH}/config" echo "lxc.uts.name = ${LXC_NAME}"
} >> "${LXC_PATH}/config"
## Re-add the previously removed network config ## Re-add the previously removed network config
if [ -e "${LXC_PATH}/config-network" ]; then if [ -e "${LXC_PATH}/config-network" ]; then
echo "" >> "${LXC_PATH}/config" {
echo "# Network configuration" >> "${LXC_PATH}/config" echo ""
cat "${LXC_PATH}/config-network" >> "${LXC_PATH}/config" echo "# Network configuration"
cat "${LXC_PATH}/config-network"
rm "${LXC_PATH}/config-network" rm "${LXC_PATH}/config-network"
} >> "${LXC_PATH}/config"
fi fi
TEMPLATE_FILES="${LXC_PATH}/config" TEMPLATE_FILES="${LXC_PATH}/config"
...@@ -590,7 +581,6 @@ OLD_IFS=${IFS} ...@@ -590,7 +581,6 @@ OLD_IFS=${IFS}
IFS=";" IFS=";"
for file in ${TEMPLATE_FILES}; do for file in ${TEMPLATE_FILES}; do
[ ! -f "${file}" ] && continue [ ! -f "${file}" ] && continue
sed -i "s#LXC_NAME#${LXC_NAME}#g" "${file}" sed -i "s#LXC_NAME#${LXC_NAME}#g" "${file}"
sed -i "s#LXC_PATH#${LXC_PATH}#g" "${file}" sed -i "s#LXC_PATH#${LXC_PATH}#g" "${file}"
sed -i "s#LXC_ROOTFS#${LXC_ROOTFS}#g" "${file}" sed -i "s#LXC_ROOTFS#${LXC_ROOTFS}#g" "${file}"
...@@ -607,6 +597,7 @@ fi ...@@ -607,6 +597,7 @@ fi
if [ -n "${LXC_MAPPED_UID}" ] && [ "${LXC_MAPPED_UID}" != "-1" ]; then if [ -n "${LXC_MAPPED_UID}" ] && [ "${LXC_MAPPED_UID}" != "-1" ]; then
chown "${LXC_MAPPED_UID}" "${LXC_PATH}/config" "${LXC_PATH}/fstab" >/dev/null 2>&1 || : chown "${LXC_MAPPED_UID}" "${LXC_PATH}/config" "${LXC_PATH}/fstab" >/dev/null 2>&1 || :
fi fi
if [ -n "${LXC_MAPPED_GID}" ] && [ "${LXC_MAPPED_GID}" != "-1" ]; then if [ -n "${LXC_MAPPED_GID}" ] && [ "${LXC_MAPPED_GID}" != "-1" ]; then
chgrp "${LXC_MAPPED_GID}" "${LXC_PATH}/config" "${LXC_PATH}/fstab" >/dev/null 2>&1 || : chgrp "${LXC_MAPPED_GID}" "${LXC_PATH}/config" "${LXC_PATH}/fstab" >/dev/null 2>&1 || :
fi fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment