[arch-releng] [PATCH] Initialize pacman keyring on bootup

Pierre Schmitz pierre at archlinux.de
Sun Jun 24 05:22:49 EDT 2012 

Am 24.06.2012 02:06, schrieb Dave Reisner:
> On Mon, Jun 18, 2012 at 07:06:02PM +0200, Pierre Schmitz wrote:
>> This will allow users to install packages within the live environment.
>> We use the haveged daemon to increase entropy from CPU timings.
>>
>> See http://www.issihosts.com/haveged/ for details.
>>
>> Signed-off-by: Pierre Schmitz <pierre at archlinux.de>
>> ---
>>  configs/releng/packages.i686                   |    1 +
>>  configs/releng/packages.x86_64                 |    1 +
>>  configs/releng/root-image/etc/rc.conf          |    2 +-
>>  configs/releng/root-image/etc/rc.d/pacman-init |   36 ++++++++++++++++++++++++
>>  4 Dateien geändert, 39 Zeilen hinzugefügt(+), 1 Zeile entfernt(-)
>>  create mode 100755 configs/releng/root-image/etc/rc.d/pacman-init
>>
>> diff --git a/configs/releng/packages.i686 b/configs/releng/packages.i686
>> index 4e29737..6012e7c 100644
>> --- a/configs/releng/packages.i686
>> +++ b/configs/releng/packages.i686
>> @@ -14,6 +14,7 @@ efibootmgr
>>  elinks
>>  gnu-netcat
>>  gptfdisk
>> +haveged
>>  hdparm
>>  ipw2100-fw
>>  ipw2200-fw
>> diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64
>> index 4e29737..6012e7c 100644
>> --- a/configs/releng/packages.x86_64
>> +++ b/configs/releng/packages.x86_64
>> @@ -14,6 +14,7 @@ efibootmgr
>>  elinks
>>  gnu-netcat
>>  gptfdisk
>> +haveged
>>  hdparm
>>  ipw2100-fw
>>  ipw2200-fw
>> diff --git a/configs/releng/root-image/etc/rc.conf b/configs/releng/root-image/etc/rc.conf
>> index a3e3d8a..90aa930 100644
>> --- a/configs/releng/root-image/etc/rc.conf
>> +++ b/configs/releng/root-image/etc/rc.conf
>> @@ -30,4 +30,4 @@ USELVM="no"
>>
>>  HOSTNAME="archiso"
>>
>> -DAEMONS=(hwclock syslog-ng)
>> +DAEMONS=(hwclock syslog-ng haveged pacman-init)
>> diff --git a/configs/releng/root-image/etc/rc.d/pacman-init b/configs/releng/root-image/etc/rc.d/pacman-init
>> new file mode 100755
>> index 0000000..1b8d93f
>> --- /dev/null
>> +++ b/configs/releng/root-image/etc/rc.d/pacman-init
>> @@ -0,0 +1,36 @@
>> +#!/bin/bash
>> +
>> +. /etc/rc.conf
>> +. /etc/rc.d/functions
>> +
>> +case "$1" in
>> +	start)
>> +		stat_busy "Initializing pacman keyring"
>> +		pacman-key --init >/dev/null 2>&1 \
>> +			&& pacman-key --populate archlinux >/dev/null 2>&1
>> +		if [[ $? -gt 0 ]]; then
> 
> This is a lot more natural if you put the success condition first.
> 
> if { cmd1 && cmd2; } &>/dev/null; then
>   # success
> else
>   # fail
> fi
> 

updated; this was just taken from the rc script prototype which uses
this order for unknown reasons.

>> +			stat_fail
>> +			exit 1
>> +		else
>> +			add_daemon pacman-init
>> +			stat_done
>> +		fi
>> +		;;
>> +
>> +	stop)
>> +		stat_busy "Removing pacman keyring"
>> +		rm -rf /etc/pacman.d/gnupg
>> +		rm_daemon pacman-init
>> +		stat_done
>> +		;;
> 
> This just blows my mind. I realize that this script will never live
> outside a liveCD, but why? What's the use case where youd want to
> destroy this?

There are no strong reasons for doing this; are there any downsides?
Besides from symmetry reasons I wanted to "make sure" that the key wont
get stored an a presitant device by accident (don't know if we support
this atm). But the main reason was that you could easily recreate the
key by running restart (e.g. when you want to user better random number
or whatever)

Anyway, if this breaks things, we can just remove this; it's not
important.

>> +
>> +	restart)
>> +		$0 stop
>> +		$0 start
>> +		;;
>> +
>> +	*)
>> +		echo "usage: $0 {start|stop|restart"
> 
> sed 's/"$/}"/'

fixed

>> +esac
>> +
>> +exit 0
>> --
>> 1.7.10.4

-- 
Pierre Schmitz, https://pierre-schmitz.com

More information about the arch-releng mailing list