From 45a5d229b37eedd7996e88e5f7ef7c9a60969e05 Mon Sep 17 00:00:00 2001
From: nl6720 <nl6720@gmail.com>
Date: Wed, 2 Sep 2020 19:10:07 +0300
Subject: [PATCH] Create directories and copy files to the FAT image using
 mtools instead of mounting the file system

- mtools supports SOURCE_DATE_EPOCH.
- The image file is operated on directly instead of mounting the file system. This is a prerequisite to limit the commands that run with root privileges. Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/40 .
- Add a reminder comment to not get rid of the dosfstools dependency, since a mformat made FAT image can fail to boot on some systems.
---
 README.rst        |  1 +
 archiso/mkarchiso | 51 ++++++++++++++++-------------------------------
 2 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/README.rst b/README.rst
index c4774c07..cfc47fa3 100644
--- a/README.rst
+++ b/README.rst
@@ -15,6 +15,7 @@ The following packages need to be installed to be able to create an image with t
 * dosfstools
 * e2fsprogs
 * libisoburn
+* mtools
 * squashfs-tools
 
 For running the images in a virtualized test environment the following packages are required:
diff --git a/archiso/mkarchiso b/archiso/mkarchiso
index d2f8febf..6c583a53 100755
--- a/archiso/mkarchiso
+++ b/archiso/mkarchiso
@@ -91,22 +91,6 @@ _umount_airootfs() {
     trap - EXIT HUP INT TERM
 }
 
-_mount_efibootimg() {
-    trap "_umount_efibootimg" EXIT HUP INT TERM
-    install -d -m 0755 -- "${work_dir}/mnt/efiboot"
-    _msg_info "Mounting '${isofs_dir}/EFI/archiso/efiboot.img' on '${work_dir}/mnt/efiboot'..."
-    mount -- "${isofs_dir}/EFI/archiso/efiboot.img" "${work_dir}/mnt/efiboot"
-    _msg_info "Done!"
-}
-
-_umount_efibootimg() {
-    _msg_info "Unmounting '${work_dir}/mnt/efiboot'..."
-    umount -d -- "${work_dir}/mnt/efiboot"
-    _msg_info "Done!"
-    rmdir -- "${work_dir}/mnt/efiboot"
-    trap - EXIT HUP INT TERM
-}
-
 # Show help usage, with an exit status.
 # $1: exit status number.
 _usage() {
@@ -528,14 +512,14 @@ _make_efi() {
 # Prepare kernel/initramfs on efiboot.img
 _make_boot_on_fat() {
     _msg_info "Preparing kernel and intramfs for the FAT file system..."
-    install -d -m 0755 -- "${work_dir}/mnt/efiboot/EFI/archiso"
-    install -m 0644 -- "${airootfs_dir}/boot/vmlinuz-linux" "${work_dir}/mnt/efiboot/EFI/archiso/"
-    install -m 0644 -- "${airootfs_dir}/boot/archiso.img" "${work_dir}/mnt/efiboot/EFI/archiso/"
+    mmd -i "${isofs_dir}/EFI/archiso/efiboot.img" ::/EFI/archiso
+    mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" \
+        "${airootfs_dir}/boot/vmlinuz-linux" "${airootfs_dir}/boot/archiso.img" ::/EFI/archiso/
     if [[ -e "${airootfs_dir}/boot/intel-ucode.img" ]]; then
-        install -m 0644 -- "${airootfs_dir}/boot/intel-ucode.img" "${work_dir}/mnt/efiboot/EFI/archiso/"
+        mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" "${airootfs_dir}/boot/intel-ucode.img" ::/EFI/archiso/
     fi
     if [[ -e "${airootfs_dir}/boot/amd-ucode.img" ]]; then
-        install -m 0644 -- "${airootfs_dir}/boot/amd-ucode.img" "${work_dir}/mnt/efiboot/EFI/archiso/"
+        mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" "${airootfs_dir}/boot/amd-ucode.img" ::/EFI/archiso/
     fi
     _msg_info "Done!"
 }
@@ -544,33 +528,32 @@ _make_boot_on_fat() {
 _make_boot_uefi-x64.systemd-boot.esp() {
     _msg_info "Setting up systemd-boot for UEFI booting..."
     install -d -m 0755 -- "${isofs_dir}/EFI/archiso"
-    mkfs.fat -C -n ARCHISO_EFI "${isofs_dir}/EFI/archiso/efiboot.img" 65536
-
-    _mount_efibootimg
 
-    install -d -m 0755 -- "${work_dir}/mnt/efiboot/EFI/BOOT"
-    install -m 0644 -- "${airootfs_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
-        "${work_dir}/mnt/efiboot/EFI/BOOT/BOOTx64.EFI"
+    # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images:
+    # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html
+    mkfs.fat -C -n ARCHISO_EFI "${isofs_dir}/EFI/archiso/efiboot.img" 65536
 
-    install -d -m 0755 -- "${work_dir}/mnt/efiboot/loader/entries"
-    install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${work_dir}/mnt/efiboot/loader/"
+    mmd -i "${isofs_dir}/EFI/archiso/efiboot.img" ::/EFI ::/EFI/BOOT
+    mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" \
+        "${airootfs_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI
 
+    mmd -i "${isofs_dir}/EFI/archiso/efiboot.img" ::/loader ::/loader/entries
+    mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" "${profile}/efiboot/loader/loader.conf" ::/loader/
     sed "s|%ARCHISO_LABEL%|${iso_label}|g;
          s|%INSTALL_DIR%|${install_dir}|g;
          s|%ARCH%|${arch}|g" \
-        "${profile}/efiboot/loader/entries/archiso-x86_64-cd.conf" > \
-        "${work_dir}/mnt/efiboot/loader/entries/archiso-x86_64.conf"
+        "${profile}/efiboot/loader/entries/archiso-x86_64-cd.conf" \
+        | mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" - ::/loader/entries/archiso-x86_64.conf
 
     # shellx64.efi is picked up automatically when on /
     if [[ -e "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then
-        install -m 0644 -- "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${work_dir}/mnt/efiboot/shellx64.efi"
+        mcopy -i "${isofs_dir}/EFI/archiso/efiboot.img" \
+            "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi
     fi
 
     # Copy kernel and initramfs
     _run_once _make_boot_on_fat
 
-    _umount_efibootimg
-
     _msg_info "Done! systemd-boot set up for UEFI booting successfully."
 }
 
-- 
GitLab