mkarchiso 36.9 KB
Newer Older
1
#!/usr/bin/env bash
2
3
#
# SPDX-License-Identifier: GPL-3.0-or-later
4

5
6
set -e -u

7
8
9
10
# Control the environment
umask 0022
export LANG="C"
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-"$(date +%s)"}"
11

12
# mkarchiso defaults
13
app_name="${0##*/}"
14
pkg_list=()
15
quiet="y"
16
17
work_dir="work"
out_dir="out"
18
img_name="${app_name}.iso"
19
gpg_key=""
20
override_gpg_key=""
21

22
23
24
25
# profile defaults
profile=""
iso_name="${app_name}"
iso_label="${app_name^^}"
26
override_iso_label=""
27
iso_publisher="${app_name}"
28
override_iso_publisher=""
29
iso_application="${app_name} iso"
30
override_iso_application=""
31
32
iso_version=""
install_dir="${app_name}"
33
override_install_dir=""
34
35
arch="$(uname -m)"
pacman_conf="/etc/pacman.conf"
36
override_pacman_conf=""
37
bootmodes=()
38
39
airootfs_image_type="squashfs"
airootfs_image_tool_options=('-comp' 'xz')
40
declare -A file_permissions=()
41
42


43
44
45
46
# Show an INFO message
# $1: message string
_msg_info() {
    local _msg="${1}"
47
    [[ "${quiet}" == "y" ]] || printf '[%s] INFO: %s\n' "${app_name}" "${_msg}"
48
49
}

50
51
52
53
# Show a WARNING message
# $1: message string
_msg_warning() {
    local _msg="${1}"
54
    printf '[%s] WARNING: %s\n' "${app_name}" "${_msg}" >&2
55
56
}

57
58
59
60
61
62
# Show an ERROR message then exit with status
# $1: message string
# $2: exit code number (with 0 does not exit)
_msg_error() {
    local _msg="${1}"
    local _error=${2}
63
    printf '[%s] ERROR: %s\n' "${app_name}" "${_msg}" >&2
64
    if (( _error > 0 )); then
65
        exit "${_error}"
66
67
68
    fi
}

69
70
_mount_airootfs() {
    trap "_umount_airootfs" EXIT HUP INT TERM
71
72
    install -d -m 0755 -- "${work_dir}/mnt/airootfs"
    _msg_info "Mounting '${airootfs_dir}.img' on '${work_dir}/mnt/airootfs'..."
73
    mount -- "${airootfs_dir}.img" "${work_dir}/mnt/airootfs"
74
    _msg_info "Done!"
75
76
}

77
_umount_airootfs() {
78
    _msg_info "Unmounting '${work_dir}/mnt/airootfs'..."
79
    umount -d -- "${work_dir}/mnt/airootfs"
80
    _msg_info "Done!"
81
    rmdir -- "${work_dir}/mnt/airootfs"
82
83
84
85
86
    trap - EXIT HUP INT TERM
}

# Show help usage, with an exit status.
# $1: exit status number.
87
_usage() {
88
    IFS='' read -r -d '' usagetext <<ENDUSAGETEXT || true
89
usage: ${app_name} [options] <profile_dir>
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
  options:
     -A <application> Set an application name for the ISO
                      Default: '${iso_application}'
     -C <file>        pacman configuration file.
                      Default: '${pacman_conf}'
     -D <install_dir> Set an install_dir. All files will by located here.
                      Default: '${install_dir}'
                      NOTE: Max 8 characters, use only [a-z0-9]
     -L <label>       Set the ISO volume label
                      Default: '${iso_label}'
     -P <publisher>   Set the ISO publisher
                      Default: '${iso_publisher}'
     -g <gpg_key>     Set the GPG key to be used for signing the sqashfs image
     -h               This message
     -o <out_dir>     Set the output directory
                      Default: '${out_dir}'
     -p PACKAGE(S)    Package(s) to install, can be used multiple times
     -v               Enable verbose output
     -w <work_dir>    Set the working directory
                      Default: '${work_dir}'

  profile_dir:        Directory of the archiso profile to build
112
ENDUSAGETEXT
113
    printf '%s' "${usagetext}"
114
    exit "${1}"
115
116
}

117
# Shows configuration options.
118
_show_config() {
119
    local build_date
120
    build_date="$(date --utc --iso-8601=seconds -d "@${SOURCE_DATE_EPOCH}")"
121
    _msg_info "${app_name} configuration settings"
122
123
124
    _msg_info "             Architecture:   ${arch}"
    _msg_info "        Working directory:   ${work_dir}"
    _msg_info "   Installation directory:   ${install_dir}"
125
126
127
128
129
130
131
132
133
134
135
    _msg_info "               Build date:   ${build_date}"
    _msg_info "         Output directory:   ${out_dir}"
    _msg_info "                  GPG key:   ${gpg_key:-None}"
    _msg_info "                  Profile:   ${profile}"
    _msg_info "Pacman configuration file:   ${pacman_conf}"
    _msg_info "          Image file name:   ${img_name}"
    _msg_info "         ISO volume label:   ${iso_label}"
    _msg_info "            ISO publisher:   ${iso_publisher}"
    _msg_info "          ISO application:   ${iso_application}"
    _msg_info "               Boot modes:   ${bootmodes[*]}"
    _msg_info "                 Packages:   ${pkg_list[*]}"
136
137
}

138
# Cleanup airootfs
139
_cleanup_airootfs() {
140
    _msg_info "Cleaning up what we can on airootfs..."
141

142
    # Delete all files in /boot
143
    [[ -d "${airootfs_dir}/boot" ]] && find "${airootfs_dir}/boot" -mindepth 1 -delete
144
    # Delete pacman database sync cache files (*.tar.gz)
145
    [[ -d "${airootfs_dir}/var/lib/pacman" ]] && find "${airootfs_dir}/var/lib/pacman" -maxdepth 1 -type f -delete
146
    # Delete pacman database sync cache
147
    [[ -d "${airootfs_dir}/var/lib/pacman/sync" ]] && find "${airootfs_dir}/var/lib/pacman/sync" -delete
148
    # Delete pacman package cache
149
    [[ -d "${airootfs_dir}/var/cache/pacman/pkg" ]] && find "${airootfs_dir}/var/cache/pacman/pkg" -type f -delete
150
    # Delete all log files, keeps empty dirs.
151
    [[ -d "${airootfs_dir}/var/log" ]] && find "${airootfs_dir}/var/log" -type f -delete
152
    # Delete all temporary files and dirs
153
    [[ -d "${airootfs_dir}/var/tmp" ]] && find "${airootfs_dir}/var/tmp" -mindepth 1 -delete
154
    # Delete package pacman related files.
155
    find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete
156
    # Create an empty /etc/machine-id
157
    printf '' > "${airootfs_dir}/etc/machine-id"
158
159

    _msg_info "Done!"
160
}
161

162
163
164
165
_run_mksquashfs() {
    local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs"
    if [[ "${quiet}" == "y" ]]; then
        mksquashfs "$@" "${image_path}" -noappend "${airootfs_image_tool_options[@]}" -no-progress > /dev/null
166
    else
167
        mksquashfs "$@" "${image_path}" -noappend "${airootfs_image_tool_options[@]}"
168
169
170
    fi
}

171
# Makes a ext4 filesystem inside a SquashFS from a source directory.
172
173
_mkairootfs_ext4+squashfs() {
    [[ -e "${airootfs_dir}" ]] || _msg_error "The path '${airootfs_dir}' does not exist" 1
174

175
    _msg_info "Creating ext4 image of 32 GiB..."
176
    if [[ "${quiet}" == "y" ]]; then
177
        mkfs.ext4 -q -O '^has_journal,^resize_inode' -E 'lazy_itable_init=0' -m 0 -F -- "${airootfs_dir}.img" 32G
178
    else
179
        mkfs.ext4 -O '^has_journal,^resize_inode' -E 'lazy_itable_init=0' -m 0 -F -- "${airootfs_dir}.img" 32G
180
    fi
181
    tune2fs -c 0 -i 0 -- "${airootfs_dir}.img" > /dev/null
182
    _msg_info "Done!"
183
    _mount_airootfs
184
185
    _msg_info "Copying '${airootfs_dir}/' to '${work_dir}/mnt/airootfs/'..."
    cp -aT -- "${airootfs_dir}/" "${work_dir}/mnt/airootfs/"
186
    chown -- 0:0 "${work_dir}/mnt/airootfs/"
187
    _msg_info "Done!"
188
    _umount_airootfs
189
    install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}"
190
    _msg_info "Creating SquashFS image, this may take some time..."
191
    _run_mksquashfs "${airootfs_dir}.img"
192
    _msg_info "Done!"
193
    rm -- "${airootfs_dir}.img"
194
195
}

196
# Makes a SquashFS filesystem from a source directory.
197
198
_mkairootfs_squashfs() {
    [[ -e "${airootfs_dir}" ]] || _msg_error "The path '${airootfs_dir}' does not exist" 1
199

200
    install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}"
201
    _msg_info "Creating SquashFS image, this may take some time..."
202
    _run_mksquashfs "${airootfs_dir}"
203
204
205
    _msg_info "Done!"
}

206
_mkchecksum() {
207
    _msg_info "Creating checksum file for self-test..."
208
    cd -- "${isofs_dir}/${install_dir}/${arch}"
209
    sha512sum airootfs.sfs > airootfs.sha512
210
    cd -- "${OLDPWD}"
211
    _msg_info "Done!"
212
213
}

214
215
_mksignature() {
    _msg_info "Signing SquashFS image..."
216
    cd -- "${isofs_dir}/${install_dir}/${arch}"
217
    gpg --detach-sign --default-key "${gpg_key}" airootfs.sfs
218
    cd -- "${OLDPWD}"
219
220
221
    _msg_info "Done!"
}

222
223
224
225
226
227
228
# Helper function to run functions only one time.
_run_once() {
    if [[ ! -e "${work_dir}/build.${1}" ]]; then
        "$1"
        touch "${work_dir}/build.${1}"
    fi
}
229

230
# Set up custom pacman.conf with custom cache and pacman hook directories
231
_make_pacman_conf() {
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
    local _cache_dirs _system_cache_dirs _profile_cache_dirs
    _system_cache_dirs="$(pacman-conf CacheDir| tr '\n' ' ')"
    _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir| tr '\n' ' ')"

    # only use the profile's CacheDir, if it is not the default and not the same as the system cache dir
    if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \
        [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then
        _cache_dirs="${_profile_cache_dirs}"
    else
        _cache_dirs="${_system_cache_dirs}"
    fi

    _msg_info "Copying custom pacman.conf to work directory..."
    # take the profile pacman.conf and strip all settings that would break in chroot when using pacman -r
    # see `man 8 pacman` for further info
    pacman-conf --config "${pacman_conf}" | \
        sed '/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d' > "${work_dir}/pacman.conf"

    _msg_info "Using pacman CacheDir: ${_cache_dirs}"
    # append CacheDir and HookDir to [options] section
    # HookDir is *always* set to the airootfs' override directory
    sed "/\[options\]/a CacheDir = ${_cache_dirs}
        /\[options\]/a HookDir = ${airootfs_dir}/etc/pacman.d/hooks/" \
        -i "${work_dir}/pacman.conf"
256
257
258
259
260
}

# Prepare working directory and copy custom airootfs files (airootfs)
_make_custom_airootfs() {
    local passwd=()
261
    local filename permissions
262
263
264

    install -d -m 0755 -o 0 -g 0 -- "${airootfs_dir}"

265
    if [[ -d "${profile}/airootfs" ]]; then
266
267
268
269
270
        _msg_info "Copying custom airootfs files..."
        cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${airootfs_dir}"
        # Set ownership and mode for files and directories
        for filename in "${!file_permissions[@]}"; do
            IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
271
272
273
274
275
            # Prevent file path traversal outside of $airootfs_dir
            if [[ "$(realpath -q -- "${airootfs_dir}${filename}")" != "${airootfs_dir}"* ]]; then
                _msg_error "Failed to set permissions on '${airootfs_dir}${filename}'. Outside of valid path." 1
            # Warn if the file does not exist
            elif [[ ! -e "${airootfs_dir}${filename}" ]]; then
276
                _msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist."
277
278
279
            else
                echo chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}"
                echo chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}"
280
281
            fi
        done
282
        _msg_info "Done!"
283
284
285
    fi
}

286
# Install desired packages to airootfs
287
_make_packages() {
288
289
    _msg_info "Installing packages to '${airootfs_dir}/'..."

290
291
292
293
    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg"
        export ARCHISO_GNUPG_FD
    fi
294
295
296
297
298
299
300

    if [[ "${quiet}" = "y" ]]; then
        pacstrap -C "${work_dir}/pacman.conf" -c -G -M -- "${airootfs_dir}" "${pkg_list[@]}" &> /dev/null
    else
        pacstrap -C "${work_dir}/pacman.conf" -c -G -M -- "${airootfs_dir}" "${pkg_list[@]}"
    fi

301
302
303
304
    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<&-
        unset ARCHISO_GNUPG_FD
    fi
305
306

    _msg_info "Done! Packages installed successfully."
307
308
309
310
311
}

# Customize installation (airootfs)
_make_customize_airootfs() {
    local passwd=()
312

313
    if [[ -e "${profile}/airootfs/etc/passwd" ]]; then
314
        _msg_info "Copying /etc/skel/* to user homes..."
315
        while IFS=':' read -a passwd -r; do
316
            # Only operate on UIDs in range 1000–59999
317
            (( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue
318
            # Skip invalid home directories
319
320
            [[ "${passwd[5]}" == '/' ]] && continue
            [[ -z "${passwd[5]}" ]] && continue
321
322
323
324
325
326
327
328
329
330
            # Prevent path traversal outside of $airootfs_dir
            if [[ "$(realpath -q -- "${airootfs_dir}${passwd[5]}")" == "${airootfs_dir}"* ]]; then
                if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then
                    install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}"
                fi
                cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}"
                chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
                chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
            else
                _msg_error "Failed to set permissions on '${airootfs_dir}${passwd[5]}'. Outside of valid path." 1
331
            fi
332
        done < "${profile}/airootfs/etc/passwd"
333
        _msg_info "Done!"
334
335
336
    fi

    if [[ -e "${airootfs_dir}/root/customize_airootfs.sh" ]]; then
337
        _msg_info "Running customize_airootfs.sh in '${airootfs_dir}' chroot..."
338
        _msg_warning "customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version."
339
        chmod -f -- +x "${airootfs_dir}/root/customize_airootfs.sh"
340
        eval -- arch-chroot "${airootfs_dir}" "/root/customize_airootfs.sh"
341
        rm -- "${airootfs_dir}/root/customize_airootfs.sh"
342
        _msg_info "Done! customize_airootfs.sh run successfully."
343
344
345
    fi
}

346
347
348
349
# Set up boot loaders
_make_bootmodes() {
    local bootmode
    for bootmode in "${bootmodes[@]}"; do
350
        _run_once "_make_bootmode_${bootmode}"
351
352
353
    done
}

354
# Prepare kernel/initramfs ${install_dir}/boot/
355
_make_boot_on_iso9660() {
356
    local ucode_image
357
358
    _msg_info "Preparing kernel and intramfs for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/${arch}"
359
360
361
362
363
364
365
366
367
368
369
370
371
    install -m 0644 -- "${airootfs_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/"
    install -m 0644 -- "${airootfs_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/"

    for ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do
        if [[ -e "${airootfs_dir}/boot/${ucode_image}" ]]; then
            install -m 0644 -- "${airootfs_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/"
            if [[ -e "${airootfs_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then
                install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/"
                install -m 0644 -- "${airootfs_dir}/usr/share/licenses/${ucode_image%.*}/"* \
                    "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/"
            fi
        fi
    done
372
    _msg_info "Done!"
373
374
}

nl6720's avatar
nl6720 committed
375
# Prepare /syslinux for booting from MBR
376
_make_bootmode_bios.syslinux.mbr() {
377
    _msg_info "Setting up SYSLINUX for BIOS booting from a disk..."
nl6720's avatar
nl6720 committed
378
    install -d -m 0755 -- "${isofs_dir}/syslinux"
379
380
    for _cfg in "${profile}/syslinux/"*.cfg; do
        sed "s|%ARCHISO_LABEL%|${iso_label}|g;
381
382
             s|%INSTALL_DIR%|${install_dir}|g;
             s|%ARCH%|${arch}|g" \
nl6720's avatar
nl6720 committed
383
             "${_cfg}" > "${isofs_dir}/syslinux/${_cfg##*/}"
384
    done
385
    if [[ -e "${profile}/syslinux/splash.png" ]]; then
nl6720's avatar
nl6720 committed
386
        install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/syslinux/"
387
    fi
nl6720's avatar
nl6720 committed
388
389
390
    install -m 0644 -- "${airootfs_dir}/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/syslinux/"
    install -m 0644 -- "${airootfs_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/syslinux/"
    install -m 0644 -- "${airootfs_dir}/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/syslinux/"
391

392
    _run_once _make_boot_on_iso9660
393

nl6720's avatar
nl6720 committed
394
395
    if [[ -e "${isofs_dir}/syslinux/hdt.c32" ]]; then
        install -d -m 0755 -- "${isofs_dir}/syslinux/hdt"
396
397
        if [[ -e "${airootfs_dir}/usr/share/hwdata/pci.ids" ]]; then
            gzip -c -9 "${airootfs_dir}/usr/share/hwdata/pci.ids" > \
nl6720's avatar
nl6720 committed
398
                "${isofs_dir}/syslinux/hdt/pciids.gz"
399
400
        fi
        find "${airootfs_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -c -9 '{}' ';' -quit > \
nl6720's avatar
nl6720 committed
401
            "${isofs_dir}/syslinux/hdt/modalias.gz"
402
    fi
403
404
405
406
407

    # Add other aditional/extra files to ${install_dir}/boot/
    if [[ -e "${airootfs_dir}/boot/memtest86+/memtest.bin" ]]; then
        # rename for PXE: https://wiki.archlinux.org/index.php/Syslinux#Using_memtest
        install -m 0644 -- "${airootfs_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/${install_dir}/boot/memtest"
408
        install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/"
409
410
411
        install -m 0644 -- "${airootfs_dir}/usr/share/licenses/common/GPL2/license.txt" \
            "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/"
    fi
412
    _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully."
413
414
}

nl6720's avatar
nl6720 committed
415
# Prepare /syslinux for El-Torito booting
416
_make_bootmode_bios.syslinux.eltorito() {
417
    _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..."
nl6720's avatar
nl6720 committed
418
419
420
    install -d -m 0755 -- "${isofs_dir}/syslinux"
    install -m 0644 -- "${airootfs_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/syslinux/"
    install -m 0644 -- "${airootfs_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/syslinux/"
421

nl6720's avatar
nl6720 committed
422
    # ISOLINUX and SYSLINUX installation is shared
423
    _run_once _make_bootmode_bios.syslinux.mbr
424
425

    _msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully."
426
427
428
}

# Prepare /EFI on ISO-9660
429
_make_efi_dir_on_iso9660() {
430
431
    _msg_info "Preparing an /EFI directory for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}/EFI/BOOT"
432
433
434
    install -m 0644 -- "${airootfs_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
        "${isofs_dir}/EFI/BOOT/BOOTx64.EFI"

435
    install -d -m 0755 -- "${isofs_dir}/loader/entries"
436
437
    install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/"

438
439
440
441
442
443
    for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do
        sed "s|%ARCHISO_LABEL%|${iso_label}|g;
             s|%INSTALL_DIR%|${install_dir}|g;
             s|%ARCH%|${arch}|g" \
            "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}"
    done
444
445
446

    # edk2-shell based UEFI shell
    # shellx64.efi is picked up automatically when on /
447
448
449
    if [[ -e "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then
        install -m 0644 -- "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi"
    fi
450
    _msg_info "Done!"
451
452
}

453
454
# Prepare kernel/initramfs on efiboot.img
_make_boot_on_fat() {
455
    local ucode_image all_ucode_images=()
456
    _msg_info "Preparing kernel and intramfs for the FAT file system..."
457
    mmd -i "${work_dir}/efiboot.img" \
458
        "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}"
459
    mcopy -i "${work_dir}/efiboot.img" "${airootfs_dir}/boot/vmlinuz-"* \
460
461
462
463
464
465
466
467
468
        "${airootfs_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/"
    for ucode_image in \
        "${airootfs_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}
    do
        if [[ -e "${ucode_image}" ]]; then
            all_ucode_images+=("${ucode_image}")
        fi
    done
    if (( ${#all_ucode_images[@]} )); then
469
        mcopy -i "${work_dir}/efiboot.img" "${all_ucode_images[@]}" "::/${install_dir}/boot/"
470
    fi
471
    _msg_info "Done!"
472
473
474
}

# Prepare efiboot.img::/EFI for EFI boot mode
475
_make_bootmode_uefi-x64.systemd-boot.esp() {
476
    local efiboot_imgsize="0"
477
    _msg_info "Setting up systemd-boot for UEFI booting..."
478

479
480
    # the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors)
    efiboot_imgsize="$(du -bc \
481
482
483
484
485
486
        "${airootfs_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
        "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" \
        "${profile}/efiboot/" \
        "${airootfs_dir}/boot/vmlinuz-"* \
        "${airootfs_dir}/boot/initramfs-"*".img" \
        "${airootfs_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} \
487
488
489
490
491
        2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))}
            function byte_to_kib(x){return x/1024}
            function mib_to_kib(x){return x*1024}
            END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}'
        )"
492
493
    # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images:
    # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html
494
    [[ -e "${work_dir}/efiboot.img" ]] && rm -f -- "${work_dir}/efiboot.img"
495
    _msg_info "Creating FAT image of size: ${efiboot_imgsize} KiB..."
496
    mkfs.fat -C -n ARCHISO_EFI "${work_dir}/efiboot.img" "$efiboot_imgsize"
497

498
499
    mmd -i "${work_dir}/efiboot.img" ::/EFI ::/EFI/BOOT
    mcopy -i "${work_dir}/efiboot.img" \
500
        "${airootfs_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI
501

502
503
    mmd -i "${work_dir}/efiboot.img" ::/loader ::/loader/entries
    mcopy -i "${work_dir}/efiboot.img" "${profile}/efiboot/loader/loader.conf" ::/loader/
504
505
506
507
    for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do
        sed "s|%ARCHISO_LABEL%|${iso_label}|g;
             s|%INSTALL_DIR%|${install_dir}|g;
             s|%ARCH%|${arch}|g" \
508
            "${_conf}" | mcopy -i "${work_dir}/efiboot.img" - "::/loader/entries/${_conf##*/}"
509
    done
510
511

    # shellx64.efi is picked up automatically when on /
512
    if [[ -e "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then
513
        mcopy -i "${work_dir}/efiboot.img" \
514
            "${airootfs_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi
515
516
517
    fi

    # Copy kernel and initramfs
518
    _make_boot_on_fat
519

520
    _msg_info "Done! systemd-boot set up for UEFI booting successfully."
521
522
}

523
# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
524
525
526
527
_make_bootmode_uefi-x64.systemd-boot.eltorito() {
    _run_once _make_bootmode_uefi-x64.systemd-boot.esp
    # Set up /EFI on ISO-9660 to allow preparing an installation medium by manually copying files
    _run_once _make_efi_dir_on_iso9660
528
529
}

530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
_validate_requirements_bootmode_bios.syslinux.mbr() {
    # bios.syslinux.mbr requires bios.syslinux.eltorito
    # shellcheck disable=SC2076
    if [[ ! " ${bootmodes[*]} " =~ ' bios.syslinux.eltorito ' ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Using 'bios.syslinux.mbr' boot mode without 'bios.syslinux.eltorito' is not supported." 0
    fi

    # Check if the syslinux package is in the package list
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' syslinux ' ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The 'syslinux' package is missing from the package list!" 0
    fi

    # Check if syslinux configuration files exist
    if [[ ! -d "${profile}/syslinux" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The '${profile}/syslinux' directory is missing!" 0
549
    else
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
        local cfgfile
        for cfgfile in "${profile}/syslinux/"*'.cfg'; do
            if [[ -e "${cfgfile}" ]]; then
                break
            else
                (( validation_error=validation_error+1 ))
                _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/syslinux/'!" 0
            fi
        done
    fi

    # Check for optional packages
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' memtest86+ ' ]]; then
        _msg_info "Validating '${bootmode}': 'memtest86+' is not in the package list. Memmory testing will not be available from syslinux."
565
    fi
566
}
567

568
_validate_requirements_bootmode_bios.syslinux.eltorito() {
nl6720's avatar
nl6720 committed
569
    _validate_requirements_bootmode_bios.syslinux.mbr
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
}

_validate_requirements_bootmode_uefi-x64.systemd-boot.esp() {
    # Check if mkfs.fat is available
    if ! command -v mkfs.fat &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0
    fi

    # Check if mmd and mcopy are available
    if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then
        _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0
    fi

    # Check if systemd-boot configuration files exist
    if [[ ! -d "${profile}/efiboot/loader/entries" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The '${profile}/efiboot/loader/entries' directory is missing!" 0
    else
        if [[ ! -e "${profile}/efiboot/loader/loader.conf" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "Validating '${bootmode}': File '${profile}/efiboot/loader/loader.conf' not found!" 0
        fi
        local conffile
        for conffile in "${profile}/efiboot/loader/entries/"*'.conf'; do
            if [[ -e "${conffile}" ]]; then
                break
            else
                (( validation_error=validation_error+1 ))
                _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/efiboot/loader/entries/'!" 0
            fi
        done
    fi

    # Check for optional packages
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then
        _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell."
    fi
}

_validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() {
    # uefi-x64.systemd-boot.eltorito has the exact same requirements as uefi-x64.systemd-boot.esp
    _validate_requirements_bootmode_uefi-x64.systemd-boot.esp
}

# Build airootfs filesystem image
_prepare_airootfs_image() {
    _run_once "_mkairootfs_${airootfs_image_type}"
619
    _mkchecksum
David Runge's avatar
David Runge committed
620
621
622
    if [[ -n "${gpg_key}" ]]; then
        _mksignature
    fi
623
624
}

625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
_validate_requirements_airootfs_image_type_squashfs() {
    if ! command -v mksquashfs &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0
    fi
}

_validate_requirements_airootfs_image_type_ext4+squashfs() {
    if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0
    fi
    _validate_requirements_airootfs_image_type_squashfs
}

640
641
642
643
# SYSLINUX El Torito
_add_xorrisofs_options_bios.syslinux.eltorito() {
    xorrisofs_options+=(
        # El Torito boot image for x86 BIOS
nl6720's avatar
nl6720 committed
644
        '-eltorito-boot' 'syslinux/isolinux.bin'
645
        # El Torito boot catalog file
nl6720's avatar
nl6720 committed
646
        '-eltorito-catalog' 'syslinux/boot.cat'
647
648
649
650
651
652
653
654
        # Required options to boot with ISOLINUX
        '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table'
    )
}

# SYSLINUX MBR
_add_xorrisofs_options_bios.syslinux.mbr() {
    xorrisofs_options+=(
nl6720's avatar
nl6720 committed
655
656
        # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin"
        '-isohybrid-mbr' "${isofs_dir}/syslinux/isohdpfx.bin"
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
        # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR
        # bootstrap code area) and mark it as bootable
        # This violates the UEFI specification, but may allow booting on some systems
        # https://wiki.archlinux.org/index.php/Partitioning#Tricking_old_BIOS_into_booting_from_GPT
        '--mbr-force-bootable'
        # Set the ISO 9660 partition's type to "Linux filesystem data"
        # When only MBR is present, the partition type ID will be 0x83 "Linux" as xorriso translates all
        # GPT partition type GUIDs except for the ESP GUID to MBR type ID 0x83
        '-iso_mbr_part_type' '0FC63DAF-8483-4772-8E79-3D69D8477DE4'
        # Move the first partition away from the start of the ISO to match the expectations of partition
        # editors
        # May allow booting on some systems
        # https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki
        '-partition_offset' '16'
    )
}

# systemd-boot in an attached EFI system partition
_add_xorrisofs_options_uefi-x64.systemd-boot.esp() {
    # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660
    # partition will not be mountable
    # shellcheck disable=SC2076
    [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16')
    xorrisofs_options+=(
        # Attach efiboot.img as a second partition and set its partition type to "EFI system partition"
        '-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img"
        # Ensure GPT is used as some systems do not support UEFI booting without it
        '-appended_part_as_gpt'
    )
}

# systemd-boot via El Torito
_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() {
    # shellcheck disable=SC2076
    if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then
        # systemd-boot in an attached EFI system partition via El Torito
        xorrisofs_options+=(
            # Start a new El Torito boot entry for UEFI
            '-eltorito-alt-boot'
            # Set the second partition as the El Torito UEFI boot image
            '-e' '--interval:appended_partition_2:all::'
            # Boot image is not emulating floppy or hard disk; required for all known boot loaders
            '-no-emul-boot'
        )
    else
        # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a
        # file inside the ISO 9660 file system
        install -d -m 0755 -- "${isofs_dir}/EFI/archiso"
        cp -a -- "${work_dir}/efiboot.img" "${isofs_dir}/EFI/archiso/efiboot.img"
        # systemd-boot in an embedded efiboot.img via El Torito
        xorrisofs_options+=(
            # Start a new El Torito boot entry for UEFI
            '-eltorito-alt-boot'
            # Set efiboot.img as the El Torito UEFI boot image
            '-e' 'EFI/archiso/efiboot.img'
            # Boot image is not emulating floppy or hard disk; required for all known boot loaders
            '-no-emul-boot'
        )
    fi
    # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito
    # shellcheck disable=SC2076
    [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat')
}

721
# Build ISO
722
_build_iso() {
723
    local xorrisofs_options=()
724
    local bootmode
725

726
727
    [[ -d "${out_dir}" ]] || install -d -- "${out_dir}"

728
    [[ "${quiet}" == "y" ]] && xorrisofs_options+=('-quiet')
729

730
731
732
733
    # Add required xorrisofs options for each boot mode
    for bootmode in "${bootmodes[@]}"; do
        typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}"
    done
734
735
736
737
738

    _msg_info "Creating ISO image..."
    xorriso -as mkisofs \
            -iso-level 3 \
            -full-iso9660-filenames \
nl6720's avatar
nl6720 committed
739
740
            -joliet \
            -joliet-long \
741
742
743
744
745
746
747
748
            -rational-rock \
            -volid "${iso_label}" \
            -appid "${iso_application}" \
            -publisher "${iso_publisher}" \
            -preparer "prepared by ${app_name}" \
            "${xorrisofs_options[@]}" \
            -output "${out_dir}/${img_name}" \
            "${isofs_dir}/"
749
750
    _msg_info "Done!"
    du -h -- "${out_dir}/${img_name}"
751
752
753
}

# Read profile's values from profiledef.sh
754
_read_profile() {
755
756
757
    local validation_error=0
    local bootmode

David Runge's avatar
David Runge committed
758
    _msg_info "Reading profile..."
759
760
761
762
763
764
765
766
    if [[ -z "${profile}" ]]; then
        _msg_error "No profile specified!" 1
    fi
    if [[ ! -d "${profile}" ]]; then
        _msg_error "Profile '${profile}' does not exist!" 1
    elif [[ ! -e "${profile}/profiledef.sh" ]]; then
        _msg_error "Profile '${profile}' is missing 'profiledef.sh'!" 1
    else
767
768
        cd -- "${profile}"

769
770
771
772
773
774
775
776
777
        # Source profile's variables
        # shellcheck source=configs/releng/profiledef.sh
        . "${profile}/profiledef.sh"

        # Resolve paths
        packages="$(realpath -- "${profile}/packages.${arch}")"
        pacman_conf="$(realpath -- "${pacman_conf}")"

        cd -- "${OLDPWD}"
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822

        # Validate profile
        # Check if the package list file exists and read packages from it
        if [[ -e "${packages}" ]]; then
            mapfile -t pkg_list < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
            if (( ${#pkg_list} < 1 )); then
                (( validation_error=validation_error+1 ))
                _msg_error "No package specified in '${packages}'." 0
            fi
        else
            (( validation_error=validation_error+1 ))
            _msg_error "File '${packages}' does not exist." 0
        fi
        # Check if pacman configuration file exists
        if [[ ! -e "${pacman_conf}" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "File '${pacman_conf}' does not exist." 0
        fi
        # Check if the specified bootmodes are supported
        for bootmode in "${bootmodes[@]}"; do
            if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then
                if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then
                    "_validate_requirements_bootmode_${bootmode}"
                else
                    _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible."
                fi
            else
                (( validation_error=validation_error+1 ))
                _msg_error "${bootmode} is not a valid boot mode!" 0
            fi
        done
        # Check if the specified airootfs_image_type is supported
        if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then
            if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then
                "_validate_requirements_airootfs_image_type_${airootfs_image_type}"
            else
                _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible."
            fi
        else
            (( validation_error=validation_error+1 ))
            _msg_error "Unsupported image type: '${airootfs_image_type}'" 0
        fi
        if (( validation_error )); then
            _msg_error "${validation_error} errors were encountered while validating the profile. Aborting." 1
        fi
823
    fi
David Runge's avatar
David Runge committed
824
    _msg_info "Done!"
825
826
}

827
828
# set overrides from mkarchiso option parameters, if present
_set_overrides() {
David Runge's avatar
David Runge committed
829
    _msg_info "Setting overrides..."
830
831
832
833
834
835
    [[ -n "$override_iso_label" ]] && iso_label="$override_iso_label"
    [[ -n "$override_iso_publisher" ]] && iso_publisher="$override_iso_publisher"
    [[ -n "$override_iso_application" ]] && iso_application="$override_iso_application"
    [[ -n "$override_install_dir" ]] && install_dir="$override_install_dir"
    [[ -n "$override_pacman_conf" ]] && pacman_conf="$override_pacman_conf"
    [[ -n "$override_gpg_key" ]] && gpg_key="$override_gpg_key"
David Runge's avatar
David Runge committed
836
837
    # NOTE: the call to _msg_info() conveniently guards this function from evaluating to false
    _msg_info "Done!"
838
839
840
}


841
_export_gpg_publickey() {
842
    gpg --batch --output "${work_dir}/pubkey.gpg" --export "${gpg_key}"
843
844
845
846
}


_make_pkglist() {
847
    install -d -m 0755 -- "${isofs_dir}/${install_dir}"
848
    _msg_info "Creating a list of installed packages on live-enviroment..."
849
    pacman -Q --sysroot "${airootfs_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt"
850
    _msg_info "Done!"
851
}
852

853
_build_profile() {
854
855
    # Set up essential directory paths
    airootfs_dir="${work_dir}/${arch}/airootfs"
856
857
858
    isofs_dir="${work_dir}/iso"
    # Set ISO file name
    img_name="${iso_name}-${iso_version}-${arch}.iso"
859
860
    # Create working directory
    [[ -d "${work_dir}" ]] || install -d -- "${work_dir}"
861
862
863
864
865
866
    # Write build date to file or if the file exists, read it from there
    if [[ -e "${work_dir}/build_date" ]]; then
        SOURCE_DATE_EPOCH="$(<"${work_dir}/build_date")"
    else
        printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date"
    fi
867

868
    [[ "${quiet}" == "n" ]] && _show_config
869
    _run_once _make_pacman_conf
870
    [[ -n "${gpg_key}" ]] && _run_once _export_gpg_publickey
871
872
873
874
    _run_once _make_custom_airootfs
    _run_once _make_packages
    _run_once _make_customize_airootfs
    _run_once _make_pkglist
875
    _make_bootmodes
876
877
878
    _run_once _cleanup_airootfs
    _run_once _prepare_airootfs_image
    _run_once _build_iso
879
880
}

881
while getopts 'p:C:L:P:A:D:w:o:g:vh?' arg; do
882
    case "${arg}" in
883
884
        p)
            read -r -a opt_pkg_list <<< "${OPTARG}"
885
886
            pkg_list+=("${opt_pkg_list[@]}")
            ;;
887
888
889
890
891
        C) override_pacman_conf="$(realpath -- "${OPTARG}")" ;;
        L) override_iso_label="${OPTARG}" ;;
        P) override_iso_publisher="${OPTARG}" ;;
        A) override_iso_application="${OPTARG}" ;;
        D) override_install_dir="${OPTARG}" ;;
892
893
        w) work_dir="$(realpath -- "${OPTARG}")" ;;
        o) out_dir="$(realpath -- "${OPTARG}")" ;;
894
        g) override_gpg_key="${OPTARG}" ;;
895
896
897
898
899
900
901
902
903
        v) quiet="n" ;;
        h|?) _usage 0 ;;
        *)
            _msg_error "Invalid argument '${arg}'" 0
            _usage 1
            ;;
    esac
done

904
905
906
shift $((OPTIND - 1))

if (( $# < 1 )); then
907
    _msg_error "No profile specified" 0
908
909
910
    _usage 1
fi

911
912
913
914
if (( EUID != 0 )); then
    _msg_error "${app_name} must be run as root." 1
fi

915
916
# get the absolute path representation of the first non-option argument
profile="$(realpath -- "${1}")"
917

918
919
920
_read_profile
_set_overrides
_build_profile
921
922

# vim:ts=4:sw=4:et: