blob: 7e4ec5c8b806c45cf46ff48b12495d97384a23b2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
#!/bin/bash
homejail=/home/bocajail
[ "$1" != "" ] && homejail="$1"
echo "================================================================================="
echo "============= CREATING $homejail (this might take some time) ==============="
echo "================================================================================="
for i in setquota ln id chown chmod dirname useradd mkdir cp rm mv apt-get dpkg uname debootstrap schroot; do
p="$(which $i)"
if [ -x "$p" ]; then
echo -n ""
else
echo "command $i not found"
exit 1
fi
done
if [[ "$(id -u)" != "0" ]]; then
echo "Must be run as root"
exit 1
fi
if [[ ! -r /etc/lsb-release ]]; then
echo "File /etc/lsb-release not found. Is this a ubuntu or debian-like distro?"
echo "If so, execute the command"
echo ""
echo "DISTRIB_CODENAME=WXYZ > /etc/lsb-release"
echo ""
echo "to save the release name to that file (replace WXYZ with your distro codename)"
exit 1
fi
. /etc/lsb-release
if [[ -d /bocajail/ ]]; then
echo "You seem to have already a /bocajail installed"
echo "If you want to reinstall, remove it first (e.g. rm /bocajail) and then run /etc/icpc/createbocajail.sh"
exit 1
fi
if [[ -f "${homejail}/proc/cpuinfo" ]]; then
echo "You seem to have already installed /bocajail and the /bocajail/proc seems to be mounted"
chroot "$homejail" umount /sys >/dev/nul 2>/dev/null
chroot "$homejail" umount /proc >/dev/nul 2>/dev/null
echo "Please reboot the system to remove such mounted point"
exit 1
fi
id -u bocajail >/dev/null 2>/dev/null
if [[ $? != 0 ]]; then
useradd -m -s /bin/bash -d "$homejail" -g users bocajail
cat <<EOF > /var/lib/AccountsService/users/bocajail
[User]
SystemAccount=true
EOF
sleep 1
else
echo "user bocajail already exists"
echo "if you want to proceed, first remove it (e.g. userdel bocajail) and then run /etc/icpc/createbocajail.sh"
exit 1
fi
setquota -u bocajail 0 500000 0 10000 -a
rm -rf /bocajail
mkdir -p "$homejail/tmp"
chmod 1777 "$homejail/tmp"
ln -s "$homejail" /bocajail
#for i in usr lib var bin sbin etc dev; do
# [ -d $homejail/$i ] && rm -rf $homejail/$i
# cp -ar /$i $homejail
#done
#rm -rf $homejail/var/lib/postgres*
#rm -rf $homejail/var/www/*
#mkdir -p $homejail/proc
#mkdir -p $homejail/sys
uname -m | grep -q 64
if [[ $? == 0 ]]; then
archt=amd64
else
archt=i386
fi
cat <<FIM > /etc/schroot/chroot.d/bocajail.conf
[bocajail]
description=Jail
directory=$homejail
root-users=root
type=directory
users=bocajail,nobody,root
FIM
#debootstrap --arch "$archt" "$DISTRIB_CODENAME" "$homejail"
debootstrap "$DISTRIB_CODENAME" "$homejail" 'http://archive.ubuntu.com/ubuntu'
if [[ $? != 0 ]]; then
echo "bocajail failed to debootstrap"
exit 1
else
schroot -l | grep -q bocajail
if [[ $? == 0 ]]; then
echo "bocajail successfully installed at $homejail"
else
echo "*** some error has caused bocajail not to install properly -- I will try it again with different parameters"
echo "location=$homejail" >> /etc/schroot/chroot.d/bocajail.conf
debootstrap "$DISTRIB_CODENAME" "$homejail" 'http://archive.ubuntu.com/ubuntu'
schroot -l | grep -q bocajail
if [[ $? == 0 ]]; then
echo "*** bocajail successfully installed at $homejail"
else
echo "*** bocajail failed to install"
exit 1
fi
fi
fi
printf "*** Patching broken repositories on Ubuntu noble\n"
if [[ "$DISTRIB_CODENAME" == 'noble' ]]; then
printf '*** Ubuntu %s detected on %s\n' "$DISTRIB_CODENAME" "$homejail"
if [[ ! -f "${homejail}/etc/apt/sources.list.d/ubuntu.sources" ]]; then
printf "*** Sources file missing\n"
cat <<EOF > "${homejail}/etc/apt/sources.list.d/ubuntu.sources"
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://security.ubuntu.com/ubuntu
Suites: noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
EOF
printf '*** Patched %s for broken repositories\n' "$homejail"
fi
fi
# We have two PPAs:
# add-apt-repository -y ppa:icpc-latam/maratona-linux
# add-apt-repository -y ppa:icpc-latam/unstable
# Please use only the STABLE one when officially releasing!
echo "*** Populating $homejail"
cat <<EOF > /home/bocajail/tmp/populate.sh
#!/bin/bash
mount -t proc proc /proc
echo "LC_ALL=en_US.UTF-8" > /etc/default/locale
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
/usr/sbin/locale-gen
/usr/sbin/update-locale
apt-get -y update
apt-get -y dist-upgrade --purge
apt-get -y install software-properties-common --no-install-recommends
add-apt-repository -y ppa:icpc-latam/maratona-linux
apt-get -y update
apt-get -y install maratona-linguagens --no-install-recommends --allow-unauthenticated
apt-get autoremove --purge
apt-get -y clean
umount /proc
EOF
mkdir -p /bocajail/usr/bin
[[ -x /usr/bin/safeexec ]] && cp -a /usr/bin/safeexec /bocajail/usr/bin/
cp -f /etc/apt/sources.list "${homejail}/etc/apt/"
chmod 755 /home/bocajail/tmp/populate.sh
export LC_ALL=en_US.UTF-8
cd / ; chroot "$homejail" /tmp/populate.sh
|
