Added -K option to disable keyring checks

This commit is contained in:
Fabio Manganiello 2022-03-08 00:02:20 +01:00
parent 9daa3907a9
commit e7b8c724d7
2 changed files with 29 additions and 18 deletions

View file

@ -32,6 +32,7 @@ on the fly, wherever you are. It does the following:
Usage: vmctl install [-o <output-disk-image>] [-a <architecture>] [-s <disk-size>] Usage: vmctl install [-o <output-disk-image>] [-a <architecture>] [-s <disk-size>]
[-m <memory>] [-h <hostname>] [-P <root-password>] [-u <non-root-username>] [-m <memory>] [-h <hostname>] [-P <root-password>] [-u <non-root-username>]
[-p <non-root-user-password>] [-z <timezone>] [-l <locale>] [-M <arch-mirror-url>] [-p <non-root-user-password>] [-z <timezone>] [-l <locale>] [-M <arch-mirror-url>]
[-K] [extra qemu arguments]
-o <output-disk-image> Path of the output disk image (default: ./arch.img) -o <output-disk-image> Path of the output disk image (default: ./arch.img)
-a <architecture> Target architecture (default: x86_64) -a <architecture> Target architecture (default: x86_64)
@ -45,6 +46,8 @@ Usage: vmctl install [-o <output-disk-image>] [-a <architecture>] [-s <disk-size
-l <locale> System locale (default: en_US.UTF-8) -l <locale> System locale (default: en_US.UTF-8)
-M <arch-mirror-url> Arch Linux download mirror URL (default: http://mirror.cj2.nl/archlinux/iso/latest/) -M <arch-mirror-url> Arch Linux download mirror URL (default: http://mirror.cj2.nl/archlinux/iso/latest/)
Consult https://archlinux.org/download/ for a full list of the available download mirrors. Consult https://archlinux.org/download/ for a full list of the available download mirrors.
-K Disable pacman keyring checks during installation. It's potentially unsafe,
but it can be an option if downloading the keys takes too long.
``` ```
If a required option is not specified on the command line then it will be If a required option is not specified on the command line then it will be

44
vmctl
View file

@ -40,6 +40,7 @@ root_password=
username= username=
user_password= user_password=
timezone= timezone=
disable_keyring_checks=0
locale="$default_locale" locale="$default_locale"
img_download_page="$default_img_download_page" img_download_page="$default_img_download_page"
@ -49,6 +50,7 @@ function install_usage() {
echo "Usage: $(basename "$0") install [-o <output-disk-image>] [-a <architecture>] [-s <disk-size>]" echo "Usage: $(basename "$0") install [-o <output-disk-image>] [-a <architecture>] [-s <disk-size>]"
echo -e "\t[-m <memory>] [-h <hostname>] [-P <root-password>] [-u <non-root-username>]" echo -e "\t[-m <memory>] [-h <hostname>] [-P <root-password>] [-u <non-root-username>]"
echo -e "\t[-p <non-root-user-password>] [-z <timezone>] [-l <locale>] [-M <arch-mirror-url>]" echo -e "\t[-p <non-root-user-password>] [-z <timezone>] [-l <locale>] [-M <arch-mirror-url>]"
echo -e "\t[-K] [extra qemu arguments]"
echo echo
echo -e "-o\t<output-disk-image>\t\tPath of the output disk image (default: ./arch.img)" echo -e "-o\t<output-disk-image>\t\tPath of the output disk image (default: ./arch.img)"
echo -e "-a\t<architecture>\t\t\tTarget architecture (default: x86_64)" echo -e "-a\t<architecture>\t\t\tTarget architecture (default: x86_64)"
@ -62,6 +64,8 @@ function install_usage() {
echo -e "-l\t<locale>\t\t\tSystem locale (default: en_US.UTF-8)" echo -e "-l\t<locale>\t\t\tSystem locale (default: en_US.UTF-8)"
echo -e "-M\t<arch-mirror-url>\t\tArch Linux download mirror URL (default: http://mirror.cj2.nl/archlinux/iso/latest/)" echo -e "-M\t<arch-mirror-url>\t\tArch Linux download mirror URL (default: http://mirror.cj2.nl/archlinux/iso/latest/)"
echo -e "\t\t\t\t\tConsult https://archlinux.org/download/ for a full list of the available download mirrors." echo -e "\t\t\t\t\tConsult https://archlinux.org/download/ for a full list of the available download mirrors."
echo -e "-K\t\t\t\t\tDisable pacman keyring checks during installation. It's potentially unsafe,"
echo -e "\t\t\t\t\tbut it can be an option if downloading the keys takes too long."
echo echo
echo "If you want to install an extra list of packages besides the default ones, then" echo "If you want to install an extra list of packages besides the default ones, then"
echo "specify them in a file named PKGLIST in the same directory as the disk image file." echo "specify them in a file named PKGLIST in the same directory as the disk image file."
@ -245,21 +249,24 @@ $(cat "$pkgfile")"
send -- "mkinitcpio -P\r" send -- "mkinitcpio -P\r"
expect \$chroot_prompt expect \$chroot_prompt
# Update the keyring send -- "cp /etc/pacman.conf /etc/pacman.conf.orig\r"
# This may currently currently take a long time
# see https://www.reddit.com/r/archlinux/comments/rbjbcr/pacman_keyring_update_taking_too_long/
send -- "pacman-key --init\r"
expect \$chroot_prompt
send -- "pacman-key --populate archlinux\r"
expect \$chroot_prompt
send -- "pacman-key --refresh-keys\r"
expect \$chroot_prompt expect \$chroot_prompt
# As a workaround, you can temporarily disable signature check on pacman.conf if {$disable_keyring_checks == 0} {
#send -- "cp /etc/pacman.conf /etc/pacman.conf.orig\r" # Update the keyring
#expect \$chroot_prompt # This may currently currently take a long time
#send -- "sed -i /etc/pacman.conf -r -e 's/^(SigLevel\\\\s*=\\\\s*).*$/\\\\1 Never/g'\r" # see https://www.reddit.com/r/archlinux/comments/rbjbcr/pacman_keyring_update_taking_too_long/
#expect \$chroot_prompt send -- "pacman-key --init\r"
expect \$chroot_prompt
send -- "pacman-key --populate archlinux\r"
expect \$chroot_prompt
send -- "pacman-key --refresh-keys\r"
expect \$chroot_prompt
} else {
# Disable signature check on pacman.conf
send -- "sed -i /etc/pacman.conf -r -e 's/^(SigLevel\\\\s*=\\\\s*).*$/\\\\1 Never/g'\r"
expect \$chroot_prompt
}
# Install extra packages # Install extra packages
send -- {echo "$packages" | pacman -S --noconfirm -} send -- {echo "$packages" | pacman -S --noconfirm -}
@ -278,10 +285,6 @@ $(cat "$pkgfile")"
send -- "sed -i /boot/syslinux/syslinux.cfg -e 's|APPEND root=/dev/sda3|APPEND console=tty0 console=ttyS0,115200 root=/dev/sda1|g'\r" send -- "sed -i /boot/syslinux/syslinux.cfg -e 's|APPEND root=/dev/sda3|APPEND console=tty0 console=ttyS0,115200 root=/dev/sda1|g'\r"
expect \$chroot_prompt expect \$chroot_prompt
# Restore the original pacman.conf
send -- "mv /etc/pacman.conf.orig /etc/pacman.conf\r"
expect \$chroot_prompt
# Set the root password # Set the root password
send -- "passwd\r" send -- "passwd\r"
expect "New password: " expect "New password: "
@ -339,6 +342,10 @@ _EOF_
send -- "\r" send -- "\r"
expect \$chroot_prompt expect \$chroot_prompt
# Restore the original pacman.conf
send -- "mv /etc/pacman.conf.orig /etc/pacman.conf\r"
expect \$chroot_prompt
# Clear the pacman cache # Clear the pacman cache
send -- "rm -rf /var/cache/pacman/pkg/*\r" send -- "rm -rf /var/cache/pacman/pkg/*\r"
expect \$chroot_prompt expect \$chroot_prompt
@ -358,7 +365,7 @@ EOF
} }
function install() { function install() {
optstring=':o:a:s:m:h:P:u:p:z:l:M:' optstring=':o:a:s:m:h:P:u:p:z:l:M:K'
[[ "$1" == '--help' ]] && install_usage [[ "$1" == '--help' ]] && install_usage
while getopts ${optstring} arg; do while getopts ${optstring} arg; do
@ -374,6 +381,7 @@ function install() {
z) timezone="${OPTARG}";; z) timezone="${OPTARG}";;
l) locale="${OPTARG}";; l) locale="${OPTARG}";;
M) img_download_page="${OPTARG}";; M) img_download_page="${OPTARG}";;
K) disable_keyring_checks=1;;
?) ?)
echo "Invalid option: -${OPTARG}" >&2 echo "Invalid option: -${OPTARG}" >&2
install_usage;; install_usage;;