当前位置: 文江博客话题详情

识别NSSWitch库的依赖于架构的位置

发布于 2025-02-04 09:48:25 字数 3015 浏览 4 评论 0原文

我有一个DEB软件包,该软件包会在PosteSt Inst Helper脚本中动态创建Chroot文件系统。该包装适用于X86,AMD64和ARM64在Debian Stretch/Buster/Bullseye和Ubuntu Bionic/focal/Jammy上的套件。但是,我最近尝试将其安装在Raspbian Arm32上,并且失败了。

问题在于,nsswitch库的路径名与其他平台上的构建方式不同。换句话说,使用uname -m的图书馆路径的碎餐组件与文件系统中的存在不符。

#!/bin/bash -eu

U=chroot_user
UHOME=/home/$U
ARCH=$(uname -m)

function add_executable () {
  FROM="$1"; shift
  TO="$(basename $FROM)"
  if [ $# -ge 1 ]; then
    TO=$1; shift
  fi
  cp "$FROM" "$UHOME/bin/$TO"
  ldd "$FROM" | grep "=> /" | awk '{print $3}' | xargs -I '{}' cp '{}' $UHOME/lib/

  LIBNAME="ld-linux-$(echo $ARCH | tr '_' '-').so*"
  if compgen -G "/lib64/${LIBNAME}" > /dev/null; then
    cp /lib64/${LIBNAME} $UHOME/lib64/
  elif compgen -G "/lib/${LIBNAME}" > /dev/null; then
    cp /lib/${LIBNAME} $UHOME/lib/
  fi
}

if [ "$1" = "configure" ]; then

  # Create a system user that has restricted bash as its login shell.
  IS_USER=$(grep $U /etc/passwd || true)
  if [ ! -z "$IS_USER" ]; then
    killall -u $U || true
    userdel -f $U > /dev/null 2>&1 || true
  fi
  adduser --system --home ${UHOME} --no-create-home --group --shell /bin/rbash ${U}

  # Create a clean usable chroot
  rm -rf $UHOME
  mkdir -p $UHOME
  mkdir -p $UHOME/dev/
  mknod -m 666 $UHOME/dev/null c 1 3
  mknod -m 666 $UHOME/dev/tty c 5 0
  mknod -m 666 $UHOME/dev/zero c 1 5
  mknod -m 666 $UHOME/dev/random c 1 8
  mknod -m 644 $UHOME/dev/urandom c 1 9
  chown root:root $UHOME
  chmod 0755 $UHOME
  mkdir -p $UHOME/bin
  mkdir -p $UHOME/etc
  mkdir -p $UHOME/lib
  mkdir -p $UHOME/usr
  cd $UHOME/usr
  ln -s ../bin bin
  cd - > /dev/null
  cd $UHOME
  ln -s lib lib64
  cd - > /dev/null
  mkdir $UHOME/lib/${ARCH}-linux-gnu
  cp /lib/${ARCH}-linux-gnu/libnss* $UHOME/lib/${ARCH}-linux-gnu
  cat <<EOT>$UHOME/etc/nsswitch.conf
passwd: files
group:  files
EOT
  chmod 0444 $UHOME/etc/nsswitch.conf
  echo "127.0.0.1 localhost" > $UHOME/etc/hosts
  chmod 0444 $UHOME/etc/hosts
  if [ -d /etc/terminfo/ ]; then
    cp -R /etc/terminfo $UHOME/etc
  fi
  if [ -d /lib/terminfo/ ]; then
    cp -R /lib/terminfo $UHOME/lib
  fi

  # Add restricted bash and ssh/scp executables into the chroot. There is no
  # need for any other executable.
  add_executable /bin/bash rbash
  add_executable /usr/bin/ssh
  add_executable /usr/bin/scp
  add_executable /bin/date
  add_executable /bin/ls
  add_executable /bin/rm
  add_executable /bin/mv
  add_executable /bin/cp

  grep $U /etc/passwd > $UHOME/etc/passwd
  grep $U /etc/group > $UHOME/etc/group

  mkdir -p $UHOME/.ssh
  chmod 700 $UHOME/.ssh
  chown -R $U:$U $UHOME/.ssh

  # When using SSH to get out of the jail onto localhost machine, we don't want
  # to be constantly told about fingerprints and permanently added hosts
  mkdir -p $UHOME/home/$U/.ssh
  chmod 0700 $UHOME/home/$U/.ssh
  chown -R $U:$U $UHOME/home/$U

fi

#DEBHELPER#

exit 0

# vim: set ts=2 sw=2 tw=0 et :
原文

I have a DEB package which dynamically creates a chroot filesystem in package postinst helper script. The package works fine for x86, amd64, and arm64 on Debian Stretch/Buster/Bullseye and Ubuntu Bionic/Focal/Jammy. However, I recently tried to install it on Raspbian arm32 and it failed.

The problem is that the pathname of the nsswitch libraries is constructed differently than on the other platforms. In other words, the piece meal assembly of the library path using uname -m is not matching what's present in the file-system.

#!/bin/bash -eu

U=chroot_user
UHOME=/home/$U
ARCH=$(uname -m)

function add_executable () {
  FROM="$1"; shift
  TO="$(basename $FROM)"
  if [ $# -ge 1 ]; then
    TO=$1; shift
  fi
  cp "$FROM" "$UHOME/bin/$TO"
  ldd "$FROM" | grep "=> /" | awk '{print $3}' | xargs -I '{}' cp '{}' $UHOME/lib/

  LIBNAME="ld-linux-$(echo $ARCH | tr '_' '-').so*"
  if compgen -G "/lib64/${LIBNAME}" > /dev/null; then
    cp /lib64/${LIBNAME} $UHOME/lib64/
  elif compgen -G "/lib/${LIBNAME}" > /dev/null; then
    cp /lib/${LIBNAME} $UHOME/lib/
  fi
}

if [ "$1" = "configure" ]; then

  # Create a system user that has restricted bash as its login shell.
  IS_USER=$(grep $U /etc/passwd || true)
  if [ ! -z "$IS_USER" ]; then
    killall -u $U || true
    userdel -f $U > /dev/null 2>&1 || true
  fi
  adduser --system --home ${UHOME} --no-create-home --group --shell /bin/rbash ${U}

  # Create a clean usable chroot
  rm -rf $UHOME
  mkdir -p $UHOME
  mkdir -p $UHOME/dev/
  mknod -m 666 $UHOME/dev/null c 1 3
  mknod -m 666 $UHOME/dev/tty c 5 0
  mknod -m 666 $UHOME/dev/zero c 1 5
  mknod -m 666 $UHOME/dev/random c 1 8
  mknod -m 644 $UHOME/dev/urandom c 1 9
  chown root:root $UHOME
  chmod 0755 $UHOME
  mkdir -p $UHOME/bin
  mkdir -p $UHOME/etc
  mkdir -p $UHOME/lib
  mkdir -p $UHOME/usr
  cd $UHOME/usr
  ln -s ../bin bin
  cd - > /dev/null
  cd $UHOME
  ln -s lib lib64
  cd - > /dev/null
  mkdir $UHOME/lib/${ARCH}-linux-gnu
  cp /lib/${ARCH}-linux-gnu/libnss* $UHOME/lib/${ARCH}-linux-gnu
  cat <<EOT>$UHOME/etc/nsswitch.conf
passwd: files
group:  files
EOT
  chmod 0444 $UHOME/etc/nsswitch.conf
  echo "127.0.0.1 localhost" > $UHOME/etc/hosts
  chmod 0444 $UHOME/etc/hosts
  if [ -d /etc/terminfo/ ]; then
    cp -R /etc/terminfo $UHOME/etc
  fi
  if [ -d /lib/terminfo/ ]; then
    cp -R /lib/terminfo $UHOME/lib
  fi

  # Add restricted bash and ssh/scp executables into the chroot. There is no
  # need for any other executable.
  add_executable /bin/bash rbash
  add_executable /usr/bin/ssh
  add_executable /usr/bin/scp
  add_executable /bin/date
  add_executable /bin/ls
  add_executable /bin/rm
  add_executable /bin/mv
  add_executable /bin/cp

  grep $U /etc/passwd > $UHOME/etc/passwd
  grep $U /etc/group > $UHOME/etc/group

  mkdir -p $UHOME/.ssh
  chmod 700 $UHOME/.ssh
  chown -R $U:$U $UHOME/.ssh

  # When using SSH to get out of the jail onto localhost machine, we don't want
  # to be constantly told about fingerprints and permanently added hosts
  mkdir -p $UHOME/home/$U/.ssh
  chmod 0700 $UHOME/home/$U/.ssh
  chown -R $U:$U $UHOME/home/$U

fi

#DEBHELPER#

exit 0

# vim: set ts=2 sw=2 tw=0 et :

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

猫九 2025-02-11 09:48:25

不在预期的位置 ...嗯,更像:Uname的输出中的体系结构类型与您要构造的目录名称不匹配...

但是您可以以不同的方式找到目录,因为您使用了基于apt的发行版。

dpkg -l libnss3 | awk'/libnss.3.so/ {gsub(/\/libnss3.so/,“”,$ 0); print}'

这两个ubuntu 20.04 and code>和> raspbian gnu/linux 10(buster)

raspbian:

$ dpkg -L libnss3  | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
/usr/lib/arm-linux-gnueabihf

ubuntu:

$ dpkg -L libnss3  | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
/usr/lib/x86_64-linux-gnu

Not in the expected location ... well, more like: the architecture type in uname's output doesn't match the directory name you want to construct ...

But you could find the directory in a different way, since you're on apt based distros.

dpkg -L libnss3 | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'

This worked for me on both Ubuntu 20.04 and Raspbian GNU/Linux 10 (buster)

Raspbian:

$ dpkg -L libnss3  | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
/usr/lib/arm-linux-gnueabihf

Ubuntu:

$ dpkg -L libnss3  | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
/usr/lib/x86_64-linux-gnu
回复 原文
~没有更多了~

关于作者

情话墙

暂无简介

文章
评论
28 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

十二

文章 0 评论 0

飞烟轻若梦

文章 0 评论 0

OPleyuhuo

文章 0 评论 0

wxb0109

文章 0 评论 0

旧城空念

文章 0 评论 0

-小熊_

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文