mkroot

#!/bin/sh -e

sinfo() {
    echo ${BASH:+-e} "\033[1;33;41m$@\033[0m"
}


# Must have root directory as an argument
if [ -z "$1"  -o  \( -n "$2" -a "$2" != fresh \) ]; then
    echo "$0 <livecd root> [fresh]"
    exit 1
fi


# Variables
FROM=`dirname $0`
LIVECD=$1

# MIRROR=http://mirrors.kernel.org/gentoo
MIRROR=http://distfiles.gentoo.org
stage3base=${MIRROR}/releases/x86/autobuilds
portage=${MIRROR}/snapshots/portage-latest.tar.bz2

# GPG keys used at bulid-time
gpg_keys=`sed '/^#/d; /^$/d; s/ //g' ${FROM}/conf/pubkeys`


if [ "$2" != fresh  -a  -d ${LIVECD}/src ]; then
    sinfo "Skipping overwrite of ${LIVECD}/src (use \"fresh\")"
    exit
fi


# Extract stage3 + portage snapshot to fresh directory
# Download stage3 + portage snapshot
mkdir -p ${LIVECD}/mirror/stage3 ${LIVECD}/mirror/portage
mkdir -p -m 700 ${LIVECD}/mirror/gnupg

sinfo "Testing for required utilities"
if ! type gpg 1>/dev/null 2>&1; then
    echo "Please install GnuPG"
    exit 1
fi

sinfo "Testing security labels and user xattrs support"
touch ${LIVECD}/mirror/fs-test
if ! setcap cap_net_raw+i  ${LIVECD}/mirror/fs-test || \
   ! setfattr -n user.test ${LIVECD}/mirror/fs-test; then
    echo "Filesystem does not support extended attributes."
    echo "Try ext4 with EXT4_FS_SECURITY and -o user_xattr"
    echo "(make sure attr / libpcap are installed)"
    exit 1
fi
rm ${LIVECD}/mirror/fs-test


# latest-stage3-i686.txt contains YYYYMMDD/stage3-i686-YYYYMMDD.tar.bz2
sinfo "Fetching latest-stage3.txt"
wget -N -nv -P ${LIVECD}/mirror/stage3 ${stage3base}/latest-stage3-i686.txt
stage3=`grep stage3-i686 ${LIVECD}/mirror/stage3/latest-stage3-i686.txt`
stage3file=`basename ${stage3}`

# If a new stage3 is available, remove old mirrors
if [ ! -e ${LIVECD}/mirror/stage3/${stage3file} ]; then
    rm -f ${LIVECD}/mirror/stage3/stage3-i686-*.tar.bz2*
fi


sinfo "Downloading ${stage3file}"
wget -c -nv -P ${LIVECD}/mirror/stage3  \
    ${stage3base}/${stage3}.DIGESTS.asc \
    ${stage3base}/${stage3}.CONTENTS    \
    ${stage3base}/${stage3}

sinfo "Downloading portage-latest.tar.bz2"
wget -N -nv -P ${LIVECD}/mirror/portage ${portage}.gpgsig ${portage}


sinfo "Verifying PGP keys fingerprints"
for key in ${gpg_keys}; do
    org=`echo ${key} | cut -d: -f1`
    fpr=`echo ${key} | cut -d: -f2`
    keyid=`echo -n ${fpr} | tail -c -8`

    gpg -q --homedir ${LIVECD}/mirror/gnupg --no-default-keyring \
        --keyring ${org}.gpg --import ${FROM}/conf/certs/${org}-${keyid}.asc

    fpr2=`gpg -q --homedir ${LIVECD}/mirror/gnupg --keyring ${org}.gpg \
              --fingerprint --with-colons 0x${fpr} | sed -n '/^fpr:/p' | cut -d: -f10`
    if [ ${fpr} != "${fpr2}" ]; then
        echo "Fingerprint mismatch: [${fpr}] != [${fpr2}]"
        exit 1
    fi
done

for keyring in `echo "${gpg_keys}" | cut -d: -f1 | sort -u`; do
    keyids=`gpg -q -k --homedir ${LIVECD}/mirror/gnupg --keyring ${keyring}.gpg \
                --fingerprint --with-colons | sed -n '/^fpr:/p' | cut -d: -f10 | sort`
    expids=`echo "${gpg_keys}" | sed -n "/^${keyring}:/p" | cut -d: -f2 | sort`

    if [ "${keyids}" != "${expids}" ]; then
        echo "Unexpected public keys in keyring ${keyring}.gpg"
        exit 1
    fi
done


sinfo "Verifying stage3 and portage snapshot PGP signatures"
gpg -q --homedir ${LIVECD}/mirror/gnupg --trust-model always --keyring gentoo.gpg \
    --verify ${LIVECD}/mirror/stage3/${stage3file}.DIGESTS.asc
gpg -q --homedir ${LIVECD}/mirror/gnupg --trust-model always --keyring gentoo.gpg \
    --verify ${LIVECD}/mirror/portage/portage-latest.tar.bz2.gpgsig \
             ${LIVECD}/mirror/portage/portage-latest.tar.bz2


sinfo "Verifying stage3 SHA512 digests"
sed '/^# WHIRLPOOL HASH$/{N; s/.*/\n/}' ${LIVECD}/mirror/stage3/${stage3file}.DIGESTS.asc \
    | (cd ${LIVECD}/mirror/stage3; sha512sum -c)


sinfo "Removing ${LIVECD}/src"
chattr -f -a ${LIVECD}/src/tmp/.private || :
rm -rf --one-file-system ${LIVECD}/src
mkdir -m 755 ${LIVECD}/src


sinfo "Extracting stage3 to ${LIVECD}/src"
tar -xpSjf ${LIVECD}/mirror/stage3/${stage3file} -C ${LIVECD}/src --exclude './dev/*'


sinfo "Extracting portage to ${LIVECD}/src/usr"
tar -xpSjf ${LIVECD}/mirror/portage/portage-latest.tar.bz2 -C ${LIVECD}/src/usr


sinfo "Done."