update-bootengine

#!/bin/bash

# Copyright (c) 2013 The CoreOS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

set -e

USAGE="Usage: $0 [-k 4.6.0] [-m] [-c /build/amd64-usr] [-o bootengine.cpio]
Options:
    -k VERSION  Kernel version of modules to include
    -m          Setup mounts for /dev /proc /sys and /run
    -c CHROOT   Chroot into the given directory
    -o OUT.cpio Alternate path to write the initrd

This tool uses dracut to update /usr/share/bootengine/bootengine.cpio

Since dracut assumes it is always run on the target system we need to support
wrapping it in a way that fools it into using the files from the target image.
This is all kinds of terrible and only works because the target arch is the
same as the host arch.

After many terrible experiences from this procedure this script will create a
new filesystem namespace when operating inside the chroot, that way anything
bad that happens will be less likely to hurt the host system. But no promises!
"

DRACUT_ARGS=(
    --force
    --no-hostonly
    --no-compress
    --omit lvm
    --omit multipath
    --omit network
    --omit zfs
    --add iscsi
    --add i18n
    --add-drivers "loop brd drbd nbd rbd mmc_block xen-blkfront zram libarc4 lru_cache zsmalloc"
    )

SETUP_MOUNTS=
USE_CHROOT=
CPIO_PATH="/usr/share/bootengine/bootengine.cpio"
KERNEL=
while getopts "hmc:k:o:" OPTION
do
    case $OPTION in
        c) USE_CHROOT="$OPTARG";;
        k) KERNEL="$OPTARG";;
        m) SETUP_MOUNTS=1;;
        o) CPIO_PATH="$OPTARG";;
        h) echo "$USAGE"; exit;;
        *) exit 1;;
    esac
done

if [[ -n "$USE_CHROOT" && ! -d "$USE_CHROOT" ]]; then
    echo "$0: chroot $USE_CHROOT does not exist!" >&2
    exit 1
fi

if [[ -z "$USE_CHROOT" && "$SETUP_MOUNTS" -eq 1 ]]; then
    echo "$0: -c chrootpath option is required with the -m option" >&2
    exit 1
fi

if [[ $(id -u) -ne 0 ]]; then
    echo "$0: this script must be run as root!" >&2
    exit 1
fi

# Alternative to mount --make-rprivate /
# Doing it the ugly way is required because if this is run inside a chroot
# such as the CoreOS SDK / is unlikely to be a mount point.
mount_private() {
    awk '$7 ~ /^shared:/{print $5}' /proc/self/mountinfo \
        | xargs -r -n1 mount --make-private
}

if [[ "$SETUP_MOUNTS" -eq 1 ]]; then
    # To ensure we don't break the rest of the system re-run ourselves in
    # a new namespace, that way no one else sees our mounts.
    if cmp -s /proc/self/mountinfo /proc/${PPID}/mountinfo; then
        echo "Creating new filesystem namespace"
        exec unshare --mount -- "$0" "$@"
        exit 1
    fi

    if cmp -s /proc/self/mountinfo /proc/${PPID}/mountinfo; then
        echo "Creating a new filesystem namespace seems to have failed!" >&2
        exit 1
    fi

    echo "Mounting virtual filesystems"
    mount_private
    mount -n -t proc proc "${USE_CHROOT}/proc"
    mount -n --bind /dev "${USE_CHROOT}/dev"
    mount -n --bind /sys "${USE_CHROOT}/sys"
    mount -n --bind /run "${USE_CHROOT}/run"
fi

if [[ -n "$KERNEL" ]]; then
    DRACUT_ARGS+=( "--kver" "$KERNEL" )
else
    DRACUT_ARGS+=( "--no-kernel" )
fi

# Copying / installing files to initrd while preserving xattrs breaks dracut in certain scenarios,
#  e.g. when run in a container.
DRACUT_NO_XATTR=1
export DRACUT_NO_XATTR

mkdir -p "${USE_CHROOT}$(dirname "$CPIO_PATH")"
if [[ -n "$USE_CHROOT" ]]; then
    # ROOT interferes with some utilities after chroot (gcc-config).
    unset ROOT
    echo "Running dracut in $USE_CHROOT"
    LC_ALL=C chroot "$USE_CHROOT" ldconfig -X
    LC_ALL=C chroot "$USE_CHROOT" dracut "${DRACUT_ARGS[@]}" "$CPIO_PATH"
else
    echo "Running dracut in root"
    LC_ALL=C dracut "${DRACUT_ARGS[@]}" "$CPIO_PATH"
fi
chmod 644 "${USE_CHROOT}${CPIO_PATH}"