1*4882a593Smuzhiyun#!/bin/sh 2*4882a593Smuzhiyun# 3*4882a593Smuzhiyun# The systemd-tmpfiles has the ability to grab information 4*4882a593Smuzhiyun# from the filesystem (instead from the running system). 5*4882a593Smuzhiyun# 6*4882a593Smuzhiyun# tmpfs directories (/tmp, /proc, ...) are skipped since they're not 7*4882a593Smuzhiyun# relevant for the rootfs image. 8*4882a593Smuzhiyun# 9*4882a593Smuzhiyun# However there are a few specifiers that *always* will grab 10*4882a593Smuzhiyun# information from the running system examples are %a, %b, %m, %H 11*4882a593Smuzhiyun# (Architecture, Boot UUID, Machine UUID, Hostname). 12*4882a593Smuzhiyun# 13*4882a593Smuzhiyun# See [1] for historic information. 14*4882a593Smuzhiyun# 15*4882a593Smuzhiyun# This script will (conservatively) skip tmpfiles lines that have 16*4882a593Smuzhiyun# such an specifier to prevent leaking host information. 17*4882a593Smuzhiyun# 18*4882a593Smuzhiyun# shell expansion is critical to be POSIX compliant, 19*4882a593Smuzhiyun# this script wont work with zsh in its default mode for example. 20*4882a593Smuzhiyun# 21*4882a593Smuzhiyun# The script takes several measures to handle more complex stuff 22*4882a593Smuzhiyun# like passing this correctly: 23*4882a593Smuzhiyun# f+ "/var/example" - - - - %B\n%o\n%w\n%W%%\n 24*4882a593Smuzhiyun# 25*4882a593Smuzhiyun# [1] - https://github.com/systemd/systemd/pull/16187 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun[ -n "${HOST_SYSTEMD_TMPFILES-}" ] || 28*4882a593Smuzhiyun HOST_SYSTEMD_TMPFILES=systemd-tmpfiles 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun[ -n "${1-}" -a -d "${1-}"/usr/lib/tmpfiles.d ] || 31*4882a593Smuzhiyun { echo 1>&2 "$0: need ROOTFS argument"; exit 1; } 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun${HOST_SYSTEMD_TMPFILES} --no-pager --cat-config --root="$1" | 34*4882a593Smuzhiyun sed -e '/^[[:space:]]*#/d' -e 's,^[[:space:]]*,,' -e '/^$/d' | 35*4882a593Smuzhiyun while read -r line; do 36*4882a593Smuzhiyun # it is allowed to use quotes around arguments, 37*4882a593Smuzhiyun # so let the shell pack the arguments 38*4882a593Smuzhiyun eval "set -- $line" 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun # dont output warnings for directories we dont process 41*4882a593Smuzhiyun [ "${2#/dev}" = "${2}" ] && [ "${2#/proc}" = "${2}" ] && 42*4882a593Smuzhiyun [ "${2#/run}" = "${2}" ] && [ "${2#/sys}" = "${2}" ] && 43*4882a593Smuzhiyun [ "${2#/tmp}" = "${2}" ] && [ "${2#/mnt}" = "${2}" ] || 44*4882a593Smuzhiyun continue 45*4882a593Smuzhiyun 46*4882a593Smuzhiyun # blank out all specs that are ok to use, 47*4882a593Smuzhiyun # test if some remain. (Specs up to date with v250) 48*4882a593Smuzhiyun if echo "$2 ${7-}" | sed -e 's,%[%BCEgGhLMosStTuUVwW],,g' | grep -v -q '%'; then 49*4882a593Smuzhiyun # no "bad" specifiers, pass the line unmodified 50*4882a593Smuzhiyun eval "printf '%s\n' '$line'" 51*4882a593Smuzhiyun else 52*4882a593Smuzhiyun # warn 53*4882a593Smuzhiyun eval "printf 'ignored spec: %s\n' '$line' 1>&2" 54*4882a593Smuzhiyun fi 55*4882a593Smuzhiyun done | 56*4882a593Smuzhiyun TMPDIR= TEMP= TMP= ${HOST_SYSTEMD_TMPFILES} --create --boot --root="$1" \ 57*4882a593Smuzhiyun --exclude-prefix=/dev --exclude-prefix=/proc --exclude-prefix=/run \ 58*4882a593Smuzhiyun --exclude-prefix=/sys --exclude-prefix=/tmp --exclude-prefix=/mnt \ 59*4882a593Smuzhiyun - 60