osi-tools/Documentation/module-examples/systemd-osi-shell.sh

52 lines
1.8 KiB
Bash
Raw Permalink Normal View History

#!/hint/bash -euE
2018-08-18 18:42:42 +00:00
# Copyright (C) 2018 Luke Shumaker
# SPDX-License-Identifier: AGPL-3.0-or-later
2018-08-15 01:15:21 +00:00
post_install+=(10:systemd-osi-shell:post_install)
systemd-osi-shell:post_install() {
local arg_mountpoint=$1
2018-08-15 01:15:21 +00:00
cat <<-'EOT' > "${arg_mountpoint}/etc/systemd/system/osi-shell.target"
[Unit]
Description=osi-shell target
Requires=multi-user.target
After=multi-user.target
Conflicts=rescue.target
AllowIsolate=yes
EOT
2018-08-17 21:17:50 +00:00
ln -sfT -- osi-shell.target "${arg_mountpoint}/etc/systemd/system/default.target"
2018-08-15 01:15:21 +00:00
cat <<-'EOT' > "${arg_mountpoint}/etc/systemd/system/osi-shell.service"
[Unit]
Description=osi-shell service
Wants=network-online.target
After=network-online.target
[Service]
KillSignal=SIGHUP
KillMode=process
IgnoreSIGPIPE=no
2018-08-20 06:55:36 +00:00
# We can't use login(1) because it masks the exit status of the shell,
# but we want this to be a real local login with PAM, so use su(1),
# but trick in in to using login(1)'s PAM config. We undo this trick by
# using nsenter(1) to reset the mount namespace after we've done the PAM stuff.
# This hardcodes the shell as /bin/bash, which is the default for root.
2018-08-20 06:55:36 +00:00
ExecStart=/bin/unshare --mount -- sh -c 'mount --bind /etc/pam.d/login /etc/pam.d/su && exec -- su -c "exec nsenter --mount --target=1 -- bash -l"'
2018-08-15 01:15:21 +00:00
StandardInput=tty
TTYPath=/dev/ttyS0
TTYReset=yes
TTYVHangup=yes
# Write the exit status to ttyS1 and poweroff
# Bash sets exit status to 128+SIGNAL if we get killed by a signal,
# but there's not a good one-liner way to get from signal name to number,
# so just use 128.
ExecStopPost=/bin/sh -c 'if [ "$EXIT_CODE" = exited ]; then echo $EXIT_STATUS; else echo 128; fi > /dev/ttyS1; systemctl poweroff --no-block'
[Install]
WantedBy=osi-shell.target
EOT
systemctl --root="$arg_mountpoint" enable osi-shell.service
}