github.com/rigado/snapd@v2.42.5-go-mod+incompatible/data/systemd/snapd.core-fixup.sh (about) 1 #!/bin/sh 2 3 set -e 4 5 if ! grep -q "ID=ubuntu-core" /etc/os-release; then 6 # this code is only relevant on ubuntu-core devices 7 # 8 # this script will only run via systemd if /writable/system-data 9 # exists however we still add this check here in case people run 10 # it manually 11 exit 0 12 fi 13 14 # Workaround https://forum.snapcraft.io/t/5253 15 # 16 # We see sometimes corrupted uboot.env files created by fsck.vfat. 17 # On the fat filesystem they are indistinguishable because one 18 # has a fat16 name UBOOT.ENV (and not lfn (long-file-name)) but 19 # the other has a "uboot.env" lfn name and a FSCK0000.000 FAT16 20 # name. The only known workaround is to remove all dupes and put 21 # one file back in place. 22 if [ "$(find /boot/uboot -name uboot.env | wc -l)" -gt 1 ]; then 23 echo "Corrupted uboot.env file detected" 24 # Ensure we have one uboot.env to go back to. Note that it does 25 # not matter which one we pick (we can't choose anyway, we get 26 # whatever the kernel gives us). The key part is that there is 27 # only a single one after this script finishes. The bootloader 28 # logic will recover in any case. 29 cp -a /boot/uboot/uboot.env /boot/uboot/uboot.env.save 30 # now delete all dupes 31 while ls /boot/uboot/uboot.env 2>/dev/null; do 32 rm -f /boot/uboot/uboot.env 33 done 34 # and move the saved one into place 35 mv /boot/uboot/uboot.env.save /boot/uboot/uboot.env 36 37 # ensure we sync the fs 38 sync 39 fi 40 41 42 # The code below deals with incorrect permissions that happened on 43 # some buggy ubuntu-image versions. 44 # 45 # This needs to run only once so we can exit here. 46 if [ -f /var/lib/snapd/device/ownership-change.after ]; then 47 exit 0 48 fi 49 50 # store important data in case we need it later 51 if [ ! -f /var/lib/snapd/device/ownership-change.before ]; then 52 mkdir -p /var/lib/snapd/device 53 find /etc/cloud /var/lib/cloud /var/lib/snapd -printf '%M %U %G %p\n' > /var/lib/snapd/device/ownership-change.before.tmp || true 54 find /writable/system-data /writable/system-data/var /writable/system-data/var/lib /writable/system-data/boot /writable/system-data/etc -maxdepth 0 -printf '%M %U %G %p\n' >> /var/lib/snapd/device/ownership-change.before.tmp || true 55 mv /var/lib/snapd/device/ownership-change.before.tmp /var/lib/snapd/device/ownership-change.before 56 fi 57 58 # cleanup read/write files and directories (CVE-2017-10600) 59 for i in /etc/cloud /var/lib/cloud /var/lib/snapd ; do 60 # restore ownership to root:root 61 find "$i" \( -type f -o -type d -o -type l \) -a \( \! -uid 0 -o \! -gid 0 \) -print0 | \ 62 xargs -0 --no-run-if-empty chown -c --no-dereference root:root -- || true 63 done 64 65 # cleanup a few /writable directories without descending 66 for i in /writable/system-data /writable/system-data/var /writable/system-data/var/lib /writable/system-data/boot /writable/system-data/etc ; do 67 # restore ownership to root:root 68 find "$i" -maxdepth 0 \( \! -uid 0 -o \! -gid 0 -o -type l \) -print0 | \ 69 xargs -0 --no-run-if-empty chown -c --no-dereference root:root -- || true 70 done 71 72 # store permissions after manipulation, this is also used as the stamp file 73 # for the systemd service to ensure it is only run once 74 find /etc/cloud /var/lib/cloud /var/lib/snapd -printf '%M %U %G %p\n' > /var/lib/snapd/device/ownership-change.after.tmp 75 find /writable/system-data /writable/system-data/var /writable/system-data/var/lib /writable/system-data/boot /writable/system-data/etc -maxdepth 0 -printf '%M %U %G %p\n' >> /var/lib/snapd/device/ownership-change.after.tmp 76 mv /var/lib/snapd/device/ownership-change.after.tmp /var/lib/snapd/device/ownership-change.after 77 78 # ensure things are really on disk 79 sync