Linux @lemmy.ml DIY KARMA KIT @lemmy.ml 14h ago

Any ideas for transporting variables in chroot bash script?

Hello, iam in the making of artix install script. I start with setting variables in dialog like bootloader="refind" and etc. but when i do artix-chroot into chroot.sh script variables are gone.

right now i have something like this:

cp ${pwd}execution/chroot.sh /mnt/mnt &&
            USER="$USER" USER_PASSWORD1="$USER_PASSWORD1" USER_PASSWORD2="$USER_PASSWORD2"\
            ROOT_PASSWORD1="$ROOT_PASSWORD1" ROOT_PASSWORD2="$ROOT_PASSWORD2"\
            BOOTLOADER="$BOOTLOADER" SUPERUSER="$SUPERUSER" HOSTNAME="$HOSTNAME"\
            LOCALE="$LOCALE" ENCRYPTION="$ENCRYPTION" ROOT="$ROOT" ESP="$ESP"\
            KERNEL="$KERNEL" UCODE="$UCODE"
		artix-chroot /mnt bash -c '/mnt/chroot.sh && execute_root'

But it does not really work, tried also some things like:

# create array of variables to pass to part 2
var_export=($formfactor $threadsminusone $gpu $boot $disk0 $username $userpassword $timezone $swap $intel_vaapi_driver $res_x $res_y_half)

# initiate part 2
mount --bind /root/artix-install-script /mnt/mnt
artix-chroot /mnt /mnt/chrootInstall.sh "${var_export[@]}"

and then in chroot.sh

# Importing Variables
args=("$@")
formfactor=${args[0]}
threadsminusone=${args[1]}
gpu=${args[2]}
boot=${args[3]}
disk=${args[4]}
username=${args[5]}
userpassword=${args[6]}
timezone=${args[7]}
swap=${args[8]}
intel_vaapi_driver=${args[9]}
res_x=${args[10]}
res_y_half=${args[11]}

still not they best way, kinda messy and buggy.

THANKS FOR HELP!

9 comments

Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.

As for your question, the best way is to put it in a file that is then read by the chroot script and delete later.
- Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.
- Preferably, put the variables into a temp file (e.g. using mktemp) and bind-mount that file somewhere into the chroot directory, so you can source it from within that environment.
  That way the critical information, like the passwords, at least only gets to live in volatile memory and won't stick around on the host system after the reboot. That limits the exposure somewhat.
Pack it into a json or CSV oneline string and shove it in a CLI password manager you can access in a scriptable way from both users. (I use the linux tool, 'pass' for this).

Alternatively, save it to a dropfile that only both users can access.
Why use variables and put it in json or simple text file which u can read later
- i dont know if it will be safe because of ROOT_PASSWORD USER_PASSWORD and ENCRYPTION_PASSWORD
  
  Passing them as arguments can be even worse - depending on the configuration, process arguments of running processes can be seen by everything running on the machine.
  
  But I suppose u are working in live environment loaded from iso ,so u should be already comporissed then if some process can read ur files. What's ur threat model
It would be more secure if the credentials are in an in memory SQLite Database but that would require you to use something other than the shell. You would need to do a hardware key or have the user do a bootstrap password or have an API that uses a public key to authenticate the remote process passing the credentials

9 comments