Any ideas for transporting variables in chroot bash script?
from 721_bipsty@lemmy.ml to linux@lemmy.ml on 11 Jul 10:55
https://lemmy.ml/post/33005113

Hello, iam in the making of artix install script. I start with setting variables in dialog like bootloader=“refind” and etc. but when i do artix-chroot into chroot.sh script variables are gone.

right now i have something like this:

cp ${pwd}execution/chroot.sh /mnt/mnt &&
            USER="$USER" USER_PASSWORD1="$USER_PASSWORD1" USER_PASSWORD2="$USER_PASSWORD2"\
            ROOT_PASSWORD1="$ROOT_PASSWORD1" ROOT_PASSWORD2="$ROOT_PASSWORD2"\
            BOOTLOADER="$BOOTLOADER" SUPERUSER="$SUPERUSER" HOSTNAME="$HOSTNAME"\
            LOCALE="$LOCALE" ENCRYPTION="$ENCRYPTION" ROOT="$ROOT" ESP="$ESP"\
            KERNEL="$KERNEL" UCODE="$UCODE"
		artix-chroot /mnt bash -c '/mnt/chroot.sh && execute_root'

But it does not really work, tried also some things like:

# create array of variables to pass to part 2
var_export=($formfactor $threadsminusone $gpu $boot $disk0 $username $userpassword $timezone $swap $intel_vaapi_driver $res_x $res_y_half)

# initiate part 2
mount --bind /root/artix-install-script /mnt/mnt
artix-chroot /mnt /mnt/chrootInstall.sh "${var_export[@]}"

and then in chroot.sh

# Importing Variables
args=("$@")
formfactor=${args[0]}
threadsminusone=${args[1]}
gpu=${args[2]}
boot=${args[3]}
disk=${args[4]}
username=${args[5]}
userpassword=${args[6]}
timezone=${args[7]}
swap=${args[8]}
intel_vaapi_driver=${args[9]}
res_x=${args[10]}
res_y_half=${args[11]}

still not they best way, kinda messy and buggy.

THANKS FOR HELP!

#linux

threaded - newest

anon5621@lemmy.ml on 11 Jul 10:57 next collapse

Why use variables and put it in json or simple text file which u can read later

721_bipsty@lemmy.ml on 11 Jul 10:59 collapse

i dont know if it will be safe because of ROOT_PASSWORD USER_PASSWORD and ENCRYPTION_PASSWORD

anon5621@lemmy.ml on 11 Jul 11:11 next collapse

But I suppose u are working in live environment loaded from iso ,so u should be already comporissed then if some process can read ur files. What’s ur threat model

balsoft@lemmy.ml on 11 Jul 11:43 collapse

Passing them as arguments can be even worse - depending on the configuration, process arguments of running processes can be seen by everything running on the machine.

digdilem@lemmy.ml on 11 Jul 11:22 next collapse

Pack it into a json or CSV oneline string and shove it in a CLI password manager you can access in a scriptable way from both users. (I use the linux tool, ‘pass’ for this).

Alternatively, save it to a dropfile that only both users can access.

balsoft@lemmy.ml on 11 Jul 11:42 next collapse

Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.

As for your question, the best way is to put it in a file that is then read by the chroot script and delete later.

chai@discuss.tchncs.de on 11 Jul 12:44 next collapse

Preferably, put the variables into a temp file (e.g. using mktemp) and bind-mount that file somewhere into the chroot directory, so you can source it from within that environment.
That way the critical information, like the passwords, at least only gets to live in volatile memory and won’t stick around on the host system after the reboot. That limits the exposure somewhat.

Shareni@programming.dev on 11 Jul 17:46 collapse

Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.

<img alt="Look What They Need to Mimic a Fraction of Our Power" src="https://i.kym-cdn.com/entries/icons/facebook/000/037/360/coverpower.jpg">

bacon_pdp@lemmy.world on 11 Jul 12:26 collapse

It would be more secure if the credentials are in an in memory SQLite Database but that would require you to use something other than the shell. You would need to do a hardware key or have the user do a bootstrap password or have an API that uses a public key to authenticate the remote process passing the credentials