#! /usr/bin/perl

# make-chroot -- make a chroot environment for a set of executable programs

# Copyright (C) 2011  Nick Urbanik <nicku@nicku.org>

# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

use strict;
use warnings;
use Getopt::Long;
use File::Copy;
use Config;

my $user = 'nicku';
my $uid = 1000;
my $gid = 1000;

sub usage {
    ( my $prog = $0 ) =~ s{.*/}{};
    print <<END_USAGE;
$prog --dir=CHROOT_DIR_FULL_PATH --bin-files=FULL_PATH_TO_BIN1
      [--bin-files=FULL_PATH_TO_BIN2 ...] [--user=USERNAME]
      [--uid=USER_ID_NUMBER] [--gid=GROUP_ID_NUMBER]
$prog [--help]

Provide the full path of each executable you want to put in the chroot.
Provide the full path of the chroot directory, which should already exist.
Default values:
--user=$user
--gid=$gid
--uid=$uid

Does not create any devices in the /dev directory in the chroot.
Expects to be able to overwrite any file in the chroot directory.
END_USAGE
    exit 0;
}

sub arch_is_x86_64 {
    return $Config{myarchname} =~ m{x86_64};
}

GetOptions(
    'dir=s' => \my $chroot_dir,
    'bin-files=s' => \my @execs,
    'user=s' => \$user,
    'uid=i' => \$uid,
    'gid=i' => \$gid,
    help => \&usage,
) or usage;

# Crudely overwrite $file with $text.

sub text_install {
    my ( $file, $text ) = @_;
    open my $fh, '>', $file or die "Cannot write '$file': $!";
    print $fh $text or die "Cannot write to '$file': $!";
    close $fh or die "Cannot close '$file': $!";
}

warn "Must specify chroot directory, which must exist\n" and usage
    unless $chroot_dir and -d $chroot_dir;

foreach my $ex ( @execs ) {
    warn "specify full path of '$ex', which must exist\n" and usage
	unless -x $ex;
}

foreach my $dir ( map "$chroot_dir/$_", qw( etc bin lib pub dev lib64 ) ) {
    mkdir $dir or die "Cannot mkdir $dir: $!" unless -d $dir;
}

my %libs;
foreach my $cmd ( @execs ) {
    ( my $base = $cmd ) =~ s{.*/}{};
    copy $cmd, "$chroot_dir/bin/$base"
	or die "Cannot copy $cmd, $chroot_dir/bin/$base: $!"
	    unless -e "$chroot_dir/bin/$base";
    chmod 0755, "$chroot_dir/bin/$base"
	or die "Cannot chmod 0755 $chroot_dir/bin/$base: $!";

    for ( qx( ldd $cmd ) ) {
	$libs{$1}++ if m{^\t(?:\S+ => )?(/\S+) \(0x};
    }
}

my $libdir = arch_is_x86_64() ? 'lib64' : 'lib';

++$libs{"/$libdir/libnss_files.so.2"};

for my $lib ( keys %libs ) {
    ( my $base = $lib ) =~ s{.*/}{};
    copy $lib, "$chroot_dir/$libdir/$base"
	or die "Cannot copy $lib, $chroot_dir/$libdir/$base: $!"
	    unless -e "$chroot_dir/$libdir/$base";
    chmod 0755, "$chroot_dir/$libdir/$base"
	or die "Cannot chmod 0755, $chroot_dir/$libdir/$base: $!";
}

text_install "$chroot_dir/etc/passwd", <<EOT;
root:!:0:0:root:/:/bin/sh
$user:!:$uid:$gid:$user:/pub:/bin/sh
EOT

text_install "$chroot_dir/etc/group", <<EOT;
root:!:0:root
$user:!:$gid:$user
EOT

text_install "$chroot_dir/etc/nsswitch", "passwd: files\ngroup: files\n";