@@ -48,6 +48,7 @@ __ScriptArgs="$*"
4848# * BS_GENTOO_USE_BINHOST: If 1 add `--getbinpkg` to gentoo's emerge
4949# * BS_SALT_MASTER_ADDRESS: The IP or DNS name of the salt-master the minion should connect to
5050# * BS_SALT_GIT_CHECKOUT_DIR: The directory where to clone Salt on git installations
51+ # * BS_TMP_DIR: The directory to use for executing the installation (defaults to /tmp)
5152# ======================================================================================================================
5253
5354
@@ -171,12 +172,12 @@ __check_config_dir() {
171172
172173 case " $CC_DIR_NAME " in
173174 http://* |https://* )
174- __fetch_url " /tmp /${CC_DIR_BASE} " " ${CC_DIR_NAME} "
175- CC_DIR_NAME=" /tmp /${CC_DIR_BASE} "
175+ __fetch_url " ${_TMP_DIR} /${CC_DIR_BASE} " " ${CC_DIR_NAME} "
176+ CC_DIR_NAME=" ${_TMP_DIR} /${CC_DIR_BASE} "
176177 ;;
177178 ftp://* )
178- __fetch_url " /tmp /${CC_DIR_BASE} " " ${CC_DIR_NAME} "
179- CC_DIR_NAME=" /tmp /${CC_DIR_BASE} "
179+ __fetch_url " ${_TMP_DIR} /${CC_DIR_BASE} " " ${CC_DIR_NAME} "
180+ CC_DIR_NAME=" ${_TMP_DIR} /${CC_DIR_BASE} "
180181 ;;
181182 * ://* )
182183 echoerror " Unsupported URI scheme for $CC_DIR_NAME "
@@ -194,22 +195,22 @@ __check_config_dir() {
194195
195196 case " $CC_DIR_NAME " in
196197 * .tgz|* .tar.gz)
197- tar -zxf " ${CC_DIR_NAME} " /tmp
198+ tar -zxf " ${CC_DIR_NAME} " ${_TMP_DIR}
198199 CC_DIR_BASE=$( basename " ${CC_DIR_BASE} " " .tgz" )
199200 CC_DIR_BASE=$( basename " ${CC_DIR_BASE} " " .tar.gz" )
200- CC_DIR_NAME=" /tmp /${CC_DIR_BASE} "
201+ CC_DIR_NAME=" ${_TMP_DIR} /${CC_DIR_BASE} "
201202 ;;
202203 * .tbz|* .tar.bz2)
203- tar -xjf " ${CC_DIR_NAME} " /tmp
204+ tar -xjf " ${CC_DIR_NAME} " ${_TMP_DIR}
204205 CC_DIR_BASE=$( basename " ${CC_DIR_BASE} " " .tbz" )
205206 CC_DIR_BASE=$( basename " ${CC_DIR_BASE} " " .tar.bz2" )
206- CC_DIR_NAME=" /tmp /${CC_DIR_BASE} "
207+ CC_DIR_NAME=" ${_TMP_DIR} /${CC_DIR_BASE} "
207208 ;;
208209 * .txz|* .tar.xz)
209- tar -xJf " ${CC_DIR_NAME} " /tmp
210+ tar -xJf " ${CC_DIR_NAME} " ${_TMP_DIR}
210211 CC_DIR_BASE=$( basename " ${CC_DIR_BASE} " " .txz" )
211212 CC_DIR_BASE=$( basename " ${CC_DIR_BASE} " " .tar.xz" )
212- CC_DIR_NAME=" /tmp /${CC_DIR_BASE} "
213+ CC_DIR_NAME=" ${_TMP_DIR} /${CC_DIR_BASE} "
213214 ;;
214215 esac
215216
@@ -245,6 +246,7 @@ __check_unparsed_options() {
245246# ----------------------------------------------------------------------------------------------------------------------
246247_KEEP_TEMP_FILES=${BS_KEEP_TEMP_FILES:- $BS_FALSE }
247248_TEMP_CONFIG_DIR=" null"
249+ _TMP_DIR=${BS_TMP_DIR:- " /tmp"
248250_SALTSTACK_REPO_URL=" https://github.com/saltstack/salt.git"
249251_SALT_REPO_URL=${_SALTSTACK_REPO_URL}
250252_TEMP_KEYS_DIR=" null"
@@ -281,7 +283,7 @@ _SIMPLIFY_VERSION=$BS_TRUE
281283_LIBCLOUD_MIN_VERSION=" 0.14.0"
282284_EXTRA_PACKAGES=" "
283285_HTTP_PROXY=" "
284- _SALT_GIT_CHECKOUT_DIR=${BS_SALT_GIT_CHECKOUT_DIR:-/ tmp / git/ salt}
286+ _SALT_GIT_CHECKOUT_DIR=${BS_SALT_GIT_CHECKOUT_DIR:- ${_TMP_DIR} / git/ salt}
285287_NO_DEPS=$BS_FALSE
286288_FORCE_SHALLOW_CLONE=$BS_FALSE
287289_DISABLE_SSL=$BS_FALSE
@@ -367,7 +369,7 @@ __usage() {
367369 also be specified. Salt installation will be ommitted, but some of the
368370 dependencies could be installed to write configuration with -j or -J.
369371 -d Disables checking if Salt services are enabled to start on system boot.
370- You can also do this by touching /tmp /disable_salt_checks on the target
372+ You can also do this by touching ${BS_TMP_DIR} /disable_salt_checks on the target
371373 host. Default: \$ {BS_FALSE}
372374 -D Show debug output
373375 -f Force shallow cloning for git installations.
@@ -424,6 +426,9 @@ __usage() {
424426 -r Disable all repository configuration performed by this script. This
425427 option assumes all necessary repository configuration is already present
426428 on the system.
429+ -T If set this overrides the use of /tmp for script execution. This is
430+ to allow for systems in which noexec is applied to temp filesystem mounts
431+ for security reasons
427432 -U If set, fully upgrade the system prior to bootstrapping Salt
428433 -v Display script version
429434 -V Install Salt into virtualenv
@@ -436,7 +441,7 @@ __usage() {
436441EOT
437442} # ---------- end of function __usage ----------
438443
439- while getopts ' :hvnDc:g:Gx:k:s:MSWNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aqQ'
444+ while getopts ' :hvnDc:g:Gx:k:s:MSWNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:T: aqQ'
440445do
441446 case " ${opt} " in
442447
478483 a ) _PIP_ALL=$BS_TRUE ;;
479484 r ) _DISABLE_REPOS=$BS_TRUE ;;
480485 R ) _CUSTOM_REPO_URL=$OPTARG ;;
486+ T ) _TMP_DIR=" $OPTARG "
481487 J ) _CUSTOM_MASTER_CONFIG=$OPTARG ;;
482488 j ) _CUSTOM_MINION_CONFIG=$OPTARG ;;
483489 q ) _QUIET_GIT_INSTALLATION=$BS_TRUE ;;
@@ -495,10 +501,10 @@ done
495501shift $(( OPTIND- 1 ))
496502
497503# Define our logging file and pipe paths
498- LOGFILE=" /tmp /$( echo " $__ScriptName " | sed s/.sh/.log/g ) "
499- LOGPIPE=" /tmp /$( echo " $__ScriptName " | sed s/.sh/.logpipe/g ) "
504+ LOGFILE=" ${_TMP_DIR} /$( echo " $__ScriptName " | sed s/.sh/.log/g ) "
505+ LOGPIPE=" ${_TMP_DIR} /$( echo " $__ScriptName " | sed s/.sh/.logpipe/g ) "
500506# Ensure no residual pipe exists
501- rm " $LOGPIPE " 2> /dev/null
507+ rm -f " $LOGPIPE " 2> /dev/null
502508
503509# Create our logging pipe
504510# On FreeBSD we have to use mkfifo instead of mknod
@@ -534,7 +540,7 @@ exec 2>"$LOGPIPE"
534540# 14 SIGALRM
535541# 15 SIGTERM
536542# ----------------------------------------------------------------------------------------------------------------------
537- APT_ERR=$( mktemp /tmp /apt_error.XXXXXX)
543+ APT_ERR=$( mktemp ${_TMP_DIR} /apt_error.XXXXXX)
538544__exit_cleanup () {
539545 EXIT_CODE=$?
540546
@@ -927,6 +933,11 @@ if [ -d "${_VIRTUALENV_DIR}" ]; then
927933 exit 1
928934fi
929935
936+ # Make sure the designated temp directory exists
937+ if [ ! -d " ${_TMP_DIR} " ; then
938+ mkdir -p " ${_TMP_DIR} "
939+ fi
940+
930941# --- FUNCTION -------------------------------------------------------------------------------------------------------
931942# NAME: __fetch_url
932943# DESCRIPTION: Retrieves a URL and writes it to a given path
@@ -1996,14 +2007,14 @@ __apt_get_upgrade_noinput() {
19962007# ----------------------------------------------------------------------------------------------------------------------
19972008__temp_gpg_pub () {
19982009 if __check_command_exists mktemp; then
1999- tempfile=" $( mktemp /tmp /salt-gpg-XXXXXXXX.pub 2> /dev/null) "
2010+ tempfile=" $( mktemp ${_TMP_DIR} /salt-gpg-XXXXXXXX.pub 2> /dev/null) "
20002011
20012012 if [ -z " $tempfile " ; then
2002- echoerror " Failed to create temporary file in /tmp "
2013+ echoerror " Failed to create temporary file in ${_TMP_DIR} "
20032014 return 1
20042015 fi
20052016 else
2006- tempfile=" /tmp /salt-gpg-$$ .pub"
2017+ tempfile=" ${_TMP_DIR} /salt-gpg-$$ .pub"
20072018 fi
20082019
20092020 echo $tempfile
@@ -2043,7 +2054,7 @@ __rpm_import_gpg() {
20432054 __fetch_url " $tempfile " " $url " || return 1
20442055
20452056 # At least on CentOS 8, a missing newline at the end causes:
2046- # error: /tmp /salt-gpg-n1gKUb1u.pub: key 1 not an armored public key.
2057+ # error: ${_TMP_DIR} /salt-gpg-n1gKUb1u.pub: key 1 not an armored public key.
20472058 # shellcheck disable=SC1003,SC2086
20482059 sed -i -e ' $a\' $tempfile
20492060
@@ -2109,7 +2120,7 @@ __git_clone_and_checkout() {
21092120 fi
21102121
21112122 __SALT_GIT_CHECKOUT_PARENT_DIR=$( dirname " ${_SALT_GIT_CHECKOUT_DIR} " 2> /dev/null)
2112- __SALT_GIT_CHECKOUT_PARENT_DIR=" ${__SALT_GIT_CHECKOUT_PARENT_DIR:-/ tmp / git} "
2123+ __SALT_GIT_CHECKOUT_PARENT_DIR=" ${__SALT_GIT_CHECKOUT_PARENT_DIR:- ${_TMP_DIR} / git} "
21132124 __SALT_CHECKOUT_REPONAME=" $( basename " ${_SALT_GIT_CHECKOUT_DIR} " 2> /dev/null) "
21142125 __SALT_CHECKOUT_REPONAME=" ${__SALT_CHECKOUT_REPONAME:- salt} "
21152126 [ -d " ${__SALT_GIT_CHECKOUT_PARENT_DIR} " || mkdir " ${__SALT_GIT_CHECKOUT_PARENT_DIR} "
@@ -2162,7 +2173,7 @@ __git_clone_and_checkout() {
21622173
21632174 if [ " $__SHALLOW_CLONE " -eq $BS_TRUE ]; then
21642175 # Let's try 'treeless' cloning to speed up. Treeless cloning omits trees and blobs ('files')
2165- # but includes metadata (commit history, tags, branches etc.
2176+ # but includes metadata (commit history, tags, branches etc.
21662177 # Test for "--filter" option introduced in git 2.19, the minimal version of git where the treeless
21672178 # cloning we need actually works
21682179 if [ " $( git clone 2>&1 | grep ' filter' ) " != " " ; then
@@ -2390,14 +2401,14 @@ __overwriteconfig() {
23902401
23912402 # Make a tempfile to dump any python errors into.
23922403 if __check_command_exists mktemp; then
2393- tempfile=" $( mktemp /tmp /salt-config-XXXXXXXX 2> /dev/null) "
2404+ tempfile=" $( mktemp ${_TMP_DIR} /salt-config-XXXXXXXX 2> /dev/null) "
23942405
23952406 if [ -z " $tempfile " ; then
2396- echoerror " Failed to create temporary file in /tmp "
2407+ echoerror " Failed to create temporary file in ${_TMP_DIR} "
23972408 return 1
23982409 fi
23992410 else
2400- tempfile=" /tmp /salt-config-$$ "
2411+ tempfile=" ${_TMP_DIR} /salt-config-$$ "
24012412 fi
24022413
24032414 if [ -n " $_PY_EXE " ; then
@@ -2760,8 +2771,8 @@ __install_salt_from_repo() {
27602771 echoinfo " Installing salt using ${_py_exe} , $( ${_py_exe} --version) "
27612772 cd " ${_SALT_GIT_CHECKOUT_DIR} " || return 1
27622773
2763- mkdir -p /tmp /git/deps
2764- echodebug " Created directory /tmp /git/deps"
2774+ mkdir -p ${_TMP_DIR} /git/deps
2775+ echodebug " Created directory ${_TMP_DIR} /git/deps"
27652776
27662777 if [ ${DISTRO_NAME_L} = " ubuntu" && [ " $DISTRO_MAJOR_VERSION " -eq 22 ]; then
27672778 echodebug " Ubuntu 22.04 has problem with base.txt requirements file, not parsing sys_platform == 'win32', upgrading from default pip works"
@@ -2774,7 +2785,7 @@ __install_salt_from_repo() {
27742785 fi
27752786 fi
27762787
2777- rm -f /tmp /git/deps/*
2788+ rm -f ${_TMP_DIR} /git/deps/*
27782789
27792790 echodebug " Installing Salt requirements from PyPi, ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed ${_PIP_INSTALL_ARGS} -r requirements/static/ci/py${_py_version} /linux.txt"
27802791 ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed ${_PIP_INSTALL_ARGS} -r " requirements/static/ci/py${_py_version} /linux.txt"
@@ -2799,7 +2810,7 @@ __install_salt_from_repo() {
27992810
28002811 echodebug " Running '${_py_exe} setup.py --salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} bdist_wheel'"
28012812 ${_py_exe} setup.py --salt-config-dir=" $_SALT_ETC_DIR " " ${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} " || return 1
2802- mv dist/salt* .whl /tmp /git/deps/ || return 1
2813+ mv dist/salt* .whl ${_TMP_DIR} /git/deps/ || return 1
28032814
28042815 cd " ${__SALT_GIT_CHECKOUT_PARENT_DIR} " || return 1
28052816
@@ -2813,14 +2824,14 @@ __install_salt_from_repo() {
28132824 ${_pip_cmd} install --force-reinstall --break-system-packages " ${_arch_dep} "
28142825 fi
28152826
2816- echodebug " Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} /tmp /git/deps/salt*.whl'"
2827+ echodebug " Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} ${_TMP_DIR} /git/deps/salt*.whl'"
28172828
2818- echodebug " Running ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} --global-option=--salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} /tmp /git/deps/salt*.whl"
2829+ echodebug " Running ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} --global-option=--salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} ${_TMP_DIR} /git/deps/salt*.whl"
28192830
28202831 ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall \
28212832 ${_PIP_INSTALL_ARGS} \
28222833 --global-option=" --salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} "
2823- /tmp /git/deps/salt* .whl || return 1
2834+ ${_TMP_DIR} /git/deps/salt* .whl || return 1
28242835
28252836 echoinfo " Checking if Salt can be imported using ${_py_exe} "
28262837 CHECK_SALT_SCRIPT=$( cat << EOM
@@ -7797,7 +7808,7 @@ install_macosx_git_deps() {
77977808 export PATH=/usr/local/bin:$PATH
77987809 fi
77997810
7800- __fetch_url " /tmp /get-pip.py" " https://bootstrap.pypa.io/get-pip.py" || return 1
7811+ __fetch_url " ${_TMP_DIR} /get-pip.py" " https://bootstrap.pypa.io/get-pip.py" || return 1
78017812
78027813 if [ -n " $_PY_EXE " ; then
78037814 _PYEXE=" ${_PY_EXE} "
@@ -7807,7 +7818,7 @@ install_macosx_git_deps() {
78077818 fi
78087819
78097820 # Install PIP
7810- $_PYEXE /tmp /get-pip.py || return 1
7821+ $_PYEXE ${_TMP_DIR} /get-pip.py || return 1
78117822
78127823 # shellcheck disable=SC2119
78137824 __git_clone_and_checkout || return 1
@@ -7819,9 +7830,9 @@ install_macosx_stable() {
78197830
78207831 install_macosx_stable_deps || return 1
78217832
7822- __fetch_url " /tmp /${PKG} " " ${SALTPKGCONFURL} " || return 1
7833+ __fetch_url " ${_TMP_DIR} /${PKG} " " ${SALTPKGCONFURL} " || return 1
78237834
7824- /usr/sbin/installer -pkg " /tmp /${PKG} " || return 1
7835+ /usr/sbin/installer -pkg " ${_TMP_DIR} /${PKG} " || return 1
78257836
78267837 return 0
78277838}
@@ -7830,9 +7841,9 @@ install_macosx_onedir() {
78307841
78317842 install_macosx_onedir_deps || return 1
78327843
7833- __fetch_url " /tmp /${PKG} " " ${SALTPKGCONFURL} " || return 1
7844+ __fetch_url " ${_TMP_DIR} /${PKG} " " ${SALTPKGCONFURL} " || return 1
78347845
7835- /usr/sbin/installer -pkg " /tmp /${PKG} " || return 1
7846+ /usr/sbin/installer -pkg " ${_TMP_DIR} /${PKG} " || return 1
78367847
78377848 return 0
78387849}
0 commit comments