Arch Linux

tooooomy

Member

Registered: 2024-05-26

Posts: 7

[SOLVED] How to bypass makepkg restrictions in chroot?

Hello,

I'm in the process of making my own custom installation script with encrypted root. I want to use LUKS2 with memory expensive KDF Argon2id for enhanced security purposes. As for the bootloader, I chose GRUB because I'm also planning to integrate GRUB-BTRFS for rollback snapshots. However, the official support for Argon2 is expected to be added only with the next release of GRUB in November 2024. Thus, the only way for now to make everything work together is using the AUR package grub-improved-luks2-git. But after chroot-ing into /mnt, I have discovered that I'm unable to build the patched GRUB from source as the root user is not allowed to use the makepkg command.

While digging through the internet for the solution, I found a workaround with passing the non-root user to arch-chroot. Now I'm stuck upon another issue - passing the user's password to sudo.

arch-chroot -u $username /mnt -e << EOF
HOME=/home/${username}
cd $HOME && git clone https://aur.archlinux.org/grub-improved-luks2-git.git
cd grub-improved-luks2-git
echo -n "$user_pswd" | makepkg -si --noconfirm
EOF

Another possible one could be directly booting into a freshly installed system using 'systemd-nspawn'. I haven't tested this theory yet and am not sure if it's even applicable for scripting.

Last edited by tooooomy (2024-06-16 14:49:14)

seth

Member

Registered: 2012-09-03

Posts: 54,562

Re: [SOLVED] How to bypass makepkg restrictions in chroot?

Segment the execution.
Run makepkg a regular user and then "sudo pacman -U <package name>"

You can also just "sudo -u regularjoeakatooooomy makepkg" from the root chroot.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

WorMzy

Forum Moderator

From: Scotland

Registered: 2010-06-16

Posts: 12,163

Website

Re: [SOLVED] How to bypass makepkg restrictions in chroot?

Mod note: moving to AUR Issues

---

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

tooooomy

Member

Registered: 2024-05-26

Posts: 7

Re: [SOLVED] How to bypass makepkg restrictions in chroot?

I couldn't make the grub-improved-luks2-git from the AUR work no matter what I did.

Here's an easy workaround to install and use an AUR helper in your script:

1. Temporarily give the user password-promot-free sudo permission.
2. Install the AUR helper of your choice (Paru in my case).
3. Install what you need.
4. Remove the password-promot-free sudo permission from the user.

echo "$username ALL=(ALL:ALL) NOPASSWD: ALL" >> /mnt/etc/sudoers

arch-chroot -u $username /mnt /bin/bash -c "mkdir /tmp/paru.$$ && \
                                           cd /tmp/paru.$$ && \
                                           curl "https://aur.archlinux.org/cgit/aur.git/plain/PKGBUILD?h=paru-bin" -o PKGBUILD && \
                                           makepkg -si --noconfirm"

HOME="/home/${username}" arch-chroot -u $username /mnt /usr/bin/paru --noconfirm -S package_name_you_need

sed -i "/${username} ALL=(ALL:ALL) NOPASSWD: ALL/d" /mnt/etc/sudoers

Last edited by tooooomy (2024-06-16 14:50:06)