this post was submitted on 11 Jul 2025

19 points (100.0% liked)

Linux

56346 readers

1050 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Any ideas for transporting variables in chroot bash script? (lemmy.ml)

submitted 1 day ago* (last edited 1 day ago) by 721_bipsty@lemmy.ml to c/linux@lemmy.ml

9 comments fedilink hide all child comments

Hello, iam in the making of artix install script. I start with setting variables in dialog like bootloader="refind" and etc. but when i do artix-chroot into chroot.sh script variables are gone.

right now i have something like this:

cp ${pwd}execution/chroot.sh /mnt/mnt &&
            USER="$USER" USER_PASSWORD1="$USER_PASSWORD1" USER_PASSWORD2="$USER_PASSWORD2"\
            ROOT_PASSWORD1="$ROOT_PASSWORD1" ROOT_PASSWORD2="$ROOT_PASSWORD2"\
            BOOTLOADER="$BOOTLOADER" SUPERUSER="$SUPERUSER" HOSTNAME="$HOSTNAME"\
            LOCALE="$LOCALE" ENCRYPTION="$ENCRYPTION" ROOT="$ROOT" ESP="$ESP"\
            KERNEL="$KERNEL" UCODE="$UCODE"
		artix-chroot /mnt bash -c '/mnt/chroot.sh && execute_root'

But it does not really work, tried also some things like:

# create array of variables to pass to part 2
var_export=($formfactor $threadsminusone $gpu $boot $disk0 $username $userpassword $timezone $swap $intel_vaapi_driver $res_x $res_y_half)

# initiate part 2
mount --bind /root/artix-install-script /mnt/mnt
artix-chroot /mnt /mnt/chrootInstall.sh "${var_export[@]}"

and then in chroot.sh

# Importing Variables
args=("$@")
formfactor=${args[0]}
threadsminusone=${args[1]}
gpu=${args[2]}
boot=${args[3]}
disk=${args[4]}
username=${args[5]}
userpassword=${args[6]}
timezone=${args[7]}
swap=${args[8]}
intel_vaapi_driver=${args[9]}
res_x=${args[10]}
res_y_half=${args[11]}

still not they best way, kinda messy and buggy.

THANKS FOR HELP!

top 9 comments

sorted by: hot top controversial new old

[–] balsoft@lemmy.ml 18 points 1 day ago (2 children)

Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.

As for your question, the best way is to put it in a file that is then read by the chroot script and delete later.

[–] chai@discuss.tchncs.de 7 points 1 day ago

Preferably, put the variables into a temp file (e.g. using mktemp) and bind-mount that file somewhere into the chroot directory, so you can source it from within that environment.
That way the critical information, like the passwords, at least only gets to live in volatile memory and won't stick around on the host system after the reboot. That limits the exposure somewhat.

[–] Shareni@programming.dev 2 points 1 day ago

Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.

[–] digdilem@lemmy.ml 2 points 1 day ago* (last edited 1 day ago)

Pack it into a json or CSV oneline string and shove it in a CLI password manager you can access in a scriptable way from both users. (I use the linux tool, 'pass' for this).

Alternatively, save it to a dropfile that only both users can access.

[–] anon5621@lemmy.ml 1 points 1 day ago* (last edited 1 day ago) (1 children)

Why use variables and put it in json or simple text file which u can read later

[–] 721_bipsty@lemmy.ml 1 points 1 day ago (2 children)

i dont know if it will be safe because of ROOT_PASSWORD USER_PASSWORD and ENCRYPTION_PASSWORD

[–] balsoft@lemmy.ml 7 points 1 day ago

Passing them as arguments can be even worse - depending on the configuration, process arguments of running processes can be seen by everything running on the machine.

[–] anon5621@lemmy.ml 2 points 1 day ago* (last edited 1 day ago)

But I suppose u are working in live environment loaded from iso ,so u should be already comporissed then if some process can read ur files. What's ur threat model

[–] bacon_pdp@lemmy.world -1 points 1 day ago

It would be more secure if the credentials are in an in memory SQLite Database but that would require you to use something other than the shell. You would need to do a hardware key or have the user do a bootstrap password or have an API that uses a public key to authenticate the remote process passing the credentials