Hello, iam in the making of artix install script. I start with setting variables in dialog like bootloader=“refind” and etc. but when i do artix-chroot into chroot.sh script variables are gone.

right now i have something like this:

cp ${pwd}execution/chroot.sh /mnt/mnt &&
            USER="$USER" USER_PASSWORD1="$USER_PASSWORD1" USER_PASSWORD2="$USER_PASSWORD2"\
            ROOT_PASSWORD1="$ROOT_PASSWORD1" ROOT_PASSWORD2="$ROOT_PASSWORD2"\
            BOOTLOADER="$BOOTLOADER" SUPERUSER="$SUPERUSER" HOSTNAME="$HOSTNAME"\
            LOCALE="$LOCALE" ENCRYPTION="$ENCRYPTION" ROOT="$ROOT" ESP="$ESP"\
            KERNEL="$KERNEL" UCODE="$UCODE"
		artix-chroot /mnt bash -c '/mnt/chroot.sh && execute_root'

But it does not really work, tried also some things like:

# create array of variables to pass to part 2
var_export=($formfactor $threadsminusone $gpu $boot $disk0 $username $userpassword $timezone $swap $intel_vaapi_driver $res_x $res_y_half)

# initiate part 2
mount --bind /root/artix-install-script /mnt/mnt
artix-chroot /mnt /mnt/chrootInstall.sh "${var_export[@]}"

and then in chroot.sh

# Importing Variables
args=("$@")
formfactor=${args[0]}
threadsminusone=${args[1]}
gpu=${args[2]}
boot=${args[3]}
disk=${args[4]}
username=${args[5]}
userpassword=${args[6]}
timezone=${args[7]}
swap=${args[8]}
intel_vaapi_driver=${args[9]}
res_x=${args[10]}
res_y_half=${args[11]}

still not they best way, kinda messy and buggy.

THANKS FOR HELP!

  • balsoft@lemmy.ml
    17·
    1 day ago

    Careful there. You are only a half dozen abstraction layers away from reinventing NixOS.

    As for your question, the best way is to put it in a file that is then read by the chroot script and delete later.

    • chai@discuss.tchncs.deEnglish
      7·
      1 day ago

      Preferably, put the variables into a temp file (e.g. using mktemp) and bind-mount that file somewhere into the chroot directory, so you can source it from within that environment.
      That way the critical information, like the passwords, at least only gets to live in volatile memory and won’t stick around on the host system after the reboot. That limits the exposure somewhat.

  • DigitalDilemma@lemmy.mlEnglish
    2·
    1 day ago

    Pack it into a json or CSV oneline string and shove it in a CLI password manager you can access in a scriptable way from both users. (I use the linux tool, ‘pass’ for this).

    Alternatively, save it to a dropfile that only both users can access.

  • anon5621@lemmy.ml
    1·
    1 day ago

    Why use variables and put it in json or simple text file which u can read later

      • balsoft@lemmy.ml
        7·
        1 day ago

        Passing them as arguments can be even worse - depending on the configuration, process arguments of running processes can be seen by everything running on the machine.

      • anon5621@lemmy.ml
        2·
        1 day ago

        But I suppose u are working in live environment loaded from iso ,so u should be already comporissed then if some process can read ur files what’s ur threat model

  • bacon_pdp@lemmy.world
    02·
    1 day ago

    It would be more secure if the credentials are in an in memory SQLite Database but that would require you to use something other than the shell. You would need to do a hardware key or have the user do a bootstrap password or have an API that uses a public key to authenticate the remote process passing the credentials