pacroot.sh

#!/usr/bin/zsh

setopt ERR_EXIT

# cannot use PIPE_FAIL because we want to ignore mount efivarfs failure
# setopt PIPE_FAIL

msg() {
    printf "==> $1\n" "${@:2}"
}

error() {
    printf "==> ERROR: $1\n" "${@:2}" >&2
}

die() {
    error "$@"
    exit 1
}

trap '_umount' EXIT
_MOUNTS=()
_mount() {
    [ ! -z ${_MOUNTS[(r)$2]} ] && return
    mount "$@"
    _MOUNTS=("$2" "${_MOUNTS[@]}")
}

_umount() {
    [ ! -z "$_MOUNTS[*]" ] && umount "${_MOUNTS[@]}"
}

(( $# )) || die "No root directory specified"
newroot=$1
shift
pacman_args=("${@:-base}")

msg "Creating install root at $newroot"
mkdir -m 0755 -p "$newroot"/var/{cache/pacman/pkg,lib/pacman,log} "$newroot"/{dev,run,etc}
mkdir -m 1777 -p "$newroot"/tmp
mkdir -m 0555 -p "$newroot"/{sys,proc}

if mountpoint -q $newroot; then
    _mount "$newroot" "$newroot" --bind
fi

if [ -d "$newroot/sys/firmware/efi/efivars" ]; then
    _mount efivarfs "$newroot/sys/firmware/efi/efivars" -t efivarfs -o nosuid,noexec,nodev 2> /dev/null && true
fi

_mount proc "$newroot/proc" -t proc -o nosuid,noexec,nodev
_mount sys "$newroot/sys" -t sysfs -o nosuid,noexec,nodev,ro 
_mount udev "$newroot/dev" -t devtmpfs -o mode=0755,nosuid
_mount devpts "$newroot/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec
_mount shm "$newroot/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev
_mount run "$newroot/run" -t tmpfs -o nosuid,nodev,mode=0755
_mount tmp "$newroot/tmp" -t tmpfs -o mode=1777,strictatime,nodev,nosuid

pacman --root "$newroot" "${pacman_args[@]}"

if [[ -d /etc/pacman.d/gnupg && ! -d $newroot/etc/pacman.d/gnupg ]]; then
    cp -a /etc/pacman.d/gnupg "$newroot/etc/pacman.d/"
fi

if [[ -d /etc/pacman.d/mirrorlist && ! -d $newroot/etc/pacman.d/mirrorlist ]]; then
    cp -a /etc/pacman.d/mirrorlist "$newroot/etc/pacman.d/"
fi