def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
if not os.path.exists(system_context.file_name("usr/bin/mkinitcpio")):
info("Skipping initrd generation: No mkinitcpio binary.")
return
if not os.path.exists(
os.path.join(system_context.boot_directory, "vmlinuz")):
info("Skipping initrd generation: No vmlinuz in boot directory.")
return
self._vg = system_context.substitution("DEFAULT_VG", None)
if not self._vg:
self._vg = None
self._image_fs = system_context.substitution("IMAGE_FS", "ext2")
self._image_device = _deviceify(
system_context.substitution("IMAGE_DEVICE", ""))
self._image_options = system_context.substitution(
"IMAGE_OPTIONS", "rw")
name_prefix = system_context.substitution("DISTRO_ID", "clrm")
name_version = system_context.substitution("DISTRO_VERSION_ID",
system_context.timestamp)
self._full_name = "{}_{}".format(name_prefix, name_version)
initrd = args[0]
to_clean_up = [] # type: typing.List[str]
to_clean_up += "/boot/vmlinuz"
to_clean_up += self._install_extra_binaries(location, system_context)
to_clean_up += self._create_systemd_units(location, system_context)
to_clean_up += self._install_mkinitcpio(location, system_context)
to_clean_up += self._install_mkinitcpio_hooks(location, system_context)
copy(
system_context,
os.path.join(system_context.boot_directory, "vmlinuz"),
"/boot/vmlinuz",
from_outside=True,
)
run(
"/usr/bin/mkinitcpio",
"-p",
"cleanroom",
chroot=system_context.fs_directory,
chroot_helper=self._binary(Binaries.CHROOT_HELPER),
)
initrd_directory = os.path.dirname(initrd)
os.makedirs(initrd_directory, exist_ok=True)
move(system_context, "/boot/initramfs.img", initrd, to_outside=True)
_cleanup_extra_files(location, system_context, *to_clean_up)
self._remove_mkinitcpio(location, system_context)
assert os.path.isfile(initrd)
def test_file_to_overwrite_file_move(
populated_system_context: SystemContext) -> None:
fs = populated_system_context.fs_directory
filehelper.move(populated_system_context,
'/usr/bin/ls',
'/etc/passwd',
force=True)
assert not os.path.isfile(os.path.join(fs, 'usr/bin/ls'))
assert _read_file(os.path.join(fs, 'etc/passwd')) == '/usr/bin/ls'
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
if not os.path.exists(system_context.file_name('usr/bin/mkinitcpio')):
info('Skipping initrd generation: No mkinitcpio binary.')
return
if not os.path.exists(
os.path.join(system_context.boot_directory, 'vmlinuz')):
info('Skipping initrd generation: No vmlinuz in boot directory.')
return
self._vg = system_context.substitution('DEFAULT_VG', None)
if not self._vg:
self._vg = None
self._image_fs = system_context.substitution('IMAGE_FS', 'ext2')
self._image_device = \
_deviceify(system_context.substitution('IMAGE_DEVICE', ''))
self._image_options = system_context.substitution(
'IMAGE_OPTIONS', 'rw')
name_prefix = system_context.substitution('DISTRO_ID', 'clrm')
name_version = system_context.substitution('DISTRO_VERSION_ID',
system_context.timestamp)
self._full_name = "{}_{}".format(name_prefix, name_version)
initrd = args[0]
to_clean_up = [] # type: typing.List[str]
to_clean_up += '/boot/vmlinuz'
to_clean_up += self._install_extra_binaries(location, system_context)
to_clean_up += self._create_systemd_units(location, system_context)
to_clean_up += self._install_mkinitcpio(location, system_context)
to_clean_up += self._install_mkinitcpio_hooks(location, system_context)
copy(system_context,
os.path.join(system_context.boot_directory, 'vmlinuz'),
'/boot/vmlinuz',
from_outside=True)
run('/usr/bin/mkinitcpio',
'-p',
'cleanroom',
chroot=system_context.fs_directory,
chroot_helper=self._binary(Binaries.CHROOT_HELPER))
initrd_directory = os.path.dirname(initrd)
os.makedirs(initrd_directory, exist_ok=True)
move(system_context, '/boot/initramfs.img', initrd, to_outside=True)
_cleanup_extra_files(location, system_context, *to_clean_up)
self._remove_mkinitcpio(location, system_context)
assert (os.path.isfile(initrd))
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
if not os.path.exists(os.path.join(system_context.boot_directory, "vmlinuz")):
info("Skipping initrd generation: No vmlinuz in boot directory.")
return
initrd = args[0]
self._install_dracut(location, system_context)
copy(
system_context,
os.path.join(system_context.boot_directory, "vmlinuz"),
"/boot/vmlinuz",
from_outside=True,
)
dracut_args: typing.List[str] = []
kernel_version = system_context.substitution_expanded("KERNEL_VERSION", "")
assert kernel_version
run(
"/usr/bin/dracut",
*dracut_args,
"--no-early-microcode",
"--no-hostonly",
"--no-compress",
"--reproducible",
"--omit",
"iscsi nbd network network-legacy nfs qemu qemu-net stratis",
"--add",
"busybox",
"/boot/initramfs.img",
kernel_version,
chroot=system_context.fs_directory,
chroot_helper=self._binary(Binaries.SYSTEMD_NSPAWN),
)
initrd_directory = os.path.dirname(initrd)
os.makedirs(initrd_directory, exist_ok=True)
move(system_context, "/boot/initramfs.img", initrd, to_outside=True)
self._remove_dracut(location, system_context)
assert os.path.isfile(initrd)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
if not os.path.exists(
os.path.join(system_context.boot_directory, "vmlinuz")):
info("Skipping initrd generation: No vmlinuz in boot directory.")
return
initrd = args[0]
to_clean_up: typing.List[str] = []
to_clean_up += "/boot/vmlinuz"
to_clean_up += self._install_mkinitcpio(location, system_context)
copy(
system_context,
os.path.join(system_context.boot_directory, "vmlinuz"),
"/boot/vmlinuz",
from_outside=True,
)
run(
"/usr/bin/mkinitcpio",
"-p",
"cleanroom",
chroot=system_context.fs_directory,
chroot_helper=self._binary(Binaries.SYSTEMD_NSPAWN),
)
initrd_directory = os.path.dirname(initrd)
os.makedirs(initrd_directory, exist_ok=True)
move(system_context, "/boot/initramfs.img", initrd, to_outside=True)
_cleanup_extra_files(location, system_context, *to_clean_up)
self._remove_mkinitcpio(location, system_context)
assert os.path.isfile(initrd)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
move(system_context, *args, **kwargs)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
if not os.path.exists(os.path.join(system_context.boot_directory, "vmlinuz")):
info("Skipping initrd generation: No vmlinuz in boot directory.")
return
initrd = args[0]
self._install_dracut(location, system_context)
copy(
system_context,
os.path.join(system_context.boot_directory, "vmlinuz"),
"/boot/vmlinuz",
from_outside=True,
)
dracut_args: typing.List[str] = []
modules = (
system_context.substitution_expanded("INITRD_EXTRA_MODULES", "")
.replace(",", " ")
.replace(" ", " ")
.split(" ")
)
modules = list(set(modules))
modules.sort()
if modules:
dracut_args += [
"--add-drivers",
" ".join(modules),
]
run(
"/usr/bin/dracut",
*dracut_args,
"--no-early-microcode",
"--no-hostonly",
"--no-compress",
"--reproducible",
"--omit",
"iscsi nbd network network-legacy nfs qemu qemu-net stratis",
"--add",
"busybox",
"/boot/initramfs.img",
chroot=system_context.fs_directory,
chroot_helper=self._binary(Binaries.CHROOT_HELPER),
)
initrd_directory = os.path.dirname(initrd)
os.makedirs(initrd_directory, exist_ok=True)
move(system_context, "/boot/initramfs.img", initrd, to_outside=True)
self._remove_dracut(location, system_context)
assert os.path.isfile(initrd)
def test_dir_to_dir_move(populated_system_context: SystemContext) -> None:
fs = populated_system_context.fs_directory
filehelper.move(populated_system_context, '/usr/bin', '/home')
assert not os.path.isfile(os.path.join(fs, 'usr/bin/ls'))
assert _read_file(os.path.join(fs, 'home/bin/ls')) == '/usr/bin/ls'
def test_dir_to_file_move(populated_system_context: SystemContext) -> None:
with pytest.raises(OSError):
filehelper.move(populated_system_context, '/usr/bin', '/etc/passwd')
def test_same_file_in_parent_move(
populated_system_context: SystemContext) -> None:
with pytest.raises(AssertionError):
filehelper.move(populated_system_context, '/usr/bin/ls', '/usr/bin')
def test_same_file_different_path_move(
populated_system_context: SystemContext) -> None:
with pytest.raises(OSError):
filehelper.move(populated_system_context, '/usr/bin/ls',
'/usr/../usr/bin/ls')
def test_file_to_file_move(populated_system_context: SystemContext) -> None:
fs = populated_system_context.fs_directory
filehelper.move(populated_system_context, '/usr/bin/ls', '/etc/foo')
assert not os.path.exists(os.path.join(fs, 'usr/bin/ls'))
assert _read_file(os.path.join(fs, 'etc/foo')) == '/usr/bin/ls'
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, "pacman", "usbguard")
# Do setup:
# enable the daemon (actually set up socket activation)
self._execute(
location.next_line(),
system_context,
"systemd_enable",
"usbguard-dbus.service",
)
create_file(
system_context,
"/usr/lib/tmpfiles.d/usbguard.conf",
textwrap.dedent("""\
d /var/log/usbguard 0750 root root - -
d /var/etc/usbguard 0750 root root - -
C /var/etc/usbguard - - - - -
""").encode("utf-8"),
)
self._execute(
location.next_line(),
system_context,
"sed",
"/RuleFile=\\/etc/ cRuleFile=/var/etc/usbguard/rules.conf",
"/etc/usbguard/usbguard-daemon.conf",
)
self._execute(
location.next_line(),
system_context,
"sed",
"/IPCAccessControlFiles=\\/etc/ cIPCAccessControlFiles=/var/etc/usbguard/IPCAccessControl.d",
"/etc/usbguard/usbguard-daemon.conf",
)
self._execute(
location.next_line(),
system_context,
"sed",
"/ImplicitPolicyTarget=/ cImplicitPolicyTarget=allow",
"/etc/usbguard/usbguard-daemon.conf",
)
makedirs(system_context,
"/usr/share/factory/var/etc/usbguard/IPCaccessControl.d")
move(
system_context,
"/etc/usbguard/usbguard-daemon.conf",
"/usr/share/factory/var/etc/usbguard",
)
create_file(
system_context,
"/usr/share/factory/var/etc/usbguard/rules.conf",
b"",
mode=0o600,
)
remove(
system_context,
"/etc/usbguard",
recursive=True,
)
# Fix for https://github.com/USBGuard/usbguard/issues/287
makedirs(system_context, "/usr/lib/systemd/system/usbguard.service.d")
create_file(
system_context,
"/usr/lib/systemd/system/usbguard.service.d/bugfix.conf",
textwrap.dedent("""\
[Service]
CapabilityBoundingSet=CAP_DAC_OVERRIDE
ReadWritePaths=-/var/etc/usbguard/rules.conf
ExecStart=
ExecStart=/usr/bin/usbguard-daemon -k -c /var/etc/usbguard/usbguard-daemon.conf
""").encode("utf-8"),
)
def test_dir_to_dir_move(populated_system_context: SystemContext) -> None:
fs = populated_system_context.fs_directory
filehelper.move(populated_system_context, "/usr/bin", "/home")
assert not os.path.isfile(os.path.join(fs, "usr/bin/ls"))
assert _read_file(os.path.join(fs, "home/bin/ls")) == "/usr/bin/ls"
def test_file_to_existing_file_move(
populated_system_context: SystemContext) -> None:
with pytest.raises(OSError):
filehelper.move(populated_system_context, "/usr/bin/ls", "/etc/passwd")
def test_file_to_file_move(populated_system_context: SystemContext) -> None:
fs = populated_system_context.fs_directory
filehelper.move(populated_system_context, "/usr/bin/ls", "/etc/foo")
assert not os.path.exists(os.path.join(fs, "usr/bin/ls"))
assert _read_file(os.path.join(fs, "etc/foo")) == "/usr/bin/ls"
