def _writeKS(ksdata):
path = conf.target.system_root + "/root/anaconda-ks.cfg"
# Make it so only root can read - could have passwords
with util.open_with_perm(path, "w", 0o600) as f:
f.write("# Generated by Anaconda {}\n".format(util.get_anaconda_version_string()))
f.write(str(ksdata))
def setUserSshKey(self, username, key, **kwargs):
root = kwargs.get("root", util.getSysroot())
pwent = self._getpwnam(username, root)
if not pwent:
raise ValueError("setUserSshKey: user %s does not exist" % username)
homedir = root + pwent[5]
if not os.path.exists(homedir):
log.error("setUserSshKey: home directory for %s does not exist", username)
raise ValueError("setUserSshKey: home directory for %s does not exist" % username)
uid = pwent[2]
gid = pwent[3]
sshdir = os.path.join(homedir, ".ssh")
if not os.path.isdir(sshdir):
os.mkdir(sshdir, 0o700)
os.chown(sshdir, int(uid), int(gid))
authfile = os.path.join(sshdir, "authorized_keys")
authfile_existed = os.path.exists(authfile)
with util.open_with_perm(authfile, "a", 0o600) as f:
f.write(key + "\n")
# Only change ownership if we created it
if not authfile_existed:
os.chown(authfile, int(uid), int(gid))
util.execWithRedirect("restorecon", ["-r", sshdir])
def setUserSshKey(self, username, key, **kwargs):
root = kwargs.get("root", util.getSysroot())
pwent = self._getpwnam(username, root)
if not pwent:
raise ValueError("setUserSshKey: user %s does not exist" %
username)
homedir = root + pwent[5]
if not os.path.exists(homedir):
log.error("setUserSshKey: home directory for %s does not exist",
username)
raise ValueError(
"setUserSshKey: home directory for %s does not exist" %
username)
uid = pwent[2]
gid = pwent[3]
sshdir = os.path.join(homedir, ".ssh")
if not os.path.isdir(sshdir):
os.mkdir(sshdir, 0o700)
os.chown(sshdir, int(uid), int(gid))
authfile = os.path.join(sshdir, "authorized_keys")
authfile_existed = os.path.exists(authfile)
with util.open_with_perm(authfile, "a", 0o600) as f:
f.write(key + "\n")
# Only change ownership if we created it
if not authfile_existed:
os.chown(authfile, int(uid), int(gid))
util.execWithRedirect("restorecon", ["-r", sshdir])
def test_open_with_perm(self):
"""Test the open_with_perm function"""
# Create a directory for test files
test_dir = tempfile.mkdtemp()
try:
# Reset the umask
old_umask = os.umask(0)
try:
# Create a file with mode 0777
util.open_with_perm(test_dir + '/test1', 'w', 0o777)
assert os.stat(test_dir + '/test1').st_mode & 0o777 == 0o777
# Create a file with mode 0600
util.open_with_perm(test_dir + '/test2', 'w', 0o600)
assert os.stat(test_dir + '/test2').st_mode & 0o777 == 0o600
finally:
os.umask(old_umask)
finally:
shutil.rmtree(test_dir)
def open_with_perm_test(self):
"""Test the open_with_perm function"""
# Create a directory for test files
test_dir = tempfile.mkdtemp()
try:
# Reset the umask
old_umask = os.umask(0)
try:
# Create a file with mode 0777
util.open_with_perm(test_dir + '/test1', 'w', 0o777)
self.assertEqual(os.stat(test_dir + '/test1').st_mode & 0o777, 0o777)
# Create a file with mode 0600
util.open_with_perm(test_dir + '/test2', 'w', 0o600)
self.assertEqual(os.stat(test_dir + '/test2').st_mode & 0o777, 0o600)
finally:
os.umask(old_umask)
finally:
shutil.rmtree(test_dir)
def write_password_config(self):
if not self.password and not self.encrypted_password:
return
users_file = "%s%s/%s" % (conf.target.system_root, self.config_dir, self._passwd_file)
header = util.open_with_perm(users_file, "w", 0o700)
# XXX FIXME: document somewhere that the username is "root"
self._encrypt_password()
password_line = "GRUB2_PASSWORD="******"%s\n" % password_line)
header.close()
def write_password_config(self):
if not self.password and not self.encrypted_password:
return
users_file = "%s%s/%s" % (util.getSysroot(), self.config_dir, self._passwd_file)
header = util.open_with_perm(users_file, "w", 0o700)
# XXX FIXME: document somewhere that the username is "root"
self._encrypt_password()
password_line = "GRUB2_PASSWORD="******"%s\n" % password_line)
header.close()
def _writeKS(ksdata):
path = util.getSysroot() + "/root/anaconda-ks.cfg"
# Clear out certain sensitive information that kickstart doesn't have a
# way of representing encrypted.
for obj in [ksdata.autopart] + ksdata.logvol.dataList() + \
ksdata.partition.dataList() + ksdata.raid.dataList():
obj.passphrase = ""
# Make it so only root can read - could have passwords
with util.open_with_perm(path, "w", 0o600) as f:
f.write(str(ksdata))
def write_config(self):
""" Write the bootloader configuration. """
if not self.config_file:
raise BootLoaderError("no config file defined for this boot loader")
config_path = os.path.normpath(conf.target.system_root + self.config_file)
if os.access(config_path, os.R_OK):
os.rename(config_path, config_path + ".anacbak")
config = util.open_with_perm(config_path, "w", self.config_file_mode)
self.write_config_header(config)
self.write_config_images(config)
config.close()
self.write_config_post()
def write_config(self):
""" Write the bootloader configuration. """
if not self.config_file:
raise BootLoaderError("no config file defined for this boot loader")
config_path = os.path.normpath(util.getSysroot() + self.config_file)
if os.access(config_path, os.R_OK):
os.rename(config_path, config_path + ".anacbak")
config = util.open_with_perm(config_path, "w", self.config_file_mode)
self.write_config_header(config)
self.write_config_images(config)
config.close()
self.write_config_post()
def _writeKS(ksdata):
path = util.getSysroot() + "/root/anaconda-ks.cfg"
# Clear out certain sensitive information that kickstart doesn't have a
# way of representing encrypted.
for obj in ksdata.logvol.dataList() + ksdata.partition.dataList() + ksdata.raid.dataList():
obj.passphrase = ""
# TODO: Don't add sensitive information to kickstart generated by modules.
auto_part_proxy = STORAGE.get_proxy(AUTO_PARTITIONING)
auto_part_proxy.SetPassphrase("")
# Make it so only root can read - could have passwords
with util.open_with_perm(path, "w", 0o600) as f:
f.write(str(ksdata))
def _writeKS(ksdata):
path = util.getSysroot() + "/root/anaconda-ks.cfg"
# Clear out certain sensitive information that kickstart doesn't have a
# way of representing encrypted.
for obj in ksdata.logvol.dataList() + ksdata.partition.dataList() + ksdata.raid.dataList():
obj.passphrase = ""
# TODO: Don't add sensitive information to kickstart generated by modules.
auto_part_proxy = STORAGE.get_proxy(AUTO_PARTITIONING)
auto_part_proxy.SetPassphrase("")
# Make it so only root can read - could have passwords
with util.open_with_perm(path, "w", 0o600) as f:
f.write(str(ksdata))
def set_user_ssh_key(username, key, root=None):
"""Set an SSH key for a given username.
:param str username: a username
:param str key: the SSH key to set
:param str root: target system sysroot path
"""
if root is None:
root = util.getSysroot()
pwent = _getpwnam(username, root)
if not pwent:
raise ValueError("set_user_ssh_key: user %s does not exist" % username)
homedir = root + pwent[5]
if not os.path.exists(homedir):
log.error("set_user_ssh_key: home directory for %s does not exist",
username)
raise ValueError(
"set_user_ssh_key: home directory for %s does not exist" %
username)
uid = pwent[2]
gid = pwent[3]
sshdir = os.path.join(homedir, ".ssh")
if not os.path.isdir(sshdir):
os.mkdir(sshdir, 0o700)
os.chown(sshdir, int(uid), int(gid))
authfile = os.path.join(sshdir, "authorized_keys")
authfile_existed = os.path.exists(authfile)
with util.open_with_perm(authfile, "a", 0o600) as f:
f.write(key + "\n")
# Only change ownership if we created it
if not authfile_existed:
os.chown(authfile, int(uid), int(gid))
util.execWithRedirect("restorecon", ["-r", sshdir])
def _writeKS(ksdata):
path = conf.target.system_root + "/root/anaconda-ks.cfg"
# Make it so only root can read - could have passwords
with util.open_with_perm(path, "w", 0o600) as f:
f.write(str(ksdata))
