def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, "pacman", "xorg-server", "xorg-server-xwayland") # Copy snippets from systems config folder: copy( system_context, self._config_directory(system_context) + "/*", "/etc/X11/xorg.conf.d", from_outside=True, recursive=True, ) chown(system_context, 0, 0, "/etc/X11/xorg.conf.d/*") chmod(system_context, 0o644, "/etc/X11/xorg.conf.d/*") create_file( system_context, "/etc/X11/xinit/xinitrc.d/99-access-to-user.sh", textwrap.dedent("""\ #!/usr/bin/bash # Allow local access for the user: xhost "+local:$$USER" """).encode("utf-8"), mode=0o755, ) # Install some extra fonts: self._execute(location.next_line(), system_context, "pkg_fonts")
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, 'pacman', 'xorg-server', 'xorg-server-xwayland') # Copy snippets from systems config folder: copy(system_context, self._config_directory(system_context) + '/*', '/etc/X11/xorg.conf.d', from_outside=True, recursive=True) chown(system_context, 0, 0, '/etc/X11/xorg.conf.d/*') chmod(system_context, 0o644, '/etc/X11/xorg.conf.d/*') create_file(system_context, '/etc/X11/xinit/xinitrc.d/99-access-to-user.sh', textwrap.dedent('''\ #!/usr/bin/bash # Allow local access for the user: xhost "+local:$$USER" ''').encode('utf-8'), mode=0o755) # Install some extra fonts: self._execute(location.next_line(), system_context, 'pkg_fonts')
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" user = args[0] keyfile = args[1] info(f"Adding ssh key to {user}'s authorized_keys file.") data = UserHelper.user_data(user, root_directory=system_context.fs_directory) if data is None: raise GenerateError( f'"{self.name}" could not find user "{user}".', location=location, ) trace(f"{user} mapping: UID {data.uid}, GID {data.gid}, home: {data.home}.") self._check_or_create_directory( location, system_context, data.home, mode=0o750, user=data.uid, group=data.gid, ) ssh_directory = os.path.join(data.home, ".ssh") self._check_or_create_directory( location, system_context, ssh_directory, mode=0o700, user=data.uid, group=data.gid, ) key = read_file(system_context, keyfile, outside=True).decode("utf-8") authorized_file = os.path.join(ssh_directory, "authorized_keys") line = "" options = kwargs.get("options", "") if options: line = options + " " + key + "\n" else: line += key + "\n" self._execute( location.next_line(), system_context, "append", authorized_file, line, force=True, ) chown(system_context, data.uid, data.gid, authorized_file) chmod(system_context, 0o600, authorized_file)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" private_key = args[0] public_key = args[1] location.set_description("Validate keys") if not "BEGIN PRIVATE KEY" in private_key: raise GenerateError("Private key blob is not a private key.", location=location) if not "BEGIN PUBLIC KEY" in public_key: raise GenerateError("Public key blob is not a public key.", location=location) # enable the daemon (actually set up socket activation) location.set_description("Enableing homed service") self._execute( location.next_line(), system_context, "systemd_enable", "systemd-homed.service", ) # Install keys into /usr: location.set_description("Setup keys") makedirs(system_context, "/usr/share/factory/var/lib/systemd/home", mode=0o700) create_file( system_context, "/usr/share/factory/var/lib/systemd/home/local.private", private_key.encode("utf-8"), mode=0o600, ) create_file( system_context, "/usr/share/factory/var/lib/systemd/home/local.public", public_key.encode("utf-8"), mode=0o600, ) chmod(system_context, 0o600, "/usr/share/factory/var/lib/systemd/home/*") chown(system_context, 0, 0, "/usr/share/factory/var/lib/systemd/home/*") # Set up copying of keys to var: create_file( system_context, "/usr/lib/tmpfiles.d/systemd-homed.conf", textwrap.dedent("""\ C /var/lib/systemd/home - - - - """).encode("utf-8"), mode=0o644, )
def _copy_extra_file(self, location: Location, system_context: SystemContext, extra_file: str) -> str: location.set_description( "Installing extra mkinitcpio file {}".format(extra_file)) helper_directory = self._helper_directory assert helper_directory source_path = os.path.join(helper_directory, extra_file) dest_path = os.path.join("/usr/bin", extra_file) copy(system_context, source_path, dest_path, from_outside=True) chmod(system_context, 0o755, dest_path) return dest_path
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" user_name = args[0] key_file = args[1] user = UserHelper.user_data(user_name, root_directory=system_context.fs_directory) if user is None: raise GenerateError( '"{}" could not find user "{}".'.format(self.name, user_name), location=location, ) debug('Installing "{}" to user "{}" ({}).'.format( key_file, user_name, user.home)) self._check_or_create_directory( location, system_context, user.home, mode=0o750, user=user.uid, group=user.gid, ) ssh_directory = os.path.join(user.home, ".ssh") self._check_or_create_directory( location, system_context, ssh_directory, mode=0o600, user=user.uid, group=user.gid, ) installed_key_file = os.path.join(ssh_directory, os.path.basename(key_file)) self._execute( location.next_line(), system_context, "copy", key_file, installed_key_file, from_outside=True, ) trace("Copied key.") chown(system_context, user.uid, user.gid, installed_key_file) trace("Ownership adjusted.") chmod(system_context, 0o600, installed_key_file) trace("Mode adjusted.")
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" user = args[0] keyfile = args[1] info('Adding ssh key to {}\'s authorized_keys file.'.format(user)) data = UserHelper.user_data(user, root_directory=system_context.fs_directory) if data is None: raise GenerateError('"{}" could not find user "{}".'.format( self.name, user), location=location) trace('{} mapping: UID {}, GID {}, home: {}.'.format( user, data.uid, data.gid, data.home)) self._check_or_create_directory(location, system_context, data.home, mode=0o750, user=data.uid, group=data.gid) ssh_directory = os.path.join(data.home, '.ssh') self._check_or_create_directory(location, system_context, ssh_directory, mode=0o700, user=data.uid, group=data.gid) key = read_file(system_context, keyfile, outside=True).decode('utf-8') authorized_file = os.path.join(ssh_directory, 'authorized_keys') line = '' options = kwargs.get('options', '') if options: line = options + ' ' + key + '\n' else: line += key + '\n' self._execute(location.next_line(), system_context, 'append', authorized_file, line, force=True) chown(system_context, data.uid, data.gid, authorized_file) chmod(system_context, 0o600, authorized_file)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" key_directory = args[0] self._validate_key_directory(location, key_directory) if not isdir(system_context, '/etc/ssh'): raise GenerateError( '"{}": No /etc/ssh directory found in system.'.format( self.name), location=location) self._execute(location, system_context, 'copy', _key_files(key_directory), '/etc/ssh', from_outside=True) chown(system_context, 'root', 'root', _key_files('/etc/ssh')) chmod(system_context, 0o600, '/etc/ssh/ssh_host_*_key') chmod(system_context, 0o644, '/etc/ssh/ssh_host_*_key.pub')
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" key_directory = args[0] self._validate_key_directory(location, key_directory) if not isdir(system_context, "/etc/ssh"): os.makedirs(system_context.file_name("/etc/ssh")) self._execute( location, system_context, "copy", _key_files(key_directory), "/etc/ssh", from_outside=True, ) chown(system_context, "root", "root", _key_files("/etc/ssh")) chmod(system_context, 0o600, "/etc/ssh/ssh_host_*_key") chmod(system_context, 0o644, "/etc/ssh/ssh_host_*_key.pub")
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" chmod(system_context, *args, **kwargs)
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any ) -> None: """Execute command.""" private_key = args[0] public_key = args[1] location.set_description("Validate keys") if not "BEGIN PRIVATE KEY" in private_key: raise GenerateError( "Private key blob is not a private key.", location=location ) if not "BEGIN PUBLIC KEY" in public_key: raise GenerateError( "Public key blob is not a public key.", location=location ) # enable the daemon (actually set up socket activation) location.set_description("Enableing homed service") self._execute( location.next_line(), system_context, "systemd_enable", "systemd-homed.service", ) # Install keys into /usr: location.set_description("Setup keys") makedirs(system_context, "/usr/share/factory/var/lib/systemd/home", mode=0o700) create_file( system_context, "/usr/share/factory/var/lib/systemd/home/local.private", private_key.encode("utf-8"), mode=0o600, ) create_file( system_context, "/usr/share/factory/var/lib/systemd/home/local.public", public_key.encode("utf-8"), mode=0o600, ) chmod(system_context, 0o600, "/usr/share/factory/var/lib/systemd/home/*") chown(system_context, 0, 0, "/usr/share/factory/var/lib/systemd/home/*") # Set up copying of keys to var: create_file( system_context, "/usr/lib/tmpfiles.d/systemd-homed.conf", textwrap.dedent( """\ C /var/lib/systemd/home - - - - """ ).encode("utf-8"), mode=0o644, ) # Fix up pam: location.set_description("Setting up PAM for homed") create_file( system_context, "/etc/pam.d/nss-auth", textwrap.dedent( """\ #%PAM-1.0 auth sufficient pam_unix.so try_first_pass nullok auth sufficient pam_systemd_home.so auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_systemd_home.so account required pam_deny.so password sufficient pam_unix.so try_first_pass nullok sha512 shadow password sufficient pam_systemd_home.so password required pam_deny.so """ ).encode("utf-8"), mode=0o644, ) create_file( system_context, "/etc/pam.d/system-auth", textwrap.dedent( """\ #%PAM-1.0 auth substack nss-auth auth optional pam_permit.so auth required pam_env.so account substack nss-auth account optional pam_permit.so account required pam_time.so password substack nss-auth password optional pam_permit.so session required pam_limits.so session optional pam_systemd_home.so session required pam_unix.so session optional pam_permit.so """ ).encode("utf-8"), mode=0o644, force=True, )
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" private_key = args[0] public_key = args[1] location.set_description('Validate keys') if not "BEGIN PRIVATE KEY" in private_key: raise GenerateError("Private key blob is not a private key.", location=location) if not "BEGIN PUBLIC KEY" in public_key: raise GenerateError("Public key blob is not a public key.", location=location) # enable the daemon (actually set up socket activation) location.set_description('Enableing homed service') self._execute(location.next_line(), system_context, 'systemd_enable', 'systemd-homed.service') # Install keys into /usr: location.set_description('Setup keys') makedirs(system_context, '/usr/share/factory/var/lib/systemd/home', mode=0o700) create_file(system_context, '/usr/share/factory/var/lib/systemd/home/local.private', private_key.encode('utf-8'), mode=0o600) create_file(system_context, '/usr/share/factory/var/lib/systemd/home/local.public', public_key.encode('utf-8'), mode=0o600) chmod(system_context, 0o600, '/usr/share/factory/var/lib/systemd/home/*') chown(system_context, 0, 0, '/usr/share/factory/var/lib/systemd/home/*') # Set up copying of keys to var: create_file(system_context, '/usr/lib/tmpfiles.d/systemd-homed.conf', textwrap.dedent('''\ C /var/lib/systemd/home - - - - ''').encode('utf-8'), mode=0o644) # Fix up pam: location.set_description('Setting up PAM for homed') create_file(system_context, '/etc/pam.d/system-auth', textwrap.dedent('''\ #%PAM-1.0 auth [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so auth required pam_unix.so try_first_pass nullok auth optional pam_permit.so auth required pam_env.so account [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so account required pam_unix.so account optional pam_permit.so account required pam_time.so password [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so session required pam_unix.so session optional pam_permit.so ''').encode('utf-8'), mode=0o644, force=True)