def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, "pacman", "xorg-server",
"xorg-server-xwayland")
# Copy snippets from systems config folder:
copy(
system_context,
self._config_directory(system_context) + "/*",
"/etc/X11/xorg.conf.d",
from_outside=True,
recursive=True,
)
chown(system_context, 0, 0, "/etc/X11/xorg.conf.d/*")
chmod(system_context, 0o644, "/etc/X11/xorg.conf.d/*")
create_file(
system_context,
"/etc/X11/xinit/xinitrc.d/99-access-to-user.sh",
textwrap.dedent("""\
#!/usr/bin/bash
# Allow local access for the user:
xhost "+local:$$USER"
""").encode("utf-8"),
mode=0o755,
)
# Install some extra fonts:
self._execute(location.next_line(), system_context, "pkg_fonts")
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'xorg-server',
'xorg-server-xwayland')
# Copy snippets from systems config folder:
copy(system_context,
self._config_directory(system_context) + '/*',
'/etc/X11/xorg.conf.d',
from_outside=True,
recursive=True)
chown(system_context, 0, 0, '/etc/X11/xorg.conf.d/*')
chmod(system_context, 0o644, '/etc/X11/xorg.conf.d/*')
create_file(system_context,
'/etc/X11/xinit/xinitrc.d/99-access-to-user.sh',
textwrap.dedent('''\
#!/usr/bin/bash
# Allow local access for the user:
xhost "+local:$$USER"
''').encode('utf-8'),
mode=0o755)
# Install some extra fonts:
self._execute(location.next_line(), system_context, 'pkg_fonts')
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
user = args[0]
keyfile = args[1]
info(f"Adding ssh key to {user}'s authorized_keys file.")
data = UserHelper.user_data(user, root_directory=system_context.fs_directory)
if data is None:
raise GenerateError(
f'"{self.name}" could not find user "{user}".', location=location,
)
trace(f"{user} mapping: UID {data.uid}, GID {data.gid}, home: {data.home}.")
self._check_or_create_directory(
location,
system_context,
data.home,
mode=0o750,
user=data.uid,
group=data.gid,
)
ssh_directory = os.path.join(data.home, ".ssh")
self._check_or_create_directory(
location,
system_context,
ssh_directory,
mode=0o700,
user=data.uid,
group=data.gid,
)
key = read_file(system_context, keyfile, outside=True).decode("utf-8")
authorized_file = os.path.join(ssh_directory, "authorized_keys")
line = ""
options = kwargs.get("options", "")
if options:
line = options + " " + key + "\n"
else:
line += key + "\n"
self._execute(
location.next_line(),
system_context,
"append",
authorized_file,
line,
force=True,
)
chown(system_context, data.uid, data.gid, authorized_file)
chmod(system_context, 0o600, authorized_file)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
chown(system_context,
kwargs.get("user", "root"),
kwargs.get("group", "root"),
*args,
recursive=kwargs.get("recursive", False))
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
chown(system_context,
kwargs.get('user', 'root'),
kwargs.get('group', 'root'),
*args,
recursive=kwargs.get('recursive', False))
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
private_key = args[0]
public_key = args[1]
location.set_description("Validate keys")
if not "BEGIN PRIVATE KEY" in private_key:
raise GenerateError("Private key blob is not a private key.",
location=location)
if not "BEGIN PUBLIC KEY" in public_key:
raise GenerateError("Public key blob is not a public key.",
location=location)
# enable the daemon (actually set up socket activation)
location.set_description("Enableing homed service")
self._execute(
location.next_line(),
system_context,
"systemd_enable",
"systemd-homed.service",
)
# Install keys into /usr:
location.set_description("Setup keys")
makedirs(system_context,
"/usr/share/factory/var/lib/systemd/home",
mode=0o700)
create_file(
system_context,
"/usr/share/factory/var/lib/systemd/home/local.private",
private_key.encode("utf-8"),
mode=0o600,
)
create_file(
system_context,
"/usr/share/factory/var/lib/systemd/home/local.public",
public_key.encode("utf-8"),
mode=0o600,
)
chmod(system_context, 0o600,
"/usr/share/factory/var/lib/systemd/home/*")
chown(system_context, 0, 0,
"/usr/share/factory/var/lib/systemd/home/*")
# Set up copying of keys to var:
create_file(
system_context,
"/usr/lib/tmpfiles.d/systemd-homed.conf",
textwrap.dedent("""\
C /var/lib/systemd/home - - - -
""").encode("utf-8"),
mode=0o644,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
user_name = args[0]
key_file = args[1]
user = UserHelper.user_data(user_name,
root_directory=system_context.fs_directory)
if user is None:
raise GenerateError(
'"{}" could not find user "{}".'.format(self.name, user_name),
location=location,
)
debug('Installing "{}" to user "{}" ({}).'.format(
key_file, user_name, user.home))
self._check_or_create_directory(
location,
system_context,
user.home,
mode=0o750,
user=user.uid,
group=user.gid,
)
ssh_directory = os.path.join(user.home, ".ssh")
self._check_or_create_directory(
location,
system_context,
ssh_directory,
mode=0o600,
user=user.uid,
group=user.gid,
)
installed_key_file = os.path.join(ssh_directory,
os.path.basename(key_file))
self._execute(
location.next_line(),
system_context,
"copy",
key_file,
installed_key_file,
from_outside=True,
)
trace("Copied key.")
chown(system_context, user.uid, user.gid, installed_key_file)
trace("Ownership adjusted.")
chmod(system_context, 0o600, installed_key_file)
trace("Mode adjusted.")
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
user = args[0]
keyfile = args[1]
info('Adding ssh key to {}\'s authorized_keys file.'.format(user))
data = UserHelper.user_data(user,
root_directory=system_context.fs_directory)
if data is None:
raise GenerateError('"{}" could not find user "{}".'.format(
self.name, user),
location=location)
trace('{} mapping: UID {}, GID {}, home: {}.'.format(
user, data.uid, data.gid, data.home))
self._check_or_create_directory(location,
system_context,
data.home,
mode=0o750,
user=data.uid,
group=data.gid)
ssh_directory = os.path.join(data.home, '.ssh')
self._check_or_create_directory(location,
system_context,
ssh_directory,
mode=0o700,
user=data.uid,
group=data.gid)
key = read_file(system_context, keyfile, outside=True).decode('utf-8')
authorized_file = os.path.join(ssh_directory, 'authorized_keys')
line = ''
options = kwargs.get('options', '')
if options:
line = options + ' ' + key + '\n'
else:
line += key + '\n'
self._execute(location.next_line(),
system_context,
'append',
authorized_file,
line,
force=True)
chown(system_context, data.uid, data.gid, authorized_file)
chmod(system_context, 0o600, authorized_file)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
key_directory = args[0]
self._validate_key_directory(location, key_directory)
if not isdir(system_context, '/etc/ssh'):
raise GenerateError(
'"{}": No /etc/ssh directory found in system.'.format(
self.name),
location=location)
self._execute(location,
system_context,
'copy',
_key_files(key_directory),
'/etc/ssh',
from_outside=True)
chown(system_context, 'root', 'root', _key_files('/etc/ssh'))
chmod(system_context, 0o600, '/etc/ssh/ssh_host_*_key')
chmod(system_context, 0o644, '/etc/ssh/ssh_host_*_key.pub')
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
key_directory = args[0]
self._validate_key_directory(location, key_directory)
if not isdir(system_context, "/etc/ssh"):
os.makedirs(system_context.file_name("/etc/ssh"))
self._execute(
location,
system_context,
"copy",
_key_files(key_directory),
"/etc/ssh",
from_outside=True,
)
chown(system_context, "root", "root", _key_files("/etc/ssh"))
chmod(system_context, 0o600, "/etc/ssh/ssh_host_*_key")
chmod(system_context, 0o644, "/etc/ssh/ssh_host_*_key.pub")
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any
) -> None:
"""Execute command."""
private_key = args[0]
public_key = args[1]
location.set_description("Validate keys")
if not "BEGIN PRIVATE KEY" in private_key:
raise GenerateError(
"Private key blob is not a private key.", location=location
)
if not "BEGIN PUBLIC KEY" in public_key:
raise GenerateError(
"Public key blob is not a public key.", location=location
)
# enable the daemon (actually set up socket activation)
location.set_description("Enableing homed service")
self._execute(
location.next_line(),
system_context,
"systemd_enable",
"systemd-homed.service",
)
# Install keys into /usr:
location.set_description("Setup keys")
makedirs(system_context, "/usr/share/factory/var/lib/systemd/home", mode=0o700)
create_file(
system_context,
"/usr/share/factory/var/lib/systemd/home/local.private",
private_key.encode("utf-8"),
mode=0o600,
)
create_file(
system_context,
"/usr/share/factory/var/lib/systemd/home/local.public",
public_key.encode("utf-8"),
mode=0o600,
)
chmod(system_context, 0o600, "/usr/share/factory/var/lib/systemd/home/*")
chown(system_context, 0, 0, "/usr/share/factory/var/lib/systemd/home/*")
# Set up copying of keys to var:
create_file(
system_context,
"/usr/lib/tmpfiles.d/systemd-homed.conf",
textwrap.dedent(
"""\
C /var/lib/systemd/home - - - -
"""
).encode("utf-8"),
mode=0o644,
)
# Fix up pam:
location.set_description("Setting up PAM for homed")
create_file(
system_context,
"/etc/pam.d/nss-auth",
textwrap.dedent(
"""\
#%PAM-1.0
auth sufficient pam_unix.so try_first_pass nullok
auth sufficient pam_systemd_home.so
auth required pam_deny.so
account sufficient pam_unix.so
account sufficient pam_systemd_home.so
account required pam_deny.so
password sufficient pam_unix.so try_first_pass nullok sha512 shadow
password sufficient pam_systemd_home.so
password required pam_deny.so
"""
).encode("utf-8"),
mode=0o644,
)
create_file(
system_context,
"/etc/pam.d/system-auth",
textwrap.dedent(
"""\
#%PAM-1.0
auth substack nss-auth
auth optional pam_permit.so
auth required pam_env.so
account substack nss-auth
account optional pam_permit.so
account required pam_time.so
password substack nss-auth
password optional pam_permit.so
session required pam_limits.so
session optional pam_systemd_home.so
session required pam_unix.so
session optional pam_permit.so
"""
).encode("utf-8"),
mode=0o644,
force=True,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
private_key = args[0]
public_key = args[1]
location.set_description('Validate keys')
if not "BEGIN PRIVATE KEY" in private_key:
raise GenerateError("Private key blob is not a private key.",
location=location)
if not "BEGIN PUBLIC KEY" in public_key:
raise GenerateError("Public key blob is not a public key.",
location=location)
# enable the daemon (actually set up socket activation)
location.set_description('Enableing homed service')
self._execute(location.next_line(), system_context, 'systemd_enable',
'systemd-homed.service')
# Install keys into /usr:
location.set_description('Setup keys')
makedirs(system_context,
'/usr/share/factory/var/lib/systemd/home',
mode=0o700)
create_file(system_context,
'/usr/share/factory/var/lib/systemd/home/local.private',
private_key.encode('utf-8'),
mode=0o600)
create_file(system_context,
'/usr/share/factory/var/lib/systemd/home/local.public',
public_key.encode('utf-8'),
mode=0o600)
chmod(system_context, 0o600,
'/usr/share/factory/var/lib/systemd/home/*')
chown(system_context, 0, 0,
'/usr/share/factory/var/lib/systemd/home/*')
# Set up copying of keys to var:
create_file(system_context,
'/usr/lib/tmpfiles.d/systemd-homed.conf',
textwrap.dedent('''\
C /var/lib/systemd/home - - - -
''').encode('utf-8'),
mode=0o644)
# Fix up pam:
location.set_description('Setting up PAM for homed')
create_file(system_context,
'/etc/pam.d/system-auth',
textwrap.dedent('''\
#%PAM-1.0
auth [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so
auth required pam_unix.so try_first_pass nullok
auth optional pam_permit.so
auth required pam_env.so
account [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session [success=1 new_authtok_reqd=1 ignore=ignore user_unknown=ignore default=bad] pam_systemd_home.so
session required pam_unix.so
session optional pam_permit.so
''').encode('utf-8'),
mode=0o644,
force=True)
