def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any
) -> None:
"""Execute command."""
self._execute(
location, system_context, "pacman", "quassel-core", "postgresql-libs"
)
self._execute(
location.next_line(),
system_context,
"systemd_harden_unit",
"quassel.service",
)
self._execute(
location.next_line(), system_context, "systemd_enable", "quassel.service"
)
self._execute(
location.next_line(),
system_context,
"net_firewall_open_port",
4242,
protocol="tcp",
comment="Quassel",
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Nested virtualization:
self._execute(location, system_context, 'create',
'/etc/modprobe.d/kvm_intel.conf',
'options kvm_intel nested=1')
# Intel ucode:
location.set_description('Install intel-ucode')
self._execute(location, system_context, 'pacman', 'intel-ucode')
initrd_parts = os.path.join(system_context.boot_directory,
'initrd-parts')
os.makedirs(initrd_parts, exist_ok=True)
self._execute(location,
system_context,
'move',
'/boot/intel-ucode.img',
os.path.join(initrd_parts, '00-intel-ucode'),
to_outside=True)
# enable kms:
self._execute(location.next_line(), system_context, 'sed',
's/^MODULES=(/MODULES=(crc32c-intel /',
'/etc/mkinitcpio.conf')
# Clean out firmware:
self._execute(location.next_line(),
system_context,
'remove',
'/usr/lib/firmware/amd-ucode/*',
force=True)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._setup(*args, **kwargs)
h2('Exporting system "{}".'.format(system_context.system_name))
debug('Running Hooks.')
self._run_all_exportcommand_hooks(system_context)
verbose('Preparing system for export.')
self.prepare_for_export(location, system_context)
info('Validating installation for export.')
if not self._skip_validation:
_validate_installation(location.next_line(), system_context)
export_directory \
= self.create_export_directory(system_context)
assert export_directory
system_context.set_substitution('EXPORT_DIRECTORY', export_directory)
verbose('Exporting all data in {}.'.format(export_directory))
self._execute(location.next_line(),
system_context,
'_export_directory',
export_directory,
compression=self._repository_compression,
compression_level=self._repository_compression_level,
repository=self._repository)
info('Cleaning up export location.')
self.delete_export_directory(export_directory)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'avahi')
# Do setup:
# Fix missing symlink:
self._execute(location.next_line(),
system_context,
'symlink',
'avahi-daemon.service',
'dbus-org.freedesktop.Avahi.service',
work_directory='/usr/lib/systemd/system')
# enable the daemon (actually set up socket activation)
self._execute(location.next_line(), system_context, 'systemd_enable',
'avahi-daemon.service')
# Open the firewall for it:
self._execute(location.next_line(),
system_context,
'net_firewall_open_port',
'5353',
protocol='udp',
comment='Avahi')
# Edit /etc/nsswitch.conf:
self._execute(
location.next_line(), system_context, 'sed',
'/^hosts\\s*:/ s/resolve/mdns_minimal '
'[NOTFOUND=return] resolve/', '/etc/nsswitch.conf')
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Enable KMS:
self._execute(location, system_context, 'pkg_intel_kms')
self._execute(location, system_context, 'pkg_xorg')
# Set some kernel parameters:
cmdline = system_context.substitution('KERNEL_CMDLINE', '')
if cmdline:
cmdline += ' '
cmdline += 'intel_iommu=igfx_off i915.fastboot=1'
system_context.set_substitution('KERNEL_CMDLINE', cmdline)
self._execute(location, system_context, 'pacman', 'libva-intel-driver',
'mesa', 'vulkan-intel', 'xf86-video-intel',
'intel-media-driver')
self._execute(location.next_line(), system_context, 'create',
'/etc/modprobe.d/i915-guc.conf',
'options i915 enable_guc=3')
self._execute(location.next_line(),
system_context,
'remove',
'/usr/lib/firmware/amdgpu/*',
'/usr/lib/firmware/nvidia/*',
'/usr/lib/firmware/radeon/*',
force=True,
recursive=True)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
pacman_setup(system_context, kwargs.get("config", ""))
pacman_key_command = self._binary(Binaries.PACMAN_KEY)
pacman_keyinit(system_context, pacman_key_command=pacman_key_command)
# Allow for customizations of the pacman keyring to happen:
self._execute(
location.next_line(),
system_context,
"_pacman_keyinit",
pacman_key=pacman_key_command,
gpg_dir=gpg_directory(system_context),
)
pacstrap(system_context,
*args,
pacman_command=self._binary(Binaries.PACMAN),
chroot_helper=self._binary(Binaries.SYSTEMD_NSPAWN),
**kwargs)
self._execute(location.next_line(), system_context,
"create_os_release")
self._setup_hooks(location, system_context)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
for f in args:
source = (f if os.path.isabs(f) else os.path.join(
system_context.systems_definition_directory or "", f))
dest = os.path.join("/etc/ca-certificates/trust-source/anchors",
os.path.basename(f))
self._execute(
location.next_line(),
system_context,
"copy",
source,
dest,
from_outside=True,
)
self._execute(
location.next_line(),
system_context,
"chmod",
stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH,
dest,
)
run(
"/usr/bin/trust",
"extract-compat",
chroot=system_context.fs_directory,
chroot_helper=self._binary(Binaries.CHROOT_HELPER),
)
def _setup_hooks(self, location: Location,
system_context: SystemContext) -> None:
i_gpg_dir = "/usr/lib/pacman/gpg"
i_packages = "/var/cache/pacman/pkg/*"
location.set_description("cleanup pacman-key files (internal)")
self._add_hook(
location,
system_context,
"_teardown",
"remove",
i_gpg_dir + "/S.*",
i_gpg_dir + "/pubring.gpg~",
i_gpg_dir + "/secring.gpg*",
"/var/log/pacman.log",
i_packages,
recursive=True,
force=True,
)
location.set_description("Cleanup pacman-key files (external)")
o_gpg_dir = os.path.join(system_context.meta_directory, "pacman/gpg")
self._add_hook(
location,
system_context,
"_teardown",
"remove",
o_gpg_dir + "/S.*",
o_gpg_dir + "/pubring.gpg~",
o_gpg_dir + "/secring.gpg*",
recursive=True,
force=True,
outside=True,
)
location.set_description("Move systemd files into /usr")
self._add_hook(location, system_context, "_teardown",
"systemd_cleanup")
location.set_description("Moving /opt into /usr")
self._add_hook(location.next_line(), system_context, "export", "move",
"/opt", "/usr")
self._add_hook(
location,
system_context,
"export",
"symlink",
"usr/opt",
"opt",
work_directory="/",
)
location.set_description("Writing package information to FS.")
self._add_hook(location.next_line(), system_context, "export",
"_pacman_write_package_data")
system_context.set_substitution("DISTRO_ID_LIKE", "archlinux")
def _install_mkinitcpio(
self, location: Location,
system_context: SystemContext) -> typing.Sequence[str]:
to_clean_up = [
"/etc/mkinitcpio.d", "/etc/mkinitcpio.conf", "/boot/vmlinu*"
]
location.set_description("Install mkinitcpio")
self._execute(location, system_context, "pacman", "mkinitcpio")
location.set_description("Fix up mkinitcpio.conf")
self._execute(
location.next_line(),
system_context,
"sed",
"/^HOOKS=/ "
"cHOOKS=(base systemd keyboard sd-vconsole "
"sd-encrypt block sd-lvm2 filesystems btrfs "
"sd-shutdown)",
"/etc/mkinitcpio.conf",
)
self._execute(
location.next_line(),
system_context,
"append",
"/etc/mkinitcpio.conf",
'COMPRESSION="cat"',
)
location.set_description("Create mkinitcpio presets")
create_file(
system_context,
"/etc/mkinitcpio.d/cleanroom.preset",
textwrap.dedent("""\
# mkinitcpio preset file for cleanroom
ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz"
PRESETS=('default')
#default_config="/etc/mkinitcpio.conf"
default_image="/boot/initramfs.img"
#default_options=""
""").encode("utf-8"),
)
self._execute(
location.next_line(),
system_context,
"sed",
"s%/initramfs-linux.*.img%/initrd%",
"/etc/mkinitcpio.d/cleanroom.preset",
)
return to_clean_up
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'glusterfs', 'grep',
'python3')
self._execute(location.next_line(),
system_context,
'create',
'/usr/lib/tmpfiles.d/mnt-gluster.conf',
textwrap.dedent('''\
d /mnt/gluster 0700 root root - -
d /mnt/gluster/0 0755 root root - -
d /mnt/gluster/1 0755 root root - -
d /mnt/gluster/2 0755 root root - -
d /mnt/gluster/4 0755 root root - -
'''),
mode=0o644)
self._execute(location.next_line(),
system_context,
'mkdir',
'/usr/lib/systemd/system/glusterd.service.d',
mode=0o755)
self._execute(
location.next_line(),
system_context,
'create',
'/usr/lib/systemd/system/glusterd.service.d/override.conf',
textwrap.dedent('''\
[Service]
Type=simple
ExecStart=
ExecStart=/usr/bin/glusterd -N --log-file=- --log-level INFO
PIDFile=
KillMode=control-group
Environment=
EnvironmentFile=
StateDirectory=glusterd
RuntimeDirectory=gluster
LogsDirectory=glusterfs
'''),
mode=0o644)
self._execute(location.next_line(),
system_context,
'systemd_harden_unit',
'glusterd.service',
PrivateUsers=False)
# Fix rdma usage which is not included in archlinux:
self._execute(
location.next_line(), system_context, 'sed',
'/option transport-type/ coption transport type = socket',
'/etc/glusterfs/glusterd.vol')
def _setup_hooks(self, location: Location,
system_context: SystemContext) -> None:
igpgdir = '/usr/lib/pacman/gpg'
ipackages = '/var/cache/pacman/pkg/*'
location.set_description('cleanup pacman-key files (internal)')
self._add_hook(location,
system_context,
'_teardown',
'remove',
igpgdir + '/S.*',
igpgdir + '/pubring.gpg~',
igpgdir + '/secring.gpg*',
'/var/log/pacman.log',
ipackages,
recursive=True,
force=True)
location.set_description('Cleanup pacman-key files (external)')
ogpgdir = os.path.join(system_context.meta_directory, 'pacman/gpg')
self._add_hook(location,
system_context,
'_teardown',
'remove',
ogpgdir + '/S.*',
ogpgdir + '/pubring.gpg~',
ogpgdir + '/secring.gpg*',
recursive=True,
force=True,
outside=True)
location.set_description('Move systemd files into /usr')
self._add_hook(location, system_context, '_teardown',
'systemd_cleanup')
location.set_description('Moving /opt into /usr')
self._add_hook(location.next_line(), system_context, 'export', 'move',
'/opt', '/usr')
self._add_hook(location,
system_context,
'export',
'symlink',
'usr/opt',
'opt',
work_directory='/')
location.set_description('Writing package information to FS.')
self._add_hook(location.next_line(), system_context, 'export',
'_pacman_write_package_data')
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any
) -> None:
"""Execute command."""
# Enable KMS:
self._execute(location, system_context, "pkg_intel_kms")
self._execute(location, system_context, "pkg_xorg")
# Set some kernel parameters:
system_context.set_or_append_substitution(
"KERNEL_CMDLINE", "intel_iommu=igfx_off i915.fastboot=1"
)
self._execute(
location,
system_context,
"pacman",
"libva-intel-driver",
"mesa",
"vulkan-intel",
"xf86-video-intel",
"intel-media-driver",
)
self._execute(
location.next_line(),
system_context,
"create",
"/etc/modprobe.d/i915-guc.conf",
"options i915 enable_guc=3",
)
self._execute(
location.next_line(),
system_context,
"remove",
"/usr/lib/firmware/amdgpu/*",
"/usr/lib/firmware/nvidia/*",
"/usr/lib/firmware/radeon/*",
force=True,
recursive=True,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'quassel-core',
'postgresql-libs')
self._execute(location.next_line(), system_context,
'systemd_harden_unit', 'quassel.service')
self._execute(location.next_line(), system_context, 'systemd_enable',
'quassel.service')
self._execute(location.next_line(),
system_context,
'net_firewall_open_port',
4242,
protocol='tcp',
comment='Quassel')
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'xorg-server',
'xorg-server-xwayland')
# Copy snippets from systems config folder:
copy(system_context,
self._config_directory(system_context) + '/*',
'/etc/X11/xorg.conf.d',
from_outside=True,
recursive=True)
chown(system_context, 0, 0, '/etc/X11/xorg.conf.d/*')
chmod(system_context, 0o644, '/etc/X11/xorg.conf.d/*')
create_file(system_context,
'/etc/X11/xinit/xinitrc.d/99-access-to-user.sh',
textwrap.dedent('''\
#!/usr/bin/bash
# Allow local access for the user:
xhost "+local:$$USER"
''').encode('utf-8'),
mode=0o755)
# Install some extra fonts:
self._execute(location.next_line(), system_context, 'pkg_fonts')
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
old_machine_id = system_context.substitution("MACHINE_ID", "")
if old_machine_id:
raise GenerateError(
f'Machine-id was already set to "{old_machine_id}".',
location=location,
)
machine_id = args[0]
system_context.set_substitution("MACHINE_ID", machine_id)
machine_id += "\n"
self._execute(
location.next_line(),
system_context,
"create",
"/etc/machine-id",
machine_id,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'tmux')
self._execute(location.next_line(), system_context,
'create', '/root/.tmux.conf',
textwrap.dedent('''\
# Set activation key to ctrl-A:
set-option -g prefix C-a
# Rebind splitting to | and -:
unbind %
bind | split-window -h
bind - split-window -v
# Last window on C-a C-a:
bind-key C-a last-window
# Highlight active window
set-window-option -g window-status-current-bg red
# Set window notifications
setw -g monitor-activity on
set -g visual-activity on
'''), mode=0o600)
def _harden_sshd(self, location: Location, system_context: SystemContext,
**kwargs: typing.Any) -> None:
# Install custom moduli
moduli = os.path.join(self._config_directory(system_context), "moduli")
if os.path.exists(moduli):
self._execute(
location.next_line(),
system_context,
"copy",
moduli,
"/etc/ssh/moduli",
from_outside=True,
force=True,
)
# Config tweaks:
self._set_sshd_config(location, system_context,
"PasswordAuthentication", "no")
self._set_sshd_config(location, system_context, "PermitEmptyPasswords",
"no")
self._set_sshd_config(location, system_context, "Protocol", "2")
self._set_sshd_config_yes_or_no(location, system_context,
"AllowTcpForwarding", **kwargs)
self._set_sshd_config_yes_or_no(location, system_context,
"GatewayPorts", **kwargs)
self._set_sshd_config(location, system_context, "X11Forwarding", "no")
self._set_sshd_config(location, system_context, "HostKey",
"/etc/ssh/ssh_host_ed25519_key")
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
static_hostname = args[0]
pretty_hostname = kwargs.get("pretty", static_hostname)
if system_context.substitution("HOSTNAME", ""):
raise GenerateError("Hostname was already set.", location=location)
system_context.set_substitution("HOSTNAME", static_hostname)
system_context.set_substitution("PRETTY_HOSTNAME", pretty_hostname)
self._execute(location, system_context, "create", "/etc/hostname",
static_hostname)
self._execute(
location.next_line(),
system_context,
"sed",
f'/^PRETTY_HOSTNAME=/ cPRETTY_HOSTNAME="{pretty_hostname}"',
"/etc/machine.info",
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description('Handle different kernel flavors')
vmlinuz = os.path.join(system_context.boot_directory, 'vmlinuz')
makedirs(system_context, '/etc/mkinitcpio.d', exist_ok=True)
# Clean up after the mkinitcpio hook:
for kernel in (
'',
'-hardened',
'-lts',
'-zen',
'-git',
):
remove('/boot/vmlinuz{}'.format(kernel), force=True)
# New style linux packages that put vmlinuz into /usr/lib/modules:
self._execute(location.next_line(),
system_context,
'move',
'/usr/lib/modules/*/vmlinuz',
vmlinuz,
to_outside=True,
ignore_missing_sources=True)
assert (os.path.isfile(vmlinuz))
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description("Handle different kernel flavors")
vmlinuz = os.path.join(system_context.boot_directory, "vmlinuz")
makedirs(system_context, "/etc/mkinitcpio.d", exist_ok=True)
# Clean up after the mkinitcpio hook:
for kernel in (
"",
"-hardened",
"-lts",
"-zen",
"-git",
):
remove("/boot/vmlinuz{}".format(kernel), force=True)
# New style linux packages that put vmlinuz into /usr/lib/modules:
self._execute(
location.next_line(),
system_context,
"move",
"/usr/lib/modules/*/vmlinuz",
vmlinuz,
to_outside=True,
ignore_missing_sources=True,
)
assert os.path.isfile(vmlinuz)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Set some kernel parameters for:
system_context.set_or_append_substitution(
"KERNEL_CMDLINE", "nvidia-drm.modeset=1 nouveau.blacklist=1")
self._execute(
location,
system_context,
"pacman",
"nvidia",
"nvidia-settings",
"nvidia-utils",
"opencl-nvidia",
"libvdpau",
"lib32-libvdpau",
"lib32-nvidia-utils",
"lib32-opencl-nvidia",
"vdpauinfo",
"mesa",
"mesa-demos",
)
self._execute(
location.next_line(),
system_context,
"create",
"/etc/modprobe.d/nouveau-blacklist.conf",
"blacklist nouveau",
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
target = args[0]
systemd_directory = "/usr/lib/systemd/system/"
target_path = systemd_directory + args[0]
if not isfile(system_context, target_path):
raise GenerateError(
'Target "{}" does not exist or is no file. '
"Can not use as default target.".format(target))
default = "default.target"
default_path = systemd_directory + "default.target"
self._execute(location,
system_context,
"remove",
default_path,
force=True)
self._execute(
location.next_line(),
system_context,
"symlink",
target,
default,
work_directory=systemd_directory,
)
system_context.set_substitution("DEFAULT_BOOT_TARGET", target)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, "pacman", "xorg-server",
"xorg-server-xwayland")
# Copy snippets from systems config folder:
copy(
system_context,
self._config_directory(system_context) + "/*",
"/etc/X11/xorg.conf.d",
from_outside=True,
recursive=True,
)
chown(system_context, 0, 0, "/etc/X11/xorg.conf.d/*")
chmod(system_context, 0o644, "/etc/X11/xorg.conf.d/*")
create_file(
system_context,
"/etc/X11/xinit/xinitrc.d/99-access-to-user.sh",
textwrap.dedent("""\
#!/usr/bin/bash
# Allow local access for the user:
xhost "+local:$$USER"
""").encode("utf-8"),
mode=0o755,
)
# Install some extra fonts:
self._execute(location.next_line(), system_context, "pkg_fonts")
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
old_base = system_context.file_name("/etc/systemd/system") + "/"
new_base = system_context.file_name("/usr/lib/systemd/system") + "/"
trace("walking:", old_base)
for root, _dirs, files in os.walk(old_base):
for f in files:
full_path = os.path.join(root, f)
trace("Checking", full_path)
if os.path.islink(full_path):
trace("Moving link", full_path)
_move_symlink(location, system_context, old_base, new_base,
full_path)
else:
trace("Moving file", full_path)
_move_file(location, old_base, new_base, full_path)
self._execute(
location.next_line(),
system_context,
"remove",
"/etc/systemd/system/*",
recursive=True,
force=True,
)
def _create_complete_kernel(
self,
location: Location,
system_context: SystemContext,
cmdline: str,
*,
kernel_file: str,
efi_key: str,
efi_cert: str,
):
self._create_efi_kernel(
location,
system_context,
cmdline,
kernel_file=kernel_file,
)
if efi_key and efi_cert:
debug("Signing EFI kernel.")
location.set_description("Sign EFI kernel")
self._execute(
location.next_line(),
system_context,
"sign_efi_binary",
kernel_file,
key=efi_key,
cert=efi_cert,
outside=True,
keep_unsigned=False,
)
trace(f"Validating existence of {kernel_file}.")
assert os.path.isfile(kernel_file)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
etc = "/etc"
localtime = "localtime"
etc_localtime = etc + "/" + localtime
timezone = args[0]
full_timezone = "../usr/share/zoneinfo/" + timezone
if not exists(system_context, full_timezone, work_directory=etc):
raise GenerateError(
f'Timezone "{timezone}" not found when trying to set timezone.',
location=location,
)
self._execute(location, system_context, "remove", etc_localtime)
self._execute(
location.next_line(),
system_context,
"symlink",
full_timezone,
localtime,
work_directory="/etc",
)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any
) -> None:
"""Execute command."""
self._execute(location, system_context, "pacman", "avahi")
# Do setup:
# Fix missing symlink:
self._execute(
location.next_line(),
system_context,
"symlink",
"avahi-daemon.service",
"dbus-org.freedesktop.Avahi.service",
work_directory="/usr/lib/systemd/system",
)
# enable the daemon (actually set up socket activation)
self._execute(
location.next_line(),
system_context,
"systemd_enable",
"avahi-daemon.service",
)
# Open the firewall for it:
self._execute(
location.next_line(),
system_context,
"net_firewall_open_port",
"5353",
protocol="udp",
comment="Avahi",
)
# Edit /etc/nsswitch.conf:
self._execute(
location.next_line(),
system_context,
"sed",
"/^hosts\\s*:/ s/resolve/mdns_minimal " "[NOTFOUND=return] resolve/",
"/etc/nsswitch.conf",
)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
user = args[0]
keyfile = args[1]
info(f"Adding ssh key to {user}'s authorized_keys file.")
data = UserHelper.user_data(user, root_directory=system_context.fs_directory)
if data is None:
raise GenerateError(
f'"{self.name}" could not find user "{user}".', location=location,
)
trace(f"{user} mapping: UID {data.uid}, GID {data.gid}, home: {data.home}.")
self._check_or_create_directory(
location,
system_context,
data.home,
mode=0o750,
user=data.uid,
group=data.gid,
)
ssh_directory = os.path.join(data.home, ".ssh")
self._check_or_create_directory(
location,
system_context,
ssh_directory,
mode=0o700,
user=data.uid,
group=data.gid,
)
key = read_file(system_context, keyfile, outside=True).decode("utf-8")
authorized_file = os.path.join(ssh_directory, "authorized_keys")
line = ""
options = kwargs.get("options", "")
if options:
line = options + " " + key + "\n"
else:
line += key + "\n"
self._execute(
location.next_line(),
system_context,
"append",
authorized_file,
line,
force=True,
)
chown(system_context, data.uid, data.gid, authorized_file)
chmod(system_context, 0o600, authorized_file)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Nested virtualization:
self._execute(
location,
system_context,
"create",
"/etc/modprobe.d/kvm_intel.conf",
"options kvm_intel nested=1",
)
# Intel ucode:
location.set_description("Install intel-ucode")
self._execute(location, system_context, "pacman", "intel-ucode")
initrd_parts = os.path.join(system_context.boot_directory,
"initrd-parts")
os.makedirs(initrd_parts, exist_ok=True)
self._execute(
location,
system_context,
"move",
"/boot/intel-ucode.img",
os.path.join(initrd_parts, "00-intel-ucode"),
to_outside=True,
)
# enable kms:
self._execute(
location.next_line(),
system_context,
"sed",
"s/^MODULES=(/MODULES=(crc32c-intel /",
"/etc/mkinitcpio.conf",
)
# Clean out firmware:
self._execute(
location.next_line(),
system_context,
"remove",
"/usr/lib/firmware/amd-ucode/*",
force=True,
)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
## validate package type:
if system_context.substitution("CLRM_PACKAGE_TYPE", ""):
raise GenerateError(
"Trying to run swupd_init on a system that already has a CLRM_PACKAGE_TYPE defined."
)
system_context.set_substitution("CLRM_PACKAGE_TYPE", "swupd")
run(
self._binary(Binaries.SWUPD),
"autoupdate",
f"--path={system_context.fs_directory}",
"--disable",
"--no-progress",
returncode=28,
)
# Setup update-helper so that swupd os-install will actually work:
os.makedirs(system_context.file_name("/usr/bin"))
with open(system_context.file_name("/usr/bin/update-helper"), "wb") as fd:
fd.write(
dedent(
"""\
#!/usr/bin/sh
exit 0
"""
).encode("utf-8")
)
os.chmod(system_context.file_name("/usr/bin/update-helper"), 0o755)
run(
self._binary(Binaries.SWUPD),
"os-install",
f"--path={system_context.fs_directory}",
"--skip-optional",
"--no-progress",
)
location.set_description("Move systemd files into /usr")
self._add_hook(location, system_context, "_teardown", "systemd_cleanup")
with open(system_context.file_name("/usr/lib/os-release"), "r") as osr:
for l in osr:
l = l.strip()
if l.startswith("BUILD_ID="):
build_id = l[9:]
verbose(f"Installed {build_id}.")
system_context.set_substitution("DISTRO_VERSION_ID", build_id)
system_context.set_substitution("DISTRO_VERSION", build_id)
self._execute(location.next_line(), system_context, "create_os_release")