def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
modules = system_context.file_name("/usr/lib/modules")
if not os.path.isdir(modules):
return # No kernel installed, nothing to do.
for kver in [
f for f in os.listdir(modules)
if os.path.isdir(os.path.join(modules, f))
]:
location.set_description(
f"Run depmod for kernel version {kver}...")
self._execute(
location,
system_context,
"run",
self._binary(Binaries.DEPMOD),
"-a",
"-b",
system_context.fs_directory,
kver,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Shell cleanup:
location.set_description('Clear shell files')
self._add_hook(location,
system_context,
'_teardown',
'run',
'test',
'-x',
'/usr/bin/zsh',
'&&',
'rm',
'-rf',
'/usr/share/zsh',
shell=True,
returncode=None)
self._add_hook(location,
system_context,
'_teardown',
'run',
'test',
'-x',
'/usr/bin/bash',
'&&',
'rm',
'-rf',
'/usr/share/bash-completion',
shell=True,
returncode=None)
def _create_complete_kernel(
self,
location: Location,
system_context: SystemContext,
cmdline: str,
*,
kernel_file: str,
efi_key: str,
efi_cert: str,
):
self._create_efi_kernel(
location,
system_context,
cmdline,
kernel_file=kernel_file,
)
if efi_key and efi_cert:
debug("Signing EFI kernel.")
location.set_description("Sign EFI kernel")
self._execute(
location.next_line(),
system_context,
"sign_efi_binary",
kernel_file,
key=efi_key,
cert=efi_cert,
outside=True,
keep_unsigned=False,
)
trace(f"Validating existence of {kernel_file}.")
assert os.path.isfile(kernel_file)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Nested virtualization:
create_file(
system_context,
"/etc/modprobe.d/kvm_amd.conf",
"options kvm_amd nested=1".encode("utf-8"),
)
# AMD ucode:
location.set_description("Install amd-ucode")
self._execute(location, system_context, "pacman", "amd-ucode")
initrd_parts = os.path.join(system_context.boot_directory,
"initrd-parts")
os.makedirs(initrd_parts, exist_ok=True)
self._execute(
location,
system_context,
"move",
"/boot/amd-ucode.img",
os.path.join(initrd_parts, "00-amd-ucode"),
to_outside=True,
)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
modules = system_context.file_name("/usr/lib/modules")
if not os.path.isdir(modules):
return # No kernel installed, nothing to do.
kernel_version = system_context.substitution_expanded(
"KERNEL_VERSION", "")
assert kernel_version
location.set_description(
f"Run depmod for kernel version {kernel_version}...")
self._execute(
location,
system_context,
"run",
self._binary(Binaries.DEPMOD),
"-a",
"-b",
system_context.fs_directory,
kernel_version,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description('Handle different kernel flavors')
vmlinuz = os.path.join(system_context.boot_directory, 'vmlinuz')
makedirs(system_context, '/etc/mkinitcpio.d', exist_ok=True)
# Clean up after the mkinitcpio hook:
for kernel in (
'',
'-hardened',
'-lts',
'-zen',
'-git',
):
remove('/boot/vmlinuz{}'.format(kernel), force=True)
# New style linux packages that put vmlinuz into /usr/lib/modules:
self._execute(location.next_line(),
system_context,
'move',
'/usr/lib/modules/*/vmlinuz',
vmlinuz,
to_outside=True,
ignore_missing_sources=True)
assert (os.path.isfile(vmlinuz))
def _setup_hooks(
self,
location: Location,
system_context: SystemContext,
locales: typing.Sequence[str],
) -> None:
if not system_context.substitution("CLRM_LOCALES", ""):
location.set_description("run locale-gen")
self._add_hook(
location,
system_context,
"export",
"run",
"/usr/bin/locale-gen",
inside=True,
)
location.set_description("Remove locale related data.")
self._add_hook(
location,
system_context,
"export",
"remove",
"/usr/share/locale/*",
"/etc/locale.gen",
"/usr/bin/locale-gen",
"/usr/bin/localedef",
force=True,
recursive=True,
)
system_context.set_substitution("CLRM_LOCALES", ",".join(locales))
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
assert firewall_type(system_context) == "iptables"
location.set_description("Enable firewall")
to_enable: typing.List[str] = []
if os.path.exists(
system_context.file_name(
"/usr/lib/systemd/system/iptables.service")):
to_enable.append("iptables.service")
if os.path.exists(
system_context.file_name(
"/usr/lib/systemd/system/ip6tables.service")):
to_enable.append("ip6tables.service")
if os.path.exists(
system_context.file_name(
"/usr/lib/systemd/system/iptables-restore.service")):
to_enable.append("iptables-restore.service")
self._execute(
location,
system_context,
"systemd_enable",
*to_enable,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Nested virtualization:
self._execute(location, system_context, 'create',
'/etc/modprobe.d/kvm_intel.conf',
'options kvm_intel nested=1')
# Intel ucode:
location.set_description('Install intel-ucode')
self._execute(location, system_context, 'pacman', 'intel-ucode')
initrd_parts = os.path.join(system_context.boot_directory,
'initrd-parts')
os.makedirs(initrd_parts, exist_ok=True)
self._execute(location,
system_context,
'move',
'/boot/intel-ucode.img',
os.path.join(initrd_parts, '00-intel-ucode'),
to_outside=True)
# enable kms:
self._execute(location.next_line(), system_context, 'sed',
's/^MODULES=(/MODULES=(crc32c-intel /',
'/etc/mkinitcpio.conf')
# Clean out firmware:
self._execute(location.next_line(),
system_context,
'remove',
'/usr/lib/firmware/amd-ucode/*',
force=True)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
assert firewall_type(system_context) == 'iptables'
location.set_description('Enable firewall')
self._execute(location, system_context, 'systemd_enable',
'iptables.service', 'ip6tables.service')
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description("Handle different kernel flavors")
vmlinuz = os.path.join(system_context.boot_directory, "vmlinuz")
makedirs(system_context, "/etc/mkinitcpio.d", exist_ok=True)
# Clean up after the mkinitcpio hook:
for kernel in (
"",
"-hardened",
"-lts",
"-zen",
"-git",
):
remove("/boot/vmlinuz{}".format(kernel), force=True)
# New style linux packages that put vmlinuz into /usr/lib/modules:
self._execute(
location.next_line(),
system_context,
"move",
"/usr/lib/modules/*/vmlinuz",
vmlinuz,
to_outside=True,
ignore_missing_sources=True,
)
assert os.path.isfile(vmlinuz)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description('Strip development files')
self._add_hook(location,
system_context,
'export',
'remove',
'/usr/include/*',
'/usr/src/*',
'/usr/share/pkgconfig/*',
'/usr/lib/pkgconfig/*',
'/usr/share/aclocal/*',
'/usr/lib/cmake/*',
'/usr/share/gir-1.0/*',
recursive=True,
force=True)
# Remove .so symlinks:
directory = system_context.file_name('/usr/lib')
for f in os.listdir(directory):
fullname = os.path.join(directory, f)
if fullname.endswith('/libnss_files.so'):
continue
if fullname.endswith('.a') \
or (fullname.endswith('.so') and os.path.islink(fullname)):
os.unlink(fullname)
def __call__(
self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
**kwargs: typing.Any,
) -> None:
"""Execute command."""
## validate package type:
if system_context.substitution("CLRM_PACKAGE_TYPE", ""):
raise GenerateError(
"Trying to run swupd_init on a system that already has a CLRM_PACKAGE_TYPE defined."
)
system_context.set_substitution("CLRM_PACKAGE_TYPE", "swupd")
run(
self._binary(Binaries.SWUPD),
"autoupdate",
f"--path={system_context.fs_directory}",
"--disable",
"--no-progress",
returncode=28,
)
# Setup update-helper so that swupd os-install will actually work:
os.makedirs(system_context.file_name("/usr/bin"))
with open(system_context.file_name("/usr/bin/update-helper"), "wb") as fd:
fd.write(
dedent(
"""\
#!/usr/bin/sh
exit 0
"""
).encode("utf-8")
)
os.chmod(system_context.file_name("/usr/bin/update-helper"), 0o755)
run(
self._binary(Binaries.SWUPD),
"os-install",
f"--path={system_context.fs_directory}",
"--skip-optional",
"--no-progress",
)
location.set_description("Move systemd files into /usr")
self._add_hook(location, system_context, "_teardown", "systemd_cleanup")
with open(system_context.file_name("/usr/lib/os-release"), "r") as osr:
for l in osr:
l = l.strip()
if l.startswith("BUILD_ID="):
build_id = l[9:]
verbose(f"Installed {build_id}.")
system_context.set_substitution("DISTRO_VERSION_ID", build_id)
system_context.set_substitution("DISTRO_VERSION", build_id)
self._execute(location.next_line(), system_context, "create_os_release")
def _setup_hooks(self, location: Location,
system_context: SystemContext) -> None:
i_gpg_dir = "/usr/lib/pacman/gpg"
i_packages = "/var/cache/pacman/pkg/*"
location.set_description("cleanup pacman-key files (internal)")
self._add_hook(
location,
system_context,
"_teardown",
"remove",
i_gpg_dir + "/S.*",
i_gpg_dir + "/pubring.gpg~",
i_gpg_dir + "/secring.gpg*",
"/var/log/pacman.log",
i_packages,
recursive=True,
force=True,
)
location.set_description("Cleanup pacman-key files (external)")
o_gpg_dir = os.path.join(system_context.meta_directory, "pacman/gpg")
self._add_hook(
location,
system_context,
"_teardown",
"remove",
o_gpg_dir + "/S.*",
o_gpg_dir + "/pubring.gpg~",
o_gpg_dir + "/secring.gpg*",
recursive=True,
force=True,
outside=True,
)
location.set_description("Move systemd files into /usr")
self._add_hook(location, system_context, "_teardown",
"systemd_cleanup")
location.set_description("Moving /opt into /usr")
self._add_hook(location.next_line(), system_context, "export", "move",
"/opt", "/usr")
self._add_hook(
location,
system_context,
"export",
"symlink",
"usr/opt",
"opt",
work_directory="/",
)
location.set_description("Writing package information to FS.")
self._add_hook(location.next_line(), system_context, "export",
"_pacman_write_package_data")
system_context.set_substitution("DISTRO_ID_LIKE", "archlinux")
def __call__(self,
location: Location,
system_context: SystemContext,
*args: typing.Any,
message: str = '',
**kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description(message)
self._add_hook(location, system_context, args[0], args[1], *args[2:],
**kwargs)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description("Run ldconfig")
self._add_hook(
location,
system_context,
"export",
"_depmod_all",
)
def _sign_efi_kernel(self, location: Location,
system_context: SystemContext, kernel: str, key: str,
cert: str) -> None:
location.set_description('Sign EFI kernel')
self._execute(location.next_line(),
system_context,
'sign_efi_binary',
kernel,
key=key,
cert=cert,
outside=True)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
location.set_description('Strip license files')
self._add_hook(location,
system_context,
'export',
'remove',
'/usr/share/licenses/*',
recursive=True,
force=True)
def _copy_extra_file(self, location: Location,
system_context: SystemContext,
extra_file: str) -> str:
location.set_description(
"Installing extra mkinitcpio file {}".format(extra_file))
helper_directory = self._helper_directory
assert helper_directory
source_path = os.path.join(helper_directory, extra_file)
dest_path = os.path.join("/usr/bin", extra_file)
copy(system_context, source_path, dest_path, from_outside=True)
chmod(system_context, 0o755, dest_path)
return dest_path
def _create_initramfs(self, location: Location,
system_context: SystemContext) -> bool:
location.set_description('Create initrd')
initrd_parts = os.path.join(system_context.boot_directory,
'initrd-parts')
os.makedirs(initrd_parts, exist_ok=True)
self._execute(location.next_line(), system_context, 'create_initrd',
os.path.join(initrd_parts, '50-mkinitcpio'))
return os.path.exists(
os.path.join(system_context.boot_directory,
'initrd-parts/50-mkinitcpio'))
def _setup_hooks(self, location: Location, system_context: SystemContext,
locales: typing.Sequence[str]) -> None:
if not system_context.has_substitution('CLRM_LOCALES'):
location.set_description('run locale-gen')
self._add_hook(location, system_context, 'export',
'run', '/usr/bin/locale-gen', inside=True)
location.set_description('Remove locale related data.')
self._add_hook(location, system_context, 'export',
'remove', '/usr/share/locale/*',
'/etc/locale.gen', '/usr/bin/locale-gen',
'/usr/bin/localedef',
force=True, recursive=True)
system_context.set_substitution('CLRM_LOCALES', ','.join(locales))
def __call__(self, location: Location, system_context: SystemContext,
*args: str, **kwargs: typing.Any) -> None:
"""Execute command."""
debootstrap(system_context, suite=kwargs.get('suite', ''),
target=system_context.fs_directory,
mirror=kwargs.get('mirror', ''),
variant=kwargs.get('variant', None),
include=kwargs.get('include', None),
exclude=kwargs.get('exclude', None),
debootstrap_command=self._binary(Binaries.DEBOOTSTRAP))
location.set_description('Move systemd files into /usr')
self._add_hook(location, system_context, '_teardown', 'systemd_cleanup')
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
for a in args:
location.set_description('Processing application {}.'.format(a))
desktop_file = '/usr/share/applications/{}.desktop'.format(a)
if not os.path.exists(system_context.file_name(desktop_file)):
raise GenerateError(
'Desktop file "{}" not found.'.format(desktop_file),
location=location)
self._execute(location.next_line(), system_context, 'sed',
'/^Exec=.*$$/ s!^Exec=!Exec=/usr/bin/firejail !',
desktop_file)
def _create_efi_kernel(self, location: Location,
system_context: SystemContext, kernel_name: str,
cmdline: str) -> None:
location.set_description('Create EFI kernel')
boot_directory = system_context.boot_directory
self._execute(location.next_line(),
system_context,
'create_efi_kernel',
kernel_name,
kernel=os.path.join(boot_directory, 'vmlinuz'),
initrd_directory=os.path.join(boot_directory,
'initrd-parts'),
commandline=cmdline)
def _setup_hooks(self, location: Location,
system_context: SystemContext) -> None:
igpgdir = '/usr/lib/pacman/gpg'
ipackages = '/var/cache/pacman/pkg/*'
location.set_description('cleanup pacman-key files (internal)')
self._add_hook(location,
system_context,
'_teardown',
'remove',
igpgdir + '/S.*',
igpgdir + '/pubring.gpg~',
igpgdir + '/secring.gpg*',
'/var/log/pacman.log',
ipackages,
recursive=True,
force=True)
location.set_description('Cleanup pacman-key files (external)')
ogpgdir = os.path.join(system_context.meta_directory, 'pacman/gpg')
self._add_hook(location,
system_context,
'_teardown',
'remove',
ogpgdir + '/S.*',
ogpgdir + '/pubring.gpg~',
ogpgdir + '/secring.gpg*',
recursive=True,
force=True,
outside=True)
location.set_description('Move systemd files into /usr')
self._add_hook(location, system_context, '_teardown',
'systemd_cleanup')
location.set_description('Moving /opt into /usr')
self._add_hook(location.next_line(), system_context, 'export', 'move',
'/opt', '/usr')
self._add_hook(location,
system_context,
'export',
'symlink',
'usr/opt',
'opt',
work_directory='/')
location.set_description('Writing package information to FS.')
self._add_hook(location.next_line(), system_context, 'export',
'_pacman_write_package_data')
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Things to update/clean on export:
location.set_description('Remove kernel-install')
self._add_hook(location,
system_context,
'export',
'remove',
'/usr/lib/kernel',
'/etc/kernel',
'/usr/bin/kernel-install',
recursive=True,
force=True)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Things to update/clean on export:
location.set_description('Remove systemd-sysusers')
self._add_hook(location,
system_context,
'export',
'remove',
'/usr/lib/sysusers.d',
'/usr/bin/systemd-sysusers',
'/usr/lib/systemd/system/sysinit.target.wants/'
'systemd-sysusers.service',
'/usr/lib/systemd/system/systemd-sysusers.service',
recursive=True,
force=True)
def __call__(self, location: Location, system_context: SystemContext,
*args: str, **kwargs: typing.Any) -> None:
"""Execute command."""
debootstrap(
system_context,
suite=kwargs.get("suite", ""),
target=system_context.fs_directory,
mirror=kwargs.get("mirror", ""),
variant=kwargs.get("variant", ""),
include=kwargs.get("include", ""),
exclude=kwargs.get("exclude", ""),
debootstrap_command=self._binary(Binaries.DEBOOTSTRAP),
)
location.set_description("Move systemd files into /usr")
self._add_hook(location, system_context, "_teardown",
"systemd_cleanup")
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Nested virtualization:
self._execute(
location,
system_context,
"create",
"/etc/modprobe.d/kvm_intel.conf",
"options kvm_intel nested=1",
)
# Intel ucode:
location.set_description("Install intel-ucode")
self._execute(location, system_context, "pacman", "intel-ucode")
initrd_parts = os.path.join(system_context.boot_directory,
"initrd-parts")
os.makedirs(initrd_parts, exist_ok=True)
self._execute(
location,
system_context,
"move",
"/boot/intel-ucode.img",
os.path.join(initrd_parts, "00-intel-ucode"),
to_outside=True,
)
# enable kms:
self._execute(
location.next_line(),
system_context,
"sed",
"s/^MODULES=(/MODULES=(crc32c-intel /",
"/etc/mkinitcpio.conf",
)
# Clean out firmware:
self._execute(
location.next_line(),
system_context,
"remove",
"/usr/lib/firmware/amd-ucode/*",
force=True,
)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
# Things to update/clean on export:
location.set_description("Remove systemd-sysusers")
self._add_hook(
location,
system_context,
"export",
"remove",
"/usr/lib/sysusers.d",
"/usr/bin/systemd-sysusers",
"/usr/lib/systemd/system/*/systemd-sysusers.service",
"/usr/lib/systemd/system/systemd-sysusers.service",
recursive=True,
force=True,
)
