def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" if not os.path.exists(system_context.file_name("usr/bin/mkinitcpio")): info("Skipping initrd generation: No mkinitcpio binary.") return if not os.path.exists( os.path.join(system_context.boot_directory, "vmlinuz")): info("Skipping initrd generation: No vmlinuz in boot directory.") return self._vg = system_context.substitution("DEFAULT_VG", None) if not self._vg: self._vg = None self._image_fs = system_context.substitution("IMAGE_FS", "ext2") self._image_device = _deviceify( system_context.substitution("IMAGE_DEVICE", "")) self._image_options = system_context.substitution( "IMAGE_OPTIONS", "rw") name_prefix = system_context.substitution("DISTRO_ID", "clrm") name_version = system_context.substitution("DISTRO_VERSION_ID", system_context.timestamp) self._full_name = "{}_{}".format(name_prefix, name_version) initrd = args[0] to_clean_up = [] # type: typing.List[str] to_clean_up += "/boot/vmlinuz" to_clean_up += self._install_extra_binaries(location, system_context) to_clean_up += self._create_systemd_units(location, system_context) to_clean_up += self._install_mkinitcpio(location, system_context) to_clean_up += self._install_mkinitcpio_hooks(location, system_context) copy( system_context, os.path.join(system_context.boot_directory, "vmlinuz"), "/boot/vmlinuz", from_outside=True, ) run( "/usr/bin/mkinitcpio", "-p", "cleanroom", chroot=system_context.fs_directory, chroot_helper=self._binary(Binaries.CHROOT_HELPER), ) initrd_directory = os.path.dirname(initrd) os.makedirs(initrd_directory, exist_ok=True) move(system_context, "/boot/initramfs.img", initrd, to_outside=True) _cleanup_extra_files(location, system_context, *to_clean_up) self._remove_mkinitcpio(location, system_context) assert os.path.isfile(initrd)
def test_file_to_overwrite_file_move( populated_system_context: SystemContext) -> None: fs = populated_system_context.fs_directory filehelper.move(populated_system_context, '/usr/bin/ls', '/etc/passwd', force=True) assert not os.path.isfile(os.path.join(fs, 'usr/bin/ls')) assert _read_file(os.path.join(fs, 'etc/passwd')) == '/usr/bin/ls'
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" if not os.path.exists(system_context.file_name('usr/bin/mkinitcpio')): info('Skipping initrd generation: No mkinitcpio binary.') return if not os.path.exists( os.path.join(system_context.boot_directory, 'vmlinuz')): info('Skipping initrd generation: No vmlinuz in boot directory.') return self._vg = system_context.substitution('DEFAULT_VG', None) if not self._vg: self._vg = None self._image_fs = system_context.substitution('IMAGE_FS', 'ext2') self._image_device = \ _deviceify(system_context.substitution('IMAGE_DEVICE', '')) self._image_options = system_context.substitution( 'IMAGE_OPTIONS', 'rw') name_prefix = system_context.substitution('DISTRO_ID', 'clrm') name_version = system_context.substitution('DISTRO_VERSION_ID', system_context.timestamp) self._full_name = "{}_{}".format(name_prefix, name_version) initrd = args[0] to_clean_up = [] # type: typing.List[str] to_clean_up += '/boot/vmlinuz' to_clean_up += self._install_extra_binaries(location, system_context) to_clean_up += self._create_systemd_units(location, system_context) to_clean_up += self._install_mkinitcpio(location, system_context) to_clean_up += self._install_mkinitcpio_hooks(location, system_context) copy(system_context, os.path.join(system_context.boot_directory, 'vmlinuz'), '/boot/vmlinuz', from_outside=True) run('/usr/bin/mkinitcpio', '-p', 'cleanroom', chroot=system_context.fs_directory, chroot_helper=self._binary(Binaries.CHROOT_HELPER)) initrd_directory = os.path.dirname(initrd) os.makedirs(initrd_directory, exist_ok=True) move(system_context, '/boot/initramfs.img', initrd, to_outside=True) _cleanup_extra_files(location, system_context, *to_clean_up) self._remove_mkinitcpio(location, system_context) assert (os.path.isfile(initrd))
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" if not os.path.exists(os.path.join(system_context.boot_directory, "vmlinuz")): info("Skipping initrd generation: No vmlinuz in boot directory.") return initrd = args[0] self._install_dracut(location, system_context) copy( system_context, os.path.join(system_context.boot_directory, "vmlinuz"), "/boot/vmlinuz", from_outside=True, ) dracut_args: typing.List[str] = [] kernel_version = system_context.substitution_expanded("KERNEL_VERSION", "") assert kernel_version run( "/usr/bin/dracut", *dracut_args, "--no-early-microcode", "--no-hostonly", "--no-compress", "--reproducible", "--omit", "iscsi nbd network network-legacy nfs qemu qemu-net stratis", "--add", "busybox", "/boot/initramfs.img", kernel_version, chroot=system_context.fs_directory, chroot_helper=self._binary(Binaries.SYSTEMD_NSPAWN), ) initrd_directory = os.path.dirname(initrd) os.makedirs(initrd_directory, exist_ok=True) move(system_context, "/boot/initramfs.img", initrd, to_outside=True) self._remove_dracut(location, system_context) assert os.path.isfile(initrd)
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" if not os.path.exists( os.path.join(system_context.boot_directory, "vmlinuz")): info("Skipping initrd generation: No vmlinuz in boot directory.") return initrd = args[0] to_clean_up: typing.List[str] = [] to_clean_up += "/boot/vmlinuz" to_clean_up += self._install_mkinitcpio(location, system_context) copy( system_context, os.path.join(system_context.boot_directory, "vmlinuz"), "/boot/vmlinuz", from_outside=True, ) run( "/usr/bin/mkinitcpio", "-p", "cleanroom", chroot=system_context.fs_directory, chroot_helper=self._binary(Binaries.SYSTEMD_NSPAWN), ) initrd_directory = os.path.dirname(initrd) os.makedirs(initrd_directory, exist_ok=True) move(system_context, "/boot/initramfs.img", initrd, to_outside=True) _cleanup_extra_files(location, system_context, *to_clean_up) self._remove_mkinitcpio(location, system_context) assert os.path.isfile(initrd)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" move(system_context, *args, **kwargs)
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" if not os.path.exists(os.path.join(system_context.boot_directory, "vmlinuz")): info("Skipping initrd generation: No vmlinuz in boot directory.") return initrd = args[0] self._install_dracut(location, system_context) copy( system_context, os.path.join(system_context.boot_directory, "vmlinuz"), "/boot/vmlinuz", from_outside=True, ) dracut_args: typing.List[str] = [] modules = ( system_context.substitution_expanded("INITRD_EXTRA_MODULES", "") .replace(",", " ") .replace(" ", " ") .split(" ") ) modules = list(set(modules)) modules.sort() if modules: dracut_args += [ "--add-drivers", " ".join(modules), ] run( "/usr/bin/dracut", *dracut_args, "--no-early-microcode", "--no-hostonly", "--no-compress", "--reproducible", "--omit", "iscsi nbd network network-legacy nfs qemu qemu-net stratis", "--add", "busybox", "/boot/initramfs.img", chroot=system_context.fs_directory, chroot_helper=self._binary(Binaries.CHROOT_HELPER), ) initrd_directory = os.path.dirname(initrd) os.makedirs(initrd_directory, exist_ok=True) move(system_context, "/boot/initramfs.img", initrd, to_outside=True) self._remove_dracut(location, system_context) assert os.path.isfile(initrd)
def test_dir_to_dir_move(populated_system_context: SystemContext) -> None: fs = populated_system_context.fs_directory filehelper.move(populated_system_context, '/usr/bin', '/home') assert not os.path.isfile(os.path.join(fs, 'usr/bin/ls')) assert _read_file(os.path.join(fs, 'home/bin/ls')) == '/usr/bin/ls'
def test_dir_to_file_move(populated_system_context: SystemContext) -> None: with pytest.raises(OSError): filehelper.move(populated_system_context, '/usr/bin', '/etc/passwd')
def test_same_file_in_parent_move( populated_system_context: SystemContext) -> None: with pytest.raises(AssertionError): filehelper.move(populated_system_context, '/usr/bin/ls', '/usr/bin')
def test_same_file_different_path_move( populated_system_context: SystemContext) -> None: with pytest.raises(OSError): filehelper.move(populated_system_context, '/usr/bin/ls', '/usr/../usr/bin/ls')
def test_file_to_file_move(populated_system_context: SystemContext) -> None: fs = populated_system_context.fs_directory filehelper.move(populated_system_context, '/usr/bin/ls', '/etc/foo') assert not os.path.exists(os.path.join(fs, 'usr/bin/ls')) assert _read_file(os.path.join(fs, 'etc/foo')) == '/usr/bin/ls'
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, "pacman", "usbguard") # Do setup: # enable the daemon (actually set up socket activation) self._execute( location.next_line(), system_context, "systemd_enable", "usbguard-dbus.service", ) create_file( system_context, "/usr/lib/tmpfiles.d/usbguard.conf", textwrap.dedent("""\ d /var/log/usbguard 0750 root root - - d /var/etc/usbguard 0750 root root - - C /var/etc/usbguard - - - - - """).encode("utf-8"), ) self._execute( location.next_line(), system_context, "sed", "/RuleFile=\\/etc/ cRuleFile=/var/etc/usbguard/rules.conf", "/etc/usbguard/usbguard-daemon.conf", ) self._execute( location.next_line(), system_context, "sed", "/IPCAccessControlFiles=\\/etc/ cIPCAccessControlFiles=/var/etc/usbguard/IPCAccessControl.d", "/etc/usbguard/usbguard-daemon.conf", ) self._execute( location.next_line(), system_context, "sed", "/ImplicitPolicyTarget=/ cImplicitPolicyTarget=allow", "/etc/usbguard/usbguard-daemon.conf", ) makedirs(system_context, "/usr/share/factory/var/etc/usbguard/IPCaccessControl.d") move( system_context, "/etc/usbguard/usbguard-daemon.conf", "/usr/share/factory/var/etc/usbguard", ) create_file( system_context, "/usr/share/factory/var/etc/usbguard/rules.conf", b"", mode=0o600, ) remove( system_context, "/etc/usbguard", recursive=True, ) # Fix for https://github.com/USBGuard/usbguard/issues/287 makedirs(system_context, "/usr/lib/systemd/system/usbguard.service.d") create_file( system_context, "/usr/lib/systemd/system/usbguard.service.d/bugfix.conf", textwrap.dedent("""\ [Service] CapabilityBoundingSet=CAP_DAC_OVERRIDE ReadWritePaths=-/var/etc/usbguard/rules.conf ExecStart= ExecStart=/usr/bin/usbguard-daemon -k -c /var/etc/usbguard/usbguard-daemon.conf """).encode("utf-8"), )
def test_dir_to_dir_move(populated_system_context: SystemContext) -> None: fs = populated_system_context.fs_directory filehelper.move(populated_system_context, "/usr/bin", "/home") assert not os.path.isfile(os.path.join(fs, "usr/bin/ls")) assert _read_file(os.path.join(fs, "home/bin/ls")) == "/usr/bin/ls"
def test_file_to_existing_file_move( populated_system_context: SystemContext) -> None: with pytest.raises(OSError): filehelper.move(populated_system_context, "/usr/bin/ls", "/etc/passwd")
def test_file_to_file_move(populated_system_context: SystemContext) -> None: fs = populated_system_context.fs_directory filehelper.move(populated_system_context, "/usr/bin/ls", "/etc/foo") assert not os.path.exists(os.path.join(fs, "usr/bin/ls")) assert _read_file(os.path.join(fs, "etc/foo")) == "/usr/bin/ls"