def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any ) -> None: """Execute command.""" self._execute( location, system_context, "pacman", "quassel-core", "postgresql-libs" ) self._execute( location.next_line(), system_context, "systemd_harden_unit", "quassel.service", ) self._execute( location.next_line(), system_context, "systemd_enable", "quassel.service" ) self._execute( location.next_line(), system_context, "net_firewall_open_port", 4242, protocol="tcp", comment="Quassel", )
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" # Nested virtualization: self._execute(location, system_context, 'create', '/etc/modprobe.d/kvm_intel.conf', 'options kvm_intel nested=1') # Intel ucode: location.set_description('Install intel-ucode') self._execute(location, system_context, 'pacman', 'intel-ucode') initrd_parts = os.path.join(system_context.boot_directory, 'initrd-parts') os.makedirs(initrd_parts, exist_ok=True) self._execute(location, system_context, 'move', '/boot/intel-ucode.img', os.path.join(initrd_parts, '00-intel-ucode'), to_outside=True) # enable kms: self._execute(location.next_line(), system_context, 'sed', 's/^MODULES=(/MODULES=(crc32c-intel /', '/etc/mkinitcpio.conf') # Clean out firmware: self._execute(location.next_line(), system_context, 'remove', '/usr/lib/firmware/amd-ucode/*', force=True)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._setup(*args, **kwargs) h2('Exporting system "{}".'.format(system_context.system_name)) debug('Running Hooks.') self._run_all_exportcommand_hooks(system_context) verbose('Preparing system for export.') self.prepare_for_export(location, system_context) info('Validating installation for export.') if not self._skip_validation: _validate_installation(location.next_line(), system_context) export_directory \ = self.create_export_directory(system_context) assert export_directory system_context.set_substitution('EXPORT_DIRECTORY', export_directory) verbose('Exporting all data in {}.'.format(export_directory)) self._execute(location.next_line(), system_context, '_export_directory', export_directory, compression=self._repository_compression, compression_level=self._repository_compression_level, repository=self._repository) info('Cleaning up export location.') self.delete_export_directory(export_directory)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, 'pacman', 'avahi') # Do setup: # Fix missing symlink: self._execute(location.next_line(), system_context, 'symlink', 'avahi-daemon.service', 'dbus-org.freedesktop.Avahi.service', work_directory='/usr/lib/systemd/system') # enable the daemon (actually set up socket activation) self._execute(location.next_line(), system_context, 'systemd_enable', 'avahi-daemon.service') # Open the firewall for it: self._execute(location.next_line(), system_context, 'net_firewall_open_port', '5353', protocol='udp', comment='Avahi') # Edit /etc/nsswitch.conf: self._execute( location.next_line(), system_context, 'sed', '/^hosts\\s*:/ s/resolve/mdns_minimal ' '[NOTFOUND=return] resolve/', '/etc/nsswitch.conf')
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" # Enable KMS: self._execute(location, system_context, 'pkg_intel_kms') self._execute(location, system_context, 'pkg_xorg') # Set some kernel parameters: cmdline = system_context.substitution('KERNEL_CMDLINE', '') if cmdline: cmdline += ' ' cmdline += 'intel_iommu=igfx_off i915.fastboot=1' system_context.set_substitution('KERNEL_CMDLINE', cmdline) self._execute(location, system_context, 'pacman', 'libva-intel-driver', 'mesa', 'vulkan-intel', 'xf86-video-intel', 'intel-media-driver') self._execute(location.next_line(), system_context, 'create', '/etc/modprobe.d/i915-guc.conf', 'options i915 enable_guc=3') self._execute(location.next_line(), system_context, 'remove', '/usr/lib/firmware/amdgpu/*', '/usr/lib/firmware/nvidia/*', '/usr/lib/firmware/radeon/*', force=True, recursive=True)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" pacman_setup(system_context, kwargs.get("config", "")) pacman_key_command = self._binary(Binaries.PACMAN_KEY) pacman_keyinit(system_context, pacman_key_command=pacman_key_command) # Allow for customizations of the pacman keyring to happen: self._execute( location.next_line(), system_context, "_pacman_keyinit", pacman_key=pacman_key_command, gpg_dir=gpg_directory(system_context), ) pacstrap(system_context, *args, pacman_command=self._binary(Binaries.PACMAN), chroot_helper=self._binary(Binaries.SYSTEMD_NSPAWN), **kwargs) self._execute(location.next_line(), system_context, "create_os_release") self._setup_hooks(location, system_context)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" for f in args: source = (f if os.path.isabs(f) else os.path.join( system_context.systems_definition_directory or "", f)) dest = os.path.join("/etc/ca-certificates/trust-source/anchors", os.path.basename(f)) self._execute( location.next_line(), system_context, "copy", source, dest, from_outside=True, ) self._execute( location.next_line(), system_context, "chmod", stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH, dest, ) run( "/usr/bin/trust", "extract-compat", chroot=system_context.fs_directory, chroot_helper=self._binary(Binaries.CHROOT_HELPER), )
def _setup_hooks(self, location: Location, system_context: SystemContext) -> None: i_gpg_dir = "/usr/lib/pacman/gpg" i_packages = "/var/cache/pacman/pkg/*" location.set_description("cleanup pacman-key files (internal)") self._add_hook( location, system_context, "_teardown", "remove", i_gpg_dir + "/S.*", i_gpg_dir + "/pubring.gpg~", i_gpg_dir + "/secring.gpg*", "/var/log/pacman.log", i_packages, recursive=True, force=True, ) location.set_description("Cleanup pacman-key files (external)") o_gpg_dir = os.path.join(system_context.meta_directory, "pacman/gpg") self._add_hook( location, system_context, "_teardown", "remove", o_gpg_dir + "/S.*", o_gpg_dir + "/pubring.gpg~", o_gpg_dir + "/secring.gpg*", recursive=True, force=True, outside=True, ) location.set_description("Move systemd files into /usr") self._add_hook(location, system_context, "_teardown", "systemd_cleanup") location.set_description("Moving /opt into /usr") self._add_hook(location.next_line(), system_context, "export", "move", "/opt", "/usr") self._add_hook( location, system_context, "export", "symlink", "usr/opt", "opt", work_directory="/", ) location.set_description("Writing package information to FS.") self._add_hook(location.next_line(), system_context, "export", "_pacman_write_package_data") system_context.set_substitution("DISTRO_ID_LIKE", "archlinux")
def _install_mkinitcpio( self, location: Location, system_context: SystemContext) -> typing.Sequence[str]: to_clean_up = [ "/etc/mkinitcpio.d", "/etc/mkinitcpio.conf", "/boot/vmlinu*" ] location.set_description("Install mkinitcpio") self._execute(location, system_context, "pacman", "mkinitcpio") location.set_description("Fix up mkinitcpio.conf") self._execute( location.next_line(), system_context, "sed", "/^HOOKS=/ " "cHOOKS=(base systemd keyboard sd-vconsole " "sd-encrypt block sd-lvm2 filesystems btrfs " "sd-shutdown)", "/etc/mkinitcpio.conf", ) self._execute( location.next_line(), system_context, "append", "/etc/mkinitcpio.conf", 'COMPRESSION="cat"', ) location.set_description("Create mkinitcpio presets") create_file( system_context, "/etc/mkinitcpio.d/cleanroom.preset", textwrap.dedent("""\ # mkinitcpio preset file for cleanroom ALL_config="/etc/mkinitcpio.conf" ALL_kver="/boot/vmlinuz" PRESETS=('default') #default_config="/etc/mkinitcpio.conf" default_image="/boot/initramfs.img" #default_options="" """).encode("utf-8"), ) self._execute( location.next_line(), system_context, "sed", "s%/initramfs-linux.*.img%/initrd%", "/etc/mkinitcpio.d/cleanroom.preset", ) return to_clean_up
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, 'pacman', 'glusterfs', 'grep', 'python3') self._execute(location.next_line(), system_context, 'create', '/usr/lib/tmpfiles.d/mnt-gluster.conf', textwrap.dedent('''\ d /mnt/gluster 0700 root root - - d /mnt/gluster/0 0755 root root - - d /mnt/gluster/1 0755 root root - - d /mnt/gluster/2 0755 root root - - d /mnt/gluster/4 0755 root root - - '''), mode=0o644) self._execute(location.next_line(), system_context, 'mkdir', '/usr/lib/systemd/system/glusterd.service.d', mode=0o755) self._execute( location.next_line(), system_context, 'create', '/usr/lib/systemd/system/glusterd.service.d/override.conf', textwrap.dedent('''\ [Service] Type=simple ExecStart= ExecStart=/usr/bin/glusterd -N --log-file=- --log-level INFO PIDFile= KillMode=control-group Environment= EnvironmentFile= StateDirectory=glusterd RuntimeDirectory=gluster LogsDirectory=glusterfs '''), mode=0o644) self._execute(location.next_line(), system_context, 'systemd_harden_unit', 'glusterd.service', PrivateUsers=False) # Fix rdma usage which is not included in archlinux: self._execute( location.next_line(), system_context, 'sed', '/option transport-type/ coption transport type = socket', '/etc/glusterfs/glusterd.vol')
def _setup_hooks(self, location: Location, system_context: SystemContext) -> None: igpgdir = '/usr/lib/pacman/gpg' ipackages = '/var/cache/pacman/pkg/*' location.set_description('cleanup pacman-key files (internal)') self._add_hook(location, system_context, '_teardown', 'remove', igpgdir + '/S.*', igpgdir + '/pubring.gpg~', igpgdir + '/secring.gpg*', '/var/log/pacman.log', ipackages, recursive=True, force=True) location.set_description('Cleanup pacman-key files (external)') ogpgdir = os.path.join(system_context.meta_directory, 'pacman/gpg') self._add_hook(location, system_context, '_teardown', 'remove', ogpgdir + '/S.*', ogpgdir + '/pubring.gpg~', ogpgdir + '/secring.gpg*', recursive=True, force=True, outside=True) location.set_description('Move systemd files into /usr') self._add_hook(location, system_context, '_teardown', 'systemd_cleanup') location.set_description('Moving /opt into /usr') self._add_hook(location.next_line(), system_context, 'export', 'move', '/opt', '/usr') self._add_hook(location, system_context, 'export', 'symlink', 'usr/opt', 'opt', work_directory='/') location.set_description('Writing package information to FS.') self._add_hook(location.next_line(), system_context, 'export', '_pacman_write_package_data')
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any ) -> None: """Execute command.""" # Enable KMS: self._execute(location, system_context, "pkg_intel_kms") self._execute(location, system_context, "pkg_xorg") # Set some kernel parameters: system_context.set_or_append_substitution( "KERNEL_CMDLINE", "intel_iommu=igfx_off i915.fastboot=1" ) self._execute( location, system_context, "pacman", "libva-intel-driver", "mesa", "vulkan-intel", "xf86-video-intel", "intel-media-driver", ) self._execute( location.next_line(), system_context, "create", "/etc/modprobe.d/i915-guc.conf", "options i915 enable_guc=3", ) self._execute( location.next_line(), system_context, "remove", "/usr/lib/firmware/amdgpu/*", "/usr/lib/firmware/nvidia/*", "/usr/lib/firmware/radeon/*", force=True, recursive=True, )
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, 'pacman', 'quassel-core', 'postgresql-libs') self._execute(location.next_line(), system_context, 'systemd_harden_unit', 'quassel.service') self._execute(location.next_line(), system_context, 'systemd_enable', 'quassel.service') self._execute(location.next_line(), system_context, 'net_firewall_open_port', 4242, protocol='tcp', comment='Quassel')
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, 'pacman', 'xorg-server', 'xorg-server-xwayland') # Copy snippets from systems config folder: copy(system_context, self._config_directory(system_context) + '/*', '/etc/X11/xorg.conf.d', from_outside=True, recursive=True) chown(system_context, 0, 0, '/etc/X11/xorg.conf.d/*') chmod(system_context, 0o644, '/etc/X11/xorg.conf.d/*') create_file(system_context, '/etc/X11/xinit/xinitrc.d/99-access-to-user.sh', textwrap.dedent('''\ #!/usr/bin/bash # Allow local access for the user: xhost "+local:$$USER" ''').encode('utf-8'), mode=0o755) # Install some extra fonts: self._execute(location.next_line(), system_context, 'pkg_fonts')
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" old_machine_id = system_context.substitution("MACHINE_ID", "") if old_machine_id: raise GenerateError( f'Machine-id was already set to "{old_machine_id}".', location=location, ) machine_id = args[0] system_context.set_substitution("MACHINE_ID", machine_id) machine_id += "\n" self._execute( location.next_line(), system_context, "create", "/etc/machine-id", machine_id, )
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, 'pacman', 'tmux') self._execute(location.next_line(), system_context, 'create', '/root/.tmux.conf', textwrap.dedent('''\ # Set activation key to ctrl-A: set-option -g prefix C-a # Rebind splitting to | and -: unbind % bind | split-window -h bind - split-window -v # Last window on C-a C-a: bind-key C-a last-window # Highlight active window set-window-option -g window-status-current-bg red # Set window notifications setw -g monitor-activity on set -g visual-activity on '''), mode=0o600)
def _harden_sshd(self, location: Location, system_context: SystemContext, **kwargs: typing.Any) -> None: # Install custom moduli moduli = os.path.join(self._config_directory(system_context), "moduli") if os.path.exists(moduli): self._execute( location.next_line(), system_context, "copy", moduli, "/etc/ssh/moduli", from_outside=True, force=True, ) # Config tweaks: self._set_sshd_config(location, system_context, "PasswordAuthentication", "no") self._set_sshd_config(location, system_context, "PermitEmptyPasswords", "no") self._set_sshd_config(location, system_context, "Protocol", "2") self._set_sshd_config_yes_or_no(location, system_context, "AllowTcpForwarding", **kwargs) self._set_sshd_config_yes_or_no(location, system_context, "GatewayPorts", **kwargs) self._set_sshd_config(location, system_context, "X11Forwarding", "no") self._set_sshd_config(location, system_context, "HostKey", "/etc/ssh/ssh_host_ed25519_key")
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" static_hostname = args[0] pretty_hostname = kwargs.get("pretty", static_hostname) if system_context.substitution("HOSTNAME", ""): raise GenerateError("Hostname was already set.", location=location) system_context.set_substitution("HOSTNAME", static_hostname) system_context.set_substitution("PRETTY_HOSTNAME", pretty_hostname) self._execute(location, system_context, "create", "/etc/hostname", static_hostname) self._execute( location.next_line(), system_context, "sed", f'/^PRETTY_HOSTNAME=/ cPRETTY_HOSTNAME="{pretty_hostname}"', "/etc/machine.info", )
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" location.set_description('Handle different kernel flavors') vmlinuz = os.path.join(system_context.boot_directory, 'vmlinuz') makedirs(system_context, '/etc/mkinitcpio.d', exist_ok=True) # Clean up after the mkinitcpio hook: for kernel in ( '', '-hardened', '-lts', '-zen', '-git', ): remove('/boot/vmlinuz{}'.format(kernel), force=True) # New style linux packages that put vmlinuz into /usr/lib/modules: self._execute(location.next_line(), system_context, 'move', '/usr/lib/modules/*/vmlinuz', vmlinuz, to_outside=True, ignore_missing_sources=True) assert (os.path.isfile(vmlinuz))
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" location.set_description("Handle different kernel flavors") vmlinuz = os.path.join(system_context.boot_directory, "vmlinuz") makedirs(system_context, "/etc/mkinitcpio.d", exist_ok=True) # Clean up after the mkinitcpio hook: for kernel in ( "", "-hardened", "-lts", "-zen", "-git", ): remove("/boot/vmlinuz{}".format(kernel), force=True) # New style linux packages that put vmlinuz into /usr/lib/modules: self._execute( location.next_line(), system_context, "move", "/usr/lib/modules/*/vmlinuz", vmlinuz, to_outside=True, ignore_missing_sources=True, ) assert os.path.isfile(vmlinuz)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" # Set some kernel parameters for: system_context.set_or_append_substitution( "KERNEL_CMDLINE", "nvidia-drm.modeset=1 nouveau.blacklist=1") self._execute( location, system_context, "pacman", "nvidia", "nvidia-settings", "nvidia-utils", "opencl-nvidia", "libvdpau", "lib32-libvdpau", "lib32-nvidia-utils", "lib32-opencl-nvidia", "vdpauinfo", "mesa", "mesa-demos", ) self._execute( location.next_line(), system_context, "create", "/etc/modprobe.d/nouveau-blacklist.conf", "blacklist nouveau", )
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" target = args[0] systemd_directory = "/usr/lib/systemd/system/" target_path = systemd_directory + args[0] if not isfile(system_context, target_path): raise GenerateError( 'Target "{}" does not exist or is no file. ' "Can not use as default target.".format(target)) default = "default.target" default_path = systemd_directory + "default.target" self._execute(location, system_context, "remove", default_path, force=True) self._execute( location.next_line(), system_context, "symlink", target, default, work_directory=systemd_directory, ) system_context.set_substitution("DEFAULT_BOOT_TARGET", target)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" self._execute(location, system_context, "pacman", "xorg-server", "xorg-server-xwayland") # Copy snippets from systems config folder: copy( system_context, self._config_directory(system_context) + "/*", "/etc/X11/xorg.conf.d", from_outside=True, recursive=True, ) chown(system_context, 0, 0, "/etc/X11/xorg.conf.d/*") chmod(system_context, 0o644, "/etc/X11/xorg.conf.d/*") create_file( system_context, "/etc/X11/xinit/xinitrc.d/99-access-to-user.sh", textwrap.dedent("""\ #!/usr/bin/bash # Allow local access for the user: xhost "+local:$$USER" """).encode("utf-8"), mode=0o755, ) # Install some extra fonts: self._execute(location.next_line(), system_context, "pkg_fonts")
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" old_base = system_context.file_name("/etc/systemd/system") + "/" new_base = system_context.file_name("/usr/lib/systemd/system") + "/" trace("walking:", old_base) for root, _dirs, files in os.walk(old_base): for f in files: full_path = os.path.join(root, f) trace("Checking", full_path) if os.path.islink(full_path): trace("Moving link", full_path) _move_symlink(location, system_context, old_base, new_base, full_path) else: trace("Moving file", full_path) _move_file(location, old_base, new_base, full_path) self._execute( location.next_line(), system_context, "remove", "/etc/systemd/system/*", recursive=True, force=True, )
def _create_complete_kernel( self, location: Location, system_context: SystemContext, cmdline: str, *, kernel_file: str, efi_key: str, efi_cert: str, ): self._create_efi_kernel( location, system_context, cmdline, kernel_file=kernel_file, ) if efi_key and efi_cert: debug("Signing EFI kernel.") location.set_description("Sign EFI kernel") self._execute( location.next_line(), system_context, "sign_efi_binary", kernel_file, key=efi_key, cert=efi_cert, outside=True, keep_unsigned=False, ) trace(f"Validating existence of {kernel_file}.") assert os.path.isfile(kernel_file)
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" etc = "/etc" localtime = "localtime" etc_localtime = etc + "/" + localtime timezone = args[0] full_timezone = "../usr/share/zoneinfo/" + timezone if not exists(system_context, full_timezone, work_directory=etc): raise GenerateError( f'Timezone "{timezone}" not found when trying to set timezone.', location=location, ) self._execute(location, system_context, "remove", etc_localtime) self._execute( location.next_line(), system_context, "symlink", full_timezone, localtime, work_directory="/etc", )
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any ) -> None: """Execute command.""" self._execute(location, system_context, "pacman", "avahi") # Do setup: # Fix missing symlink: self._execute( location.next_line(), system_context, "symlink", "avahi-daemon.service", "dbus-org.freedesktop.Avahi.service", work_directory="/usr/lib/systemd/system", ) # enable the daemon (actually set up socket activation) self._execute( location.next_line(), system_context, "systemd_enable", "avahi-daemon.service", ) # Open the firewall for it: self._execute( location.next_line(), system_context, "net_firewall_open_port", "5353", protocol="udp", comment="Avahi", ) # Edit /etc/nsswitch.conf: self._execute( location.next_line(), system_context, "sed", "/^hosts\\s*:/ s/resolve/mdns_minimal " "[NOTFOUND=return] resolve/", "/etc/nsswitch.conf", )
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" user = args[0] keyfile = args[1] info(f"Adding ssh key to {user}'s authorized_keys file.") data = UserHelper.user_data(user, root_directory=system_context.fs_directory) if data is None: raise GenerateError( f'"{self.name}" could not find user "{user}".', location=location, ) trace(f"{user} mapping: UID {data.uid}, GID {data.gid}, home: {data.home}.") self._check_or_create_directory( location, system_context, data.home, mode=0o750, user=data.uid, group=data.gid, ) ssh_directory = os.path.join(data.home, ".ssh") self._check_or_create_directory( location, system_context, ssh_directory, mode=0o700, user=data.uid, group=data.gid, ) key = read_file(system_context, keyfile, outside=True).decode("utf-8") authorized_file = os.path.join(ssh_directory, "authorized_keys") line = "" options = kwargs.get("options", "") if options: line = options + " " + key + "\n" else: line += key + "\n" self._execute( location.next_line(), system_context, "append", authorized_file, line, force=True, ) chown(system_context, data.uid, data.gid, authorized_file) chmod(system_context, 0o600, authorized_file)
def __call__(self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any) -> None: """Execute command.""" # Nested virtualization: self._execute( location, system_context, "create", "/etc/modprobe.d/kvm_intel.conf", "options kvm_intel nested=1", ) # Intel ucode: location.set_description("Install intel-ucode") self._execute(location, system_context, "pacman", "intel-ucode") initrd_parts = os.path.join(system_context.boot_directory, "initrd-parts") os.makedirs(initrd_parts, exist_ok=True) self._execute( location, system_context, "move", "/boot/intel-ucode.img", os.path.join(initrd_parts, "00-intel-ucode"), to_outside=True, ) # enable kms: self._execute( location.next_line(), system_context, "sed", "s/^MODULES=(/MODULES=(crc32c-intel /", "/etc/mkinitcpio.conf", ) # Clean out firmware: self._execute( location.next_line(), system_context, "remove", "/usr/lib/firmware/amd-ucode/*", force=True, )
def __call__( self, location: Location, system_context: SystemContext, *args: typing.Any, **kwargs: typing.Any, ) -> None: """Execute command.""" ## validate package type: if system_context.substitution("CLRM_PACKAGE_TYPE", ""): raise GenerateError( "Trying to run swupd_init on a system that already has a CLRM_PACKAGE_TYPE defined." ) system_context.set_substitution("CLRM_PACKAGE_TYPE", "swupd") run( self._binary(Binaries.SWUPD), "autoupdate", f"--path={system_context.fs_directory}", "--disable", "--no-progress", returncode=28, ) # Setup update-helper so that swupd os-install will actually work: os.makedirs(system_context.file_name("/usr/bin")) with open(system_context.file_name("/usr/bin/update-helper"), "wb") as fd: fd.write( dedent( """\ #!/usr/bin/sh exit 0 """ ).encode("utf-8") ) os.chmod(system_context.file_name("/usr/bin/update-helper"), 0o755) run( self._binary(Binaries.SWUPD), "os-install", f"--path={system_context.fs_directory}", "--skip-optional", "--no-progress", ) location.set_description("Move systemd files into /usr") self._add_hook(location, system_context, "_teardown", "systemd_cleanup") with open(system_context.file_name("/usr/lib/os-release"), "r") as osr: for l in osr: l = l.strip() if l.startswith("BUILD_ID="): build_id = l[9:] verbose(f"Installed {build_id}.") system_context.set_substitution("DISTRO_VERSION_ID", build_id) system_context.set_substitution("DISTRO_VERSION", build_id) self._execute(location.next_line(), system_context, "create_os_release")