image: add users and groups to edge/iot raw images

2022-09-05 23:15:50 +02:00 · 2022-09-05 23:15:50 +02:00 · 6cd3a34099
commit 6cd3a34099
parent 5bc66f0665
5 changed files with 51 additions and 11 deletions
--- a/internal/distro/fedora/images.go
+++ b/internal/distro/fedora/images.go
@ -285,6 +285,9 @@ func iotRawImage(workload workload.Workload,

 	img := image.NewOSTreeRawImage()

+	img.Users = users.UsersFromBP(customizations.GetUsers())
+	img.Groups = users.GroupsFromBP(customizations.GetGroups())
+
 	img.KernelOptionsAppend = []string{"modprobe.blacklist=vc4"}
 	img.Keyboard = "us"
 	img.Locale = "C.UTF-8"
--- a/internal/distro/rhel8/pipelines.go
+++ b/internal/distro/rhel8/pipelines.go
@ -13,6 +13,7 @@ import (
 	"github.com/osbuild/osbuild-composer/internal/distro"
 	"github.com/osbuild/osbuild-composer/internal/osbuild"
 	"github.com/osbuild/osbuild-composer/internal/rpmmd"
+	"github.com/osbuild/osbuild-composer/internal/users"
 )

 func qcow2Pipelines(t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, repos []rpmmd.RepoConfig, packageSetSpecs map[string][]rpmmd.PackageSpec, containers []container.Spec, rng *rand.Rand) ([]osbuild.Pipeline, error) {
@ -348,7 +349,7 @@ func edgeContainerPipelines(t *imageType, customizations *blueprint.Customizatio
 	return pipelines, nil
 }

-func edgeImagePipelines(t *imageType, filename string, options distro.ImageOptions, rng *rand.Rand) ([]osbuild.Pipeline, string, error) {
+func edgeImagePipelines(t *imageType, customizations *blueprint.Customizations, filename string, options distro.ImageOptions, rng *rand.Rand) ([]osbuild.Pipeline, string, error) {
 	pipelines := make([]osbuild.Pipeline, 0)
 	ostreeRepoPath := "/ostree/repo"
 	imgName := "image.raw"
@ -359,7 +360,7 @@ func edgeImagePipelines(t *imageType, filename string, options distro.ImageOptio
 	}

 	// prepare ostree deployment tree
-	treePipeline := ostreeDeployPipeline(t, partitionTable, ostreeRepoPath, nil, "", rng, options)
+	treePipeline := ostreeDeployPipeline(t, partitionTable, ostreeRepoPath, nil, "", rng, customizations, options)
 	pipelines = append(pipelines, *treePipeline)

 	// make raw image from tree
@ -380,7 +381,7 @@ func edgeRawImagePipelines(t *imageType, customizations *blueprint.Customization
 	imgName := t.filename

 	// create the raw image
-	imagePipelines, _, err := edgeImagePipelines(t, imgName, options, rng)
+	imagePipelines, _, err := edgeImagePipelines(t, customizations, imgName, options, rng)
 	if err != nil {
 		return nil, err
 	}
@ -813,7 +814,7 @@ func edgeSimplifiedInstallerPipelines(t *imageType, customizations *blueprint.Cu
 	installDevice := customizations.GetInstallationDevice()

 	// create the raw image
-	imagePipelines, imgPipelineName, err := edgeImagePipelines(t, imgName, options, rng)
+	imagePipelines, imgPipelineName, err := edgeImagePipelines(t, customizations, imgName, options, rng)
 	if err != nil {
 		return nil, err
 	}
@ -963,6 +964,7 @@ func ostreeDeployPipeline(
 	kernel *blueprint.KernelCustomization,
 	kernelVer string,
 	rng *rand.Rand,
+	c *blueprint.Customizations,
 	options distro.ImageOptions,
 ) *osbuild.Pipeline {

@ -1030,7 +1032,19 @@ func ostreeDeployPipeline(
 	}
 	p.AddStage(osbuild.NewFSTabStage(fstabOptions))

-	// TODO: Add users?
+	if bpUsers := c.GetUsers(); len(bpUsers) > 0 {
+		usersStage, err := osbuild.GenUsersStage(users.UsersFromBP(bpUsers), false)
+		if err != nil {
+			panic(err)
+		}
+		usersStage.MountOSTree(osname, options.OSTree.Ref, 0)
+		p.AddStage(usersStage)
+	}
+	if bpGroups := c.GetGroups(); len(bpGroups) > 0 {
+		groupsStage := osbuild.GenGroupsStage(users.GroupsFromBP(bpGroups))
+		groupsStage.MountOSTree(osname, options.OSTree.Ref, 0)
+		p.AddStage(groupsStage)
+	}

 	p.AddStage(bootloaderConfigStage(t, *pt, kernel, kernelVer, true, true))

--- a/internal/distro/rhel9/pipelines.go
+++ b/internal/distro/rhel9/pipelines.go
@ -14,6 +14,7 @@ import (
 	"github.com/osbuild/osbuild-composer/internal/distro"
 	"github.com/osbuild/osbuild-composer/internal/osbuild"
 	"github.com/osbuild/osbuild-composer/internal/rpmmd"
+	"github.com/osbuild/osbuild-composer/internal/users"
 )

 func qcow2Pipelines(t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, repos []rpmmd.RepoConfig, packageSetSpecs map[string][]rpmmd.PackageSpec, containers []container.Spec, rng *rand.Rand) ([]osbuild.Pipeline, error) {
@ -340,7 +341,7 @@ func edgeContainerPipelines(t *imageType, customizations *blueprint.Customizatio
 	return pipelines, nil
 }

-func edgeImagePipelines(t *imageType, filename string, options distro.ImageOptions, rng *rand.Rand) ([]osbuild.Pipeline, string, error) {
+func edgeImagePipelines(t *imageType, customizations *blueprint.Customizations, filename string, options distro.ImageOptions, rng *rand.Rand) ([]osbuild.Pipeline, string, error) {
 	pipelines := make([]osbuild.Pipeline, 0)
 	ostreeRepoPath := "/ostree/repo"
 	imgName := "image.raw"
@ -351,7 +352,7 @@ func edgeImagePipelines(t *imageType, filename string, options distro.ImageOptio
 	}

 	// prepare ostree deployment tree
-	treePipeline := ostreeDeployPipeline(t, partitionTable, ostreeRepoPath, rng, options)
+	treePipeline := ostreeDeployPipeline(t, partitionTable, ostreeRepoPath, rng, customizations, options)
 	pipelines = append(pipelines, *treePipeline)

 	// make raw image from tree
@ -372,7 +373,7 @@ func edgeRawImagePipelines(t *imageType, customizations *blueprint.Customization
 	imgName := t.filename

 	// create the raw image
-	imagePipelines, _, err := edgeImagePipelines(t, imgName, options, rng)
+	imagePipelines, _, err := edgeImagePipelines(t, customizations, imgName, options, rng)
 	if err != nil {
 		return nil, err
 	}
@ -812,7 +813,7 @@ func edgeSimplifiedInstallerPipelines(t *imageType, customizations *blueprint.Cu
 	installDevice := customizations.GetInstallationDevice()

 	// create the raw image
-	imagePipelines, imgPipelineName, err := edgeImagePipelines(t, imgName, options, rng)
+	imagePipelines, imgPipelineName, err := edgeImagePipelines(t, customizations, imgName, options, rng)
 	if err != nil {
 		return nil, err
 	}
@ -958,6 +959,7 @@ func ostreeDeployPipeline(
 	pt *disk.PartitionTable,
 	repoPath string,
 	rng *rand.Rand,
+	c *blueprint.Customizations,
 	options distro.ImageOptions,
 ) *osbuild.Pipeline {

@ -1025,7 +1027,19 @@ func ostreeDeployPipeline(
 	}
 	p.AddStage(osbuild.NewFSTabStage(fstabOptions))

-	// TODO: Add users?
+	if bpUsers := c.GetUsers(); len(bpUsers) > 0 {
+		usersStage, err := osbuild.GenUsersStage(users.UsersFromBP(bpUsers), false)
+		if err != nil {
+			panic(err)
+		}
+		usersStage.MountOSTree(osname, options.OSTree.Ref, 0)
+		p.AddStage(usersStage)
+	}
+	if bpGroups := c.GetGroups(); len(bpGroups) > 0 {
+		groupsStage := osbuild.GenGroupsStage(users.GroupsFromBP(bpGroups))
+		groupsStage.MountOSTree(osname, options.OSTree.Ref, 0)
+		p.AddStage(groupsStage)
+	}

 	p.AddStage(bootloaderConfigStage(t, *pt, "", true, true))

--- a/internal/image/ostree_raw.go
+++ b/internal/image/ostree_raw.go
@ -10,6 +10,7 @@ import (
 	"github.com/osbuild/osbuild-composer/internal/platform"
 	"github.com/osbuild/osbuild-composer/internal/rpmmd"
 	"github.com/osbuild/osbuild-composer/internal/runner"
+	"github.com/osbuild/osbuild-composer/internal/users"
 	"github.com/osbuild/osbuild-composer/internal/workload"
 )

@ -20,6 +21,9 @@ type OSTreeRawImage struct {
 	Workload       workload.Workload
 	PartitionTable *disk.PartitionTable

+	Users  []users.User
+	Groups []users.Group
+
 	OSTreeURL    string
 	OSTreeRef    string
 	OSTreeCommit string
@ -53,6 +57,8 @@ func (img *OSTreeRawImage) InstantiateManifest(m *manifest.Manifest,
 	osPipeline.KernelOptionsAppend = img.KernelOptionsAppend
 	osPipeline.Keyboard = img.Keyboard
 	osPipeline.Locale = img.Locale
+	osPipeline.Users = img.Users
+	osPipeline.Groups = img.Groups

 	imagePipeline := manifest.NewRawOStreeImage(m, buildPipeline, img.Platform, osPipeline)

--- a/internal/manifest/commit_deployment.go
+++ b/internal/manifest/commit_deployment.go
@ -166,11 +166,14 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
 		if err != nil {
 			panic("password encryption failed")
 		}
+		usersStage.MountOSTree(p.osName, p.osTreeRef, 0)
 		pipeline.AddStage(usersStage)
 	}

 	if len(p.Groups) > 0 {
-		pipeline.AddStage(osbuild.GenGroupsStage(p.Groups))
+		grpStage := osbuild.GenGroupsStage(p.Groups)
+		grpStage.MountOSTree(p.osName, p.osTreeRef, 0)
+		pipeline.AddStage(grpStage)
 	}

 	// if no root password is set, lock the root account