deps: update images to v0.24.0

Update the images dependency to v0.24.0 Includes the addition of the new FDO option 'di_mfg_string_type_mac_iface'.
2023-12-12 20:10:54 +01:00 · 2023-12-12 20:10:54 +01:00 · 6d57e01506
commit 6d57e01506
parent c6aa7d88d2
69 changed files with 765 additions and 261 deletions
--- a/vendor/github.com/osbuild/images/pkg/customizations/fdo/fdo.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/fdo/fdo.go
@ -0,0 +1,16 @@
+package fdo
+
+import "github.com/osbuild/images/pkg/blueprint"
+
+type Options struct {
+	ManufacturingServerURL  string
+	DiunPubKeyInsecure      string
+	DiunPubKeyHash          string
+	DiunPubKeyRootCerts     string
+	DiMfgStringTypeMacIface string
+}
+
+func FromBP(bpFDO blueprint.FDOCustomization) *Options {
+	fdo := Options(bpFDO)
+	return &fdo
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/fsnode/dir.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/fsnode/dir.go
@ -0,0 +1,34 @@
+package fsnode
+
+import "os"
+
+type Directory struct {
+	baseFsNode
+	ensureParentDirs bool
+}
+
+func (d *Directory) IsDir() bool {
+	return true
+}
+
+func (d *Directory) EnsureParentDirs() bool {
+	if d == nil {
+		return false
+	}
+	return d.ensureParentDirs
+}
+
+// NewDirectory creates a new directory with the given path, mode, user and group.
+// user and group can be either a string (user name/group name), an int64 (UID/GID) or nil.
+func NewDirectory(path string, mode *os.FileMode, user interface{}, group interface{}, ensureParentDirs bool) (*Directory, error) {
+	baseNode, err := newBaseFsNode(path, mode, user, group)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &Directory{
+		baseFsNode:       *baseNode,
+		ensureParentDirs: ensureParentDirs,
+	}, nil
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/fsnode/file.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/fsnode/file.go
@ -0,0 +1,36 @@
+package fsnode
+
+import (
+	"os"
+)
+
+type File struct {
+	baseFsNode
+	data []byte
+}
+
+func (f *File) IsDir() bool {
+	return false
+}
+
+func (f *File) Data() []byte {
+	if f == nil {
+		return nil
+	}
+	return f.data
+}
+
+// NewFile creates a new file with the given path, data, mode, user and group.
+// user and group can be either a string (user name/group name), an int64 (UID/GID) or nil.
+func NewFile(path string, mode *os.FileMode, user interface{}, group interface{}, data []byte) (*File, error) {
+	baseNode, err := newBaseFsNode(path, mode, user, group)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &File{
+		baseFsNode: *baseNode,
+		data:       data,
+	}, nil
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/fsnode/fsnode.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/fsnode/fsnode.go
@ -0,0 +1,133 @@
+package fsnode
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"regexp"
+)
+
+const usernameRegex = `^[A-Za-z0-9_.][A-Za-z0-9_.-]{0,31}$`
+const groupnameRegex = `^[A-Za-z0-9_][A-Za-z0-9_-]{0,31}$`
+
+type FsNode interface {
+	Path() string
+	Mode() *os.FileMode
+	// User can return either a string (user name/group name), an int64 (UID/GID) or nil
+	User() interface{}
+	// Group can return either a string (user name/group name), an int64 (UID/GID) or nil
+	Group() interface{}
+	IsDir() bool
+}
+
+type baseFsNode struct {
+	path  string
+	mode  *os.FileMode
+	user  interface{}
+	group interface{}
+}
+
+func (f *baseFsNode) Path() string {
+	if f == nil {
+		return ""
+	}
+	return f.path
+}
+
+func (f *baseFsNode) Mode() *os.FileMode {
+	if f == nil {
+		return nil
+	}
+	return f.mode
+}
+
+// User can return either a string (user name) or an int64 (UID)
+func (f *baseFsNode) User() interface{} {
+	if f == nil {
+		return nil
+	}
+	return f.user
+}
+
+// Group can return either a string (group name) or an int64 (GID)
+func (f *baseFsNode) Group() interface{} {
+	if f == nil {
+		return nil
+	}
+	return f.group
+}
+
+func newBaseFsNode(path string, mode *os.FileMode, user interface{}, group interface{}) (*baseFsNode, error) {
+	node := &baseFsNode{
+		path:  path,
+		mode:  mode,
+		user:  user,
+		group: group,
+	}
+
+	err := node.validate()
+	if err != nil {
+		return nil, err
+	}
+	return node, nil
+}
+
+func (f *baseFsNode) validate() error {
+	// Check that the path is valid
+	if f.path == "" {
+		return fmt.Errorf("path must not be empty")
+	}
+	if f.path[0] != '/' {
+		return fmt.Errorf("path must be absolute")
+	}
+	if f.path[len(f.path)-1] == '/' {
+		return fmt.Errorf("path must not end with a slash")
+	}
+	if f.path != path.Clean(f.path) {
+		return fmt.Errorf("path must be canonical")
+	}
+
+	// Check that the mode is valid
+	if f.mode != nil && *f.mode&os.ModeType != 0 {
+		return fmt.Errorf("mode must not contain file type bits")
+	}
+
+	// Check that the user and group are valid
+	switch user := f.user.(type) {
+	case string:
+		nameRegex := regexp.MustCompile(usernameRegex)
+		if !nameRegex.MatchString(user) {
+			return fmt.Errorf("user name %q doesn't conform to validating regex (%s)", user, nameRegex.String())
+		}
+	case int64:
+		if user < 0 {
+			return fmt.Errorf("user ID must be non-negative")
+		}
+	case nil:
+		// user is not set
+	default:
+		return fmt.Errorf("user must be either a string or an int64, got %T", user)
+	}
+
+	switch group := f.group.(type) {
+	case string:
+		nameRegex := regexp.MustCompile(groupnameRegex)
+		if !nameRegex.MatchString(group) {
+			return fmt.Errorf("group name %q doesn't conform to validating regex (%s)", group, nameRegex.String())
+		}
+	case int64:
+		if group < 0 {
+			return fmt.Errorf("group ID must be non-negative")
+		}
+	case nil:
+		// group is not set
+	default:
+		return fmt.Errorf("group must be either a string or an int64, got %T", group)
+	}
+
+	return nil
+}
+
+func (f *baseFsNode) IsDir() bool {
+	panic("IsDir() called on baseFsNode")
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/ignition/ignition.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/ignition/ignition.go
@ -0,0 +1,31 @@
+package ignition
+
+import (
+	"encoding/base64"
+	"errors"
+
+	"github.com/osbuild/images/pkg/blueprint"
+)
+
+type FirstBootOptions struct {
+	ProvisioningURL string
+}
+
+func FirstbootOptionsFromBP(bpIgnitionFirstboot blueprint.FirstBootIgnitionCustomization) *FirstBootOptions {
+	ignition := FirstBootOptions(bpIgnitionFirstboot)
+	return &ignition
+}
+
+type EmbeddedOptions struct {
+	Config string
+}
+
+func EmbeddedOptionsFromBP(bpIgnitionEmbedded blueprint.EmbeddedIgnitionCustomization) (*EmbeddedOptions, error) {
+	decodedConfig, err := base64.StdEncoding.DecodeString(bpIgnitionEmbedded.Config)
+	if err != nil {
+		return nil, errors.New("can't decode Ignition config")
+	}
+	return &EmbeddedOptions{
+		Config: string(decodedConfig),
+	}, nil
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/oscap/oscap.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/oscap/oscap.go
@ -0,0 +1,91 @@
+package oscap
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/osbuild/images/pkg/customizations/fsnode"
+)
+
+type Profile string
+
+func (p Profile) String() string {
+	return string(p)
+}
+
+const (
+	AnssiBp28Enhanced     Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced"
+	AnssiBp28High         Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_high"
+	AnssiBp28Intermediary Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary"
+	AnssiBp28Minimal      Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal"
+	Cis                   Profile = "xccdf_org.ssgproject.content_profile_cis"
+	CisServerL1           Profile = "xccdf_org.ssgproject.content_profile_cis_server_l1"
+	CisWorkstationL1      Profile = "xccdf_org.ssgproject.content_profile_cis_workstation_l1"
+	CisWorkstationL2      Profile = "xccdf_org.ssgproject.content_profile_cis_workstation_l2"
+	Cui                   Profile = "xccdf_org.ssgproject.content_profile_cui"
+	E8                    Profile = "xccdf_org.ssgproject.content_profile_e8"
+	Hippa                 Profile = "xccdf_org.ssgproject.content_profile_hipaa"
+	IsmO                  Profile = "xccdf_org.ssgproject.content_profile_ism_o"
+	Ospp                  Profile = "xccdf_org.ssgproject.content_profile_ospp"
+	PciDss                Profile = "xccdf_org.ssgproject.content_profile_pci-dss"
+	Standard              Profile = "xccdf_org.ssgproject.content_profile_standard"
+	Stig                  Profile = "xccdf_org.ssgproject.content_profile_stig"
+	StigGui               Profile = "xccdf_org.ssgproject.content_profile_stig_gui"
+
+	// datastream fallbacks
+	defaultFedoraDatastream  string = "/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml"
+	defaultCentos8Datastream string = "/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml"
+	defaultCentos9Datastream string = "/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml"
+	defaultRHEL8Datastream   string = "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml"
+	defaultRHEL9Datastream   string = "/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml"
+
+	// tailoring directory path
+	tailoringDirPath string = "/usr/share/xml/osbuild-openscap-data"
+)
+
+func DefaultFedoraDatastream() string {
+	return defaultFedoraDatastream
+}
+
+func DefaultRHEL8Datastream(isRHEL bool) string {
+	if isRHEL {
+		return defaultRHEL8Datastream
+	}
+	return defaultCentos8Datastream
+}
+
+func DefaultRHEL9Datastream(isRHEL bool) string {
+	if isRHEL {
+		return defaultRHEL9Datastream
+	}
+	return defaultCentos9Datastream
+}
+
+func IsProfileAllowed(profile string, allowlist []Profile) bool {
+	for _, a := range allowlist {
+		if a.String() == profile {
+			return true
+		}
+		// this enables a user to specify
+		// the full profile or the short
+		// profile id
+		if strings.HasSuffix(a.String(), profile) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func GetTailoringFile(profile string) (string, string, *fsnode.Directory, error) {
+	newProfile := fmt.Sprintf("%s_osbuild_tailoring", profile)
+	path := filepath.Join(tailoringDirPath, "tailoring.xml")
+
+	tailoringDir, err := fsnode.NewDirectory(tailoringDirPath, nil, nil, nil, true)
+	if err != nil {
+		return "", "", nil, err
+	}
+
+	return newProfile, path, tailoringDir, nil
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/shell/shell.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/shell/shell.go
@ -0,0 +1,11 @@
+package shell
+
+type EnvironmentVariable struct {
+	Key   string
+	Value string
+}
+
+type InitFile struct {
+	Filename  string
+	Variables []EnvironmentVariable
+}
--- a/vendor/github.com/osbuild/images/pkg/customizations/users/users.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/users/users.go
@ -0,0 +1,40 @@
+package users
+
+import "github.com/osbuild/images/pkg/blueprint"
+
+type User struct {
+	Name        string
+	Description *string
+	Password    *string
+	Key         *string
+	Home        *string
+	Shell       *string
+	Groups      []string
+	UID         *int
+	GID         *int
+}
+
+type Group struct {
+	Name string
+	GID  *int
+}
+
+func UsersFromBP(userCustomizations []blueprint.UserCustomization) []User {
+	users := make([]User, len(userCustomizations))
+	for idx := range userCustomizations {
+		// currently, they have the same structure, so we convert directly
+		// this will fail to compile as soon as one of the two changes
+		users[idx] = User(userCustomizations[idx])
+	}
+	return users
+}
+
+func GroupsFromBP(groupCustomizations []blueprint.GroupCustomization) []Group {
+	groups := make([]Group, len(groupCustomizations))
+	for idx := range groupCustomizations {
+		// currently, they have the same structure, so we convert directly
+		// this will fail to compile as soon as one of the two changes
+		groups[idx] = Group(groupCustomizations[idx])
+	}
+	return groups
+}