stages: use util.chroot in all stages that call "chroot"

Use the chroot utility module for all cases where we need to chroot during a stage's execution. The advantage is that all stages use the same tested code path for setting up a chroot and all chrooted commands run in the same environment, with the /proc, /dev, and /sys filesystems mounted.
2024-11-22 17:49:00 +01:00 · 2024-11-22 17:49:00 +01:00 · 8e3d054099
commit 8e3d054099
parent 2f892b20e7
2 changed files with 14 additions and 21 deletions
--- a/stages/org.osbuild.authconfig
+++ b/stages/org.osbuild.authconfig
@ -1,18 +1,14 @@
 #!/usr/bin/python3
 import shutil
-import subprocess
 import sys

 import osbuild.api
+from osbuild.util.chroot import Chroot


 def main(tree):
-    cmd = [
-        "/usr/sbin/chroot", tree,
-        "/usr/sbin/authconfig", "--nostart", "--updateall"
-    ]
-
-    subprocess.run(cmd, check=True)
+    with Chroot(tree) as chroot:
+        chroot.run(["/usr/sbin/authconfig", "--nostart", "--updateall"], check=True)

    shutil.rmtree(f"{tree}/var/lib/authselect/backups", ignore_errors=True)

--- a/stages/org.osbuild.firewall
+++ b/stages/org.osbuild.firewall
@ -1,8 +1,8 @@
 #!/usr/bin/python3
-import subprocess
 import sys

 import osbuild.api
+from osbuild.util.chroot import Chroot


 def main(tree, options):
@ -18,14 +18,14 @@ def main(tree, options):

    # firewall-offline-cmd does not implement --root option so we must chroot it
    if default_zone:
-        subprocess.run(["chroot", tree, "firewall-offline-cmd", f"--set-default-zone={default_zone}"], check=True)
+        with Chroot(tree) as chroot:
+            chroot.run(["firewall-offline-cmd", f"--set-default-zone={default_zone}"], check=True)

    # The options below are "lokkit" compatibility options and can not be used
    # with other options.
    if ports or enabled_services or disabled_services:
-        subprocess.run(["chroot",
-                        tree,
-                        "firewall-offline-cmd"] +
+        with Chroot(tree) as chroot:
+            chroot.run(["firewall-offline-cmd"] +
                       list(map(lambda x: f"--port={x}", ports)) +
                       list(map(lambda x: f"--service={x}", enabled_services)) +
                       list(map(lambda x: f"--remove-service={x}", disabled_services)),
@ -37,24 +37,21 @@ def main(tree, options):
        zone_name = zone_item['name']
        # check that the given zone exists, if not create it
        if zone_name != "":
-            res = subprocess.run(["chroot",
-                                  tree,
-                                  "firewall-offline-cmd",
+            with Chroot(tree) as chroot:
+                res = chroot.run(["firewall-offline-cmd",
                                  f"--info-zone={zone_name}"],
                                 check=False)
            # INVALID_ZONE error code
            if res.returncode == 112:
-                res = subprocess.run(["chroot",
-                                      tree,
-                                      "firewall-offline-cmd",
+                with Chroot(tree) as chroot:
+                    res = chroot.run(["firewall-offline-cmd",
                                      f"--new-zone={zone_name}"],
                                     check=False)
            if res.returncode != 0:
                return 1
        if zone_item.get("sources", []):
-            subprocess.run(["chroot",
-                            tree,
-                            "firewall-offline-cmd", f"--zone={zone_name}"] +
+            with Chroot(tree) as chroot:
+                chroot.run(["firewall-offline-cmd", f"--zone={zone_name}"] +
                           list(map(lambda x: f"--add-source={x}",
                                    zone_item['sources'])),
                           check=True)