particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

stages: use util.chroot in all stages that call "chroot"

Browse source 
Use the chroot utility module for all cases where we need to chroot
during a stage's execution.

The advantage is that all stages use the same tested code path for
setting up a chroot and all chrooted commands run in the same
environment, with the /proc, /dev, and /sys filesystems mounted.
This commit is contained in:
Achilleas Koutsou 2024-11-22 17:49:00 +01:00 committed by Tomáš Hozza
parent 2f892b20e7
commit 8e3d054099
2 changed files with 14 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

10
stages/org.osbuild.authconfig
View file

@ -1,18 +1,14 @@
#!/usr/bin/python3 #!/usr/bin/python3
import shutil import shutil
import subprocess
import sys import sys
import osbuild.api import osbuild.api
from osbuild.util.chroot import Chroot
def main(tree): def main(tree):
cmd = [ with Chroot(tree) as chroot:
"/usr/sbin/chroot", tree, chroot.run(["/usr/sbin/authconfig", "--nostart", "--updateall"], check=True)
"/usr/sbin/authconfig", "--nostart", "--updateall"
]
subprocess.run(cmd, check=True)
shutil.rmtree(f"{tree}/var/lib/authselect/backups", ignore_errors=True) shutil.rmtree(f"{tree}/var/lib/authselect/backups", ignore_errors=True)

25
stages/org.osbuild.firewall
View file

@ -1,8 +1,8 @@
#!/usr/bin/python3 #!/usr/bin/python3
import subprocess
import sys import sys
import osbuild.api import osbuild.api
from osbuild.util.chroot import Chroot
def main(tree, options): def main(tree, options):
@ -18,14 +18,14 @@ def main(tree, options):
# firewall-offline-cmd does not implement --root option so we must chroot it # firewall-offline-cmd does not implement --root option so we must chroot it
if default_zone: if default_zone:
subprocess.run(["chroot", tree, "firewall-offline-cmd", f"--set-default-zone={default_zone}"], check=True) with Chroot(tree) as chroot:
chroot.run(["firewall-offline-cmd", f"--set-default-zone={default_zone}"], check=True)
# The options below are "lokkit" compatibility options and can not be used # The options below are "lokkit" compatibility options and can not be used
# with other options. # with other options.
if ports or enabled_services or disabled_services: if ports or enabled_services or disabled_services:
subprocess.run(["chroot", with Chroot(tree) as chroot:
tree, chroot.run(["firewall-offline-cmd"] +
"firewall-offline-cmd"] +
list(map(lambda x: f"--port={x}", ports)) + list(map(lambda x: f"--port={x}", ports)) +
list(map(lambda x: f"--service={x}", enabled_services)) + list(map(lambda x: f"--service={x}", enabled_services)) +
list(map(lambda x: f"--remove-service={x}", disabled_services)), list(map(lambda x: f"--remove-service={x}", disabled_services)),
@ -37,24 +37,21 @@ def main(tree, options):
zone_name = zone_item['name'] zone_name = zone_item['name']
# check that the given zone exists, if not create it # check that the given zone exists, if not create it
if zone_name != "": if zone_name != "":
res = subprocess.run(["chroot", with Chroot(tree) as chroot:
tree, res = chroot.run(["firewall-offline-cmd",
"firewall-offline-cmd",
f"--info-zone={zone_name}"], f"--info-zone={zone_name}"],
check=False) check=False)
# INVALID_ZONE error code # INVALID_ZONE error code
if res.returncode == 112: if res.returncode == 112:
res = subprocess.run(["chroot", with Chroot(tree) as chroot:
tree, res = chroot.run(["firewall-offline-cmd",
"firewall-offline-cmd",
f"--new-zone={zone_name}"], f"--new-zone={zone_name}"],
check=False) check=False)
if res.returncode != 0: if res.returncode != 0:
return 1 return 1
if zone_item.get("sources", []): if zone_item.get("sources", []):
subprocess.run(["chroot", with Chroot(tree) as chroot:
tree, chroot.run(["firewall-offline-cmd", f"--zone={zone_name}"] +
"firewall-offline-cmd", f"--zone={zone_name}"] +
list(map(lambda x: f"--add-source={x}", list(map(lambda x: f"--add-source={x}",
zone_item['sources'])), zone_item['sources'])),
check=True) check=True)