From e3eccbe4919384d21ec39d28eaaa94b3734521b3 Mon Sep 17 00:00:00 2001 From: Christian Kellner Date: Tue, 7 Jul 2020 17:22:31 +0200 Subject: [PATCH] osbuild: remove ability to pass in secrets The way secrets work has been changed via commit 372b117: instead of passing them in via the command line, the information how to obtain secrets are encoded along the sources themselves. The only stage that still has support for the old style way is the deprecated org.osbuild.dnf stage, which might be removed in the near future. --- osbuild/main_cli.py | 8 -------- osbuild/pipeline.py | 19 +++++++------------ osbuild/sources.py | 4 +--- 3 files changed, 8 insertions(+), 23 deletions(-) diff --git a/osbuild/main_cli.py b/osbuild/main_cli.py index 8f3867e1..9cfb298e 100644 --- a/osbuild/main_cli.py +++ b/osbuild/main_cli.py @@ -86,8 +86,6 @@ def parse_arguments(sys_argv): help="directory where intermediary os trees are stored") parser.add_argument("--sources", metavar="FILE", type=os.path.abspath, help="json file containing a dictionary of source configuration") - parser.add_argument("--secrets", metavar="FILE", type=os.path.abspath, - help="json file containing a dictionary of secrets that are passed to sources") parser.add_argument("-l", "--libdir", metavar="DIRECTORY", type=os.path.abspath, help="the directory containing stages, assemblers, and the osbuild library") parser.add_argument("--checkpoint", metavar="ID", action="append", type=str, default=None, @@ -127,11 +125,6 @@ def osbuild_cli(*, sys_argv): pipeline = osbuild.load(pipeline, sources_options) - secrets = {} - if args.secrets: - with open(args.secrets) as f: - secrets = json.load(f) - if args.checkpoint: missed = mark_checkpoints(pipeline, args.checkpoint) if missed: @@ -153,7 +146,6 @@ def osbuild_cli(*, sys_argv): args.store, interactive=not args.json, libdir=args.libdir, - secrets=secrets, output_directory=args.output_directory ) except KeyboardInterrupt: diff --git a/osbuild/pipeline.py b/osbuild/pipeline.py index e54bcc6f..78126786 100644 --- a/osbuild/pipeline.py +++ b/osbuild/pipeline.py @@ -73,8 +73,7 @@ class Stage: cache, interactive=False, libdir=None, - var="/var/tmp", - secrets=None): + var="/var/tmp"): with buildroot.BuildRoot(build_tree, runner, libdir=libdir, var=var) as build_root, \ tempfile.TemporaryDirectory(prefix="osbuild-sources-output-", dir=var) as sources_output: if interactive: @@ -96,8 +95,7 @@ class Stage: libdir or "/usr/lib/osbuild", self.sources, f"{cache}/sources", - sources_output, - secrets): + sources_output): r = build_root.run( [f"/run/osbuild/lib/stages/{self.name}"], binds=[f"{tree}:/run/osbuild/tree"], @@ -204,7 +202,7 @@ class Pipeline: return description - def build_stages(self, object_store, interactive, libdir, secrets): + def build_stages(self, object_store, interactive, libdir): results = {"success": True} # We need a build tree for the stages below, which is either @@ -220,8 +218,7 @@ class Pipeline: r, t, tree = build.build_stages(object_store, interactive, - libdir, - secrets) + libdir) results["build"] = r if not r["success"]: @@ -275,8 +272,7 @@ class Pipeline: object_store.store, interactive=interactive, libdir=libdir, - var=object_store.store, - secrets=secrets) + var=object_store.store) results["stages"].append(r.as_dict()) if not r.success: @@ -323,7 +319,7 @@ class Pipeline: return results - def run(self, store, interactive=False, libdir=None, secrets=None, output_directory=None): + def run(self, store, interactive=False, libdir=None, output_directory=None): os.makedirs("/run/osbuild", exist_ok=True) results = {} @@ -341,8 +337,7 @@ class Pipeline: else: results, build_tree, tree = self.build_stages(object_store, interactive, - libdir, - secrets) + libdir) if not results["success"]: return results diff --git a/osbuild/sources.py b/osbuild/sources.py index fd389c55..254aff15 100644 --- a/osbuild/sources.py +++ b/osbuild/sources.py @@ -7,13 +7,12 @@ from .util import jsoncomm class SourcesServer: # pylint: disable=too-many-instance-attributes - def __init__(self, socket_address, libdir, options, cache, output, secrets=None): + def __init__(self, socket_address, libdir, options, cache, output): self.socket_address = socket_address self.libdir = libdir self.cache = cache self.output = output self.options = options or {} - self.secrets = secrets or {} self.barrier = threading.Barrier(2) self.event_loop = None self.thread = None @@ -21,7 +20,6 @@ class SourcesServer: def _run_source(self, source, checksums): msg = { "options": self.options.get(source, {}), - "secrets": self.secrets.get(source, {}), "cache": f"{self.cache}/{source}", "output": f"{self.output}/{source}", "checksums": checksums,