particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

osbuild: remove ability to pass in secrets

Browse source 
The way secrets work has been changed via commit 372b117: instead
of passing them in via the command line, the information how to
obtain secrets are encoded along the sources themselves.
The only stage that still has support for the old style way is the
deprecated org.osbuild.dnf stage, which might be removed in the
near future.
This commit is contained in:
Christian Kellner 2020-07-07 17:22:31 +02:00 committed by David Rheinsberg
parent 9fd28c8c21
commit e3eccbe491
3 changed files with 8 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

8
osbuild/main_cli.py
View file

@ -86,8 +86,6 @@ def parse_arguments(sys_argv):
help="directory where intermediary os trees are stored") help="directory where intermediary os trees are stored")
parser.add_argument("--sources", metavar="FILE", type=os.path.abspath, parser.add_argument("--sources", metavar="FILE", type=os.path.abspath,
help="json file containing a dictionary of source configuration") help="json file containing a dictionary of source configuration")
parser.add_argument("--secrets", metavar="FILE", type=os.path.abspath,
help="json file containing a dictionary of secrets that are passed to sources")
parser.add_argument("-l", "--libdir", metavar="DIRECTORY", type=os.path.abspath, parser.add_argument("-l", "--libdir", metavar="DIRECTORY", type=os.path.abspath,
help="the directory containing stages, assemblers, and the osbuild library") help="the directory containing stages, assemblers, and the osbuild library")
parser.add_argument("--checkpoint", metavar="ID", action="append", type=str, default=None, parser.add_argument("--checkpoint", metavar="ID", action="append", type=str, default=None,
@ -127,11 +125,6 @@ def osbuild_cli(*, sys_argv):
pipeline = osbuild.load(pipeline, sources_options) pipeline = osbuild.load(pipeline, sources_options)
secrets = {}
if args.secrets:
with open(args.secrets) as f:
secrets = json.load(f)
if args.checkpoint: if args.checkpoint:
missed = mark_checkpoints(pipeline, args.checkpoint) missed = mark_checkpoints(pipeline, args.checkpoint)
if missed: if missed:
@ -153,7 +146,6 @@ def osbuild_cli(*, sys_argv):
args.store, args.store,
interactive=not args.json, interactive=not args.json,
libdir=args.libdir, libdir=args.libdir,
secrets=secrets,
output_directory=args.output_directory output_directory=args.output_directory
) )
except KeyboardInterrupt: except KeyboardInterrupt:

19
osbuild/pipeline.py
View file

@ -73,8 +73,7 @@ class Stage:
cache, cache,
interactive=False, interactive=False,
libdir=None, libdir=None,
var="/var/tmp", var="/var/tmp"):
secrets=None):
with buildroot.BuildRoot(build_tree, runner, libdir=libdir, var=var) as build_root, \ with buildroot.BuildRoot(build_tree, runner, libdir=libdir, var=var) as build_root, \
tempfile.TemporaryDirectory(prefix="osbuild-sources-output-", dir=var) as sources_output: tempfile.TemporaryDirectory(prefix="osbuild-sources-output-", dir=var) as sources_output:
if interactive: if interactive:
@ -96,8 +95,7 @@ class Stage:
libdir or "/usr/lib/osbuild", libdir or "/usr/lib/osbuild",
self.sources, self.sources,
f"{cache}/sources", f"{cache}/sources",
sources_output, sources_output):
secrets):
r = build_root.run( r = build_root.run(
[f"/run/osbuild/lib/stages/{self.name}"], [f"/run/osbuild/lib/stages/{self.name}"],
binds=[f"{tree}:/run/osbuild/tree"], binds=[f"{tree}:/run/osbuild/tree"],
@ -204,7 +202,7 @@ class Pipeline:
return description return description
def build_stages(self, object_store, interactive, libdir, secrets): def build_stages(self, object_store, interactive, libdir):
results = {"success": True} results = {"success": True}
# We need a build tree for the stages below, which is either # We need a build tree for the stages below, which is either
@ -220,8 +218,7 @@ class Pipeline:
r, t, tree = build.build_stages(object_store, r, t, tree = build.build_stages(object_store,
interactive, interactive,
libdir, libdir)
secrets)
results["build"] = r results["build"] = r
if not r["success"]: if not r["success"]:
@ -275,8 +272,7 @@ class Pipeline:
object_store.store, object_store.store,
interactive=interactive, interactive=interactive,
libdir=libdir, libdir=libdir,
var=object_store.store, var=object_store.store)
secrets=secrets)
results["stages"].append(r.as_dict()) results["stages"].append(r.as_dict())
if not r.success: if not r.success:
@ -323,7 +319,7 @@ class Pipeline:
return results return results
def run(self, store, interactive=False, libdir=None, secrets=None, output_directory=None): def run(self, store, interactive=False, libdir=None, output_directory=None):
os.makedirs("/run/osbuild", exist_ok=True) os.makedirs("/run/osbuild", exist_ok=True)
results = {} results = {}
@ -341,8 +337,7 @@ class Pipeline:
else: else:
results, build_tree, tree = self.build_stages(object_store, results, build_tree, tree = self.build_stages(object_store,
interactive, interactive,
libdir, libdir)
secrets)
if not results["success"]: if not results["success"]:
return results return results

4
osbuild/sources.py
View file

@ -7,13 +7,12 @@ from .util import jsoncomm
class SourcesServer: class SourcesServer:
# pylint: disable=too-many-instance-attributes # pylint: disable=too-many-instance-attributes
def __init__(self, socket_address, libdir, options, cache, output, secrets=None): def __init__(self, socket_address, libdir, options, cache, output):
self.socket_address = socket_address self.socket_address = socket_address
self.libdir = libdir self.libdir = libdir
self.cache = cache self.cache = cache
self.output = output self.output = output
self.options = options or {} self.options = options or {}
self.secrets = secrets or {}
self.barrier = threading.Barrier(2) self.barrier = threading.Barrier(2)
self.event_loop = None self.event_loop = None
self.thread = None self.thread = None
@ -21,7 +20,6 @@ class SourcesServer:
def _run_source(self, source, checksums): def _run_source(self, source, checksums):
msg = { msg = {
"options": self.options.get(source, {}), "options": self.options.get(source, {}),
"secrets": self.secrets.get(source, {}),
"cache": f"{self.cache}/{source}", "cache": f"{self.cache}/{source}",
"output": f"{self.output}/{source}", "output": f"{self.output}/{source}",
"checksums": checksums, "checksums": checksums,