particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge/osbuild-run
Lars Karlitski cd59b94ded tree-wide: always explicitly pass check to subprocess.run 
pylint recently started recommending this.
2019-09-24 20:17:04 +02:00

84 lines
2.5 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/python3
import shutil
import os
import subprocess
import sys
def ldconfig():
# ld.so.conf must exist, or `ldconfig` throws a warning
subprocess.run(["touch", "/etc/ld.so.conf"], check=True)
subprocess.run(["ldconfig"], check=True)
def sysusers():
try:
subprocess.run(["systemd-sysusers"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, check=True)
except subprocess.CalledProcessError as error:
sys.stderr.write(error.stdout)
sys.exit(1)
def update_ca_trust():
if not shutil.which("update-ca-trust"):
return
# generate /etc/pki/tls/certs/ca-bundle.crt
os.makedirs("/etc/pki/ca-trust/extracted/pem")
os.makedirs("/etc/pki/tls/certs")
os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt")
# allow to fail, because it sometimes mysteriously does
subprocess.run(["update-ca-trust", "extract"], check=False)
def append_certs(cert_conf, dir_fd, parents=b""):
for entry in os.scandir(f"/proc/self/fd/{dir_fd}".encode()):
if entry.is_file():
line = os.path.join(parents, entry.name)
cert_conf.write(line)
cert_conf.write(b"\n")
elif entry.is_dir():
append_certs(cert_conf,
os.open(entry.name, os.O_DIRECTORY, dir_fd=dir_fd),
os.path.join(parents, entry.name))
def update_ca_certificates():
if not shutil.which("update-ca-certificates"):
return
# generate /etc/ssl/certs/ca-certificates.crt
os.makedirs("/etc/ssl/certs")
with open("/etc/ca-certificates.conf", "wb") as f:
append_certs(f, os.open("/usr/share/ca-certificates", os.O_DIRECTORY))
subprocess.run(["update-ca-certificates"], check=True)
def tmpfiles():
# Allow systemd-tmpfiles to return non-0. Some packages want to create
# directories owned by users that are not set up with systemd-sysusers.
subprocess.run(["systemd-tmpfiles", "--create"], check=False)
def nsswitch():
# the default behavior is fine, but using nss-resolve does not
# necessarily work in a non-booted container, so make sure that
# is not configured.
try:
os.remove("/etc/nsswitch.conf")
except FileNotFoundError:
pass
if __name__ == "__main__":
ldconfig()
sysusers()
update_ca_trust()
update_ca_certificates()
tmpfiles()
nsswitch()
r = subprocess.run(sys.argv[1:], check=False)
sys.exit(r.returncode)
Reference in a new issue View git blame Copy permalink