New upstream version 1.0.0+git20180808.5b74d5d

author: Héctor Orón Martínez <zumbi@debian.org> 2018-08-10 18:07:56 +0200
committer: Héctor Orón Martínez <zumbi@debian.org> 2018-08-10 18:07:56 +0200
commit: a3819b2c8c823955bb053d5a34da27c94aef4d47 (patch)
tree: 430633212532264c15f75ca47e02f3e4740c7c3c /actions
parent: 8ab62bc45ed897f007493d02084538503ade6f37 (diff)
5 files changed, 87 insertions, 23 deletions
diff --git a/actions/debootstrap_action.go b/actions/debootstrap_action.go
index 4f30ee6..bfbf3dd 100644
--- a/actions/debootstrap_action.go
+++ b/actions/debootstrap_action.go
@@ -10,6 +10,7 @@ Yaml syntax:
    components: <list of components>
    variant: "name"
    keyring-package:
+   keyring-file:
 
 Mandatory properties:
 
@@ -17,6 +18,8 @@ Mandatory properties:
 
 Optional properties:
 
+- check-gpg -- verify GPG signatures on Release files, true by default
+
 - mirror -- URL with Debian-compatible repository
 
 - variant -- name of the bootstrap script variant to use
@@ -25,7 +28,9 @@ Optional properties:
 Example:
  components: [ main, contrib ]
 
-- keyring-package -- keyring for packages validation. Currently ignored.
+- keyring-package -- keyring for package validation.
+
+- keyring-file -- keyring file for repository validation.
 
 - merged-usr -- use merged '/usr' filesystem, true by default.
 */
@@ -47,14 +52,18 @@ type DebootstrapAction struct {
 	Mirror           string
 	Variant          string
 	KeyringPackage   string `yaml:"keyring-package"`
+	KeyringFile      string `yaml:"keyring-file"`
 	Components       []string
 	MergedUsr        bool `yaml:"merged-usr"`
+	CheckGpg         bool `yaml:"check-gpg"`
 }
 
 func NewDebootstrapAction() *DebootstrapAction {
 	d := DebootstrapAction{}
 	// Use filesystem with merged '/usr' by default
 	d.MergedUsr = true
+	// Be secure by default
+	d.CheckGpg = true
 	return &d
 
 }
@@ -74,17 +83,31 @@ func (d *DebootstrapAction) RunSecondStage(context debos.DebosContext) error {
 	// Can't use nspawn for debootstrap as it wants to create device nodes
 	c.ChrootMethod = debos.CHROOT_METHOD_CHROOT
 
-	return c.Run("Debootstrap (stage 2)", cmdline...)
+	err := c.Run("Debootstrap (stage 2)", cmdline...)
+
+	if (err != nil) {
+		log := path.Join(context.Rootdir, "debootstrap/debootstrap.log")
+		_ = debos.Command{}.Run("debootstrap.log", "cat", log)
+	}
+
+	return err
 }
 
 func (d *DebootstrapAction) Run(context *debos.DebosContext) error {
 	d.LogStart()
-	cmdline := []string{"debootstrap", "--no-check-gpg"}
+	cmdline := []string{"debootstrap"}
 
 	if d.MergedUsr {
 		cmdline = append(cmdline, "--merged-usr")
 	}
 
+	if !d.CheckGpg {
+		cmdline = append(cmdline, fmt.Sprintf("--no-check-gpg"))
+	} else if d.KeyringFile != "" {
+		path := debos.CleanPathAt(d.KeyringFile, context.RecipeDir)
+		cmdline = append(cmdline, fmt.Sprintf("--keyring=%s", path))
+	}
+
 	if d.KeyringPackage != "" {
 		cmdline = append(cmdline, fmt.Sprintf("--include=%s", d.KeyringPackage))
 	}
@@ -115,6 +138,8 @@ func (d *DebootstrapAction) Run(context *debos.DebosContext) error {
 	err := debos.Command{}.Run("Debootstrap", cmdline...)
 
 	if err != nil {
+		log := path.Join(context.Rootdir, "debootstrap/debootstrap.log")
+		_ = debos.Command{}.Run("debootstrap.log", "cat", log)
 		return err
 	}
 
diff --git a/actions/image_partition_action.go b/actions/image_partition_action.go
index 5054e6d..cd832ac 100644
--- a/actions/image_partition_action.go
+++ b/actions/image_partition_action.go
@@ -116,6 +116,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"strings"
 	"syscall"
 
@@ -183,19 +184,23 @@ func (i *ImagePartitionAction) generateKernelRoot(context *debos.DebosContext) e
 }
 
 func (i ImagePartitionAction) getPartitionDevice(number int, context debos.DebosContext) string {
+	/* Always look up canonical device as udev might not generate the by-id
+	 * symlinks while there is an flock on /dev/vda */
+	device, _ := filepath.EvalSymlinks(context.Image)
+
 	suffix := "p"
 	/* Check partition naming first: if used 'by-id'i naming convention */
-	if strings.Contains(context.Image, "/disk/by-id/") {
+	if strings.Contains(device, "/disk/by-id/") {
 		suffix = "-part"
 	}
 
 	/* If the iamge device has a digit as the last character, the partition
 	 * suffix is p<number> else it's just <number> */
-	last := context.Image[len(context.Image)-1]
+	last := device[len(device)-1]
 	if last >= '0' && last <= '9' {
-		return fmt.Sprintf("%s%s%d", context.Image, suffix, number)
+		return fmt.Sprintf("%s%s%d", device, suffix, number)
 	} else {
-		return fmt.Sprintf("%s%d", context.Image, number)
+		return fmt.Sprintf("%s%d", device, number)
 	}
 }
 
@@ -247,7 +252,7 @@ func (i ImagePartitionAction) formatPartition(p *Partition, context debos.DebosC
 	return nil
 }
 
-func (i ImagePartitionAction) PreNoMachine(context *debos.DebosContext) error {
+func (i *ImagePartitionAction) PreNoMachine(context *debos.DebosContext) error {
 
 	img, err := os.OpenFile(i.ImageName, os.O_WRONLY|os.O_CREATE, 0666)
 	if err != nil {
@@ -274,11 +279,28 @@ func (i ImagePartitionAction) PreNoMachine(context *debos.DebosContext) error {
 func (i ImagePartitionAction) Run(context *debos.DebosContext) error {
 	i.LogStart()
 
+	/* Exclusively Lock image device file to prevent udev from triggering
+	 * partition rescans, which cause confusion as some time asynchronously the
+	 * partition device might disappear and reappear due to that! */
+	imageFD, err := os.Open(context.Image)
+	if err != nil {
+		return err
+	}
+	/* Defer will keep the fd open until the function returns, at which points
+	 * the filesystems will have been mounted protecting from more udev funnyness
+	 */
+	defer imageFD.Close()
+
+	err = syscall.Flock(int(imageFD.Fd()), syscall.LOCK_EX)
+	if err != nil {
+		return err
+	}
+
 	command := []string{"parted", "-s", context.Image, "mklabel", i.PartitionType}
 	if len(i.GptGap) > 0 {
 		command = append(command, i.GptGap)
 	}
-	err := debos.Command{}.Run("parted", command...)
+	err = debos.Command{}.Run("parted", command...)
 	if err != nil {
 		return err
 	}
@@ -317,12 +339,6 @@ func (i ImagePartitionAction) Run(context *debos.DebosContext) error {
 		}
 
 		devicePath := i.getPartitionDevice(p.number, *context)
-		// Give a chance for udevd to create proper symlinks
-		err = debos.Command{}.Run("udevadm", "udevadm", "settle", "-t", "5",
-			"-E", devicePath)
-		if err != nil {
-			return err
-		}
 
 		err = i.formatPartition(p, *context)
 		if err != nil {
@@ -358,7 +374,7 @@ func (i ImagePartitionAction) Run(context *debos.DebosContext) error {
 	return nil
 }
 
-func (i ImagePartitionAction) Cleanup(context debos.DebosContext) error {
+func (i ImagePartitionAction) Cleanup(context *debos.DebosContext) error {
 	for idx := len(i.Mountpoints) - 1; idx >= 0; idx-- {
 		m := i.Mountpoints[idx]
 		mntpath := path.Join(context.ImageMntDir, m.Mountpoint)
@@ -372,6 +388,19 @@ func (i ImagePartitionAction) Cleanup(context debos.DebosContext) error {
 	return nil
 }
 
+func (i ImagePartitionAction) PostMachineCleanup(context *debos.DebosContext) error {
+	image := path.Join(context.Artifactdir, i.ImageName)
+	/* Remove the image in case of any action failure */
+	if context.State != debos.Success {
+		if _, err := os.Stat(image); !os.IsNotExist(err) {
+			if err = os.Remove(image); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
 func (i *ImagePartitionAction) Verify(context *debos.DebosContext) error {
 	if len(i.GptGap) > 0 {
 		log.Println("WARNING: special version of parted is needed for 'gpt_gap' option")
diff --git a/actions/ostree_commit_action.go b/actions/ostree_commit_action.go
index 6d41b89..a0d8333 100644
--- a/actions/ostree_commit_action.go
+++ b/actions/ostree_commit_action.go
@@ -45,9 +45,17 @@ type OstreeCommitAction struct {
 func emptyDir(dir string) {
 	d, _ := os.Open(dir)
 	defer d.Close()
-	files, _ := d.Readdirnames(-1)
+
+	files, err := d.Readdirnames(-1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
 	for _, f := range files {
-		os.RemoveAll(f)
+		err := os.RemoveAll(path.Join(dir, f))
+		if err != nil {
+	                log.Fatalf("Failed to remove file: %v", err)
+		}
 	}
 }
 
diff --git a/actions/pack_action.go b/actions/pack_action.go
index a90cb1d..1cb1af0 100644
--- a/actions/pack_action.go
+++ b/actions/pack_action.go
@@ -10,7 +10,7 @@ Yaml syntax:
 
 Mandatory properties:
 
-- file -- name of the output tarball.
+- file -- name of the output tarball, relative to the artifact directory.
 
 - compression -- compression type to use. Only 'gz' is supported at the moment.
 
diff --git a/actions/run_action.go b/actions/run_action.go
index 90e4572..c6115cc 100644
--- a/actions/run_action.go
+++ b/actions/run_action.go
@@ -21,8 +21,10 @@ host's or chrooted environment -- depending on 'chroot' property.
 Optional properties:
 
 - chroot -- run script or command in target filesystem if set to true.
-In other case the command or script is executed within the build process, with
-access to the filesystem and the image. In both cases it is run with root privileges.
+Otherwise the command or script is executed within the build process, with
+access to the filesystem ($ROOTDIR), the image if any ($IMAGE), the
+recipe directory ($RECIPEDIR) and the artifact directory ($ARTIFACTDIR).
+In both cases it is run with root privileges.
 
 - postprocess -- if set script or command is executed after all other commands and
 has access to the image file.
@@ -126,9 +128,9 @@ func (run *RunAction) Run(context *debos.DebosContext) error {
 	return run.doRun(*context)
 }
 
-func (run *RunAction) PostMachine(context debos.DebosContext) error {
+func (run *RunAction) PostMachine(context *debos.DebosContext) error {
 	if !run.PostProcess {
 		return nil
 	}
-	return run.doRun(context)
+	return run.doRun(*context)
 }
author	Héctor Orón Martínez <zumbi@debian.org>	2018-08-10 18:07:56 +0200
committer	Héctor Orón Martínez <zumbi@debian.org>	2018-08-10 18:07:56 +0200
commit	a3819b2c8c823955bb053d5a34da27c94aef4d47 (patch)
tree	430633212532264c15f75ca47e02f3e4740c7c3c /actions
parent	8ab62bc45ed897f007493d02084538503ade6f37 (diff)