diff options
author | Héctor Orón Martínez <zumbi@debian.org> | 2018-08-10 18:07:56 +0200 |
---|---|---|
committer | Héctor Orón Martínez <zumbi@debian.org> | 2018-08-10 18:07:56 +0200 |
commit | a3819b2c8c823955bb053d5a34da27c94aef4d47 (patch) | |
tree | 430633212532264c15f75ca47e02f3e4740c7c3c /actions | |
parent | 8ab62bc45ed897f007493d02084538503ade6f37 (diff) |
New upstream version 1.0.0+git20180808.5b74d5d
Diffstat (limited to 'actions')
-rw-r--r-- | actions/debootstrap_action.go | 31 | ||||
-rw-r--r-- | actions/image_partition_action.go | 55 | ||||
-rw-r--r-- | actions/ostree_commit_action.go | 12 | ||||
-rw-r--r-- | actions/pack_action.go | 2 | ||||
-rw-r--r-- | actions/run_action.go | 10 |
5 files changed, 87 insertions, 23 deletions
diff --git a/actions/debootstrap_action.go b/actions/debootstrap_action.go index 4f30ee6..bfbf3dd 100644 --- a/actions/debootstrap_action.go +++ b/actions/debootstrap_action.go @@ -10,6 +10,7 @@ Yaml syntax: components: <list of components> variant: "name" keyring-package: + keyring-file: Mandatory properties: @@ -17,6 +18,8 @@ Mandatory properties: Optional properties: +- check-gpg -- verify GPG signatures on Release files, true by default + - mirror -- URL with Debian-compatible repository - variant -- name of the bootstrap script variant to use @@ -25,7 +28,9 @@ Optional properties: Example: components: [ main, contrib ] -- keyring-package -- keyring for packages validation. Currently ignored. +- keyring-package -- keyring for package validation. + +- keyring-file -- keyring file for repository validation. - merged-usr -- use merged '/usr' filesystem, true by default. */ @@ -47,14 +52,18 @@ type DebootstrapAction struct { Mirror string Variant string KeyringPackage string `yaml:"keyring-package"` + KeyringFile string `yaml:"keyring-file"` Components []string MergedUsr bool `yaml:"merged-usr"` + CheckGpg bool `yaml:"check-gpg"` } func NewDebootstrapAction() *DebootstrapAction { d := DebootstrapAction{} // Use filesystem with merged '/usr' by default d.MergedUsr = true + // Be secure by default + d.CheckGpg = true return &d } @@ -74,17 +83,31 @@ func (d *DebootstrapAction) RunSecondStage(context debos.DebosContext) error { // Can't use nspawn for debootstrap as it wants to create device nodes c.ChrootMethod = debos.CHROOT_METHOD_CHROOT - return c.Run("Debootstrap (stage 2)", cmdline...) + err := c.Run("Debootstrap (stage 2)", cmdline...) + + if (err != nil) { + log := path.Join(context.Rootdir, "debootstrap/debootstrap.log") + _ = debos.Command{}.Run("debootstrap.log", "cat", log) + } + + return err } func (d *DebootstrapAction) Run(context *debos.DebosContext) error { d.LogStart() - cmdline := []string{"debootstrap", "--no-check-gpg"} + cmdline := []string{"debootstrap"} if d.MergedUsr { cmdline = append(cmdline, "--merged-usr") } + if !d.CheckGpg { + cmdline = append(cmdline, fmt.Sprintf("--no-check-gpg")) + } else if d.KeyringFile != "" { + path := debos.CleanPathAt(d.KeyringFile, context.RecipeDir) + cmdline = append(cmdline, fmt.Sprintf("--keyring=%s", path)) + } + if d.KeyringPackage != "" { cmdline = append(cmdline, fmt.Sprintf("--include=%s", d.KeyringPackage)) } @@ -115,6 +138,8 @@ func (d *DebootstrapAction) Run(context *debos.DebosContext) error { err := debos.Command{}.Run("Debootstrap", cmdline...) if err != nil { + log := path.Join(context.Rootdir, "debootstrap/debootstrap.log") + _ = debos.Command{}.Run("debootstrap.log", "cat", log) return err } diff --git a/actions/image_partition_action.go b/actions/image_partition_action.go index 5054e6d..cd832ac 100644 --- a/actions/image_partition_action.go +++ b/actions/image_partition_action.go @@ -116,6 +116,7 @@ import ( "os" "os/exec" "path" + "path/filepath" "strings" "syscall" @@ -183,19 +184,23 @@ func (i *ImagePartitionAction) generateKernelRoot(context *debos.DebosContext) e } func (i ImagePartitionAction) getPartitionDevice(number int, context debos.DebosContext) string { + /* Always look up canonical device as udev might not generate the by-id + * symlinks while there is an flock on /dev/vda */ + device, _ := filepath.EvalSymlinks(context.Image) + suffix := "p" /* Check partition naming first: if used 'by-id'i naming convention */ - if strings.Contains(context.Image, "/disk/by-id/") { + if strings.Contains(device, "/disk/by-id/") { suffix = "-part" } /* If the iamge device has a digit as the last character, the partition * suffix is p<number> else it's just <number> */ - last := context.Image[len(context.Image)-1] + last := device[len(device)-1] if last >= '0' && last <= '9' { - return fmt.Sprintf("%s%s%d", context.Image, suffix, number) + return fmt.Sprintf("%s%s%d", device, suffix, number) } else { - return fmt.Sprintf("%s%d", context.Image, number) + return fmt.Sprintf("%s%d", device, number) } } @@ -247,7 +252,7 @@ func (i ImagePartitionAction) formatPartition(p *Partition, context debos.DebosC return nil } -func (i ImagePartitionAction) PreNoMachine(context *debos.DebosContext) error { +func (i *ImagePartitionAction) PreNoMachine(context *debos.DebosContext) error { img, err := os.OpenFile(i.ImageName, os.O_WRONLY|os.O_CREATE, 0666) if err != nil { @@ -274,11 +279,28 @@ func (i ImagePartitionAction) PreNoMachine(context *debos.DebosContext) error { func (i ImagePartitionAction) Run(context *debos.DebosContext) error { i.LogStart() + /* Exclusively Lock image device file to prevent udev from triggering + * partition rescans, which cause confusion as some time asynchronously the + * partition device might disappear and reappear due to that! */ + imageFD, err := os.Open(context.Image) + if err != nil { + return err + } + /* Defer will keep the fd open until the function returns, at which points + * the filesystems will have been mounted protecting from more udev funnyness + */ + defer imageFD.Close() + + err = syscall.Flock(int(imageFD.Fd()), syscall.LOCK_EX) + if err != nil { + return err + } + command := []string{"parted", "-s", context.Image, "mklabel", i.PartitionType} if len(i.GptGap) > 0 { command = append(command, i.GptGap) } - err := debos.Command{}.Run("parted", command...) + err = debos.Command{}.Run("parted", command...) if err != nil { return err } @@ -317,12 +339,6 @@ func (i ImagePartitionAction) Run(context *debos.DebosContext) error { } devicePath := i.getPartitionDevice(p.number, *context) - // Give a chance for udevd to create proper symlinks - err = debos.Command{}.Run("udevadm", "udevadm", "settle", "-t", "5", - "-E", devicePath) - if err != nil { - return err - } err = i.formatPartition(p, *context) if err != nil { @@ -358,7 +374,7 @@ func (i ImagePartitionAction) Run(context *debos.DebosContext) error { return nil } -func (i ImagePartitionAction) Cleanup(context debos.DebosContext) error { +func (i ImagePartitionAction) Cleanup(context *debos.DebosContext) error { for idx := len(i.Mountpoints) - 1; idx >= 0; idx-- { m := i.Mountpoints[idx] mntpath := path.Join(context.ImageMntDir, m.Mountpoint) @@ -372,6 +388,19 @@ func (i ImagePartitionAction) Cleanup(context debos.DebosContext) error { return nil } +func (i ImagePartitionAction) PostMachineCleanup(context *debos.DebosContext) error { + image := path.Join(context.Artifactdir, i.ImageName) + /* Remove the image in case of any action failure */ + if context.State != debos.Success { + if _, err := os.Stat(image); !os.IsNotExist(err) { + if err = os.Remove(image); err != nil { + return err + } + } + } + return nil +} + func (i *ImagePartitionAction) Verify(context *debos.DebosContext) error { if len(i.GptGap) > 0 { log.Println("WARNING: special version of parted is needed for 'gpt_gap' option") diff --git a/actions/ostree_commit_action.go b/actions/ostree_commit_action.go index 6d41b89..a0d8333 100644 --- a/actions/ostree_commit_action.go +++ b/actions/ostree_commit_action.go @@ -45,9 +45,17 @@ type OstreeCommitAction struct { func emptyDir(dir string) { d, _ := os.Open(dir) defer d.Close() - files, _ := d.Readdirnames(-1) + + files, err := d.Readdirnames(-1) + if err != nil { + log.Fatal(err) + } + for _, f := range files { - os.RemoveAll(f) + err := os.RemoveAll(path.Join(dir, f)) + if err != nil { + log.Fatalf("Failed to remove file: %v", err) + } } } diff --git a/actions/pack_action.go b/actions/pack_action.go index a90cb1d..1cb1af0 100644 --- a/actions/pack_action.go +++ b/actions/pack_action.go @@ -10,7 +10,7 @@ Yaml syntax: Mandatory properties: -- file -- name of the output tarball. +- file -- name of the output tarball, relative to the artifact directory. - compression -- compression type to use. Only 'gz' is supported at the moment. diff --git a/actions/run_action.go b/actions/run_action.go index 90e4572..c6115cc 100644 --- a/actions/run_action.go +++ b/actions/run_action.go @@ -21,8 +21,10 @@ host's or chrooted environment -- depending on 'chroot' property. Optional properties: - chroot -- run script or command in target filesystem if set to true. -In other case the command or script is executed within the build process, with -access to the filesystem and the image. In both cases it is run with root privileges. +Otherwise the command or script is executed within the build process, with +access to the filesystem ($ROOTDIR), the image if any ($IMAGE), the +recipe directory ($RECIPEDIR) and the artifact directory ($ARTIFACTDIR). +In both cases it is run with root privileges. - postprocess -- if set script or command is executed after all other commands and has access to the image file. @@ -126,9 +128,9 @@ func (run *RunAction) Run(context *debos.DebosContext) error { return run.doRun(*context) } -func (run *RunAction) PostMachine(context debos.DebosContext) error { +func (run *RunAction) PostMachine(context *debos.DebosContext) error { if !run.PostProcess { return nil } - return run.doRun(context) + return run.doRun(*context) } |