StealthOS/subiquity
StealthOS
/
subiquity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #364 from mwhudson/lp-1775228 

only add the user to groups that exist in the target system
This commit is contained in:
Michael Hudson-Doyle 2018-06-15 09:58:30 +12:00 committed by GitHub
parent 2f184ce9a6 5e58068b2e
commit b584345055
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
subiquity/controllers/installprogress.py
View File

@ -31,8 +31,6 @@ from subiquity.ui.views.installprogress import ProgressView
log = logging.getLogger("subiquitycore.controller.installprogress") log = logging.getLogger("subiquitycore.controller.installprogress")
TARGET = '/target'
class InstallState: class InstallState:
NOT_STARTED = 0 NOT_STARTED = 0
@ -161,8 +159,7 @@ class InstallProgressController(BaseController):
ident = self._event_syslog_identifier ident = self._event_syslog_identifier
self._write_config(config_location, self._write_config(config_location,
self.base_model.render(target=TARGET, self.base_model.render(syslog_identifier=ident))
syslog_identifier=ident))
return curtin_cmd return curtin_cmd
@ -228,20 +225,16 @@ class InstallProgressController(BaseController):
self.reboot() self.reboot()
def configure_cloud_init(self): def configure_cloud_init(self):
if self.opts.dry_run: self.base_model.configure_cloud_init()
target = '.subiquity'
else:
target = TARGET
self.base_model.configure_cloud_init(target)
def copy_logs_to_target(self): def copy_logs_to_target(self):
if self.opts.dry_run: if self.opts.dry_run:
return return
utils.run_command(['cp', '-aT', '/var/log/installer', target_logs = os.path.join(self.base_model.target, 'var/log/installer')
'/target/var/log/installer']) utils.run_command(['cp', '-aT', '/var/log/installer', target_logs])
try: try:
with open('/target/var/log/installer/installer-journal.txt', with open(os.path.join(target_logs,
'w') as output: 'installer-journal.txt'), 'w') as output:
utils.run_command( utils.run_command(
['journalctl'], ['journalctl'],
stdout=output, stderr=subprocess.STDOUT) stdout=output, stderr=subprocess.STDOUT)

40
subiquity/models/installpath.py
View File

@ -14,6 +14,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging import logging
import os
log = logging.getLogger("subiquity.models.installpath") log = logging.getLogger("subiquity.models.installpath")
@ -30,7 +31,8 @@ class InstallpathModel(object):
# update() is not run, upon selecting the default choice... # update() is not run, upon selecting the default choice...
curtin = {} curtin = {}
def __init__(self, sources=None): def __init__(self, target, sources=None):
self.target = target
self.cmdline_sources = sources self.cmdline_sources = sources
if sources: if sources:
self.path = 'cmdline' self.path = 'cmdline'
@ -58,6 +60,10 @@ class InstallpathModel(object):
def update(self, results): def update(self, results):
self.curtin = {} self.curtin = {}
def t(path):
return os.path.join(self.target, path)
if self.path == 'maas_region': if self.path == 'maas_region':
self.curtin['debconf_selections'] = { self.curtin['debconf_selections'] = {
'maas-username': ('maas-region-controller maas/username ' 'maas-username': ('maas-region-controller maas/username '
@ -69,8 +75,8 @@ class InstallpathModel(object):
# Maintainer scripts cache results, from config files, if they # Maintainer scripts cache results, from config files, if they
# exist. These shouldn't exist, since this was fixed in # exist. These shouldn't exist, since this was fixed in
# livecd-rootfs but remove these, just to be sure. # livecd-rootfs but remove these, just to be sure.
'900-maas': ['rm', '-f', '/target/etc/maas/rackd.conf'], '900-maas': ['rm', '-f', t('etc/maas/rackd.conf')],
'901-maas': ['rm', '-f', '/target/etc/maas/region.conf'], '901-maas': ['rm', '-f', t('etc/maas/region.conf')],
# All the crazy things are workarounds for maas maintainer # All the crazy things are workarounds for maas maintainer
# scripts deficiencies see: # scripts deficiencies see:
# LP: #1766209 # LP: #1766209
@ -92,34 +98,34 @@ class InstallpathModel(object):
# and invoke-rc.d --force to not faill and a running postgresql # and invoke-rc.d --force to not faill and a running postgresql
# is needed, to change the role password and to create an admin # is needed, to change the role password and to create an admin
# user. # user.
'904-maas': ['mount', '-o', 'bind', '/proc', '/target/proc'], '904-maas': ['mount', '-o', 'bind', '/proc', t('proc')],
'905-maas': ['mount', '-o', 'bind', '/sys', '/target/sys'], '905-maas': ['mount', '-o', 'bind', '/sys', t('sys')],
'906-maas': ['mount', '-o', 'bind', '/dev', '/target/dev'], '906-maas': ['mount', '-o', 'bind', '/dev', t('dev')],
'907-maas': ['mount', '-o', 'bind', '/target/bin/true', '907-maas': ['mount', '-o', 'bind', t('bin/true'),
'/target/usr/sbin/invoke-rc.d'], t('usr/sbin/invoke-rc.d')],
'908-maas': ['chroot', '/target', 'sh', '-c', '908-maas': ['chroot', self.target, 'sh', '-c',
'pg_ctlcluster --skip-systemctl-redirect ' 'pg_ctlcluster --skip-systemctl-redirect '
'$(/bin/ls /var/lib/postgresql/) main start'], '$(/bin/ls /var/lib/postgresql/) main start'],
# These are called like this, because reconfigure doesn't # These are called like this, because reconfigure doesn't
# create nor change an admin user account, nor regens the # create nor change an admin user account, nor regens the
# semi-autogenerated maas-url # semi-autogenerated maas-url
'909-maas': '909-maas':
['chroot', '/target', 'sh', '-c', ( ['chroot', self.target, 'sh', '-c', (
'debconf -fnoninteractive -omaas-region-controller ' 'debconf -fnoninteractive -omaas-region-controller '
'/var/lib/dpkg/info/maas-region-controller.config ' '/var/lib/dpkg/info/maas-region-controller.config '
'configure')], 'configure')],
'910-maas': '910-maas':
['chroot', '/target', 'sh', '-c', ( ['chroot', self.target, 'sh', '-c', (
'debconf -fnoninteractive -omaas-region-controller ' 'debconf -fnoninteractive -omaas-region-controller '
'/var/lib/dpkg/info/maas-region-controller.postinst ' '/var/lib/dpkg/info/maas-region-controller.postinst '
'configure')], 'configure')],
'911-maas': ['chroot', '/target', 'sh', '-c', ( '911-maas': ['chroot', self.target, 'sh', '-c', (
'pg_ctlcluster --skip-systemctl-redirect ' 'pg_ctlcluster --skip-systemctl-redirect '
'$(/bin/ls /var/lib/postgresql/) main stop')], '$(/bin/ls /var/lib/postgresql/) main stop')],
'912-maas': ['umount', '/target/usr/sbin/invoke-rc.d'], '912-maas': ['umount', t('usr/sbin/invoke-rc.d')],
'913-maas': ['umount', '/target/dev'], '913-maas': ['umount', t('dev')],
'914-maas': ['umount', '/target/sys'], '914-maas': ['umount', t('sys')],
'915-maas': ['umount', '/target/proc'], '915-maas': ['umount', t('proc')],
} }
elif self.path == 'maas_rack': elif self.path == 'maas_rack':
self.curtin['debconf_selections'] = { self.curtin['debconf_selections'] = {
@ -131,7 +137,7 @@ class InstallpathModel(object):
'password %s' % results['secret']), 'password %s' % results['secret']),
} }
self.curtin['late_commands'] = { self.curtin['late_commands'] = {
'90-maas': ['rm', '-f', '/target/etc/maas/rackd.conf'], '90-maas': ['rm', '-f', t('etc/maas/rackd.conf')],
'91-maas': ['curtin', 'in-target', '--', 'maas-rack', '91-maas': ['curtin', 'in-target', '--', 'maas-rack',
'config', '--init'], 'config', '--init'],
# maas-rack-controller is broken, and does db_input & go on # maas-rack-controller is broken, and does db_input & go on

33
subiquity/models/subiquity.py
View File

@ -20,6 +20,7 @@ import yaml
from subiquitycore.models.identity import IdentityModel from subiquitycore.models.identity import IdentityModel
from subiquitycore.models.network import NetworkModel from subiquitycore.models.network import NetworkModel
from subiquitycore.utils import run_command
from .filesystem import FilesystemModel from .filesystem import FilesystemModel
from .installpath import InstallpathModel from .installpath import InstallpathModel
@ -44,13 +45,19 @@ setup_yaml()
class SubiquityModel: class SubiquityModel:
"""The overall model for subiquity.""" """The overall model for subiquity."""
target = '/target'
def __init__(self, common): def __init__(self, common):
root = '/' root = '/'
if common['opts'].dry_run: self.opts = common['opts']
if self.opts.dry_run:
root = os.path.abspath(".subiquity") root = os.path.abspath(".subiquity")
self.target = root
self.locale = LocaleModel(common['signal']) self.locale = LocaleModel(common['signal'])
self.keyboard = KeyboardModel(root) self.keyboard = KeyboardModel(root)
self.installpath = InstallpathModel(sources=common['opts'].sources) self.installpath = InstallpathModel(
target=self.target,
sources=common['opts'].sources)
self.network = NetworkModel(support_wlan=False) self.network = NetworkModel(support_wlan=False)
self.filesystem = FilesystemModel(common['prober']) self.filesystem = FilesystemModel(common['prober'])
self.identity = IdentityModel() self.identity = IdentityModel()
@ -58,16 +65,28 @@ class SubiquityModel:
self.mirror = MirrorModel() self.mirror = MirrorModel()
self.snaplist = SnapListModel() self.snaplist = SnapListModel()
def get_target_groups(self):
command = ['chroot', self.target, 'getent', 'group']
if self.opts.dry_run:
del command[:2]
cp = run_command(command, check=True)
groups = set()
for line in cp.stdout.splitlines():
groups.add(line.split(':')[0])
return groups
def _cloud_init_config(self): def _cloud_init_config(self):
user = self.identity.user user = self.identity.user
users_and_groups_path = ( users_and_groups_path = (
os.path.join(os.environ.get("SNAP", "/does-not-exist"), os.path.join(os.environ.get("SNAP", "."),
"users-and-groups")) "users-and-groups"))
if os.path.exists(users_and_groups_path): if os.path.exists(users_and_groups_path):
groups = open(users_and_groups_path).read().split() groups = open(users_and_groups_path).read().split()
else: else:
groups = ['admin'] groups = ['admin']
groups.append('sudo') groups.append('sudo')
groups = [group for group in groups
if group in self.get_target_groups()]
user_info = { user_info = {
'name': user.username, 'name': user.username,
'gecos': user.realname, 'gecos': user.realname,
@ -114,14 +133,14 @@ class SubiquityModel:
('etc/cloud/ds-identify.cfg', 'policy: enabled\n'), ('etc/cloud/ds-identify.cfg', 'policy: enabled\n'),
] ]
def configure_cloud_init(self, target): def configure_cloud_init(self):
for path, content in self._cloud_init_files(): for path, content in self._cloud_init_files():
path = os.path.join(target, path) path = os.path.join(self.target, path)
os.makedirs(os.path.dirname(path), exist_ok=True) os.makedirs(os.path.dirname(path), exist_ok=True)
with open(path, 'w') as fp: with open(path, 'w') as fp:
fp.write(content) fp.write(content)
def render(self, target, syslog_identifier): def render(self, syslog_identifier):
config = { config = {
'apt': { 'apt': {
'http_proxy': self.proxy.proxy, 'http_proxy': self.proxy.proxy,
@ -132,7 +151,7 @@ class SubiquityModel:
}, },
'install': { 'install': {
'target': target, 'target': self.target,
'unmount': 'disabled', 'unmount': 'disabled',
'save_install_config': 'save_install_config':
'/var/log/installer/curtin-install-cfg.yaml', '/var/log/installer/curtin-install-cfg.yaml',

1
users-and-groups Normal file
View File

@ -0,0 +1 @@
adm cdrom dip lpadmin plugdev sambashare debian-tor libvirtd lxd