diff options
| author | Joey Hess <joeyh@joeyh.name> | 2015-11-17 15:22:29 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-11-17 15:22:29 -0400 |
| commit | b75db5ae653b7b87859e582528df9b03aa5366f1 (patch) | |
| tree | a7662a19f733ae044ef5ffe083d41b32ba4a488d /src/Propellor/Property/DiskImage.hs | |
| parent | d796284d8bb483a89bf3d65d198a890a62090d96 (diff) | |
DiskImage creation automatically uses Chroot.noServices.
Diffstat (limited to 'src/Propellor/Property/DiskImage.hs')
| -rw-r--r-- | src/Propellor/Property/DiskImage.hs | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs index 5b8619ba..4878c365 100644 --- a/src/Propellor/Property/DiskImage.hs +++ b/src/Propellor/Property/DiskImage.hs @@ -1,8 +1,6 @@ -- | Disk image generation. -- -- This module is designed to be imported unqualified. --- --- TODO avoid starting services while populating chroot and running final module Propellor.Property.DiskImage ( -- * Partition specification @@ -69,6 +67,11 @@ type DiskImage = FilePath -- Note that the disk image file is reused if it already exists, -- to avoid expensive IO to generate a new one. And, it's updated in-place, -- so its contents are undefined during the build process. +-- +-- Note that the `Chroot.noServices` property is automatically added to the +-- chroot while the disk image is being built, which should prevent any +-- daemons that are included from being started on the system that is +-- building the disk image. imageBuilt :: DiskImage -> (FilePath -> Chroot) -> TableType -> Finalization -> [PartSpec] -> RevertableProperty HasInfo imageBuilt = imageBuilt' False @@ -93,6 +96,9 @@ imageBuilt' rebuild img mkchroot tabletype final partspec = | otherwise = doNothing chrootdir = img ++ ".chroot" chroot = mkchroot chrootdir + -- Before ensuring any other properties of the chroot, avoid + -- starting services. Reverted by imageFinalized. + &^ Chroot.noServices -- First stage finalization. & fst final -- Avoid wasting disk image space on the apt cache @@ -227,6 +233,7 @@ imageFinalized (_, final) mnts mntopts devs (PartTable _ parts) = go top = do liftIO $ mountall top liftIO $ writefstab top + liftIO $ allowservices top ensureProperty $ final top devs -- Ordered lexographically by mount point, so / comes before /usr @@ -260,6 +267,8 @@ imageFinalized (_, final) mnts mntopts devs (PartTable _ parts) = -- Eg "UNCONFIGURED FSTAB FOR BASE SYSTEM" unconfigured s = "UNCONFIGURED" `isInfixOf` s + allowservices top = nukeFile (top ++ "/usr/sbin/policy-rc.d") + noFinalization :: Finalization noFinalization = (doNothing, \_ _ -> doNothing) |