From 22bad99dc00df153aaefe3b5445116b142294504 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 16 Nov 2017 14:17:33 -0400 Subject: Debootstrap.built now supports bootstrapping chroots for foreign OS's This commit was sponsored by Ethan Aubin. --- propellor.cabal | 1 + 1 file changed, 1 insertion(+) (limited to 'propellor.cabal') diff --git a/propellor.cabal b/propellor.cabal index ed9f6bf1..ec3dec32 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -141,6 +141,7 @@ Library Propellor.Property.Postfix Propellor.Property.PropellorRepo Propellor.Property.Prosody + Propellor.Property.Qemu Propellor.Property.Reboot Propellor.Property.Restic Propellor.Property.Rsync -- cgit v1.3-2-g0d8e From 540faf8215f8c38e1c6f8da4d82776986eea62a6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 16 Nov 2017 15:51:21 -0400 Subject: flash-kernel support Can be used to create disk images for arm boards using flash-kernel. This commit was sponsored by Ewen McNeill. --- debian/changelog | 2 ++ joeyconfig.hs | 9 +++++---- propellor.cabal | 1 + src/Propellor/Property/DiskImage.hs | 1 + src/Propellor/Property/FlashKernel.hs | 27 +++++++++++++++++++++++++++ src/Propellor/Types/Bootloader.hs | 4 +++- 6 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 src/Propellor/Property/FlashKernel.hs (limited to 'propellor.cabal') diff --git a/debian/changelog b/debian/changelog index a0290cf4..97beb619 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,8 @@ propellor (4.9.1) UNRELEASED; urgency=medium * Debootstrap.built now supports bootstrapping chroots for foreign OS's, using qemu-user-static. * Qemu: New module. + * FlashKernel: New module, can be used to create disk images for arm + boards using flash-kernel. -- Joey Hess Thu, 02 Nov 2017 10:28:44 -0400 diff --git a/joeyconfig.hs b/joeyconfig.hs index ad0ce700..31570f45 100644 --- a/joeyconfig.hs +++ b/joeyconfig.hs @@ -24,6 +24,7 @@ import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Apache as Apache import qualified Propellor.Property.LetsEncrypt as LetsEncrypt import qualified Propellor.Property.Grub as Grub +import qualified Propellor.Property.FlashKernel as FlashKernel import qualified Propellor.Property.Borg as Borg import qualified Propellor.Property.Gpg as Gpg import qualified Propellor.Property.Systemd as Systemd @@ -94,16 +95,16 @@ darkstar = host "darkstar.kitenet.net" $ props & Ssh.userKeys (User "joey") hostContext [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1YoyHxZwG5Eg0yiMTJLSWJ/+dMM6zZkZiR4JJ0iUfP+tT2bm/lxYompbSqBeiCq+PYcSC67mALxp1vfmdOV//LWlbXfotpxtyxbdTcQbHhdz4num9rJQz1tjsOsxTEheX5jKirFNC5OiKhqwIuNydKWDS9qHGqsKcZQ8p+n1g9Lr3nJVGY7eRRXzw/HopTpwmGmAmb9IXY6DC2k91KReRZAlOrk0287LaK3eCe1z0bu7LYzqqS+w99iXZ/Qs0m9OqAPnHZjWQQ0fN4xn5JQpZSJ7sqO38TBAimM+IHPmy2FTNVVn9zGM+vN1O2xr3l796QmaUG1+XLL0shfR/OZbb joey@darkstar") ] - & imageBuilt (VirtualBoxPointer "/srv/test.vmdk") mychroot MSDOS + & imageBuilt (RawDiskImage "/srv/test.img") mychroot MSDOS [ partition EXT2 `mountedAt` "/boot" , partition EXT4 `mountedAt` "/" , swapPartition (MegaBytes 256) ] where mychroot d = debootstrapped mempty d $ props - & osDebian Unstable X86_64 - & Apt.installed ["linux-image-amd64"] - & Grub.installed PC + & osDebian Unstable ARMHF + & Apt.installed ["linux-image-armmp", "u-boot"] + & FlashKernel.installed "Olimex A10-OLinuXino-LIME" gnu :: Host gnu = host "gnu.kitenet.net" $ props diff --git a/propellor.cabal b/propellor.cabal index ec3dec32..b08c81c9 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -111,6 +111,7 @@ Library Propellor.Property.File Propellor.Property.Firejail Propellor.Property.Firewall + Propellor.Property.FlashKernel Propellor.Property.FreeBSD Propellor.Property.FreeBSD.Pkg Propellor.Property.FreeBSD.Poudriere diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs index 6c1a572c..7493dd21 100644 --- a/src/Propellor/Property/DiskImage.hs +++ b/src/Propellor/Property/DiskImage.hs @@ -192,6 +192,7 @@ imageBuilt' rebuild img mkchroot tabletype partspec = -- installed. final = case fromInfo (containerInfo chroot) of [GrubInstalled] -> grubBooted + [FlashKernelInstalled] -> \_ _ -> doNothing [] -> unbootable "no bootloader is installed" _ -> unbootable "multiple bootloaders are installed; don't know which to use" diff --git a/src/Propellor/Property/FlashKernel.hs b/src/Propellor/Property/FlashKernel.hs new file mode 100644 index 00000000..7aa8420b --- /dev/null +++ b/src/Propellor/Property/FlashKernel.hs @@ -0,0 +1,27 @@ +-- | Make ARM systems bootable using Debian's flash-kernel package. + +module Propellor.Property.FlashKernel where + +import Propellor.Base +import qualified Propellor.Property.File as File +import qualified Propellor.Property.Apt as Apt +import Propellor.Types.Bootloader +import Propellor.Types.Info + +-- | A machine name, such as "Cubietech Cubietruck" or "Olimex A10-OLinuXino-LIME" +-- +-- flash-kernel supports many different machines, +-- see its file /usr/share/flash-kernel/db/all.db for a list. +type Machine = String + +-- | Uses flash-kernel to make a machine bootable. +-- +-- Before using this, an appropriate kernel needs to already be installed, +-- and on many machines, u-boot needs to be installed too. +installed :: Machine -> Property (HasInfo + DebianLike) +installed machine = setInfoProperty go (toInfo [FlashKernelInstalled]) + where + go = "/etc/flash-kernel/machine" `File.hasContent` [machine] + `onChange` (cmdProperty "flash-kernel" [] `assume` MadeChange) + `requires` File.dirExists "/etc/flash-kernel" + `requires` Apt.installed ["flash-kernel"] diff --git a/src/Propellor/Types/Bootloader.hs b/src/Propellor/Types/Bootloader.hs index 4a75503a..9822d520 100644 --- a/src/Propellor/Types/Bootloader.hs +++ b/src/Propellor/Types/Bootloader.hs @@ -5,7 +5,9 @@ module Propellor.Types.Bootloader where import Propellor.Types.Info -- | Boot loader installed on a host. -data BootloaderInstalled = GrubInstalled +data BootloaderInstalled + = GrubInstalled + | FlashKernelInstalled deriving (Typeable, Show) instance IsInfo [BootloaderInstalled] where -- cgit v1.3-2-g0d8e From b02c4a932d96d0beef364aa5db47106bd0414005 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 16 Nov 2017 16:16:32 -0400 Subject: Machine: New module Machine-specific properties for ARM boards are being collected here See http://linux-sunxi.org/Mainline_Debian_HowTo and https://wiki.debian.org/InstallingDebianOn/Allwinner and https://wiki.debian.org/DebianKernel/ARMMP Currently has 2 arm boards that I use. This commit was sponsored by Anthony DeRobertis on Patreon. --- debian/changelog | 4 +++- propellor.cabal | 1 + src/Propellor/Property/Machine.hs | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 src/Propellor/Property/Machine.hs (limited to 'propellor.cabal') diff --git a/debian/changelog b/debian/changelog index 97beb619..d6be2ca7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,8 +10,10 @@ propellor (4.9.1) UNRELEASED; urgency=medium * Debootstrap.built now supports bootstrapping chroots for foreign OS's, using qemu-user-static. * Qemu: New module. - * FlashKernel: New module, can be used to create disk images for arm + * FlashKernel: New module, can be used to create disk images for ARM boards using flash-kernel. + * Machine: New module, machine-specific properties for ARM boards are + being collected here. -- Joey Hess Thu, 02 Nov 2017 10:28:44 -0400 diff --git a/propellor.cabal b/propellor.cabal index b08c81c9..51640658 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -129,6 +129,7 @@ Library Propellor.Property.Locale Propellor.Property.Logcheck Propellor.Property.Lvm + Propellor.Property.Machine Propellor.Property.Mount Propellor.Property.Network Propellor.Property.Nginx diff --git a/src/Propellor/Property/Machine.hs b/src/Propellor/Property/Machine.hs new file mode 100644 index 00000000..61a77492 --- /dev/null +++ b/src/Propellor/Property/Machine.hs @@ -0,0 +1,37 @@ +-- | Machine-specific properties. +-- +-- Many embedded computers have their own special configuration needed +-- to use them. Rather than needing to hunt down documentation about the +-- kernel, bootloader, etc needed by a given board, if there's a property +-- in here for your board, you can simply use it. + +module Propellor.Property.Machine ( + -- * ARM boards + Olimex_A10_OLinuXino_LIME, + Cubietech Cubietruck +) + +-- | Olimex A10-OLinuXino-LIME +Olimex_A10_OLinuXino_LIME :: Property (HasInfo + DebianLike) +Olimex_A10_OLinuXino_LIME = FlashKernel.installed "Olimex A10-OLinuXino-LIME" + `requires` sunixi + `requires` armmp + +-- | Cubietech Cubietruck +Cubietech_Cubietruck :: Property (HasInfo + DebianLike) +Cubietech_Cubietruck = FlashKernel.installed "Cubietech Cubietruck" + `requires` sunixi + `requires` lpae + +sunixi :: Property DebianLike +sunixi = Apt.installed + [ "firmware-linux-free" + , "u-boot" + , "sunxi-tools" + ] + +armmp :: Property DebianLike +armmp = Apt.installed ["linux-image-armmp"] + +lpae :: Property DebianLike +lpae = Apt.installed ["linux-image-armmp-lpae"] -- cgit v1.3-2-g0d8e From cff178de9c0d229574ab884fcca08a41f434e119 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 16 Nov 2017 17:54:47 -0400 Subject: Uboot: New module. Installing u-boot to the boot sector is not needed by some boards (my CubieTruck boots without it), but may be by others. Tricky part was making u-boot be written to a disk image when building one. This commit was sponsored by Jake Vosloo on Patreon. --- debian/changelog | 1 + propellor.cabal | 1 + src/Propellor/Property/DiskImage.hs | 33 ++++++++++++++++++--------------- src/Propellor/Property/Machine.hs | 17 +++++++++-------- src/Propellor/Property/Mount.hs | 20 ++++++++++++-------- src/Propellor/Property/Uboot.hs | 36 ++++++++++++++++++++++++++++++++++++ src/Propellor/Types/Bootloader.hs | 9 ++++++++- 7 files changed, 85 insertions(+), 32 deletions(-) create mode 100644 src/Propellor/Property/Uboot.hs (limited to 'propellor.cabal') diff --git a/debian/changelog b/debian/changelog index d6be2ca7..894c906f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,7 @@ propellor (4.9.1) UNRELEASED; urgency=medium * Qemu: New module. * FlashKernel: New module, can be used to create disk images for ARM boards using flash-kernel. + * Uboot: New module. * Machine: New module, machine-specific properties for ARM boards are being collected here. diff --git a/propellor.cabal b/propellor.cabal index 51640658..239a00e6 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -157,6 +157,7 @@ Library Propellor.Property.Systemd.Core Propellor.Property.Timezone Propellor.Property.Tor + Propellor.Property.Uboot Propellor.Property.Unbound Propellor.Property.User Propellor.Property.Uwsgi diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs index 7493dd21..fe2e60ac 100644 --- a/src/Propellor/Property/DiskImage.hs +++ b/src/Propellor/Property/DiskImage.hs @@ -191,10 +191,14 @@ imageBuilt' rebuild img mkchroot tabletype partspec = -- Pick boot loader finalization based on which bootloader is -- installed. final = case fromInfo (containerInfo chroot) of - [GrubInstalled] -> grubBooted - [FlashKernelInstalled] -> \_ _ -> doNothing [] -> unbootable "no bootloader is installed" - _ -> unbootable "multiple bootloaders are installed; don't know which to use" + l -> case filter ignorablefinal l of + [] -> \_ _ _ -> doNothing + [GrubInstalled] -> grubFinalized + [UbootInstalled p] -> ubootFinalized p + _ -> unbootable "multiple bootloaders are installed; don't know which to use" + ignorablefinal FlashKernelInstalled = True + ignorablefinal _ = False -- | This property is automatically added to the chroot when building a -- disk image. It cleans any caches of information that can be omitted; @@ -229,7 +233,7 @@ imageBuiltFrom img chrootdir tabletype final partspec = mkimg rmimg mkimg' mnts mntopts parttable devs = partitionsPopulated chrootdir mnts mntopts devs `before` - imageFinalized final mnts mntopts devs parttable + imageFinalized final dest mnts mntopts devs parttable rmimg = undoRevertableProperty (buildDiskImage img) `before` undoRevertableProperty (imageExists' dest dummyparttable) dummyparttable = PartTable tabletype [] @@ -352,10 +356,10 @@ imageExists' dest@(RawDiskImage img) parttable = (setup cleanup) `describe` -- -- It's ok if the property leaves additional things mounted -- in the partition tree. -type Finalization = (FilePath -> [LoopDev] -> Property Linux) +type Finalization = (RawDiskImage -> FilePath -> [LoopDev] -> Property Linux) -imageFinalized :: Finalization -> [Maybe MountPoint] -> [MountOpts] -> [LoopDev] -> PartTable -> Property Linux -imageFinalized final mnts mntopts devs (PartTable _ parts) = +imageFinalized :: Finalization -> RawDiskImage -> [Maybe MountPoint] -> [MountOpts] -> [LoopDev] -> PartTable -> Property Linux +imageFinalized final img mnts mntopts devs (PartTable _ parts) = property' "disk image finalized" $ \w -> withTmpDir "mnt" $ \top -> go w top `finally` liftIO (unmountall top) @@ -364,7 +368,7 @@ imageFinalized final mnts mntopts devs (PartTable _ parts) = liftIO $ mountall top liftIO $ writefstab top liftIO $ allowservices top - ensureProperty w $ final top devs + ensureProperty w $ final img top devs -- Ordered lexographically by mount point, so / comes before /usr -- comes before /usr/local @@ -400,18 +404,14 @@ imageFinalized final mnts mntopts devs (PartTable _ parts) = allowservices top = nukeFile (top ++ "/usr/sbin/policy-rc.d") unbootable :: String -> Finalization -unbootable msg = \_ _ -> property desc $ do +unbootable msg = \_ _ _ -> property desc $ do warningMessage (desc ++ ": " ++ msg) return FailedChange where desc = "image is not bootable" --- | Makes grub be the boot loader of the disk image. --- --- This does not install the grub package. You will need to add --- the `Grub.installed` property to the chroot. -grubBooted :: Finalization -grubBooted mnt loopdevs = Grub.bootsMounted mnt wholediskloopdev +grubFinalized :: Finalization +grubFinalized _img mnt loopdevs = Grub.bootsMounted mnt wholediskloopdev `describe` "disk image boots using grub" where -- It doesn't matter which loopdev we use; all @@ -421,6 +421,9 @@ grubBooted mnt loopdevs = Grub.bootsMounted mnt wholediskloopdev (l:_) -> wholeDiskLoopDev l [] -> error "No loop devs provided!" +ubootFinalized :: (FilePath -> FilePath -> Property Linux) -> Finalization +ubootFinalized p (RawDiskImage img) mnt _loopdevs = p img mnt + isChild :: FilePath -> Maybe MountPoint -> Bool isChild mntpt (Just d) | d `equalFilePath` mntpt = False diff --git a/src/Propellor/Property/Machine.hs b/src/Propellor/Property/Machine.hs index 2f356bdd..5f5024df 100644 --- a/src/Propellor/Property/Machine.hs +++ b/src/Propellor/Property/Machine.hs @@ -14,6 +14,7 @@ module Propellor.Property.Machine ( import Propellor.Base import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.FlashKernel as FlashKernel +import qualified Propellor.Property.Uboot as Uboot -- | Cubietech Cubietruck -- @@ -21,21 +22,21 @@ import qualified Propellor.Property.FlashKernel as FlashKernel -- this property. Also, see https://bugs.debian.org/844056 cubietech_Cubietruck :: Property (HasInfo + DebianLike) cubietech_Cubietruck = FlashKernel.installed "Cubietech Cubietruck" - `requires` sunixi + `requires` sunixi "Cubietruck" `requires` lpae -- | Olimex A10-OLinuXino-LIME olimex_A10_OLinuXino_LIME :: Property (HasInfo + DebianLike) olimex_A10_OLinuXino_LIME = FlashKernel.installed "Olimex A10-OLinuXino-LIME" - `requires` sunixi + `requires` sunixi "A10-OLinuXino-Lime" `requires` armmp -sunixi :: Property DebianLike -sunixi = Apt.installed - [ "firmware-linux-free" - , "u-boot" - , "sunxi-tools" - ] +sunixi :: Uboot.BoardName -> Property (HasInfo + DebianLike) +sunixi boardname = Uboot.sunxi boardname + `requires` Apt.installed + [ "firmware-linux-free" + , "sunxi-tools" + ] armmp :: Property DebianLike armmp = Apt.installed ["linux-image-armmp"] diff --git a/src/Propellor/Property/Mount.hs b/src/Propellor/Property/Mount.hs index 2c4d9620..c047161d 100644 --- a/src/Propellor/Property/Mount.hs +++ b/src/Propellor/Property/Mount.hs @@ -90,18 +90,18 @@ mountPointsBelow target = filter (\p -> simplifyPath p /= simplifyPath target) -- | Filesystem type mounted at a given location. getFsType :: MountPoint -> IO (Maybe FsType) -getFsType = findmntField "fstype" +getFsType p = findmntField "fstype" [p] -- | Mount options for the filesystem mounted at a given location. getFsMountOpts :: MountPoint -> IO MountOpts getFsMountOpts p = maybe mempty toMountOpts - <$> findmntField "fs-options" p + <$> findmntField "fs-options" [p] type UUID = String -- | UUID of filesystem mounted at a given location. getMountUUID :: MountPoint -> IO (Maybe UUID) -getMountUUID = findmntField "uuid" +getMountUUID p = findmntField "uuid" [p] -- | UUID of a device getSourceUUID :: Source -> IO (Maybe UUID) @@ -111,7 +111,7 @@ type Label = String -- | Label of filesystem mounted at a given location. getMountLabel :: MountPoint -> IO (Maybe Label) -getMountLabel = findmntField "label" +getMountLabel p = findmntField "label" [p] -- | Label of a device getSourceLabel :: Source -> IO (Maybe UUID) @@ -119,12 +119,16 @@ getSourceLabel = blkidTag "LABEL" -- | Device mounted at a given location. getMountSource :: MountPoint -> IO (Maybe Source) -getMountSource = findmntField "source" +getMountSource p = findmntField "source" [p] -findmntField :: String -> FilePath -> IO (Maybe String) -findmntField field mnt = catchDefaultIO Nothing $ +-- | Device that a given path is located within. +getMountContaining :: FilePath -> IO (Maybe Source) +getMountContaining p = findmntField "source" ["-T", p] + +findmntField :: String -> [String] -> IO (Maybe String) +findmntField field ps = catchDefaultIO Nothing $ headMaybe . filter (not . null) . lines - <$> readProcess "findmnt" ["-n", mnt, "--output", field] + <$> readProcess "findmnt" ("-n" : ps ++ ["--output", field]) blkidTag :: String -> Source -> IO (Maybe String) blkidTag tag dev = catchDefaultIO Nothing $ diff --git a/src/Propellor/Property/Uboot.hs b/src/Propellor/Property/Uboot.hs new file mode 100644 index 00000000..70b4dd68 --- /dev/null +++ b/src/Propellor/Property/Uboot.hs @@ -0,0 +1,36 @@ +module Propellor.Property.Uboot where + +import Propellor.Base +import Propellor.Types.Info +import Propellor.Types.Bootloader +import Propellor.Property.Chroot +import Propellor.Property.Mount +import qualified Propellor.Property.Apt as Apt + +-- | Name of a board. +type BoardName = String + +-- | Installs u-boot for Allwinner/sunxi platforms. +-- +-- This includes writing it to the boot sector. +sunxi :: BoardName -> Property (HasInfo + DebianLike) +sunxi boardname = setInfoProperty (check (not <$> inChroot) go) info + `requires` Apt.installed ["u-boot", "u-boot-sunxi"] + where + go :: Property Linux + go = property' "u-boot installed" $ \w -> do + v <- liftIO $ getMountContaining "/boot" + case v of + Nothing -> error "unable to determine boot device" + Just dev -> ensureProperty w (dd dev "/") + dd :: FilePath -> FilePath -> Property Linux + dd dev prefix = tightenTargets $ cmdProperty "dd" + [ "conv=fsync,notrunc" + , "if=" ++ prefix "/usr/lib/u-boot" + boardname "u-boot-sunxi-with-spl.bin" + , "of=" ++ dev + , "bs=1024" + , "seek=8" + ] + `assume` NoChange + info = toInfo [UbootInstalled dd] diff --git a/src/Propellor/Types/Bootloader.hs b/src/Propellor/Types/Bootloader.hs index 9822d520..fd929d7e 100644 --- a/src/Propellor/Types/Bootloader.hs +++ b/src/Propellor/Types/Bootloader.hs @@ -2,13 +2,20 @@ module Propellor.Types.Bootloader where +import Propellor.Types import Propellor.Types.Info -- | Boot loader installed on a host. data BootloaderInstalled = GrubInstalled | FlashKernelInstalled - deriving (Typeable, Show) + | UbootInstalled (FilePath -> FilePath -> Property Linux) + deriving (Typeable) + +instance Show BootloaderInstalled where + show GrubInstalled = "GrubInstalled" + show FlashKernelInstalled = "FlashKernelInstalled" + show (UbootInstalled _) = "UbootInstalled" instance IsInfo [BootloaderInstalled] where propagateInfo _ = PropagateInfo False -- cgit v1.3-2-g0d8e From 6dae019be9ebed76f282ec3cb258df7bf5891320 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 17 Nov 2017 21:58:39 -0400 Subject: Service: Avoid starting services when noServices is used. Reconsidered making services never run inside chroots, that seemed too potentially limiting. Using Info rather than checking policy-rc.d because it will also work outside of debian, but more because policy-rc.d has an extremely complicated interface and I didn't want to deal with it. This commit was sponsored by Jochen Bartl on Patreon. --- debian/changelog | 8 ++++---- propellor.cabal | 2 +- src/Propellor/Property/Chroot.hs | 22 ---------------------- src/Propellor/Property/DiskImage.hs | 5 +++-- src/Propellor/Property/Service.hs | 33 ++++++++++++++++++++++++++++++++- 5 files changed, 40 insertions(+), 30 deletions(-) (limited to 'propellor.cabal') diff --git a/debian/changelog b/debian/changelog index 78115eb3..f7bc48c3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,13 +1,13 @@ -propellor (4.9.1) UNRELEASED; urgency=medium +propellor (5.0.0) UNRELEASED; urgency=medium * Debootstrap.built now supports bootstrapping chroots for foreign OS's, using qemu-user-static. * Machine: New module collecting machine-specific properties for building bootable images for ARM boards. Tested working boards: Olimex Lime, CubieTruck, Banana Pi, SheevaPlug. - * Service: Changed to use invoke-rc.d rather than the service command for - starting services. This notably means that in chroots, services will - not be started. + * Chroot.noServices moved to Service.noServices and its type changed. + (API change) + * Service: Avoid starting services when noServices is used. * Add Typeable instance to OriginUrl, fixing build with old versions of ghc. * Added Propellor.Property.impossible diff --git a/propellor.cabal b/propellor.cabal index 239a00e6..9bafd2fb 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 4.9.0 +Version: 5.0.0 Cabal-Version: >= 1.20 License: BSD2 Maintainer: Joey Hess diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs index ea8b1407..0dd1f05a 100644 --- a/src/Propellor/Property/Chroot.hs +++ b/src/Propellor/Property/Chroot.hs @@ -9,7 +9,6 @@ module Propellor.Property.Chroot ( ChrootBootstrapper(..), Debootstrapped(..), ChrootTarball(..), - noServices, inChroot, exposeTrueLocaldir, -- * Internal use @@ -32,7 +31,6 @@ import qualified Propellor.Property.Systemd.Core as Systemd import qualified Propellor.Property.File as File import qualified Propellor.Shim as Shim import Propellor.Property.Mount -import Utility.FileMode import Utility.Split import qualified Data.Map as M @@ -257,26 +255,6 @@ mungeloc = replace "/" "_" chrootDesc :: Chroot -> String -> String chrootDesc (Chroot loc _ _ _) desc = "chroot " ++ loc ++ " " ++ desc --- | Adding this property to a chroot prevents daemons and other services --- from being started, which is often something you want to prevent when --- building a chroot. --- --- On Debian, this is accomplished by installing a --- script that does not let any daemons be started by packages that use --- invoke-rc.d. Reverting the property removes the script. --- --- This property has no effect on non-Debian systems. -noServices :: RevertableProperty UnixLike UnixLike -noServices = setup teardown - where - f = "/usr/sbin/policy-rc.d" - script = [ "#!/bin/sh", "exit 101" ] - setup = combineProperties "no services started" $ toProps - [ File.hasContent f script - , File.mode f (combineModes (readModes ++ executeModes)) - ] - teardown = File.notPresent f - -- | Check if propellor is currently running within a chroot. -- -- This allows properties to check and avoid performing actions that diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs index 68b34412..f0e1602e 100644 --- a/src/Propellor/Property/DiskImage.hs +++ b/src/Propellor/Property/DiskImage.hs @@ -24,6 +24,7 @@ import Propellor.Property.Chroot (Chroot) import Propellor.Property.Chroot.Util (removeChroot) import Propellor.Property.Mount import qualified Propellor.Property.Chroot as Chroot +import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Grub as Grub import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt @@ -103,7 +104,7 @@ instance DiskImage VirtualBoxPointer where -- to avoid expensive IO to generate a new one. And, it's updated in-place, -- so its contents are undefined during the build process. -- --- Note that the `Chroot.noServices` property is automatically added to the +-- Note that the `Service.noServices` property is automatically added to the -- chroot while the disk image is being built, which should prevent any -- daemons that are included from being started on the system that is -- building the disk image. @@ -185,7 +186,7 @@ imageBuilt' rebuild img mkchroot tabletype partspec = in setContainerProps c $ containerProps c -- Before ensuring any other properties of the chroot, -- avoid starting services. Reverted by imageFinalized. - &^ Chroot.noServices + &^ Service.noServices & cachesCleaned -- Only propagate privdata Info from this chroot, nothing else. propprivdataonly (Chroot.Chroot d b ip h) = diff --git a/src/Propellor/Property/Service.hs b/src/Propellor/Property/Service.hs index e6a69eb5..0bcfdb93 100644 --- a/src/Propellor/Property/Service.hs +++ b/src/Propellor/Property/Service.hs @@ -1,6 +1,11 @@ +{-# LANGUAGE DeriveDataTypeable #-} + module Propellor.Property.Service where import Propellor.Base +import Propellor.Types.Info +import qualified Propellor.Property.File as File +import Utility.FileMode type ServiceName = String @@ -23,5 +28,31 @@ reloaded = signaled "reload" "reloaded" signaled :: String -> Desc -> ServiceName -> Property DebianLike signaled cmd desc svc = tightenTargets $ p `describe` (desc ++ " " ++ svc) where - p = scriptProperty ["invoke-rc.d " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"] + p = scriptProperty ["service " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"] `assume` NoChange + +-- | This property prevents daemons and other services from being started, +-- which is often something you want to prevent when building a chroot. +-- +-- When this is set, `running` and `restarted` will not start services. +-- +-- On Debian this installs a script to further +-- prevent any packages that get installed from starting daemons. +-- Reverting the property removes the script. +noServices :: RevertableProperty (HasInfo + UnixLike) UnixLike +noServices = (setup `setInfoProperty` toInfo (InfoVal NoServices)) teardown + where + f = "/usr/sbin/policy-rc.d" + script = [ "#!/bin/sh", "exit 101" ] + setup = combineProperties "no services started" $ toProps + [ File.hasContent f script + , File.mode f (combineModes (readModes ++ executeModes)) + ] + teardown = File.notPresent f + +-- | Check if the noServices property is in effect. +checkNoServices :: Propellor Bool +checkNoServices = isJust . fromInfoVal + <$> (askInfo :: Propellor (InfoVal NoServices)) + +data NoServices = NoServices deriving (Eq, Show, Typeable) -- cgit v1.3-2-g0d8e