Move remaining assembly privilege paths behind scripts
This commit is contained in:
+7
-3
@@ -301,6 +301,9 @@ Current progress:
|
||||
- install-time storage layout application is now executed as a rendered
|
||||
privileged helper script under that policy instead of many scattered host-side
|
||||
privileged calls
|
||||
- remaining image resize and raw-file install attach/detach paths now also run
|
||||
through dedicated assembly privileged helper scripts, further shrinking the
|
||||
host-side privileged call surface
|
||||
- network is disabled by default in these jailed paths
|
||||
- union assembly mounts are now much smaller and omit host `/etc` and `devfs`
|
||||
- direct block-device `system install` is now an explicit opt-in under the
|
||||
@@ -308,9 +311,10 @@ Current progress:
|
||||
|
||||
Next likely steps:
|
||||
|
||||
- keep shrinking the privileged surface for image / installer / ISO assembly
|
||||
- decide whether some remaining host-side image construction steps should move
|
||||
behind a more explicit dedicated privileged helper or runner
|
||||
- keep pushing filesystem/image construction toward file-backed or jailed helper
|
||||
paths where practical
|
||||
- decide whether any remaining assembly-time host assumptions should move behind
|
||||
an even narrower dedicated helper or runner boundary
|
||||
|
||||
## Runtime / development / build separation
|
||||
|
||||
|
||||
@@ -1065,9 +1065,9 @@
|
||||
(installer-root-partition-label . ,installer-root-partition-label)
|
||||
(target-install . ,target-install-spec))))
|
||||
|
||||
(define image-builder-version "5")
|
||||
(define image-builder-version "6")
|
||||
(define install-builder-version "5")
|
||||
(define installer-image-builder-version "6")
|
||||
(define installer-image-builder-version "7")
|
||||
(define installer-iso-builder-version "7")
|
||||
|
||||
(define* (operating-system-install-storage-layout os
|
||||
@@ -1431,22 +1431,24 @@
|
||||
|
||||
(define* (resize-gpt-image image disk-capacity
|
||||
#:key
|
||||
(privileged-policy (default-assembly-privileged-policy)))
|
||||
(privileged-policy (default-assembly-privileged-policy))
|
||||
metadata-file)
|
||||
(when disk-capacity
|
||||
(run-command "truncate" "-s" disk-capacity image)
|
||||
(let ((md (assembly-privileged-command-output privileged-policy
|
||||
'mdconfig-attach
|
||||
"mdconfig" "-a" "-t" "vnode" "-f" image)))
|
||||
(dynamic-wind
|
||||
(lambda () #t)
|
||||
(lambda ()
|
||||
(run-assembly-privileged-command privileged-policy
|
||||
'gpart-recover
|
||||
"gpart" "recover" (string-append "/dev/" md)))
|
||||
(lambda ()
|
||||
(run-assembly-privileged-command privileged-policy
|
||||
'mdconfig-detach
|
||||
"mdconfig" "-d" "-u" (string-drop md 2)))))))
|
||||
(run-assembly-privileged-script
|
||||
privileged-policy
|
||||
"fruix-image-resize"
|
||||
(string-append
|
||||
"#!/bin/sh\n"
|
||||
"set -eu\n"
|
||||
"md=$(mdconfig -a -t vnode -f " (shell-quote image) ")\n"
|
||||
"cleanup() {\n"
|
||||
" mdconfig -d -u \"${md#md}\" >/dev/null 2>&1 || true\n"
|
||||
"}\n"
|
||||
"trap cleanup EXIT\n"
|
||||
"gpart recover \"/dev/${md}\"\n")
|
||||
#:operations '(mdconfig-attach gpart-recover mdconfig-detach)
|
||||
#:metadata-file metadata-file)))
|
||||
|
||||
(define* (install-operating-system os
|
||||
#:key
|
||||
@@ -1506,15 +1508,19 @@
|
||||
(staging-metadata-relative-root "/var/lib/fruix/system/install/metadata")
|
||||
(assembly-privileged-policy-path
|
||||
(string-append staging-metadata-relative-root "/assembly-privileged-policy.scm"))
|
||||
(raw-target-attach-metadata-path
|
||||
(string-append staging-metadata-relative-root "/raw-target-attach.scm"))
|
||||
(rootfs-populate-metadata-path (string-append staging-metadata-relative-root "/rootfs-populate.scm"))
|
||||
(storage-apply-metadata-path (string-append staging-metadata-relative-root "/storage-apply.scm"))
|
||||
(rootfs-copy-metadata-path (string-append staging-metadata-relative-root "/rootfs-copy.scm"))
|
||||
(store-copy-metadata-path (string-append staging-metadata-relative-root "/store-copy.scm"))
|
||||
(assembly-privileged-policy-file (string-append rootfs assembly-privileged-policy-path))
|
||||
(rootfs-populate-metadata-file (string-append rootfs rootfs-populate-metadata-path))
|
||||
(raw-target-attach-metadata-temp-file (string-append build-root "/raw-target-attach.scm"))
|
||||
(storage-apply-metadata-temp-file (string-append build-root "/storage-apply.scm"))
|
||||
(rootfs-copy-metadata-temp-file (string-append build-root "/rootfs-copy.scm"))
|
||||
(store-copy-metadata-temp-file (string-append build-root "/store-copy.scm"))
|
||||
(target-md-file (string-append build-root "/target.md"))
|
||||
(target-device #f)
|
||||
(target-md #f)
|
||||
(effective-storage-layout #f)
|
||||
@@ -1539,11 +1545,24 @@
|
||||
(mkdir-p (dirname target))
|
||||
(delete-path-if-exists target)
|
||||
(run-command "truncate" "-s" disk-capacity target)
|
||||
(let ((md (assembly-privileged-command-output privileged-policy
|
||||
'mdconfig-attach
|
||||
"mdconfig" "-a" "-t" "vnode" "-f" target)))
|
||||
(set! target-md md)
|
||||
(set! target-device (string-append "/dev/" md))))
|
||||
(run-assembly-privileged-script
|
||||
privileged-policy
|
||||
"fruix-install-target-attach"
|
||||
(string-append
|
||||
"#!/bin/sh\n"
|
||||
"set -eu\n"
|
||||
"md=$(mdconfig -a -t vnode -f " (shell-quote target) ")\n"
|
||||
"printf '%s\\n' \"$md\" > " (shell-quote target-md-file) "\n")
|
||||
#:operations '(mdconfig-attach)
|
||||
#:metadata-file raw-target-attach-metadata-temp-file)
|
||||
(let ((md-lines (read-lines target-md-file)))
|
||||
(unless (pair? md-lines)
|
||||
(error "raw-file target attach helper did not record md device"
|
||||
target
|
||||
target-md-file))
|
||||
(let ((md (car md-lines)))
|
||||
(set! target-md md)
|
||||
(set! target-device (string-append "/dev/" md)))))
|
||||
((block-device)
|
||||
(set! target-device target)))
|
||||
(set! effective-storage-layout
|
||||
@@ -1554,6 +1573,9 @@
|
||||
#:privileged-policy privileged-policy
|
||||
#:metadata-file storage-apply-metadata-temp-file)
|
||||
'plan))
|
||||
(install-metadata-file-into-mounted-root privileged-policy
|
||||
raw-target-attach-metadata-temp-file
|
||||
(string-append mnt-root raw-target-attach-metadata-path))
|
||||
(install-metadata-file-into-mounted-root privileged-policy
|
||||
storage-apply-metadata-temp-file
|
||||
(string-append mnt-root storage-apply-metadata-path))
|
||||
@@ -1609,6 +1631,8 @@
|
||||
(realized-storage-layout . ,(realized-freebsd-storage-layout storage-plan))
|
||||
(install-metadata-path . ,install-metadata-relative-path)
|
||||
(assembly-privileged-policy-path . ,assembly-privileged-policy-path)
|
||||
(raw-target-attach-metadata-path . ,(and (eq? target-kind 'raw-file)
|
||||
raw-target-attach-metadata-path))
|
||||
(rootfs-populate-metadata-path . ,rootfs-populate-metadata-path)
|
||||
(storage-apply-metadata-path . ,storage-apply-metadata-path)
|
||||
(rootfs-copy-metadata-path . ,rootfs-copy-metadata-path)
|
||||
@@ -1707,6 +1731,7 @@
|
||||
(assembly-privileged-policy-file
|
||||
(string-append image-store-path "/metadata/assembly-privileged-policy.scm"))
|
||||
(rootfs-populate-metadata-file (string-append image-store-path "/metadata/rootfs-populate.scm"))
|
||||
(image-resize-metadata-file (string-append image-store-path "/metadata/image-resize.scm"))
|
||||
(image-rootfs-copy-metadata-file (string-append image-store-path "/metadata/image-rootfs-copy.scm"))
|
||||
(store-copy-metadata-file (string-append image-store-path "/metadata/store-copy.scm")))
|
||||
(unless (file-exists? image-store-path)
|
||||
@@ -1721,6 +1746,7 @@
|
||||
(assembly-privileged-policy-temp-file
|
||||
(string-append temp-output "/metadata/assembly-privileged-policy.scm"))
|
||||
(rootfs-populate-metadata-temp-file (string-append temp-output "/metadata/rootfs-populate.scm"))
|
||||
(image-resize-metadata-temp-file (string-append temp-output "/metadata/image-resize.scm"))
|
||||
(image-rootfs-copy-metadata-temp-file (string-append temp-output "/metadata/image-rootfs-copy.scm"))
|
||||
(store-copy-metadata-temp-file (string-append temp-output "/metadata/store-copy.scm")))
|
||||
(dynamic-wind
|
||||
@@ -1759,7 +1785,8 @@
|
||||
"-p" (string-append "freebsd-ufs/" root-partition-label ":=" temp-root)
|
||||
"-o" temp-disk)
|
||||
(resize-gpt-image temp-disk disk-capacity
|
||||
#:privileged-policy privileged-policy)
|
||||
#:privileged-policy privileged-policy
|
||||
#:metadata-file image-resize-metadata-temp-file)
|
||||
(mkdir-p temp-output)
|
||||
(write-assembly-privileged-policy-file assembly-privileged-policy-temp-file
|
||||
privileged-policy)
|
||||
@@ -1783,6 +1810,7 @@
|
||||
(string-append temp-output "/.fruix-package")
|
||||
assembly-privileged-policy-temp-file
|
||||
rootfs-populate-metadata-temp-file
|
||||
image-resize-metadata-temp-file
|
||||
image-rootfs-copy-metadata-temp-file
|
||||
store-copy-metadata-temp-file)))
|
||||
(rename-file temp-output image-store-path))
|
||||
@@ -1795,6 +1823,7 @@
|
||||
(root-image . ,root-image)
|
||||
(assembly-privileged-policy-file . ,assembly-privileged-policy-file)
|
||||
(rootfs-populate-metadata-file . ,rootfs-populate-metadata-file)
|
||||
(image-resize-metadata-file . ,image-resize-metadata-file)
|
||||
(image-rootfs-copy-metadata-file . ,image-rootfs-copy-metadata-file)
|
||||
(store-copy-metadata-file . ,store-copy-metadata-file)
|
||||
(closure-path . ,closure-path)
|
||||
@@ -1914,6 +1943,8 @@
|
||||
(string-append image-store-path "/metadata/installer-rootfs-populate.scm"))
|
||||
(target-rootfs-populate-metadata-file
|
||||
(string-append image-store-path "/metadata/target-rootfs-populate.scm"))
|
||||
(image-resize-metadata-file
|
||||
(string-append image-store-path "/metadata/image-resize.scm"))
|
||||
(installer-rootfs-copy-metadata-file
|
||||
(string-append image-store-path "/metadata/installer-rootfs-copy.scm"))
|
||||
(target-rootfs-copy-metadata-file
|
||||
@@ -1937,6 +1968,8 @@
|
||||
(string-append temp-output "/metadata/installer-rootfs-populate.scm"))
|
||||
(target-rootfs-populate-metadata-temp-file
|
||||
(string-append temp-output "/metadata/target-rootfs-populate.scm"))
|
||||
(image-resize-metadata-temp-file
|
||||
(string-append temp-output "/metadata/image-resize.scm"))
|
||||
(installer-rootfs-copy-metadata-temp-file
|
||||
(string-append temp-output "/metadata/installer-rootfs-copy.scm"))
|
||||
(target-rootfs-copy-metadata-temp-file
|
||||
@@ -2010,7 +2043,8 @@
|
||||
"-p" (string-append "freebsd-ufs/" installer-root-partition-label ":=" temp-root)
|
||||
"-o" temp-disk)
|
||||
(resize-gpt-image temp-disk disk-capacity
|
||||
#:privileged-policy privileged-policy)
|
||||
#:privileged-policy privileged-policy
|
||||
#:metadata-file image-resize-metadata-temp-file)
|
||||
(mkdir-p temp-output)
|
||||
(write-assembly-privileged-policy-file assembly-privileged-policy-temp-file
|
||||
privileged-policy)
|
||||
@@ -2039,6 +2073,7 @@
|
||||
assembly-privileged-policy-temp-file
|
||||
installer-rootfs-populate-metadata-temp-file
|
||||
target-rootfs-populate-metadata-temp-file
|
||||
image-resize-metadata-temp-file
|
||||
installer-rootfs-copy-metadata-temp-file
|
||||
target-rootfs-copy-metadata-temp-file
|
||||
store-copy-metadata-temp-file)))
|
||||
@@ -2053,6 +2088,7 @@
|
||||
(assembly-privileged-policy-file . ,assembly-privileged-policy-file)
|
||||
(installer-rootfs-populate-metadata-file . ,installer-rootfs-populate-metadata-file)
|
||||
(target-rootfs-populate-metadata-file . ,target-rootfs-populate-metadata-file)
|
||||
(image-resize-metadata-file . ,image-resize-metadata-file)
|
||||
(installer-rootfs-copy-metadata-file . ,installer-rootfs-copy-metadata-file)
|
||||
(target-rootfs-copy-metadata-file . ,target-rootfs-copy-metadata-file)
|
||||
(store-copy-metadata-file . ,store-copy-metadata-file)
|
||||
|
||||
@@ -452,6 +452,7 @@ Common options:\n\
|
||||
(root_device . ,(assoc-ref result 'root-device))
|
||||
(install_metadata_path . ,(assoc-ref result 'install-metadata-path))
|
||||
(assembly_privileged_policy_path . ,(assoc-ref result 'assembly-privileged-policy-path))
|
||||
(raw_target_attach_metadata_path . ,(or (assoc-ref result 'raw-target-attach-metadata-path) ""))
|
||||
(rootfs_populate_metadata_path . ,(assoc-ref result 'rootfs-populate-metadata-path))
|
||||
(storage_apply_metadata_path . ,(assoc-ref result 'storage-apply-metadata-path))
|
||||
(rootfs_copy_metadata_path . ,(assoc-ref result 'rootfs-copy-metadata-path))
|
||||
@@ -537,6 +538,7 @@ Common options:\n\
|
||||
(root_image . ,(assoc-ref result 'root-image))
|
||||
(assembly_privileged_policy_file . ,(assoc-ref result 'assembly-privileged-policy-file))
|
||||
(rootfs_populate_metadata_file . ,(assoc-ref result 'rootfs-populate-metadata-file))
|
||||
(image_resize_metadata_file . ,(assoc-ref result 'image-resize-metadata-file))
|
||||
(image_rootfs_copy_metadata_file . ,(assoc-ref result 'image-rootfs-copy-metadata-file))
|
||||
(store_copy_metadata_file . ,(assoc-ref result 'store-copy-metadata-file))
|
||||
(closure_path . ,(assoc-ref result 'closure-path))
|
||||
@@ -605,6 +607,7 @@ Common options:\n\
|
||||
(assembly_privileged_policy_file . ,(assoc-ref result 'assembly-privileged-policy-file))
|
||||
(installer_rootfs_populate_metadata_file . ,(assoc-ref result 'installer-rootfs-populate-metadata-file))
|
||||
(target_rootfs_populate_metadata_file . ,(assoc-ref result 'target-rootfs-populate-metadata-file))
|
||||
(image_resize_metadata_file . ,(assoc-ref result 'image-resize-metadata-file))
|
||||
(installer_rootfs_copy_metadata_file . ,(assoc-ref result 'installer-rootfs-copy-metadata-file))
|
||||
(target_rootfs_copy_metadata_file . ,(assoc-ref result 'target-rootfs-copy-metadata-file))
|
||||
(store_copy_metadata_file . ,(assoc-ref result 'store-copy-metadata-file))
|
||||
|
||||
Reference in New Issue
Block a user