This is now a global constant so let's reflect that in the name.
from mkosi.tree import copy_tree, install_tree, move_tree, rmtree
from mkosi.types import _FILE, CompletedProcess, PathString
from mkosi.util import (
- InvokingUser,
+ INVOKING_USER,
chdir,
flatten,
format_rlimit,
BUILDROOT=str(state.root),
CHROOT_SCRIPT="/work/prepare",
CHROOT_SRCDIR="/work/src",
- MKOSI_GID=str(InvokingUser.gid),
- MKOSI_UID=str(InvokingUser.uid),
+ MKOSI_GID=str(INVOKING_USER.gid),
+ MKOSI_UID=str(INVOKING_USER.uid),
SCRIPT="/work/prepare",
SRCDIR=str(Path.cwd()),
WITH_DOCS=one_zero(state.config.with_docs),
CHROOT_SCRIPT="/work/build-script",
CHROOT_SRCDIR="/work/src",
DESTDIR=str(state.install_dir),
- MKOSI_GID=str(InvokingUser.gid),
- MKOSI_UID=str(InvokingUser.uid),
+ MKOSI_GID=str(INVOKING_USER.gid),
+ MKOSI_UID=str(INVOKING_USER.uid),
OUTPUTDIR=str(state.staging),
SCRIPT="/work/build-script",
SRCDIR=str(Path.cwd()),
CHROOT_OUTPUTDIR="/work/out",
CHROOT_SCRIPT="/work/postinst",
CHROOT_SRCDIR="/work/src",
- MKOSI_GID=str(InvokingUser.gid),
- MKOSI_UID=str(InvokingUser.uid),
+ MKOSI_GID=str(INVOKING_USER.gid),
+ MKOSI_UID=str(INVOKING_USER.uid),
OUTPUTDIR=str(state.staging),
SCRIPT="/work/postinst",
SRCDIR=str(Path.cwd()),
CHROOT_OUTPUTDIR="/work/out",
CHROOT_SCRIPT="/work/finalize",
CHROOT_SRCDIR="/work/src",
- MKOSI_GID=str(InvokingUser.gid),
- MKOSI_UID=str(InvokingUser.uid),
+ MKOSI_GID=str(INVOKING_USER.gid),
+ MKOSI_UID=str(INVOKING_USER.uid),
OUTPUTDIR=str(state.staging),
SCRIPT="/work/finalize",
SRCDIR=str(Path.cwd()),
with chdir(config.output_dir_or_cwd()):
run([python_binary(config), "-m", "http.server", port],
- user=InvokingUser.uid, group=InvokingUser.gid, stdin=sys.stdin, stdout=sys.stdout)
+ user=INVOKING_USER.uid, group=INVOKING_USER.gid, stdin=sys.stdin, stdout=sys.stdout)
def generate_key_cert_pair(args: MkosiArgs) -> None:
logging.info(f"Increasing last component of version by one, bumping '{version}' → '{new_version}'.")
Path("mkosi.version").write_text(f"{new_version}\n")
- os.chown("mkosi.version", InvokingUser.uid, InvokingUser.gid)
+ os.chown("mkosi.version", INVOKING_USER.uid, INVOKING_USER.gid)
def show_docs(args: MkosiArgs) -> None:
def expand_specifier(s: str) -> str:
- return s.replace("%u", InvokingUser.name)
+ return s.replace("%u", INVOKING_USER.name)
def needs_build(args: MkosiArgs, config: MkosiConfig) -> bool:
config.workspace_dir,
):
if p:
- run(["mkdir", "--parents", p], user=InvokingUser.uid, group=InvokingUser.gid)
+ run(["mkdir", "--parents", p], user=INVOKING_USER.uid, group=INVOKING_USER.gid)
- with acl_toggle_build(config, InvokingUser.uid):
+ with acl_toggle_build(config, INVOKING_USER.uid):
build_image(args, config)
# Make sure all build outputs that are not directories are owned by the user running mkosi.
for p in config.output_dir_or_cwd().iterdir():
if not p.is_dir():
- os.chown(p, InvokingUser.uid, InvokingUser.gid, follow_symlinks=False)
+ os.chown(p, INVOKING_USER.uid, INVOKING_USER.gid, follow_symlinks=False)
build = True
with prepend_to_environ_path(last):
if args.verb in (Verb.shell, Verb.boot):
- with acl_toggle_boot(last, InvokingUser.uid):
+ with acl_toggle_boot(last, INVOKING_USER.uid):
run_shell(args, last)
if args.verb == Verb.qemu:
from mkosi.run import run
from mkosi.types import PathString, SupportsRead
from mkosi.util import (
- InvokingUser,
+ INVOKING_USER,
StrEnum,
chdir,
flatten,
path = Path(value)
if expanduser:
- if path.is_relative_to("~") and not InvokingUser.is_running_user():
- path = InvokingUser.home / path.relative_to("~")
+ if path.is_relative_to("~") and not INVOKING_USER.is_running_user():
+ path = INVOKING_USER.home / path.relative_to("~")
path = path.expanduser()
if required and not path.exists():
from mkosi.log import complete_step
from mkosi.run import run
from mkosi.types import PathString
-from mkosi.util import InvokingUser, umask
+from mkosi.util import INVOKING_USER, umask
from mkosi.versioncomp import GenericVersion
"""
with tempfile.NamedTemporaryFile(prefix="mkosi.passwd", mode="w") as passwd:
passwd.write("root:x:0:0:root:/root:/bin/sh\n")
- if InvokingUser.uid != 0:
- name = InvokingUser.name
- passwd.write(f"{name}:x:{InvokingUser.uid}:{InvokingUser.gid}:{name}:/home/{name}:/bin/sh\n")
+ if INVOKING_USER.uid != 0:
+ name = INVOKING_USER.name
+ passwd.write(f"{name}:x:{INVOKING_USER.uid}:{INVOKING_USER.gid}:{name}:/home/{name}:/bin/sh\n")
passwd.flush()
- os.fchown(passwd.file.fileno(), InvokingUser.uid, InvokingUser.gid)
+ os.fchown(passwd.file.fileno(), INVOKING_USER.uid, INVOKING_USER.gid)
with mount(passwd.name, root / "etc/passwd", operation="--bind"):
yield
from mkosi.tree import copy_tree, rmtree
from mkosi.types import PathString
from mkosi.util import (
- InvokingUser,
+ INVOKING_USER,
StrEnum,
qemu_check_kvm_support,
qemu_check_vsock_support,
def start_swtpm() -> Iterator[Path]:
with tempfile.TemporaryDirectory(prefix="mkosi-swtpm") as state:
# Make sure qemu can access the swtpm socket in this directory.
- os.chown(state, InvokingUser.uid, InvokingUser.gid)
+ os.chown(state, INVOKING_USER.uid, INVOKING_USER.gid)
cmdline = [
"swtpm",
sock.listen()
# Make sure qemu can connect to the swtpm socket.
- os.chown(path, InvokingUser.uid, InvokingUser.gid)
+ os.chown(path, INVOKING_USER.uid, INVOKING_USER.gid)
cmdline += ["--ctrl", f"type=unixio,fd={sock.fileno()}"]
- proc = spawn(cmdline, user=InvokingUser.uid, group=InvokingUser.gid, pass_fds=(sock.fileno(),))
+ proc = spawn(cmdline, user=INVOKING_USER.uid, group=INVOKING_USER.gid, pass_fds=(sock.fileno(),))
try:
yield path
# created by root in the VM are owned by the user running mkosi on the host.
if uidmap:
cmdline += [
- "--uid-map", f":0:{InvokingUser.uid}:1:",
- "--gid-map", f":0:{InvokingUser.gid}:1:"
+ "--uid-map", f":0:{INVOKING_USER.uid}:1:",
+ "--gid-map", f":0:{INVOKING_USER.gid}:1:"
]
# We create the socket ourselves and pass the fd to virtiofsd to avoid race conditions where we start qemu
socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock\
):
# Make sure qemu can access the virtiofsd socket in this directory.
- os.chown(state, InvokingUser.uid, InvokingUser.gid)
+ os.chown(state, INVOKING_USER.uid, INVOKING_USER.gid)
# Make sure we can use the socket name as a unique identifier for the fs as well but make sure it's not too
# long as virtiofs tag names are limited to 36 bytes.
sock.listen()
# Make sure qemu can connect to the virtiofsd socket.
- os.chown(path, InvokingUser.uid, InvokingUser.gid)
+ os.chown(path, INVOKING_USER.uid, INVOKING_USER.gid)
cmdline += ["--fd", str(sock.fileno())]
# user/group if those are provided.
proc = spawn(
cmdline,
- user=InvokingUser.uid if uidmap else None,
- group=InvokingUser.gid if uidmap else None,
+ user=INVOKING_USER.uid if uidmap else None,
+ group=INVOKING_USER.gid if uidmap else None,
pass_fds=(sock.fileno(),)
)
ovmf_vars = stack.enter_context(tempfile.NamedTemporaryFile(prefix="mkosi-ovmf-vars"))
shutil.copy2(find_ovmf_vars(config), Path(ovmf_vars.name))
# Make sure qemu can access the ephemeral vars.
- os.chown(ovmf_vars.name, InvokingUser.uid, InvokingUser.gid)
+ os.chown(ovmf_vars.name, INVOKING_USER.uid, INVOKING_USER.gid)
cmdline += [
"-global", "ICH9-LPC.disable_s3=1",
"-global", "driver=cfi.pflash01,property=secure,value=on",
# Make sure qemu can access the ephemeral copy. Not required for directory output because we don't pass that
# directly to qemu, but indirectly via virtiofsd.
if config.output_format != OutputFormat.directory:
- os.chown(fname, InvokingUser.uid, InvokingUser.gid)
+ os.chown(fname, INVOKING_USER.uid, INVOKING_USER.gid)
if config.output_format == OutputFormat.disk and config.runtime_size:
run(["systemd-repart",
# kvm group, but the user namespace fake root user will definitely not be. Thus, we have to run qemu as the
# invoking user to make sure we can access /dev/kvm. Of course, if we were invoked as root, none of this
# matters as the root user will always be able to access /dev/kvm.
- user=InvokingUser.uid if not InvokingUser.invoked_as_root else None,
- group=InvokingUser.gid if not InvokingUser.invoked_as_root else None,
+ user=INVOKING_USER.uid if not INVOKING_USER.invoked_as_root else None,
+ group=INVOKING_USER.gid if not INVOKING_USER.invoked_as_root else None,
stdin=sys.stdin,
stdout=sys.stdout,
pass_fds=qemu_device_fds.values(),
run(
cmd,
- user=InvokingUser.uid,
- group=InvokingUser.gid,
+ user=INVOKING_USER.uid,
+ group=INVOKING_USER.gid,
stdin=sys.stdin,
stdout=sys.stdout,
env=os.environ,
from mkosi.log import ARG_DEBUG, ARG_DEBUG_SHELL, die
from mkosi.types import _FILE, CompletedProcess, PathString, Popen
-from mkosi.util import InvokingUser, flock, make_executable, one_zero
+from mkosi.util import INVOKING_USER, flock, make_executable, one_zero
CLONE_NEWNS = 0x00020000
CLONE_NEWUSER = 0x10000000
The current user will be mapped to root and 65436 will be mapped to the UID/GID of the invoking user.
The other IDs will be mapped through.
- The function modifies the uid, gid of the InvokingUser object to the uid, gid of the invoking user in the user
+ The function modifies the uid, gid of the INVOKING_USER object to the uid, gid of the invoking user in the user
namespace.
"""
if os.getuid() == 0:
os.setresgid(0, 0, 0)
os.setgroups([0])
- InvokingUser.uid = SUBRANGE - 100
- InvokingUser.gid = SUBRANGE - 100
+ INVOKING_USER.uid = SUBRANGE - 100
+ INVOKING_USER.gid = SUBRANGE - 100
def init_mount_namespace() -> None:
return list(itertools.chain.from_iterable(lists))
-class InvokingUser:
+class INVOKING_USER:
uid = int(os.getenv("SUDO_UID") or os.getenv("PKEXEC_UID") or os.getuid())
gid = int(os.getenv("SUDO_GID") or os.getgid())
name = pwd.getpwuid(uid).pw_name
projects / thirdparty / mkosi.git / commitdiff
