From: Daan De Meyer Date: Thu, 14 Dec 2023 14:54:27 +0000 (+0100) Subject: Stop using the tools tree for the ssh verb X-Git-Tag: v20~64^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7d8220160ca44ee11074d5b884b06ffd29fdb3d;p=thirdparty%2Fmkosi.git Stop using the tools tree for the ssh verb This allows us to run ssh out of the user namespace which means we can get rid of the passwd hack to make ssh work. ssh is widespread enough that we can require users to install it on the host machine instead of using the tools tree. --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 6792ca715..0d1ca6609 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -50,7 +50,7 @@ from mkosi.installer import clean_package_manager_metadata, package_manager_scri from mkosi.kmod import gen_required_kernel_modules, process_kernel_modules from mkosi.log import ARG_DEBUG, complete_step, die, log_notice, log_step from mkosi.manifest import Manifest -from mkosi.mounts import mount, mount_overlay, mount_passwd, mount_usr +from mkosi.mounts import mount, mount_overlay, mount_usr from mkosi.pager import page from mkosi.partition import Partition, finalize_root, finalize_roothash from mkosi.qemu import KernelType, QemuDeviceNode, copy_ephemeral, run_qemu, run_ssh @@ -3183,14 +3183,13 @@ def run_verb(args: MkosiArgs, images: Sequence[MkosiConfig]) -> None: if args.verb == Verb.build: return - if last.tools_tree: + if last.tools_tree and args.verb != Verb.ssh: become_root() with contextlib.ExitStack() as stack: - if os.getuid() == 0: + if os.getuid() == 0 and args.verb != Verb.ssh: init_mount_namespace() stack.enter_context(mount_usr(last.tools_tree)) - stack.enter_context(mount_passwd()) stack.enter_context(prepend_to_environ_path(last)) diff --git a/mkosi/mounts.py b/mkosi/mounts.py index c8e6f25ca..26497b589 100644 --- a/mkosi/mounts.py +++ b/mkosi/mounts.py @@ -11,7 +11,7 @@ from typing import Optional from mkosi.run import run from mkosi.types import PathString -from mkosi.util import INVOKING_USER, umask +from mkosi.util import umask from mkosi.versioncomp import GenericVersion @@ -145,22 +145,3 @@ def mount_usr(tree: Optional[Path]) -> Iterator[None]: yield finally: os.environ["PATH"] = old - - -@contextlib.contextmanager -def mount_passwd(root: Path = Path("/")) -> Iterator[None]: - """ - ssh looks up the running user in /etc/passwd and fails if it can't find the running user. To trick it, we - mount over /etc/passwd with our own file containing our user in the user namespace. - """ - with tempfile.NamedTemporaryFile(prefix="mkosi.passwd", mode="w") as passwd: - passwd.write("root:x:0:0:root:/root:/bin/sh\n") - if INVOKING_USER.uid != 0: - name = INVOKING_USER.name() - home = INVOKING_USER.home() - passwd.write(f"{name}:x:{INVOKING_USER.uid}:{INVOKING_USER.gid}:{name}:{home}:/bin/sh\n") - passwd.flush() - os.fchown(passwd.file.fileno(), INVOKING_USER.uid, INVOKING_USER.gid) - - with mount(passwd.name, root / "etc/passwd", operation="--bind"): - yield