From: Daan De Meyer Date: Mon, 9 Jan 2023 15:40:56 +0000 (+0100) Subject: Add --credential option to set systemd credentials X-Git-Tag: v15~373 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecc4a34bfb19675eaf40f0c1f11d82e58ff6a723;p=thirdparty%2Fmkosi.git Add --credential option to set systemd credentials --- diff --git a/mkosi.md b/mkosi.md index e7c7c4b26..837057187 100644 --- a/mkosi.md +++ b/mkosi.md @@ -1043,6 +1043,12 @@ a machine ID. in scripted environments where the `qemu` and `ssh` verbs are used in a quick succession and the virtual device might not get enough time to configure itself. +`Credential=`, `--credential` + +: Set credentials to be passed to systemd-nspawn or qemu respectively when + `mkosi shell/boot` or `mkosi qemu` are used. This option takes a space separated + list of key=value assignments. + ### Commandline-only Options Those settings cannot be configured in the configuration files. diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 6856d6813..10bb15db1 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -2355,6 +2355,14 @@ def create_parser() -> ArgumentParserMkosi: metavar="PORT", help="If specified, 'mkosi ssh' will use this port to connect", ) + group.add_argument( + "--credential", + dest="credentials", + action=SpaceDelimitedListAction, + default=[], + help="Pass a systemd credential to systemd-nspawn or qemu", + metavar="NAME=VALUE", + ) group = parser.add_argument_group("Additional configuration options") group.add_argument( @@ -3000,6 +3008,15 @@ def load_args(args: argparse.Namespace) -> MkosiConfig: else: args.environment = {} + if args.credentials: + credentials = {} + for s in args.credentials: + key, _, value = s.partition("=") + credentials[key] = value + args.credentials = credentials + else: + args.credentials = {} + if args.cache_path is not None: args.cache_path = args.cache_path.absolute() @@ -3813,7 +3830,7 @@ def build_stuff(config: MkosiConfig) -> None: shutil.move(str(state.staging / p.name), str(p)) if p in (state.config.output, state.config.output_split_kernel): compress_output(state.config, p) - if state.config.chown and p.exists(): + if state.config.chown and p.exists(): chown_to_running_user(p) for p in state.staging.iterdir(): @@ -3937,6 +3954,9 @@ def run_shell(config: MkosiConfig) -> None: if config.source_file_transfer_final == SourceFileTransfer.mount: cmdline += [f"--bind={config.build_sources}:/root/src", "--chdir=/root/src"] + for k, v in config.credentials.items(): + cmdline += [f"--set-credential={k}:{v}"] + if config.verb == Verb.boot: # Add nspawn options first since systemd-nspawn ignores all options after the first argument. cmdline += config.cmdline @@ -4146,6 +4166,9 @@ def run_qemu(config: MkosiConfig) -> None: "-append", config.output_split_cmdline.read_text().strip(), ] + for k, v in config.credentials.items(): + cmdline += ["-smbios", f"type=11,value=io.systemd.credential:{k}={v}"] + with contextlib.ExitStack() as stack: if config.qemu_boot == "uefi" and fw_supports_sb: ovmf_vars = stack.enter_context(copy_file_temporary(src=find_ovmf_vars(config), dir=tmp_dir())) diff --git a/mkosi/backend.py b/mkosi/backend.py index 0cd428b24..43b1b7650 100644 --- a/mkosi/backend.py +++ b/mkosi/backend.py @@ -420,6 +420,7 @@ class MkosiConfig: ssh_agent: Optional[Path] ssh_timeout: int ssh_port: int + credentials: Dict[str, str] directory: Optional[Path] config_path: Optional[Path] all: bool diff --git a/tests/test_config_parser.py b/tests/test_config_parser.py index 1d5691a02..e32f1440f 100644 --- a/tests/test_config_parser.py +++ b/tests/test_config_parser.py @@ -142,6 +142,7 @@ class MkosiConfig: "ssh_timeout": 0, "ssh_agent": None, "ssh_port": 22, + "credentials": [], "split_artifacts": False, "image_id": None, "image_version": None,