From: Daan De Meyer Date: Thu, 5 Sep 2024 12:28:47 +0000 (+0200) Subject: Move KeySource.Type out of KeySource X-Git-Tag: v25~314^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fec368dd4d2ef36c9880b113df683d3c9bddfd59;p=thirdparty%2Fmkosi.git Move KeySource.Type out of KeySource We've done this for our other nested classes as well, so let's do it for KeySource.Type as well. --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 3a0867d8a..8a94335c5 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -57,7 +57,7 @@ from mkosi.config import ( ConfigFeature, DocFormat, JsonEncoder, - KeySource, + KeySourceType, ManifestFormat, Network, OutputFormat, @@ -1464,7 +1464,7 @@ def build_uki( options += [ "--ro-bind", context.config.secure_boot_certificate, context.config.secure_boot_certificate, ] - if context.config.secure_boot_key_source.type == KeySource.Type.engine: + if context.config.secure_boot_key_source.type == KeySourceType.engine: cmd += ["--signing-engine", context.config.secure_boot_key_source.source] if context.config.secure_boot_key.exists(): options += ["--ro-bind", context.config.secure_boot_key, context.config.secure_boot_key] @@ -1488,7 +1488,7 @@ def build_uki( ] if context.config.secure_boot_key.exists(): options += ["--bind", context.config.secure_boot_key, context.config.secure_boot_key] - if context.config.secure_boot_key_source.type == KeySource.Type.engine: + if context.config.secure_boot_key_source.type == KeySourceType.engine: cmd += [ "--signing-engine", context.config.secure_boot_key_source.source, "--pcr-public-key", context.config.secure_boot_certificate, @@ -1527,7 +1527,7 @@ def build_uki( sandbox=context.sandbox( binary=ukify, options=options, - devices=context.config.secure_boot_key_source.type != KeySource.Type.file, + devices=context.config.secure_boot_key_source.type != KeySourceType.file, ), ) @@ -2203,7 +2203,7 @@ def check_tools(config: Config, verb: Verb) -> None: if config.selinux_relabel == ConfigFeature.enabled: check_tool(config, "setfiles", reason="relabel files") - if config.secure_boot_key_source.type != KeySource.Type.file: + if config.secure_boot_key_source.type != KeySourceType.file: check_ukify( config, version="256", @@ -2218,7 +2218,7 @@ def check_tools(config: Config, verb: Verb) -> None: reason="sign PCR hashes with OpenSSL engine", ) - if config.verity_key_source.type != KeySource.Type.file: + if config.verity_key_source.type != KeySourceType.file: check_systemd_tool( config, "systemd-repart", @@ -2664,7 +2664,7 @@ def make_image( options += ["--ro-bind", context.config.passphrase, context.config.passphrase] if context.config.verity_key: cmdline += ["--private-key", context.config.verity_key] - if context.config.verity_key_source.type != KeySource.Type.file: + if context.config.verity_key_source.type != KeySourceType.file: cmdline += ["--private-key-source", str(context.config.verity_key_source)] if context.config.verity_key.exists(): options += ["--ro-bind", context.config.verity_key, context.config.verity_key] @@ -2697,7 +2697,7 @@ def make_image( binary="systemd-repart", devices=( not context.config.repart_offline or - context.config.verity_key_source.type != KeySource.Type.file + context.config.verity_key_source.type != KeySourceType.file ), vartmp=True, options=options, @@ -2958,7 +2958,7 @@ def make_extension_image(context: Context, output: Path) -> None: options += ["--ro-bind", context.config.passphrase, context.config.passphrase] if context.config.verity_key: cmdline += ["--private-key", context.config.verity_key] - if context.config.verity_key_source.type != KeySource.Type.file: + if context.config.verity_key_source.type != KeySourceType.file: cmdline += ["--private-key-source", str(context.config.verity_key_source)] if context.config.verity_key.exists(): options += ["--ro-bind", context.config.verity_key, context.config.verity_key] @@ -2980,7 +2980,7 @@ def make_extension_image(context: Context, output: Path) -> None: binary="systemd-repart", devices=( not context.config.repart_offline or - context.config.verity_key_source.type != KeySource.Type.file + context.config.verity_key_source.type != KeySourceType.file ), vartmp=True, options=options, diff --git a/mkosi/bootloader.py b/mkosi/bootloader.py index 77cb9723a..0ee79ea10 100644 --- a/mkosi/bootloader.py +++ b/mkosi/bootloader.py @@ -17,7 +17,7 @@ from mkosi.config import ( Bootloader, Config, ConfigFeature, - KeySource, + KeySourceType, OutputFormat, SecureBootSignTool, ShimBootloader, @@ -518,7 +518,7 @@ def sign_efi_binary(context: Context, input: Path, output: Path) -> Path: "--ro-bind", context.config.secure_boot_certificate, context.config.secure_boot_certificate, "--ro-bind", input, input, ] - if context.config.secure_boot_key_source.type == KeySource.Type.engine: + if context.config.secure_boot_key_source.type == KeySourceType.engine: cmd += ["--engine", context.config.secure_boot_key_source.source] if context.config.secure_boot_key.exists(): options += ["--ro-bind", context.config.secure_boot_key, context.config.secure_boot_key] @@ -529,7 +529,7 @@ def sign_efi_binary(context: Context, input: Path, output: Path) -> Path: sandbox=context.sandbox( binary="sbsign", options=options, - devices=context.config.secure_boot_key_source.type != KeySource.Type.file, + devices=context.config.secure_boot_key_source.type != KeySourceType.file, ) ) output.unlink(missing_ok=True) @@ -747,7 +747,7 @@ def install_systemd_boot(context: Context) -> None: "--ro-bind", context.config.secure_boot_certificate, context.config.secure_boot_certificate, "--ro-bind", context.workspace / "mkosi.esl", context.workspace / "mkosi.esl", ] - if context.config.secure_boot_key_source.type == KeySource.Type.engine: + if context.config.secure_boot_key_source.type == KeySourceType.engine: cmd += ["--engine", context.config.secure_boot_key_source.source] if context.config.secure_boot_key.exists(): options += ["--ro-bind", context.config.secure_boot_key, context.config.secure_boot_key] @@ -758,7 +758,7 @@ def install_systemd_boot(context: Context) -> None: sandbox=context.sandbox( binary="sbvarsign", options=options, - devices=context.config.secure_boot_key_source.type != KeySource.Type.file, + devices=context.config.secure_boot_key_source.type != KeySourceType.file, ), ) diff --git a/mkosi/config.py b/mkosi/config.py index 2c2d2801f..b2b2f1ea6 100644 --- a/mkosi/config.py +++ b/mkosi/config.py @@ -1155,13 +1155,14 @@ def file_run_or_read(file: Path) -> str: return content +class KeySourceType(StrEnum): + file = enum.auto() + engine = enum.auto() + + @dataclasses.dataclass(frozen=True) class KeySource: - class Type(StrEnum): - file = enum.auto() - engine = enum.auto() - - type: Type + type: KeySourceType source: str = "" def __str__(self) -> str: @@ -1174,7 +1175,7 @@ def config_parse_key_source(value: Optional[str], old: Optional[KeySource]) -> O typ, _, source = value.partition(":") try: - type = KeySource.Type(typ) + type = KeySourceType(typ) except ValueError: die(f"'{value}' is not a valid key source") @@ -2717,7 +2718,7 @@ SETTINGS = ( section="Validation", metavar="SOURCE[:ENGINE]", parse=config_parse_key_source, - default=KeySource(type=KeySource.Type.file), + default=KeySource(type=KeySourceType.file), help="The source to use to retrieve the secure boot signing key", ), ConfigSetting( @@ -2750,7 +2751,7 @@ SETTINGS = ( section="Validation", metavar="SOURCE[:ENGINE]", parse=config_parse_key_source, - default=KeySource(type=KeySource.Type.file), + default=KeySource(type=KeySourceType.file), help="The source to use to retrieve the verity signing key", scope=SettingScope.universal, ), @@ -4425,7 +4426,7 @@ def json_type_transformer(refcls: Union[type[Args], type[Config]]) -> Callable[[ def key_source_transformer(keysource: dict[str, Any], fieldtype: type[KeySource]) -> KeySource: assert "Type" in keysource - return KeySource(type=KeySource.Type(keysource["Type"]), source=keysource.get("Source", "")) + return KeySource(type=KeySourceType(keysource["Type"]), source=keysource.get("Source", "")) # The type of this should be # dict[type, Callable[a stringy JSON object (str, null, list or dict of str), type of the key], type of the key] diff --git a/tests/test_json.py b/tests/test_json.py index 7adf73f14..f4236608d 100644 --- a/tests/test_json.py +++ b/tests/test_json.py @@ -20,6 +20,7 @@ from mkosi.config import ( ConfigTree, DocFormat, KeySource, + KeySourceType, ManifestFormat, Network, OutputFormat, @@ -481,7 +482,7 @@ def test_config() -> None: secure_boot_auto_enroll=True, secure_boot_certificate=None, secure_boot_key=Path("/path/to/keyfile"), - secure_boot_key_source=KeySource(type=KeySource.Type.file), + secure_boot_key_source=KeySource(type=KeySourceType.file), secure_boot_sign_tool=SecureBootSignTool.pesign, seed=uuid.UUID("7496d7d8-7f08-4a2b-96c6-ec8c43791b60"), selinux_relabel=ConfigFeature.disabled, @@ -510,7 +511,7 @@ def test_config() -> None: use_subvolumes=ConfigFeature.auto, verity_certificate=Path("/path/to/cert"), verity_key=None, - verity_key_source=KeySource(type=KeySource.Type.file), + verity_key_source=KeySource(type=KeySourceType.file), volatile_package_directories=[Path("def")], volatile_packages=["abc"], with_docs=True,