From: Daan De Meyer Date: Fri, 13 Oct 2023 11:28:25 +0000 (+0200) Subject: Rename InvokingUser to INVOKING_USER X-Git-Tag: v19~79^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1978%2Fhead;p=thirdparty%2Fmkosi.git Rename InvokingUser to INVOKING_USER This is now a global constant so let's reflect that in the name. --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index d922e5533..a52961e97 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -59,7 +59,7 @@ from mkosi.state import MkosiState from mkosi.tree import copy_tree, install_tree, move_tree, rmtree from mkosi.types import _FILE, CompletedProcess, PathString from mkosi.util import ( - InvokingUser, + INVOKING_USER, chdir, flatten, format_rlimit, @@ -335,8 +335,8 @@ def run_prepare_scripts(state: MkosiState, build: bool) -> None: BUILDROOT=str(state.root), CHROOT_SCRIPT="/work/prepare", CHROOT_SRCDIR="/work/src", - MKOSI_GID=str(InvokingUser.gid), - MKOSI_UID=str(InvokingUser.uid), + MKOSI_GID=str(INVOKING_USER.gid), + MKOSI_UID=str(INVOKING_USER.uid), SCRIPT="/work/prepare", SRCDIR=str(Path.cwd()), WITH_DOCS=one_zero(state.config.with_docs), @@ -388,8 +388,8 @@ def run_build_scripts(state: MkosiState) -> None: CHROOT_SCRIPT="/work/build-script", CHROOT_SRCDIR="/work/src", DESTDIR=str(state.install_dir), - MKOSI_GID=str(InvokingUser.gid), - MKOSI_UID=str(InvokingUser.uid), + MKOSI_GID=str(INVOKING_USER.gid), + MKOSI_UID=str(INVOKING_USER.uid), OUTPUTDIR=str(state.staging), SCRIPT="/work/build-script", SRCDIR=str(Path.cwd()), @@ -450,8 +450,8 @@ def run_postinst_scripts(state: MkosiState) -> None: CHROOT_OUTPUTDIR="/work/out", CHROOT_SCRIPT="/work/postinst", CHROOT_SRCDIR="/work/src", - MKOSI_GID=str(InvokingUser.gid), - MKOSI_UID=str(InvokingUser.uid), + MKOSI_GID=str(INVOKING_USER.gid), + MKOSI_UID=str(INVOKING_USER.uid), OUTPUTDIR=str(state.staging), SCRIPT="/work/postinst", SRCDIR=str(Path.cwd()), @@ -492,8 +492,8 @@ def run_finalize_scripts(state: MkosiState) -> None: CHROOT_OUTPUTDIR="/work/out", CHROOT_SCRIPT="/work/finalize", CHROOT_SRCDIR="/work/src", - MKOSI_GID=str(InvokingUser.gid), - MKOSI_UID=str(InvokingUser.uid), + MKOSI_GID=str(INVOKING_USER.gid), + MKOSI_UID=str(INVOKING_USER.uid), OUTPUTDIR=str(state.staging), SCRIPT="/work/finalize", SRCDIR=str(Path.cwd()), @@ -2236,7 +2236,7 @@ def run_serve(config: MkosiConfig) -> None: with chdir(config.output_dir_or_cwd()): run([python_binary(config), "-m", "http.server", port], - user=InvokingUser.uid, group=InvokingUser.gid, stdin=sys.stdin, stdout=sys.stdout) + user=INVOKING_USER.uid, group=INVOKING_USER.gid, stdin=sys.stdin, stdout=sys.stdout) def generate_key_cert_pair(args: MkosiArgs) -> None: @@ -2290,7 +2290,7 @@ def bump_image_version() -> None: logging.info(f"Increasing last component of version by one, bumping '{version}' → '{new_version}'.") Path("mkosi.version").write_text(f"{new_version}\n") - os.chown("mkosi.version", InvokingUser.uid, InvokingUser.gid) + os.chown("mkosi.version", INVOKING_USER.uid, INVOKING_USER.gid) def show_docs(args: MkosiArgs) -> None: @@ -2330,7 +2330,7 @@ def show_docs(args: MkosiArgs) -> None: def expand_specifier(s: str) -> str: - return s.replace("%u", InvokingUser.name) + return s.replace("%u", INVOKING_USER.name) def needs_build(args: MkosiArgs, config: MkosiConfig) -> bool: @@ -2550,15 +2550,15 @@ def run_verb(args: MkosiArgs, presets: Sequence[MkosiConfig]) -> None: config.workspace_dir, ): if p: - run(["mkdir", "--parents", p], user=InvokingUser.uid, group=InvokingUser.gid) + run(["mkdir", "--parents", p], user=INVOKING_USER.uid, group=INVOKING_USER.gid) - with acl_toggle_build(config, InvokingUser.uid): + with acl_toggle_build(config, INVOKING_USER.uid): build_image(args, config) # Make sure all build outputs that are not directories are owned by the user running mkosi. for p in config.output_dir_or_cwd().iterdir(): if not p.is_dir(): - os.chown(p, InvokingUser.uid, InvokingUser.gid, follow_symlinks=False) + os.chown(p, INVOKING_USER.uid, INVOKING_USER.gid, follow_symlinks=False) build = True @@ -2577,7 +2577,7 @@ def run_verb(args: MkosiArgs, presets: Sequence[MkosiConfig]) -> None: with prepend_to_environ_path(last): if args.verb in (Verb.shell, Verb.boot): - with acl_toggle_boot(last, InvokingUser.uid): + with acl_toggle_boot(last, INVOKING_USER.uid): run_shell(args, last) if args.verb == Verb.qemu: diff --git a/mkosi/config.py b/mkosi/config.py index 53b0dd1ba..749d176b9 100644 --- a/mkosi/config.py +++ b/mkosi/config.py @@ -34,7 +34,7 @@ from mkosi.pager import page from mkosi.run import run from mkosi.types import PathString, SupportsRead from mkosi.util import ( - InvokingUser, + INVOKING_USER, StrEnum, chdir, flatten, @@ -166,8 +166,8 @@ def parse_path(value: str, path = Path(value) if expanduser: - if path.is_relative_to("~") and not InvokingUser.is_running_user(): - path = InvokingUser.home / path.relative_to("~") + if path.is_relative_to("~") and not INVOKING_USER.is_running_user(): + path = INVOKING_USER.home / path.relative_to("~") path = path.expanduser() if required and not path.exists(): diff --git a/mkosi/mounts.py b/mkosi/mounts.py index 53043bdfc..791f76013 100644 --- a/mkosi/mounts.py +++ b/mkosi/mounts.py @@ -12,7 +12,7 @@ from typing import Optional from mkosi.log import complete_step from mkosi.run import run from mkosi.types import PathString -from mkosi.util import InvokingUser, umask +from mkosi.util import INVOKING_USER, umask from mkosi.versioncomp import GenericVersion @@ -137,11 +137,11 @@ def mount_passwd(root: Path = Path("/")) -> Iterator[None]: """ with tempfile.NamedTemporaryFile(prefix="mkosi.passwd", mode="w") as passwd: passwd.write("root:x:0:0:root:/root:/bin/sh\n") - if InvokingUser.uid != 0: - name = InvokingUser.name - passwd.write(f"{name}:x:{InvokingUser.uid}:{InvokingUser.gid}:{name}:/home/{name}:/bin/sh\n") + if INVOKING_USER.uid != 0: + name = INVOKING_USER.name + passwd.write(f"{name}:x:{INVOKING_USER.uid}:{INVOKING_USER.gid}:{name}:/home/{name}:/bin/sh\n") passwd.flush() - os.fchown(passwd.file.fileno(), InvokingUser.uid, InvokingUser.gid) + os.fchown(passwd.file.fileno(), INVOKING_USER.uid, INVOKING_USER.gid) with mount(passwd.name, root / "etc/passwd", operation="--bind"): yield diff --git a/mkosi/qemu.py b/mkosi/qemu.py index 03650c314..51d21ec9f 100644 --- a/mkosi/qemu.py +++ b/mkosi/qemu.py @@ -31,7 +31,7 @@ from mkosi.run import MkosiAsyncioThread, run, spawn from mkosi.tree import copy_tree, rmtree from mkosi.types import PathString from mkosi.util import ( - InvokingUser, + INVOKING_USER, StrEnum, qemu_check_kvm_support, qemu_check_vsock_support, @@ -151,7 +151,7 @@ def find_ovmf_vars(config: MkosiConfig) -> Path: def start_swtpm() -> Iterator[Path]: with tempfile.TemporaryDirectory(prefix="mkosi-swtpm") as state: # Make sure qemu can access the swtpm socket in this directory. - os.chown(state, InvokingUser.uid, InvokingUser.gid) + os.chown(state, INVOKING_USER.uid, INVOKING_USER.gid) cmdline = [ "swtpm", @@ -168,11 +168,11 @@ def start_swtpm() -> Iterator[Path]: sock.listen() # Make sure qemu can connect to the swtpm socket. - os.chown(path, InvokingUser.uid, InvokingUser.gid) + os.chown(path, INVOKING_USER.uid, INVOKING_USER.gid) cmdline += ["--ctrl", f"type=unixio,fd={sock.fileno()}"] - proc = spawn(cmdline, user=InvokingUser.uid, group=InvokingUser.gid, pass_fds=(sock.fileno(),)) + proc = spawn(cmdline, user=INVOKING_USER.uid, group=INVOKING_USER.gid, pass_fds=(sock.fileno(),)) try: yield path @@ -203,8 +203,8 @@ def start_virtiofsd(directory: Path, *, uidmap: bool) -> Iterator[Path]: # created by root in the VM are owned by the user running mkosi on the host. if uidmap: cmdline += [ - "--uid-map", f":0:{InvokingUser.uid}:1:", - "--gid-map", f":0:{InvokingUser.gid}:1:" + "--uid-map", f":0:{INVOKING_USER.uid}:1:", + "--gid-map", f":0:{INVOKING_USER.gid}:1:" ] # We create the socket ourselves and pass the fd to virtiofsd to avoid race conditions where we start qemu @@ -214,7 +214,7 @@ def start_virtiofsd(directory: Path, *, uidmap: bool) -> Iterator[Path]: socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock\ ): # Make sure qemu can access the virtiofsd socket in this directory. - os.chown(state, InvokingUser.uid, InvokingUser.gid) + os.chown(state, INVOKING_USER.uid, INVOKING_USER.gid) # Make sure we can use the socket name as a unique identifier for the fs as well but make sure it's not too # long as virtiofs tag names are limited to 36 bytes. @@ -223,7 +223,7 @@ def start_virtiofsd(directory: Path, *, uidmap: bool) -> Iterator[Path]: sock.listen() # Make sure qemu can connect to the virtiofsd socket. - os.chown(path, InvokingUser.uid, InvokingUser.gid) + os.chown(path, INVOKING_USER.uid, INVOKING_USER.gid) cmdline += ["--fd", str(sock.fileno())] @@ -231,8 +231,8 @@ def start_virtiofsd(directory: Path, *, uidmap: bool) -> Iterator[Path]: # user/group if those are provided. proc = spawn( cmdline, - user=InvokingUser.uid if uidmap else None, - group=InvokingUser.gid if uidmap else None, + user=INVOKING_USER.uid if uidmap else None, + group=INVOKING_USER.gid if uidmap else None, pass_fds=(sock.fileno(),) ) @@ -420,7 +420,7 @@ def run_qemu(args: MkosiArgs, config: MkosiConfig, qemu_device_fds: Mapping[Qemu ovmf_vars = stack.enter_context(tempfile.NamedTemporaryFile(prefix="mkosi-ovmf-vars")) shutil.copy2(find_ovmf_vars(config), Path(ovmf_vars.name)) # Make sure qemu can access the ephemeral vars. - os.chown(ovmf_vars.name, InvokingUser.uid, InvokingUser.gid) + os.chown(ovmf_vars.name, INVOKING_USER.uid, INVOKING_USER.gid) cmdline += [ "-global", "ICH9-LPC.disable_s3=1", "-global", "driver=cfi.pflash01,property=secure,value=on", @@ -450,7 +450,7 @@ def run_qemu(args: MkosiArgs, config: MkosiConfig, qemu_device_fds: Mapping[Qemu # Make sure qemu can access the ephemeral copy. Not required for directory output because we don't pass that # directly to qemu, but indirectly via virtiofsd. if config.output_format != OutputFormat.directory: - os.chown(fname, InvokingUser.uid, InvokingUser.gid) + os.chown(fname, INVOKING_USER.uid, INVOKING_USER.gid) if config.output_format == OutputFormat.disk and config.runtime_size: run(["systemd-repart", @@ -544,8 +544,8 @@ def run_qemu(args: MkosiArgs, config: MkosiConfig, qemu_device_fds: Mapping[Qemu # kvm group, but the user namespace fake root user will definitely not be. Thus, we have to run qemu as the # invoking user to make sure we can access /dev/kvm. Of course, if we were invoked as root, none of this # matters as the root user will always be able to access /dev/kvm. - user=InvokingUser.uid if not InvokingUser.invoked_as_root else None, - group=InvokingUser.gid if not InvokingUser.invoked_as_root else None, + user=INVOKING_USER.uid if not INVOKING_USER.invoked_as_root else None, + group=INVOKING_USER.gid if not INVOKING_USER.invoked_as_root else None, stdin=sys.stdin, stdout=sys.stdout, pass_fds=qemu_device_fds.values(), @@ -578,8 +578,8 @@ def run_ssh(args: MkosiArgs, config: MkosiConfig) -> None: run( cmd, - user=InvokingUser.uid, - group=InvokingUser.gid, + user=INVOKING_USER.uid, + group=INVOKING_USER.gid, stdin=sys.stdin, stdout=sys.stdout, env=os.environ, diff --git a/mkosi/run.py b/mkosi/run.py index c54b5dfd0..f7168a72e 100644 --- a/mkosi/run.py +++ b/mkosi/run.py @@ -25,7 +25,7 @@ from typing import Any, Optional from mkosi.log import ARG_DEBUG, ARG_DEBUG_SHELL, die from mkosi.types import _FILE, CompletedProcess, PathString, Popen -from mkosi.util import InvokingUser, flock, make_executable, one_zero +from mkosi.util import INVOKING_USER, flock, make_executable, one_zero CLONE_NEWNS = 0x00020000 CLONE_NEWUSER = 0x10000000 @@ -75,7 +75,7 @@ def become_root() -> None: The current user will be mapped to root and 65436 will be mapped to the UID/GID of the invoking user. The other IDs will be mapped through. - The function modifies the uid, gid of the InvokingUser object to the uid, gid of the invoking user in the user + The function modifies the uid, gid of the INVOKING_USER object to the uid, gid of the invoking user in the user namespace. """ if os.getuid() == 0: @@ -126,8 +126,8 @@ def become_root() -> None: os.setresgid(0, 0, 0) os.setgroups([0]) - InvokingUser.uid = SUBRANGE - 100 - InvokingUser.gid = SUBRANGE - 100 + INVOKING_USER.uid = SUBRANGE - 100 + INVOKING_USER.gid = SUBRANGE - 100 def init_mount_namespace() -> None: diff --git a/mkosi/util.py b/mkosi/util.py index dec893e1e..a896e439a 100644 --- a/mkosi/util.py +++ b/mkosi/util.py @@ -74,7 +74,7 @@ def flatten(lists: Iterable[Iterable[T]]) -> list[T]: return list(itertools.chain.from_iterable(lists)) -class InvokingUser: +class INVOKING_USER: uid = int(os.getenv("SUDO_UID") or os.getenv("PKEXEC_UID") or os.getuid()) gid = int(os.getenv("SUDO_GID") or os.getgid()) name = pwd.getpwuid(uid).pw_name