From 478c346ca8e7ebbf28f0106653b8867e526877dc Mon Sep 17 00:00:00 2001 From: Denis Benato Date: Wed, 14 Aug 2024 16:54:02 +0200 Subject: [PATCH 1/4] Improve tests and add a permission failure test The following has been implemented - Introduce a test for the permission error - Change tests to use the makefile installation --- .github/workflows/tests.yaml | 3 +++ Makefile | 4 +++- test/test-deploy.sh | 7 ++++--- test/test-install.sh | 8 +++++--- test/test-permissions.sh | 34 ++++++++++++++++++++++++++++++++++ test/test-removal.sh | 14 ++++++++------ 6 files changed, 57 insertions(+), 13 deletions(-) create mode 100755 test/test-permissions.sh diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 1c48d82..568fe42 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -28,6 +28,9 @@ jobs: run: | cd test ./run.sh + - name: Test Tracker file permissions + run: | + docker run --name test_tracker -u root --rm --entrypoint=/workdir/test/test-permissions.sh -v $(pwd):/workdir -v /dev:/dev --privileged archlinux:latest - name: Test Deployment creation & installation run: | docker run --name test_deploy -u root --rm --entrypoint=/workdir/test/test-deploy.sh -v $(pwd):/workdir -v /dev:/dev --privileged archlinux:latest diff --git a/Makefile b/Makefile index 3426d28..33d8b21 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,9 @@ ifeq ($(PREFIX),) PREFIX := / endif -VERSION := $(shell git describe --long --tags | sed 's/\([^-]*-g\)/r\1/;s/-/./g') +ifeq ($(VERSION),) + VERSION := $(shell git describe --long --tags | sed 's/\([^-]*-g\)/r\1/;s/-/./g') +endif .PHONY: install diff --git a/test/test-deploy.sh b/test/test-deploy.sh index 6484147..59a121c 100755 --- a/test/test-deploy.sh +++ b/test/test-deploy.sh @@ -10,12 +10,13 @@ pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm -pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts +pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts base-devel make git # Create the frzr group groupadd -g 379 frzr usermod -a -G frzr $(whoami) +cd /workdir && VERSION="1.0.0" make install # Define variables export IMG_FILE="archlinux.img" @@ -74,7 +75,7 @@ if btrfs send $MOUNT_POINT/archlinux | xz -e -9 --memory=95% -T0 > $TARGET_FILEN export DISK="$MOUNTED_DEVICE" export SWAP_GIB=0 - bash /workdir/frzr bootstrap + frzr bootstrap export SHOW_UI="0" export SKIP_UEFI_CHECK="yes" @@ -83,7 +84,7 @@ if btrfs send $MOUNT_POINT/archlinux | xz -e -9 --memory=95% -T0 > $TARGET_FILEN export SYSTEMD_RELAX_ESP_CHECKS=1 # deploy archlinux - bash /workdir/frzr deploy $TARGET_FILENAME + frzr deploy $TARGET_FILENAME # old releases used an older frzr INSTALLED_RELEASE=$(cat "$MOUNT_PATH/deployments/archlinux/build_info" | head -n 1) diff --git a/test/test-install.sh b/test/test-install.sh index 4bc93ce..f66c71f 100755 --- a/test/test-install.sh +++ b/test/test-install.sh @@ -10,12 +10,14 @@ pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm -pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts +pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts base-devel make git # Create the frzr group groupadd -g 379 frzr usermod -a -G frzr $(whoami) +cd /workdir && VERSION="1.0.0" make install + export FILENAME=install_image.img export BUILD_DIR="/workdir/output" export BUILD_IMG="$BUILD_DIR/$FILENAME" @@ -31,7 +33,7 @@ MOUNTED_DEVICE=$(losetup -a | grep "$FILENAME" | cut -d ' ' -f 1 | sed 's/://') export DISK="$MOUNTED_DEVICE" export SWAP_GIB=0 -bash /workdir/frzr bootstrap +frzr bootstrap export SHOW_UI="0" export SKIP_UEFI_CHECK="yes" @@ -40,7 +42,7 @@ export EFI_MOUNT_PATH="/tmp/frzr_root/efi" export SYSTEMD_RELAX_ESP_CHECKS=1 # deploy chimeraos-45-1_9a95912 -bash /workdir/frzr deploy chimeraos/chimeraos:45-1 +frzr deploy chimeraos/chimeraos:45-1 # old releases used an older frzr INSTALLED_RELEASE=$(cat "$MOUNT_PATH/deployments/chimeraos-45-1_9a95912/build_info" | head -n 1) diff --git a/test/test-permissions.sh b/test/test-permissions.sh new file mode 100755 index 0000000..e512cdb --- /dev/null +++ b/test/test-permissions.sh @@ -0,0 +1,34 @@ +#! /bin/bash + +set -e +set -x + +# Prepare the image +pacman -Sy --noconfirm +pacman -S --noconfirm archlinux-keyring +pacman-key --init +pacman-key --populate archlinux +pacman -Syu --noconfirm + +pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts base-devel make git + +# Create the frzr group +groupadd -g 379 frzr +usermod -a -G frzr $(whoami) +useradd -m -s /usr/bin/bash -g frzr tester + +cd /workdir && VERSION="1.0.0" make install + +# run frzr version from current user +frzr version + +# run frzr version from another user +runuser -u tester -- frzr version + +sudo rm -f /tmp/frzr/frzr.tracker + +# run frzr version from tester user +runuser -u tester -- frzr version + +# run frzr version from current user +frzr version \ No newline at end of file diff --git a/test/test-removal.sh b/test/test-removal.sh index e6c3714..4077984 100755 --- a/test/test-removal.sh +++ b/test/test-removal.sh @@ -10,12 +10,14 @@ pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm -pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts +pacman -S --noconfirm parted btrfs-progs file libnewt dosfstools jq util-linux zstd xz curl wget arch-install-scripts base-devel make git # Create the frzr group groupadd -g 379 frzr usermod -a -G frzr $(whoami) +cd /workdir && VERSION="1.0.0" make install + export FILENAME=removal_image.img export BUILD_DIR="/workdir/output" export BUILD_IMG="$BUILD_DIR/$FILENAME" @@ -31,7 +33,7 @@ MOUNTED_DEVICE=$(losetup -a | grep "$FILENAME" | cut -d ' ' -f 1 | sed 's/://') export DISK="$MOUNTED_DEVICE" export SWAP_GIB=0 -bash /workdir/frzr bootstrap +frzr bootstrap export SHOW_UI="0" export SKIP_UEFI_CHECK="yes" @@ -40,14 +42,14 @@ export EFI_MOUNT_PATH="/tmp/frzr_root/efi" export SYSTEMD_RELAX_ESP_CHECKS=1 # deploy chimeraos-43_6978095 -bash /workdir/frzr deploy chimeraos/chimeraos:43 +frzr deploy chimeraos/chimeraos:43 if [ ! -d "$MOUNT_PATH/deployments/chimeraos-43_6978095" ]; then exit 1 fi # deploy chimeraos-44_c3670dd -bash /workdir/frzr deploy chimeraos/chimeraos:44 +frzr deploy chimeraos/chimeraos:44 if [ ! -d "$MOUNT_PATH/deployments/chimeraos-43_6978095" ] || [ ! -d "$MOUNT_PATH/deployments/chimeraos-44_c3670dd" ]; then exit 1 @@ -56,7 +58,7 @@ fi ls -lah "$MOUNT_PATH/deployments" # deploy chimeraos-45_1e44050 -bash /workdir/frzr deploy chimeraos/chimeraos:45 +frzr deploy chimeraos/chimeraos:45 if [ -d "$MOUNT_PATH/deployments/chimeraos-43_6978095" ] || [ ! -d "$MOUNT_PATH/deployments/chimeraos-44_c3670dd" ] || [ ! -d "$MOUNT_PATH/deployments/chimeraos-45_1e44050" ]; then exit 1 @@ -65,7 +67,7 @@ fi ls -lah "$MOUNT_PATH/deployments" # deploy chimeraos-45-1_9a95912 -bash /workdir/frzr deploy chimeraos/chimeraos:45-1 +frzr deploy chimeraos/chimeraos:45-1 if [ -d "$MOUNT_PATH/deployments/chimeraos-44_c3670dd" ] || [ ! -d "$MOUNT_PATH/deployments/chimeraos-45_1e44050" ] || [ ! -d "$MOUNT_PATH/deployments/chimeraos-45-1_9a95912" ]; then exit 1 From 5454d0e54706b4e0b3fddc8ee7c98542a2c52ae6 Mon Sep 17 00:00:00 2001 From: Denis Benato Date: Sun, 18 Aug 2024 20:10:22 +0200 Subject: [PATCH 2/4] Remove frzr kernel --- Makefile | 2 - __frzr-kernel | 420 -------------------------------------------------- frzr | 13 -- frzr-kernel | 10 -- 4 files changed, 445 deletions(-) delete mode 100644 __frzr-kernel delete mode 100644 frzr-kernel diff --git a/Makefile b/Makefile index 33d8b21..cdf52ef 100644 --- a/Makefile +++ b/Makefile @@ -19,8 +19,6 @@ install: install -m 755 "__frzr-unlock" "${PREFIX}/usr/bin" install -m 755 "frzr-bootloader" "${PREFIX}/usr/bin" install -m 755 "__frzr-bootloader" "${PREFIX}/usr/bin" - install -m 755 "frzr-kernel" "${PREFIX}/usr/bin" - install -m 755 "__frzr-kernel" "${PREFIX}/usr/bin" install -m 755 "frzr-version" "${PREFIX}/usr/bin" install -m 755 "__frzr-version" "${PREFIX}/usr/bin" install -m 755 "frzr-bootstrap" "${PREFIX}/usr/bin" diff --git a/__frzr-kernel b/__frzr-kernel deleted file mode 100644 index 495c843..0000000 --- a/__frzr-kernel +++ /dev/null @@ -1,420 +0,0 @@ -#! /bin/bash - -set -o pipefail - -# import methods -#source "${BASH_SOURCE%/*}/__frzr" "$@" - -frzr_kernel() { - local KERNEL_NAME="" - - RUNNING=true - STATE="BEGIN" - while $RUNNING; do - case "$STATE" in - "BEGIN") - # Make sure the frzr_root is mounted during the deployment procedure - # this code is based on the fact that when a btrfs filesystem is created - # the default subvolid that is created contextually has the ID set to 256 - # also as a matter of fact in btrfs is impossible to change subvolumes IDs - if mount | grep -Fq "on ${MOUNT_PATH}"; then - local MOUNTED_MOUNT_PATH="no" - else - MOUNT_PATH="/tmp/frzr_root" - #TASK_MSG="Preparing '${MOUNT_PATH}' to be used as the main subvolume mount path" - mkdir -p "${MOUNT_PATH}" - if sudo mount -L frzr_root -t btrfs -o subvolid=5,rw "${MOUNT_PATH}"; then - local MOUNTED_MOUNT_PATH="yes" - else - echo "frzr-kernel failed: could not mount frzr_root" - STATE="FAIL" - send_data - continue - fi - sleep 5 - fi - - # Make sure the EFI partition is mounted during the deployment procedure - if mount | grep -Fq "on ${EFI_MOUNT_PATH}"; then - local MOUNTED_EFI_MOUNT_PATH="no" - else - sudo mkdir -p "${EFI_MOUNT_PATH}" - if sudo mount -L frzr_efi -o rw,noauto,noexec,nosuid,nodev,uid=0,gid=379,dmask=007,fmask=117 "${EFI_MOUNT_PATH}"; then - local MOUNTED_EFI_MOUNT_PATH="yes" - else - TASK_ERROR=1 - TASK_ERROR_MSG="Could not bind ${EFI_MOUNT_PATH} to frzr_efi (boot) partition" - STATE="FAIL" - send_data - continue - fi - sleep 5 - fi - - if [ ! -f "/usr/bin/depmod" ]; then - TASK_ERROR=1 - TASK_ERROR_MSG="Could not find depmod at '/usr/bin/depmod'" - STATE="FAIL" - send_data - continue - fi - - if ! type -P make >/dev/null 2>&1; then - TASK_ERROR=1 - TASK_ERROR_MSG="make is unavailable, did you forget to install development packages?" - STATE="FAIL" - send_data - continue - fi - - if [ -d "${MOUNT_PATH}/kernels/usr" ]; then - local KERNEL_OVERLAY_DIR="${MOUNT_PATH}/kernels" - local MODULES_DIR="${KERNEL_OVERLAY_DIR}/usr" - else - TASK_ERROR=1 - TASK_ERROR_MSG="Could not find kernels overlay in '${MOUNT_PATH}/kernels/usr'" - STATE="FAIL" - send_data - continue - fi - - STATE="DOWNLOAD" - ;; - - "DOWNLOAD") - if [ ! -f ".config" ]; then - TASK_ERROR=1 - TASK_ERROR_MSG="Could not find kernel configuration" - STATE="FAIL" - send_data - continue - else - cp .config .config.pre - fi - - STATE="BUILD" - ;; - - "BUILD") - # This is important as otherwise ccache will always have 100% misses - export KBUILD_BUILD_TIMESTAMP="" - export KBUILD_BUILD_USER="root" - export KBUILD_BUILD_HOST="frzr" - - if [ -f "/usr/bin/clang" ] && [ -f "/usr/bin/llvm-ar" ] && [ -f "/usr/bin/lld" ]; then - echo "Compiling with clang" - export LLVM=1 - - if [ -f "/usr/bin/ccache" ]; then - export CC="ccache clang" - fi - else - echo "Couldn't set clang as the compiler" - fi - - # Fetch the name of the kernel (uname -r) - if ! make -s kernelrelease > version; then - TASK_ERROR=1 - TASK_ERROR_MSG="Could not execute defconfig (1)" - STATE="FAIL" - send_data - continue - else - local KERNEL_NAME=$(cat version) - fi - - if [ ! -f "include/config/auto.conf" ]; then - - if ! make defconfig; then - TASK_ERROR=1 - TASK_ERROR_MSG="Could not execute defconfig (1)" - STATE="FAIL" - send_data - continue - fi - - if ! make defconfig; then - TASK_ERROR=1 - TASK_ERROR_MSG="Could not execute defconfig (2)" - STATE="FAIL" - send_data - continue - fi - - # This will perform a clean of previous build artifacts - #if ! make KERNELRELEASE="${KERNEL_NAME}" mrproper; then - # TASK_ERROR=1 - # TASK_ERROR_MSG="Could not execute mrproper" - # STATE="FAIL" - # send_data - # continue - #fi - - cp .config.pre .config - - #echo "Checking for pre-installed kernel" - #if [ -d "/usr/lib/modules/${KERNEL_NAME}" ]; then - # TASK_ERROR=1 - # TASK_ERROR_MSG="ERROR: Kernel ${KERNEL_NAME} already exists" - # STATE="FAIL" - # continue - #fi - fi - - echo "Building ${KERNEL_NAME}..." - - # Get the number of available cores - local CORES=$(nproc) - local CORES_INT=$(echo $CORES | awk -F. '{print $1}') - - # Decide the number of cores to use based on the condition - if [ $CORES_INT -le 16 ]; then - MAKE_CORES=$CORES_INT - else - MAKE_CORES=$((CORES_INT - 2)) - fi - - # Invoke make with the determined number of cores - if ! make -j$MAKE_CORES all; then - TASK_ERROR=1 - TASK_ERROR_MSG="ERROR: Compilation of linux-${KERNEL_NAME} failed" - STATE="FAIL" - send_data - continue - fi - - STATE="INSTALL" - ;; - "INSTALL") - - # Install kernel modules (taken from _package) - local modulesdir="${MODULES_DIR}/lib/modules/${KERNEL_NAME}" - mkdir -p -m 755 "${modulesdir}" - - # systemd expects to find the kernel here to allow hibernation - # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 - install -Dm775 "$(make -s KERNELRELEASE="${KERNEL_NAME}" image_name)" "$modulesdir/vmlinuz" - - # Used by mkinitcpio to name the kernel - echo "${KERNEL_NAME}" > pkgbase - install -Dm775 pkgbase "$modulesdir/pkgbase" - rm pkgbase - - # Install modules suppressing depmod - ZSTD_CLEVEL=19 make -j$MAKE_CORES KERNELRELEASE="${KERNEL_NAME}" INSTALL_MOD_PATH="${MODULES_DIR}" INSTALL_MOD_STRIP=1 DEPMOD=/usr/bin/depmod modules_install - - # remove build links - rm -rf "${modulesdir}/build" - - # Install api-headers (taken from _package-api-headers) - make -j$MAKE_CORES KERNELRELEASE="${KERNEL_NAME}" INSTALL_HDR_PATH="${MODULES_DIR}" headers_install - - # Install kernel headers (taken from _package-headers) - local builddir="${MODULES_DIR}/lib/modules/${KERNEL_NAME}/build" - mkdir -p -m 755 "${builddir}" - - # Install build files - install -Dt "$builddir" -m775 .config Makefile Module.symvers System.map version vmlinux - - if ls -lah | grep -Fq "localversion."; then - for localversion in localversion.*; do - install -Dt "$builddir" -m775 "${localversion}" - done - fi - - install -Dt "$builddir/kernel" -m775 kernel/Makefile - install -Dt "$builddir/arch/x86" -m775 arch/x86/Makefile - cp -t "$builddir" -a scripts - - # required when STACK_VALIDATION is enabled - install -Dt "$builddir/tools/objtool" tools/objtool/objtool - - # required when DEBUG_INFO_BTF_MODULES is enabled - install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids - - # Install headers - cp -t "$builddir" -a include - cp -t "$builddir/arch/x86" -a arch/x86/include - install -Dt "$builddir/arch/x86/kernel" -m775 arch/x86/kernel/asm-offsets.s - - install -Dt "$builddir/drivers/md" -m775 drivers/md/*.h - - install -Dt "$builddir/net/mac80211" -m775 net/mac80211/*.h - - # https://bugs.archlinux.org/task/13146 - install -Dt "$builddir/drivers/media/i2c" -m775 drivers/media/i2c/msp3400-driver.h - - # https://bugs.archlinux.org/task/20402 - install -Dt "$builddir/drivers/media/usb/dvb-usb" -m775 drivers/media/usb/dvb-usb/*.h - install -Dt "$builddir/drivers/media/dvb-frontends" -m775 drivers/media/dvb-frontends/*.h - install -Dt "$builddir/drivers/media/tuners" -m775 drivers/media/tuners/*.h - - # https://bugs.archlinux.org/task/71392 - install -Dt "$builddir/drivers/iio/common/hid-sensors" -m775 drivers/iio/common/hid-sensors/*.h - - # Install Kconfig files - find . -name 'Kconfig*' -exec install -Dm775 {} "$builddir/{}" \; - - # Remove unneeded architectures - local arch - for arch in "$builddir"/arch/*/; do - [[ $arch = */x86/ ]] && continue - echo "Removing $(basename "$arch")" - rm -r "$arch" - done - - # Remove documentation - rm -r "$builddir/Documentation" - - # Remove broken symlinks - find -L "$builddir" -type l -printf 'Removing %P\n' -delete - - # Remove loose objects - find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete - - if [ -z "${STRIP_STATIC}" ]; then - local STRIP_STATIC="--strip-debug" - fi - - if [ -z "${STRIP_SHARED}" ]; then - local STRIP_SHARED="--strip-unneeded" - fi - - if [ -z "${STRIP_BINARIES}" ]; then - local STRIP_BINARIES="--strip-all" - fi - - # Strip build tools - local file - while read -rd '' file; do - case "$(file -Sib "$file")" in - application/x-sharedlib\;*) # Libraries (.so) - strip -v $STRIP_SHARED "$file" ;; - application/x-archive\;*) # Libraries (.a) - strip -v $STRIP_STATIC "$file" ;; - application/x-executable\;*) # Binaries - strip -v $STRIP_BINARIES "$file" ;; - application/x-pie-executable\;*) # Relocatable binaries - strip -v $STRIP_SHARED "$file" ;; - esac - done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) - - # Strip vmlinux - strip -v $STRIP_STATIC "$builddir/vmlinux" - - # Add symlinks - mkdir -p -m 755 "${MODULES_DIR}/src" - - ln -sr "$builddir" "${MODULES_DIR}/src/${KERNEL_NAME}" - - STATE="INITRAMFS" - ;; - "INITRAMFS") - - # This has worked: - # dracut --force --add-drivers " xhci_pci usbhid " --filesystems "overlay btrfs" --strip --aggressive-strip --reproducible --kver ${KERNEL_NAME} --kmoddir "${MODULES_DIR}/lib/modules/${KERNEL_NAME}" "${EFI_MOUNT_PATH}/initramfs-frzr.img" - - if ! dracut --force --filesystems "overlay btrfs" --strip --aggressive-strip --fstab --reproducible --kver ${KERNEL_NAME} --kmoddir "${MODULES_DIR}/lib/modules/${KERNEL_NAME}" "${EFI_MOUNT_PATH}/initramfs-frzr.img"; then - #TASK_ERROR=1 - #TASK_ERROR_MSG="ERROR: Could not generate a valid initramfs" - #STATE="FAIL" - #send_data - #continue - echo "WARNING: initramfs might not be complete" - fi - - #if ! mkinitcpio -c "${BASH_SOURCE%/*}/../lib/frzr/mkinitcpio.conf" -g "${EFI_MOUNT_PATH}/initramfs-frzr.img" -k "${KERNEL_NAME}" -r "${MODULES_DIR}"; then - # #TASK_ERROR=1 - # #TASK_ERROR_MSG="ERROR: Could not generate a valid initramfs" - # #STATE="FAIL" - # #send_data - # #continue - # echo "WARNING: initramfs might not be complete" - #fi - - if ! cp "$modulesdir/vmlinuz" "${EFI_MOUNT_PATH}/vmlinuz-frzr"; then - TASK_ERROR=1 - TASK_ERROR_MSG="ERROR: Could not copy '$modulesdir/vmlinuz' to '${EFI_MOUNT_PATH}/vmlinuz-frzr'" - STATE="FAIL" - send_data - continue - fi - - STATE="BOOTLOADER" - ;; - "BOOTLOADER") - # Read additional boot arguments (to be added to the kernel cmdline) from the user file - local additional_arguments="" - if [ -f "${EFI_MOUNT_PATH}/frzr_bootconfig.conf" ]; then - local user_bootconf_args=$(cat "${EFI_MOUNT_PATH}/frzr_bootconfig.conf") - additional_arguments="$additional_arguments ${user_bootconf_args}" - else - TASK_WARNING=1 - TASK_WARNING_MSG="Could not read '${EFI_MOUNT_PATH}/frzr_bootconfig.conf': deployment cmdline will be used" - send_data - fi - - # Write "${EFI_MOUNT_PATH}/loader/entries/frzr_kernel.conf" so that frzr will make use of the new kernel - # WARNING: version being empty has special meaning - # WARNING: btrfs_rootfs_uuid being empty means gpt-auto will be used - local boot_entry_generation_res=$(generate_systemd_boot_cfg "" "frzr_kernel.conf" "frzr-kernel" "${EFI_MOUNT_PATH}" "no_ucode" "no_ucode" "vmlinuz-frzr" "initramfs-frzr.img" "" "") - if echo "${boot_entry_generation_res}" | grep -Fq "ERROR"; then - TASK_ERROR=1 - TASK_ERROR_MSG="Could not generate systemd-boot entry: ${boot_entry_generation_res}" - STATE="FAIL" - send_data - continue - fi - - # This is used to update the EFI partition: setting up systemd-boot (or whatever else bootlader might be supported) to boot the new deployment - local efi_update_result=$("${BASH_SOURCE%/*}/frzr-bootloader") - if echo "${efi_update_result}" | grep -Fq 'ERROR'; then - # bootloader configuration could not be updated - TASK_ERROR=1 - TASK_ERROR_MSG="Could not update the EFI partition: ${efi_update_result}" - STATE="FAIL" - send_data - continue - fi - - STATE="SUCCESS" - ;; - "SUCCESS") - # This state should only be used if the unlock completed without errors - #TASK_STATE="SUCCESS" - - echo "frzr kernel deployment succeeded" - - RUNNING=false - ;; - "FAIL") - # This state should only be used if the unlock failed - - #TASK_STATE="FAIL" - - echo "ERROR: frzr-kernel failed: ${TASK_ERROR_MSG}" - - RUNNING=false - ;; - *) - TASK_STATE="UNKNOWN_ERROR" - echo "ERROR: Something went terribly wrong in $(basename $0)" - RUNNING=false - ;; - esac - done - - # umount the efi path - if [ "${MOUNTED_EFI_MOUNT_PATH}" = "yes" ]; then - if mountpoint -q "${EFI_MOUNT_PATH}"; then - sudo umount -l "${EFI_MOUNT_PATH}" - fi - fi - - # umount the frzr_root subvolume (if it was mounted by this tool and not externally) - if [ "${MOUNTED_MOUNT_PATH}" = "yes" ]; then - if mountpoint -q "${MOUNT_PATH}"; then - sudo umount -l "${MOUNT_PATH}" - fi - fi -} diff --git a/frzr b/frzr index 888f60b..68dc5d6 100755 --- a/frzr +++ b/frzr @@ -22,7 +22,6 @@ usage(){ frzr deploy [Check for system updates and update the system if available] frzr bootloader [Install the bootloader and create entries for every deployed image] frzr unlock (deployment) [Unlock the specified deployment, or the running one if deployment is not specified] -frzr kernel [Deploy a custom kernel] frzr set-channel [Set the update channel stable/testing/unstable] frzr get-channel [Get the update channel currently in use] frzr version [Get the version of FRZR] @@ -100,18 +99,6 @@ elif [ $function == "bootloader" ]; then # echo "ERROR: $(basename $0) is already running" #fi - exit $RESULT -elif [ $function == "kernel" ]; then - frzr_check_bootenv - # We don't want to pass the function parameter to __frzr-kernel - shift - source "${BASH_SOURCE%/*}/frzr-kernel" "$@" - RESULT=$? - - #if [ $RESULT == 255 ]; then - # echo "ERROR: $(basename $0) is already running" - #fi - exit $RESULT elif [ $function == "release" ]; then source "${BASH_SOURCE%/*}/frzr-release" "$@" diff --git a/frzr-kernel b/frzr-kernel deleted file mode 100644 index 6307757..0000000 --- a/frzr-kernel +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/bash - -source "${BASH_SOURCE%/*}/__frzr-kernel" - -# TODO: check the file lock exists - -frzr_kernel "$@" -# We don't need to check the exit status here because this is being ran and handled in frzr -# RESULT=$? -# exit $RESULT From a82f3a5c15c1924a70418e0779ee57157a3c1bac Mon Sep 17 00:00:00 2001 From: Denis Benato Date: Sun, 18 Aug 2024 20:14:09 +0200 Subject: [PATCH 3/4] Fix the tracker file issue frzr would fail if the tracker file is created by a user and overwritten by another user, even if such user is root. Solve the problem by: - moving the file into a directory the whole frzr group has read+write access to - make the file owned by the frzr group --- __frzr | 25 +++++++++++++++++++++---- __frzr-envars | 2 +- frzr | 3 --- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/__frzr b/__frzr index c6a52ed..e37ef68 100644 --- a/__frzr +++ b/__frzr @@ -46,11 +46,28 @@ EOF trap frzr_status SIGINT SIGTERM ERR write_tracker_file() { - local running_user=$(whoami) + local grps=$(groups) + + if [ ! -d "${TRACKER_FILE_DIR}" ]; then + if echo "$grps" | grep -Fq "frzr"; then + sg frzr -c "mkdir $TRACKER_FILE_DIR" + else + mkdir "${TRACKER_FILE_DIR}" + chmod g+w "${TRACKER_FILE_DIR}" + chown :frzr "${TRACKER_FILE_DIR}" + fi + fi + if [ ! -f "${TRACKER_FILE_PATH}" ]; then - touch "${TRACKER_FILE_PATH}" - chown $UID:379 "${TRACKER_FILE_PATH}" - chmod g+w "${TRACKER_FILE_PATH}" + if echo "$grps" | grep -Fq "frzr"; then + rm -f "${TRACKER_FILE_PATH}" + sg frzr -c "touch ${TRACKER_FILE_PATH}" + else + sudo rm -rf "${TRACKER_FILE_PATH}" + sudo touch "${TRACKER_FILE_PATH}" + sudo chown :frzr "${TRACKER_FILE_PATH}" + sudo chmod g+w "${TRACKER_FILE_PATH}" + fi fi frzr_status > "${TRACKER_FILE_PATH}" diff --git a/__frzr-envars b/__frzr-envars index b3c51b5..f376d3e 100644 --- a/__frzr-envars +++ b/__frzr-envars @@ -47,7 +47,7 @@ ACTUAL_CHECKSUM="" # Actual checksum of the file downloaded STATE="" # Tracker file directory -TRACKER_FILE_DIR="/tmp" +TRACKER_FILE_DIR="/tmp/frzr" TRACKER_FILE_PATH="${TRACKER_FILE_DIR}/frzr.tracker" # Signals diff --git a/frzr b/frzr index 68dc5d6..3c5c34b 100755 --- a/frzr +++ b/frzr @@ -14,9 +14,6 @@ fi # Import methods source "${BASH_SOURCE%/*}/__frzr" "$@" -# Create the tracker file before we start -write_tracker_file - usage(){ echo "[Usage] frzr deploy [Check for system updates and update the system if available] From d06e62cc985479de36f615b49c68e212125b73af Mon Sep 17 00:00:00 2001 From: Denis Benato Date: Sun, 18 Aug 2024 20:16:22 +0200 Subject: [PATCH 4/4] Fix the improper whiptail usage by default Fix the improper whiptail usage by ensuring SHOW_UI variable is set to 0 as stated into the command help --- __frzr-envars | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/__frzr-envars b/__frzr-envars index f376d3e..7079ef4 100644 --- a/__frzr-envars +++ b/__frzr-envars @@ -28,6 +28,10 @@ if [ -z "$EFI_MOUNT_PATH" ]; then EFI_MOUNT_PATH="${MOUNT_PATH}/efi" # EFI mount path fi +if [ -z "$SHOW_UI" ]; then + SHOW_UI="0" +fi + if [ -z "$FRZR_INSTALLER" ]; then FRZR_INSTALLER="0" fi