commit 55c7f3e3bb97bb4a064ed23d2b71b7981a0062fd
parent f6f9f665fa53b020272187e212878dbf59d86d1e
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date: Thu, 11 Aug 2022 19:30:42 +0200
Refactor container image layout into shared predicates to get info from.
Diffstat:
1 file changed, 103 insertions(+), 89 deletions(-)
diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init
@@ -117,7 +117,7 @@ confz_container_service_log_check() {
"s6-setuidgid $vars[log_uid]:$vars[log_gid]"
"s6-log -b -- t ${(qqq)vars[log_dir]}"
)
-
+
require fs_d filename=$vars[svc_dir]/log
require fs_m filename=$vars[svc_dir]/log mode=755
require fs_contentnl filename=$vars[svc_dir]/log/run \
@@ -199,11 +199,28 @@ confz_container_user_do() {
confz_container_sysroot_user_check() {
checkvars containers_dir image_name
- require container_group group_name=container-$vars[image_name] %gid
- require container_user user_name=container-$vars[image_name] %uid :gid \
+ unify sysroot_user container-$vars[image_name]
+ unify sysroot_group container-$vars[image_name]
+ require container_group group_name=$vars[sysroot_group] %gid
+ require container_user user_name=$vars[sysroot_user] %uid :gid \
homedir=$vars[containers_dir]/systems/root
}
+confz_container_image_layout_check() {
+ checkvars containers_dir image_name
+
+ unify root $vars[containers_dir]/systems/$vars[image_name]
+
+ require container_sysroot_user :containers_dir :image_name \
+ %uid %gid %sysroot_user %sysroot_group
+}
+confz_container_image_layout_svc_check() {
+ checkvars containers_dir svscan_dir image_name
+ unify sysroot_svc $vars[svscan_dir]/container.$container.sysroot
+ require container_image_layout :containers_dir :image_name \
+ %root %uid %gid %sysroot_user %sysroot_group
+}
+
confz_container_image_owner_check() {
checkvars containers_dir image_name uid gid
do_command=(
@@ -223,7 +240,9 @@ confz_container_service_sysroot_check() {
defvar container_name "$vars[image_name]"
container=$vars[container_name]
- require container_sysroot_user %uid %gid :containers_dir :image_name
+ require container_image_layout_svc \
+ :containers_dir :svscan_dir :image_name \
+ %uid %gid %sysroot_svc %root %sysroot_user %sysroot_group
require container_image_owner :uid :gid :containers_dir :image_name
require fs_d filename=$vars[containers_dir]/user/sysroot
@@ -253,15 +272,14 @@ confz_container_service_sysroot_check() {
"${(f@)vars[fstab_extra]}"
)
- svc_dir=$vars[svscan_dir]/container.$container.sysroot
require container_service_preset preset=sysroot \
- svc_dir=$svc_dir control_user=$vars[uid] control_group=$vars[gid] \
+ svc_dir=$vars[sysroot_svc] control_user=$vars[uid] control_group=$vars[gid] \
root_link=$container_user_dir/root \
fstab=${(F)fstab} \?down \?fstab_post
- require fs_d filename=$svc_dir/env
- require fs_contentnl filename=$svc_dir/env/CONTAINER_USER \
+ require fs_d filename=$vars[sysroot_svc]/env
+ require fs_contentnl filename=$vars[sysroot_svc]/env/CONTAINER_USER \
content=container-$vars[image_name]
- require fs_contentnl filename=$svc_dir/env/CONTAINER_NAME \
+ require fs_contentnl filename=$vars[sysroot_svc]/env/CONTAINER_NAME \
content=$container
}
@@ -804,11 +822,11 @@ confz_container_alpine_base_files_check() {
}
confz_container_alpine_apk_check() {
- checkvars user root arch
+ checkvars sysroot_user root arch
defvar keys_dir /etc/apk/keys
defvar apk_executable apk
do_command=(
- s6-setuidgid $vars[user]
+ s6-setuidgid $vars[sysroot_user]
$vars[apk_executable]
--update-cache
--initdb
@@ -830,21 +848,20 @@ confz_container_alpine_image_check() {
defvar hostname $vars[image_name]
defvar locale C.UTF-8
- local root=$vars[containers_dir]/systems/$vars[image_name]
-
- require container_sysroot_user %uid %gid :containers_dir :image_name
- require container_alpine_base_layout :uid :gid root=$root
- require container_alpine_base_files :uid :gid root=$root \
+ require container_image_layout :containers_dir :image_name \
+ %uid %gid %root %sysroot_user
+ require container_alpine_base_layout :uid :gid :root
+ require container_alpine_base_files :uid :gid :root \
:mirror :release :repositories :hostname :locale
- require container_alpine_apk :arch \
- root=$root user=container-$vars[image_name]
+ require container_alpine_apk :arch :root :sysroot_user
}
confz_container_alpine_packages_installed_check() {
checkvars containers_dir image_name packages svscan_dir
- require container_service_sysroot :containers_dir :svscan_dir \
- :image_name
+ require container_image_layout_svc \
+ :containers_dir :svscan_dir :image_name \
+ %sysroot_svc
local root=$vars[containers_dir]/systems/$vars[image_name]
local -a world=( "${(@f)$(<$root/etc/apk/world)}" )
@@ -856,8 +873,7 @@ confz_container_alpine_packages_installed_check() {
done
do_command=(
- $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
- container_sysroot_run
+ $commands[cd] $vars[sysroot_svc] container_sysroot_run
/sbin/apk add --no-chown $missing
)
@@ -884,11 +900,11 @@ confz_container_void_base_files_check() {
}
confz_container_void_xbps_check() {
- checkvars user root arch mirror repository
+ checkvars sysroot_user root arch mirror repository
defvar xbps_install_executable xbps-install
do_command=(
env XBPS_ARCH=$vars[arch]
- s6-setuidgid $vars[user]
+ s6-setuidgid $vars[sysroot_user]
$vars[xbps_install_executable]
--sync
--rootdir $vars[root]
@@ -906,32 +922,31 @@ confz_container_void_image_check() {
#defvar hostname $vars[image_name]
#defvar locale C.UTF-8
- unify root $vars[containers_dir]/systems/$vars[image_name]
-
- require container_sysroot_user %uid %gid :containers_dir :image_name
+ require container_image_layout :containers_dir :image_name \
+ %uid %gid %root %sysroot_user
require container_generic_layout :uid :gid :root
require container_void_base_files :uid :gid :root
require container_void_xbps :arch :mirror :repository \
- :root user=container-$vars[image_name]
+ :root :sysroot_user
}
confz_container_void_packages_installed_check() {
- checkvars containers_dir image_name packages svscan_dir
+ checkvars packages containers_dir image_name svscan_dir
- require container_service_sysroot :containers_dir :svscan_dir \
- :image_name
+ require container_image_layout_svc \
+ :containers_dir :svscan_dir :image_name \
+ %root %sysroot_svc
- local root=$vars[containers_dir]/systems/$vars[image_name]
local -a missing
local pkg
for pkg in $=vars[packages]; do
- [[ -f $root/var/db/xbps/.${pkg}-files.plist ]] || missing+=( $pkg )
+ [[ -f $vars[root]/var/db/xbps/.${pkg}-files.plist ]] \
+ || missing+=( $pkg )
done
do_command=(
- $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
- container_sysroot_run
+ $commands[cd] $vars[sysroot_svc] container_sysroot_run
/usr/sbin/xbps-install --yes --sync -- $missing
)
@@ -976,7 +991,7 @@ confz_container_nix_base_files_check() {
require fs_o filename="$vars[root]/etc/profile.d/locale.sh" owner=$vars[uid]:$vars[gid]
require fs_l filename="$vars[root]/etc/profile.d/nix.sh" \
- destination="/nix/var/nix/profiles/default/etc/profile.d/nix.sh"
+ destination="/nix/var/nix/profiles/default/etc/profile.d/nix.sh"
# TODO: source Nix stuff from profile
@@ -1014,7 +1029,7 @@ confz_container_nix_base_files_check() {
}
confz_container_nix_image_from_release_check() {
- checkvars containers_dir image_name system
+ checkvars containers_dir svscan_dir image_name system
defvar release 2.9.1
defvar checksum_algo sha256
defvar mirror https://releases.nixos.org/nix
@@ -1049,12 +1064,12 @@ confz_container_nix_image_from_release_check() {
(($+vars[checksum])) || die "No stored checksum for $url"
- require container_nix_image :containers_dir :image_name :url \
- :checksum :checksum_algo :alpine_arch \?hostname \?locale \?svscan_dir
+ require container_nix_image :containers_dir :svscan_dir :image_name :url \
+ :checksum :checksum_algo :alpine_arch \?hostname \?locale
}
confz_container_nix_bootstrap_packages_check() {
- checkvars user root arch uid gid
+ checkvars sysroot_user root arch uid gid
defvar keys_dir /etc/apk/keys
defvar apk_executable apk
defvar mirror http://mirror.fit.cvut.cz/alpine
@@ -1073,7 +1088,7 @@ confz_container_nix_bootstrap_packages_check() {
require fs_o filename="$vars[root]/etc/apk/repositories" owner=$vars[uid]:$vars[gid]
do_command=(
- s6-setuidgid $vars[user]
+ s6-setuidgid $vars[sysroot_user]
$vars[apk_executable]
--update-cache
--initdb
@@ -1087,14 +1102,14 @@ confz_container_nix_bootstrap_packages_check() {
}
confz_container_nix_bootstrap_check() {
- checkvars root svscan_dir image_name
+ checkvars root sysroot_svc sysroot_user uid gid arch
- require container_nix_bootstrap_packages :root \?arch \?uid \?gid \
- \?user \?keys_dir \?apk_executable \?mirror \?release \?repositories
+ require container_nix_bootstrap_packages \
+ :root :arch :uid :gid :sysroot_user \
+ \?keys_dir \?apk_executable \?mirror \?release \?repositories
do_command=(
- $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
- container_sysroot_run
+ $commands[cd] $vars[sysroot_svc] container_sysroot_run
/bin/busybox --install -s /bin
)
@@ -1102,7 +1117,7 @@ confz_container_nix_bootstrap_check() {
}
confz_container_nix_image_installed_check() {
- checkvars containers_dir root user filename uid gid image_name svscan_dir
+ checkvars root filename uid gid
require fs_r flags=r filename=$vars[root]/${vars[filename]%.tar.*}
@@ -1115,7 +1130,7 @@ confz_container_nix_image_installed_check() {
confz_container_nix_image_installed_do() {
local download_dir=$vars[containers_dir]/download-cache
- s6-setuidgid $vars[user] \
+ s6-setuidgid $vars[sysroot_user] \
tar -xpC "$vars[root]" -f "$download_dir/$vars[filename]" \
|| die "Unpacking ${(qqq)vars[filename]} failed"
@@ -1136,21 +1151,17 @@ confz_container_nix_image_check() {
defvar locale C.UTF-8
# TODO: test if these actually do something
- unify root $vars[containers_dir]/systems/$vars[image_name]
- unify user container-$vars[image_name]
+ require container_service_sysroot \
+ :containers_dir :svscan_dir :image_name \
+ %root %uid %gid %sysroot_user %sysroot_svc
require container_download_and_verify :containers_dir \
:checksum :checksum_algo %filename :url
- require container_sysroot_user %uid %gid :containers_dir :image_name
require container_generic_layout :uid :gid :root
require container_nix_base_files :uid :gid :root :hostname :locale
- require container_service_sysroot :containers_dir :svscan_dir \
- :image_name
-
- require container_nix_bootstrap :user :root :uid :gid :svscan_dir \
- :image_name \
+ require container_nix_bootstrap :sysroot_svc :root :uid :gid :sysroot_user
\?arch=alpine_arch \
\?keys_dir=alpine_keys_dir \
\?mirror=alpine_mirrors \
@@ -1158,8 +1169,7 @@ confz_container_nix_image_check() {
\?repositories=alpine_repositories \
\?apk_executable
- require container_nix_image_installed :filename :root :image_name \
- :svscan_dir :uid :gid :containers_dir :user
+ require container_nix_image_installed :filename :root :uid :gid
require fs_l filename="$vars[root]/nix/var/nix/profiles/default" \
destination="per-user/root/profile"
@@ -1170,14 +1180,15 @@ confz_container_nix_image_check() {
confz_container_nix_bin_linked_check() {
checkvars containers_dir image_name
- local root=$vars[containers_dir]/systems/$vars[image_name]
- local profile_dir=$root/root/.nix-profile
+ require container_image_layout :containers_dir :image_name %root
+
+ local profile_dir=$vars[root]/root/.nix-profile
local -A stat_info
zstat -L -H stat_info $profile_dir
# while it's a symlink
while (( $stat_info[mode] >> 12 == 10 )); do
if [[ $stat_info[link] == /* ]]; then
- profile_dir=$root$stat_info[link]
+ profile_dir=$vars[root]$stat_info[link]
else
profile_dir=${profile_dir:h}/$stat_info[link]
fi
@@ -1188,28 +1199,28 @@ confz_container_nix_bin_linked_check() {
local b
for b in $profile_dir/bin/*; do
- [[ -e $root/bin/$b:t ]] || \
- require fs_l filename="$root/bin/${b:t}" \
+ [[ -e $vars[root]/bin/$b:t ]] || \
+ require fs_l filename="$vars[root]/bin/${b:t}" \
destination=../root/.nix-profile/bin/$b:t
done
}
confz_container_nix_packages_installed_check() {
- checkvars containers_dir image_name packages svscan_dir
+ checkvars packages containers_dir image_name svscan_dir
- require container_service_sysroot :containers_dir :svscan_dir \
- :image_name
+ require container_image_layout_svc \
+ :containers_dir :svscan_dir :image_name \
+ %root %svscan_dir
- local root=$vars[containers_dir]/systems/$vars[image_name]
local -A stat_info
- # local profile_dir=$root/nix/var/nix/profiles/per-user/root/profile
- local profile_dir=$root/root/.nix-profile
+ # local profile_dir=$vars[root]/nix/var/nix/profiles/per-user/root/profile
+ local profile_dir=$vars[root]/root/.nix-profile
zstat -L -H stat_info $profile_dir
# while it's a symlink
while (( $stat_info[mode] >> 12 == 10 )); do
if [[ $stat_info[link] == /* ]]; then
- profile_dir=$root$stat_info[link]
+ profile_dir=$vars[root]$stat_info[link]
else
profile_dir=${profile_dir:h}/$stat_info[link]
fi
@@ -1223,7 +1234,7 @@ confz_container_nix_packages_installed_check() {
# while it's a symlink
while (( $stat_info[mode] >> 12 == 10 )); do
if [[ $stat_info[link] == /* ]]; then
- manifest_file=$root$stat_info[link]
+ manifest_file=$vars[root]$stat_info[link]
else
manifest_file=${manifest_file:h}/$stat_info[link]
fi
@@ -1248,8 +1259,7 @@ confz_container_nix_packages_installed_check() {
done
do_command=(
- $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
- container_sysroot_run
+ $commands[cd] $vars[sysroot_svc] container_sysroot_run
/root/.nix-profile/bin/nix-env --install $missing
# /var/lib/nix/profiles/default/bin/nix-env --install $missing
)
@@ -1265,17 +1275,16 @@ confz_container_debian_image_check() {
checkvars containers_dir image_name arch suite
defvar mirror http://ftp.cvut.cz/debian/
- unify root $vars[containers_dir]/systems/$vars[image_name]
-
- require container_sysroot_user %uid %gid :containers_dir :image_name
- #require container_debian_base_files :uid :gid :root
+ require container_image_layout :containers_dir :image_name \
+ %uid %gid %root %sysroot_user
require container_debootstrap :root :arch :mirror :suite \
- user=container-$vars[image_name] :uid :gid
+ :uid :gid
require container_generic_layout :uid :gid :root
+ #require container_debian_base_files :uid :gid :root
}
confz_container_debootstrap_check() {
- checkvars user root arch mirror suite uid gid
+ checkvars root arch mirror suite uid gid
defvar variant minbase
defvar debootstrap_executable debootstrap
[[ -f $vars[root]/usr/bin/apt-get && -f $vars[root]/usr/bin/sh ]]
@@ -1295,8 +1304,9 @@ typeset -f -t confz_container_debootstrap_do
confz_container_debian_packages_installed_check() {
checkvars containers_dir image_name packages svscan_dir
- require container_service_sysroot :containers_dir :svscan_dir \
- :image_name
+ require container_image_layout_svc \
+ :containers_dir :image_name \
+ %uid %gid %root %sysroot_user $sysroot_svc
local root=$vars[containers_dir]/systems/$vars[image_name]
local -a missing installed
@@ -1311,8 +1321,7 @@ confz_container_debian_packages_installed_check() {
done
do_command=(
- $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
- container_sysroot_run
+ $commands[cd] $vars[sysroot_svc] container_sysroot_run
/usr/bin/apt-get install --trivial-only -- $missing
)
@@ -1321,20 +1330,25 @@ confz_container_debian_packages_installed_check() {
}
confz_container_puppet_apt_repo_check() {
- checkvars user root arch suite
+ checkvars containers_dir svscan_dir image_name arch suite
defvar puppet_version 7
+ require container_image_layout_svc \
+ :containers_dir :image_name \
+ %uid %gid %root %sysroot_user %sysroot_svc
+
[[ -f $vars[root]/etc/apt/trusted.gpg.d/puppet$vars[puppet_version]-keyring.gpg \
&& -f $vars[root]/etc/apt/sources.list.d/puppet$vars[puppet_version].list ]]
}
confz_container_puppet_apt_repo_do() {
local deb_file=puppet7-release-$vars[suite].deb
- s6-setuidgid $vars[user] \
- wget --unlink -O $vars[root]/root/$deb_file https://apt.puppetlabs.com/$deb_file \
+ s6-setuidgid $vars[sysroot_user] \
+ wget --unlink -O $vars[root]/root/$deb_file \
+ https://apt.puppetlabs.com/$deb_file \
+ || return $?
+ $commands[cd] $vars[sysroot_svc] container_sysroot_run \
+ /usr/bin/dpkg -i /root/$deb_file \
|| return $?
- $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot \
- container_sysroot_run \
- /usr/bin/dpkg -i /root/$deb_file
}
