Provide a mockbuild plugin to sync up UIDs for koji builders...

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-14 20:25:32 -04:00 · 2017-08-14 20:25:32 -04:00 · 82ccf97de8
commit 82ccf97de8
parent 70539e483e
3 changed files with 100 additions and 4 deletions
--- a/0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
+++ b/0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
@ -12,13 +12,14 @@ diff --git a/src/macros.pesign b/src/macros.pesign
 index 22a3ee6..1665b4c 100644
 --- a/src/macros.pesign
 +++ b/src/macros.pesign
-@@ -43,6 +43,18 @@
+@@ -43,6 +43,19 @@
       %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i}			\\\
                  --certdir ${nss} -c signer %{-o}			\
       rm -rf ${sattrs} ${sattrs}.sig ${nss}				\
 +    elif [ "$(id -un)" == "mockbuild" ] && 				\\\
 +         grep -q ID=fedora /etc/os-release && 				\\\
-+         ! [ -S /var/run/pesign/socket ]; then				\
+         ! [ -S /var/run/pesign/socket ] &&				\\\
+         [ "%{vendor}" == "Fedora Project" ]; then			\
 +      echo "No socket even though this is mockbuilder" 1>&2		\
 +      ls -ld /var/run/pesign || : 1>&2					\
 +      getfacl /var/run/pesign || : 1>&2				\
--- a/pesign.py
+++ b/pesign.py
@ -0,0 +1,88 @@
+#!/usr/bin/python3
+#
+# Copyright 2017 Peter Jones <Peter Jones@random>
+#
+# Distributed under terms of the GPLv3 license.
+
+"""
+mock plugin to make sure pesign and mockbuild users have the right uid and
+gid.
+"""
+
+from mockbuild.trace_decorator import getLog, traceLog
+import mockbuild.util
+
+requires_api_version = "1.1"
+
+@traceLog()
+def init(plugins, conf, buildroot):
+    """ hello """
+    Pesign(plugins, conf, buildroot)
+
+def getuid(name):
+    """ get a uid for a user name """
+    output = mockbuild.util.do(["getent", "passwd", "%s" % (name,)],
+                               returnOutput=1, printOutput=True)
+    output = output.split(':')
+    return output[2], output[3]
+
+def getgid(name):
+    """ get a gid for a group name """
+    output = mockbuild.util.do(["getent", "group", "%s" % (name,)],
+                               returnOutput=1, printOutput=True)
+    return output.split(':')[2]
+
+def newgroup(name, gid):
+    """ create a group with a gid """
+    getLog().info("creating group %s with gid %s" % (name, gid))
+    mockbuild.util.do(["groupadd", "-g", "%s" % (gid,), "%s" % (name,)])
+
+def newuser(name, uid, gid):
+    """ create a user with a uid """
+    getLog().info("creating user %s with uid %s" % (name, uid))
+    mockbuild.util.do(["useradd",
+                       "-u", "%s" % (uid,),
+                       "-g", "%s" % (gid,),
+                       "%s" % (name,)])
+
+class Pesign(object):
+    """ Creates some stuff in our mock root """
+    # pylint: disable=too-few-public-methods
+    @traceLog()
+    def __init__(self, plugins, conf, buildroot):
+        """ Effectively we're doing:
+            getent group pesign >/dev/null || groupadd -r pesign
+            getent passwd pesign >/dev/null || \
+                    useradd -r -g pesign -d /var/run/pesign -s /sbin/nologin \
+                    -c "Group for the pesign signing daemon" pesign
+        """
+
+        self.buildroot = buildroot
+        self.pesign_opts = conf
+        self.config = buildroot.config
+        self.state = buildroot.state
+        self.users = {}
+        self.groups = {}
+        plugins.add_hook("postinit", self._pesignPostInitHook)
+        plugins.add_hook("postchroot", self._pesignPostChrootHook)
+
+    @traceLog()
+    def _pesignPostInitHook(self):
+        """ find our uid and gid lists """
+        for user in self.pesign_opts['users']:
+            uid, gid = getuid(user)
+            self.users[user] = uid
+        for group in self.pesign_opts['groups']:
+            gid = getgid(group)
+            self.groups[group] = gid
+
+    @traceLog()
+    def _pesignPostChrootHook(self):
+        """ create our users """
+        for name, gid in self.groups:
+            newgroup(name, gid)
+        for name, (uid, gid) in self.users:
+            newuser(name, uid, gid)
+
+# -*- coding: utf-8 -*-
+# vim:fenc=utf-8:tw=75
--- a/pesign.spec
+++ b/pesign.spec
@ -3,7 +3,7 @@
 Summary: Signing utility for UEFI binaries
 Name: pesign
 Version: 0.112
-Release: 14%{?dist}
+Release: 15%{?dist}
 Group: Development/System
 License: GPLv2
 URL: https://github.com/vathpela/pesign
@ -12,7 +12,7 @@ BuildRequires: git nspr nss nss-util popt-devel
 BuildRequires: nss-tools
 BuildRequires: nspr-devel >= 4.9.2-1
 BuildRequires: nss-devel >= 3.13.6-1
-BuildRequires: efivar-devel >= 31-1
+BuildRequires: efivar-devel >= 30-4
 BuildRequires: libuuid-devel
 BuildRequires: tar xz
 %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17
@ -27,6 +27,7 @@ BuildRequires: rh-signing-tools >= 1.20-2

 Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
 Source1: certs.tar.xz
+Source2: pesign.py

 Patch0001: 0001-cms-kill-generate_integer-it-doesn-t-build-on-i686-a.patch
 Patch0002: 0002-Fix-command-line-parsing.patch
@ -106,6 +107,9 @@ rm -vf %{buildroot}/usr/share/doc/pesign-%{version}/COPYING
 # and find-debuginfo.sh has some pretty awful deficencies too...
 cp -av libdpe/*.[ch] src/

+install -d -m 0755 %{python3_sitelib}/mockbuild/plugins/
+install -m 0755 %{SOURCE3} %{python3_sitelib}/mockbuild/plugins/
+
 %pre
 getent group pesign >/dev/null || groupadd -r pesign
 getent passwd pesign >/dev/null || \
@ -158,6 +162,9 @@ exit 0
 %endif

 %changelog
+* Mon Aug 14 2017 Peter Jones <pjones@redhat.com> - 0.112-15
+- Provide a mockbuild plugin to sync up UIDs for koji builders...
+
 * Mon Aug 14 2017 Peter Jones <pjones@redhat.com> - 0.112-14
 - Same, but ignore errors in my debugging code.