Info file parameter support

.github/workflows/ci-live.yml

@@ -0,0 +1,59 @@
+name: CI - ISO definition
+
+on:
+  push:
+    paths:
+      # NOTE: GitHub Actions do not allow using YAML references, the same path
+      # list is used below for the pull request event. Keep both lists in sync!!
+
+      # this file as well
+      - .github/workflows/ci-live.yml
+      # any change in the service subfolder
+      - live/**
+
+  pull_request:
+    paths:
+      # NOTE: GitHub Actions do not allow using YAML references, the same path
+      # list is used above for the push event. Keep both lists in sync!!
+
+      # this file as well
+      - .github/workflows/ci-live.yml
+      # any change in the service subfolder
+      - live/**
+
+  # allow running manually
+  workflow_dispatch:
+
+jobs:
+  ruby_tests:
+    runs-on: ubuntu-latest
+    env:
+      COVERAGE: 1
+
+    defaults:
+      run:
+        working-directory: ./live
+
+    strategy:
+      fail-fast: false
+      matrix:
+        distro: [ "tumbleweed" ]
+
+    container:
+      image: registry.opensuse.org/yast/head/containers_${{matrix.distro}}/yast-ruby
+
+    steps:
+
+    - name: Git Checkout
+      uses: actions/checkout@v4
+
+    - name: Configure and refresh repositories
+      # disable unused repositories to have faster refresh
+      run: zypper modifyrepo -d repo-non-oss repo-openh264 repo-update && zypper ref
+
+    - name: Install Ruby development files
+      run: zypper --non-interactive install
+        make
+
+    - name: Run the tests
+      run: make check

autoinstallation/bin/agama-auto

@@ -6,7 +6,7 @@ export YAST_SKIP_XML_VALIDATION=1
 
 if [ -z "$1" ]
 then
-  url=$(awk -F 'agama.auto=' '{sub(/ .*$/, "", $2); print $2}' < /proc/cmdline)
+  url=$( grep 'agama.auto=' < /run/agama/cmdline.d/agama.conf | awk -F 'agama.auto=' '{sub(/ .*$/, "", $2); print $2}' )
 else
   url="$1"
 fi

live/Makefile

@@ -63,4 +63,7 @@ build: $(DESTDIR)
 	$(MAKE) all
 	(cd $(DESTDIR) && osc -A $(OBS_API) build -M $(FLAVOR) $(OSC_OPTS) $(OBS_TARGET) $(ARCH) $(KIWI_FILE))
 
+check:
+	for i in ./test/*_test.*; do $${i}; done
+
 .PHONY: build all clean

live/README.md

@@ -40,6 +40,7 @@ This directory contains a set of files that are used to build the Agama Live ISO
   a separate [PXE documentation](PXE.md) for more details about the PXE boot
 - [config-cdroot](config-cdroot) subdirectory contains file which are copied to the uncompressed
   root of the ISO image, the files can be accessed just by mounting the ISO file or the DVD medium
+- [test](test) subdirectory contains tests to verify correctness of content. Can be run with `make check`
 
 ## Building the sources
 

live/root/etc/systemd/system/agama-cmdline-process.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Agama kernel cmdline processing
+
+# have to be after network to be able to download info files
+# TODO: what to do in air gap scenario where we still need process cmdline?
+After=network-online.target
+
+# before starting the Agama servers so they read configuration parsed
+Before=agama-web-server.service
+Before=agama.service
+Before=x11-autologin.service
+
+[Service]
+Type=oneshot
+Environment=TERM=linux
+ExecStart=agama-kernel-cmdline.sh
+StandardInput=tty
+TimeoutSec=0
+
+[Install]
+WantedBy=default.target

live/root/etc/systemd/system/agama-self-update.service

@@ -3,6 +3,9 @@ Description=Agama self-update
 
 After=network-online.target
 
+# and after we process agama params like info which can contain password
+After=agama-cmdline-process.service
+
 # before starting the Agama servers so they use the new packages
 Before=agama-web-server.service
 Before=agama.service
@@ -11,11 +14,6 @@ Before=x11-autologin.service
 Before=live-password-dialog.service
 Before=live-password-systemd.service
 
-# kernel command line option
-ConditionKernelCommandLine=|agama.self_update
-# linuxrc/YaST backward compatibility
-ConditionKernelCommandLine=|agama.selfupdate
-
 [Service]
 Type=oneshot
 Environment=TERM=linux

live/root/etc/systemd/system/live-password-cmdline.service

@@ -9,9 +9,8 @@ Before=agama-web-server.service
 Before=live-password-dialog.service
 Before=live-password-systemd.service
 
-# plain text password or hashed password passed via kernel command line
-ConditionKernelCommandLine=|live.password
-ConditionKernelCommandLine=|live.password_hash
+# and after we process agama params like info which can contain password
+After=agama-cmdline-process.service
 
 [Service]
 ExecStart=live-password --kernel

live/root/etc/systemd/system/live-password-dialog.service

@@ -22,8 +22,8 @@ Before=serial-getty@ttyS1.service
 Before=serial-getty@ttyS2.service
 Before=serial-getty@ttysclp0.service
 
-# kernel command line option
-ConditionKernelCommandLine=live.password_dialog
+# and after we process agama params like info which can contain kernel parameters
+After=agama-cmdline-process.service
 
 [Service]
 Type=oneshot

live/root/etc/systemd/system/live-password-systemd.service

@@ -22,8 +22,8 @@ Before=serial-getty@ttyS1.service
 Before=serial-getty@ttyS2.service
 Before=serial-getty@ttysclp0.service
 
-# kernel command line option
-ConditionKernelCommandLine=live.password_systemd
+# and after we process agama params like info which can contain kernel parameters
+After=agama-cmdline-process.service
 
 [Service]
 Type=oneshot

live/root/usr/bin/agama-kernel-cmdline.sh

@@ -0,0 +1,4 @@
+#! /bin/sh
+
+kernel-cmdline-conf.sh
+info-cmdline-conf.sh

live/root/usr/bin/agama-self-update

@@ -5,6 +5,10 @@
 # This script updates the Agama packages in the Live system from the
 # Agama Devel OBS project.
 
+# check if self-update is required
+if ! grep -q "[[:space:]^]agama.self_update=1\([[:space:]]\|$\)" /run/agama/cmdline.d/agama.conf; then
+  exit 0
+fi
 
 # first try a quick and simple solution, refreshing the distributions repository takes a
 # lot of time so try using only the agama-devel for update

live/root/usr/bin/info-cmdline-conf.sh

@@ -0,0 +1,28 @@
+#! /bin/sh
+
+# Script that expand agama.info parameter by downloading its file and appending it to agama.conf
+# the info content is stored in info.conf
+
+set -e
+
+TARGET="${1:-/run/agama/cmdline.d/agama.conf}"
+INFO_CONTENT="${2:-/run/agama/cmdline.d/info.conf}"
+
+expand_info_arg() {
+  INFO_URL=$(sed -n 's/\(.*[[:space:]]\|^\)agama\.info=\([^[:space:]]\+\).*/\2/p' "$TARGET")
+  if [ -z "${INFO_URL}" ]; then
+    return 0
+  fi
+
+  # TODO: should we use also --location-trusted if info file url contain user and password?
+  # if so check with security team
+  curl --location --silent "${INFO_URL}" > "${INFO_CONTENT}"
+  # remove info param
+  sed -in 's/\([[:space:]]\|^\)agama\.info=[^[:space:]]\+//' "${TARGET}"
+  # and add content of info file
+  cat "${INFO_CONTENT}" >> "${TARGET}"
+
+  return 0
+}
+
+expand_info_arg

live/root/usr/bin/kernel-cmdline-conf.sh

@@ -0,0 +1,34 @@
+#! /bin/sh
+
+# Script to clean kernel command line from agama specific parameters. Result is later used for bootloader proposal.
+
+SOURCE="${1:-/proc/cmdline}"
+TARGET="${2:-/run/agama/cmdline.d/kernel.conf}"
+
+write_kernel_args() {
+  DIR=$(dirname "${TARGET}")
+  mkdir -p "$DIR"
+  # ensure that kernel cmdline line is created to avoid reading agama params
+  # if there is no kernel params
+  touch "${TARGET}"
+
+  for _i in $(cat "${SOURCE}"); do
+    case ${_i} in
+    # remove all agama kernel params
+    # Add here also all linuxrc supported parameters
+    LIBSTORAGE_* | YAST_* | agama* | Y2* | ZYPP_* | autoyast* )
+      _found=1
+      ;;
+    esac
+
+    if [ -z "$_found" ]; then
+      echo "Non-Agama parameter found ($_i)"
+      echo -n " $_i" >>"${TARGET}"
+    fi
+    unset _found
+  done
+
+  return 0
+}
+
+write_kernel_args

live/root/usr/bin/live-password

@@ -27,6 +27,11 @@ msg_box() {
 }
 
 ask_password() {
+  # check if user wants dialog password
+  if ! grep -q "[[:space:]^]live.password_dialog=1\([[:space:]]\|$\)" /run/agama/cmdline.d/agama.conf; then
+    exit 0
+  fi
+
   if ! PWD1=$(dialog --keep-tite --title "$TITLE" --backtitle "$BTITLE" --stdout --insecure --passwordbox "Password:" 8 40); then
     confirm_exit
     ask_password
@@ -36,7 +41,7 @@ ask_password() {
     confirm_exit
     ask_password
   fi
-  
+
   if [ "$PWD1" != "$PWD2" ]; then
     msg_box "Passwords do not match.\nPlease try again."
     ask_password
@@ -51,6 +56,10 @@ ask_password() {
 
 # functions for entering the password using the "systemd-ask-password" tool
 ask_password_systemd() {
+  # check if user wants systemd password
+  if ! grep -q "[[:space:]^]live.password_systemd=1\([[:space:]]\|$\)" /run/agama/cmdline.d/agama.conf; then
+    exit 0
+  fi
   if ! PWD1=$(systemd-ask-password --timeout=0 "Set login password: "); then
     exit 1
   fi
@@ -141,13 +150,14 @@ random_password() {
 }
 
 if [ "$1" = "--kernel" ]; then
-  # get the password from the kernel command line
-  PWD=$(awk -F 'live.password=' '{sub(/ .*$/, "", $2); print $2}' < /proc/cmdline)
+  # get the password from the kernel command line. It can contain newlines
+  PWD=$(grep 'live.password=' < /run/agama/cmdline.d/agama.conf | awk -F 'live.password=' '{sub(/ .*$/, "", $2); print $2}')
   if [ -n "$PWD" ]; then
     echo "$PWD" | passwd --stdin
   fi
 
-  PWD=$(awk -F 'live.password_hash=' '{sub(/ .*$/, "", $2); print $2}' < /proc/cmdline)
+  # get the password hash from the kernel command line. It can contain newlines
+  PWD=$(grep 'live.password_hash=' < /run/agama/cmdline.d/agama.conf | awk -F 'live.password_hash=' '{sub(/ .*$/, "", $2); print $2}')
   if [ -n "$PWD" ]; then
     usermod -p "$PWD" root
   fi

live/root/usr/lib/dracut/modules.d/99agama-cmdline/README

@@ -4,3 +4,20 @@ dracut agama-cmdline module
 This module writes any agama configuration given through the kernel cmdline
 to its own cmdline conf file copying it to the sysroot.
 
+It also tries to translate the linuxrc ifcfg kernel cmdline argument to the
+corresponding ip one but only basic scenarios are supported.
+
+## Supported examples
+
+  ifcfg=*=dhcp
+  ip=dhcp
+
+  ifcfg=eth0=dhcp
+  ip=eth0:dhcp
+
+  ifcfg=eth0.10=192.168.0.100/24,192.168.0.1
+  vlan=eth0.10:eth0 ip=192.168.0.100::192.168.0.1:24::eth0.10
+
+  ifcfg="eth0=192.168.0.33/24 10.0.0.100/24,192.168.0.1,192.168.0.1 10.0.0.1,suse.de"
+  ip=192.168.0.33::192.168.0.1:24::eth0 nameserver=192.168.0.1 nameserver=10.0.0.1 ip=10.0.0.100:::24::eth0
+