Merge pull request #4950 from jlebon/pr/kernel-install

core: also wrap `kernel-install` for scriptlets
coreos · May 8, 2024 · 5be2ecf · 5be2ecf
2 parents 3cc8c10 + 2a8017c
commit 5be2ecf
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 31 deletions.
diff --git a/ci/test-container.sh b/ci/test-container.sh
@@ -6,6 +6,30 @@ fatal() {
     exit 1
 }
 
+versionid=$(. /usr/lib/os-release && echo $VERSION_ID)
+
+# Test overrides
+case $versionid in
+  40)
+    ignition_url_suffix=2.16.2/2.fc39/x86_64/ignition-2.16.2-2.fc39.x86_64.rpm
+    # 2.15.0-3
+    koji_ignition_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585"
+    koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2435097"
+    kver=6.8.5
+    krev=300
+    ;;
+  39)
+    ignition_url_suffix=2.16.2/1.fc39/x86_64/ignition-2.16.2-1.fc39.x86_64.rpm
+    # 2.15.0-3
+    koji_ignition_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585"
+    koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2294111"
+    kver=6.5.5
+    krev=300
+    ;;
+  *) fatal "Unsupported Fedora version: $versionid";;
+esac
+IGNITION_URL=https://kojipkgs.fedoraproject.org//packages/ignition/$ignition_url_suffix
+
 repodir=/usr/lib/coreos-assembler/tests/kola/rpm-ostree/destructive/data/rpm-repos/
 
 cat >/etc/yum.repos.d/libtest.repo <<EOF
@@ -42,6 +66,11 @@ fi
 rm "${origindir}/clienterror.yaml"
 rpm-ostree ex rebuild
 
+# test kernel installs *before* enabling cliwrap
+rpm-ostree override replace $koji_kernel_url
+# test that the new initramfs was generated
+test -f /usr/lib/modules/${kver}-${krev}.fc${versionid}.x86_64/initramfs.img
+
 rpm-ostree cliwrap install-to-root /
 
 # Test a critical path package
@@ -52,34 +81,11 @@ test '!' -d /var/cache/rpm-ostree
 rpm -e cowsay
 if rpm -q cowsay; then fatal "failed to remove cowsay"; fi
 
-versionid=$(. /usr/lib/os-release && echo $VERSION_ID)
-
-# Test overrides
-case $versionid in
-  40)
-    url_suffix=2.16.2/2.fc39/x86_64/ignition-2.16.2-2.fc39.x86_64.rpm
-    # 2.15.0-3
-    koji_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585"
-    koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2435097"
-    kver=6.8.5
-    krev=300
-    ;;
-  39)
-    url_suffix=2.16.2/1.fc39/x86_64/ignition-2.16.2-1.fc39.x86_64.rpm
-    # 2.15.0-3
-    koji_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585"
-    koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2294111"
-    kver=6.5.5
-    krev=300
-    ;;
-  *) fatal "Unsupported Fedora version: $versionid";;
-esac
-URL=https://kojipkgs.fedoraproject.org//packages/ignition/$url_suffix
 # test replacement by URL
-rpm-ostree override replace $URL
+rpm-ostree override replace $IGNITION_URL
 rpm-ostree override remove ignition
 # test local RPM install
-curl -Lo ignition.rpm $URL
+curl -Lo ignition.rpm $IGNITION_URL
 rpm-ostree install ignition.rpm
 rpm -q ignition
 
@@ -88,7 +94,7 @@ dnf -y uninstall kexec-tools
 if rpm -q kexec-tools; then fatal "failed to remove kexec-tools"; fi
 
 # test replacement by Koji URL
-rpm-ostree override replace $koji_url |& tee out.txt
+rpm-ostree override replace $koji_ignition_url |& tee out.txt
 n_downloaded=$(grep Downloading out.txt | wc -l)
 if [[ $n_downloaded != 1 ]]; then
   fatal "Expected 1 'Downloading', but got $n_downloaded"
@@ -118,10 +124,6 @@ rpm -q strace
 rpm -q afterburn | grep g
 rpm -q afterburn-dracut | grep g
 
-rpm-ostree override replace $koji_kernel_url
-# test that the new initramfs was generated
-test -f /usr/lib/modules/${kver}-${krev}.fc${versionid}.x86_64/initramfs.img
-
 # test --enablerepo --disablerepo --releasever
 rpm-ostree --releasever=38 --disablerepo="*" \
     --enablerepo=fedora install tmux

diff --git a/rust/src/core.rs b/rust/src/core.rs
@@ -44,6 +44,8 @@ const USERADD_PATH: &str = "usr/sbin/useradd";
 const USERADD_WRAPPER: &[u8] = include_bytes!("../../src/libpriv/useradd-wrapper.sh");
 const USERMOD_PATH: &str = "usr/sbin/usermod";
 const USERMOD_WRAPPER: &[u8] = include_bytes!("../../src/libpriv/usermod-wrapper.sh");
+const KERNEL_INSTALL_PATH: &str = "usr/bin/kernel-install";
+const KERNEL_INSTALL_WRAPPER: &[u8] = include_bytes!("../../src/libpriv/kernel-install-wrapper.sh");
 
 const RPMOSTREE_CORE_STAGED_RPMS_DIR: &str = "rpm-ostree/staged-rpms";
 
@@ -148,6 +150,7 @@ impl FilesystemScriptPrep {
         (SYSTEMCTL_PATH, SYSTEMCTL_WRAPPER),
         (USERADD_PATH, USERADD_WRAPPER),
         (USERMOD_PATH, USERMOD_WRAPPER),
+        (KERNEL_INSTALL_PATH, KERNEL_INSTALL_WRAPPER),
     ];
 
     fn saved_name(name: &str) -> String {
@@ -441,7 +444,7 @@ mod test {
         // Replaced usermod.
         {
             let original_usermod = "original usermod";
-            d.atomic_write_with_perms(super::USERMOD_PATH, original_usermod, mode)?;
+            d.atomic_write_with_perms(super::USERMOD_PATH, original_usermod, mode.clone())?;
             let contents = d.read_to_string(super::USERMOD_PATH)?;
             assert_eq!(contents, original_usermod);
             let mut g = super::prepare_filesystem_script_prep(d.as_raw_fd())?;
@@ -451,6 +454,19 @@ mod test {
             let contents = d.read_to_string(super::USERMOD_PATH)?;
             assert_eq!(contents, original_usermod);
         }
+        // Replaced kernel-install.
+        {
+            let original_kernel_install = "original kernel_install";
+            d.atomic_write_with_perms(super::KERNEL_INSTALL_PATH, original_kernel_install, mode)?;
+            let contents = d.read_to_string(super::KERNEL_INSTALL_PATH)?;
+            assert_eq!(contents, original_kernel_install);
+            let mut g = super::prepare_filesystem_script_prep(d.as_raw_fd())?;
+            let contents = d.read_to_string(super::KERNEL_INSTALL_PATH)?;
+            assert_eq!(contents.as_bytes(), super::KERNEL_INSTALL_WRAPPER);
+            g.undo()?;
+            let contents = d.read_to_string(super::KERNEL_INSTALL_PATH)?;
+            assert_eq!(contents, original_kernel_install);
+        }
         Ok(())
     }
 

diff --git a/src/libpriv/kernel-install-wrapper.sh b/src/libpriv/kernel-install-wrapper.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+# Used in the container layering path to make kernel replacements Just Work
+# without having to enable cliwrap first. If cliwrap is enabled, then this will
+# technically override the cliwrap wrapper, but the script is exactly the same.
+# This wrapper is technically also installed when doing client-side layering,
+# but we already ignore kernel scriptlets there anyway.
+# See also https://github.com/coreos/rpm-ostree/issues/4949
+
+exec /usr/bin/rpm-ostree cliwrap kernel-install "$@"