]> git.proxmox.com Git - pve-container.git/blame - src/PVE/LXC/Setup/Base.pm
projects / pve-container.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
setup getty: generalize setup_container_getty_service
[pve-container.git] / src / PVE / LXC / Setup / Base.pm
CommitLineData
7af97ad5 1package PVE::LXC::Setup::Base;
1c7f4f65
DM		 2
3use strict;
4use warnings;
5
168d6b07
DM		 6use File::stat;
7use Digest::SHA;
8use IO::File;
9use Encode;
f08b2779 10use Fcntl;
2063d380 11use File::Path;
f08b2779 12use File::Spec;
bd1dc8d1 13use File::Basename;
168d6b07 14
b9cd9975 15use PVE::INotify;
55fa4e09 16use PVE::Tools;
4401b7d4 17use PVE::Network;
55fa4e09 18
633a7bd8 19sub new {
153747ff 20 my ($class, $conf, $rootdir, $os_release) = @_;
633a7bd8 21
153747ff 22 return bless { conf => $conf, rootdir => $rootdir, os_release => $os_release }, $class;
633a7bd8 23}
b9cd9975 24
c0eae401 25sub lookup_dns_conf {
23d928a1 26 my ($self, $conf) = @_;
b9cd9975 27
27916659
DM		 28 my $nameserver = $conf->{nameserver};
29 my $searchdomains = $conf->{searchdomain};
b9cd9975 30
ffc468ee
DC		 31 if ($conf->{'testmode'}) {
32 return ('proxmox.com', '8.8.8.8 8.8.8.9');
33 }
b9cd9975 34
ffc468ee 35 my $host_resolv_conf = $self->{host_resolv_conf};
b9cd9975 36
ffc468ee
DC		 37 if (!defined($nameserver)) {
38 my @list = ();
39 foreach my $k ("dns1", "dns2", "dns3") {
40 if (my $ns = $host_resolv_conf->{$k}) {
41 push @list, $ns;
b9cd9975 42 }
b9cd9975 43 }
ffc468ee
DC		 44 $nameserver = join(' ', @list);
45 }
46
47 if (!defined($searchdomains)) {
48 $searchdomains = $host_resolv_conf->{search};
b9cd9975
DM		 49 }
50
51 return ($searchdomains, $nameserver);
c0eae401 52}
b9cd9975 53
c0eae401 54sub update_etc_hosts {
9096a91d 55 my ($self, $hostip, $oldname, $newname, $searchdomains) = @_;
1c7f4f65 56
1b3cffda
WB		 57 my $hosts_fn = '/etc/hosts';
58 return if $self->ct_is_file_ignored($hosts_fn);
59
ce289e3c
WB		 60 my $namepart = ($newname =~ s/\..*$//r);
61
005f91ad 62 my $all_names = '';
ce289e3c 63 if ($newname =~ /\./) {
005f91ad 64 $all_names .= "$newname $namepart";
ce289e3c
WB		 65 } else {
66 foreach my $domain (PVE::Tools::split_list($searchdomains)) {
005f91ad
WB		 67 $all_names .= ' ' if $all_names;
68 $all_names .= "$newname.$domain";
ce289e3c 69 }
005f91ad
WB		 70 $all_names .= ' ' if $all_names;
71 $all_names .= $newname;
e4929e97 72 }
1c7f4f65 73
9096a91d
WB		 74 # Prepare section:
75 my $section = '';
c325b32f 76
9096a91d
WB		 77 my $lo4 = "127.0.0.1 localhost.localnet localhost\n";
78 my $lo6 = "::1 localhost.localnet localhost\n";
79 if ($self->ct_file_exists($hosts_fn)) {
80 my $data = $self->ct_file_get_contents($hosts_fn);
81 # don't take localhost entries within our hosts sections into account
82 $data = remove_pve_sections($data);
1c7f4f65 83
9096a91d
WB		 84 # check for existing localhost entries
85 $section .= $lo4 if $data !~ /^\h*127\.0\.0\.1\h+/m;
86 $section .= $lo6 if $data !~ /^\h*::1\h+/m;
87 } else {
88 $section .= $lo4 . $lo6;
1c7f4f65
DM		 89 }
90
9096a91d
WB		 91 if (defined($hostip)) {
92 $section .= "$hostip $all_names\n";
63ec4b3b
DC		 93 } elsif ($namepart ne 'localhost') {
94 $section .= "127.0.1.1 $all_names\n";
9096a91d
WB		 95 } else {
96 $section .= "127.0.1.1 $namepart\n";
1e180f97
DM		 97 }
98
9096a91d 99 $self->ct_modify_file($hosts_fn, $section);
c0eae401 100}
1c7f4f65 101
142444d5
DM		 102sub template_fixup {
103 my ($self, $conf) = @_;
104
105 # do nothing by default
106}
107
c325b32f 108sub set_dns {
633a7bd8 109 my ($self, $conf) = @_;
c325b32f 110
23d928a1 111 my ($searchdomains, $nameserver) = $self->lookup_dns_conf($conf);
c325b32f 112
c325b32f
DM		 113 my $data = '';
114
115 $data .= "search " . join(' ', PVE::Tools::split_list($searchdomains)) . "\n"
116 if $searchdomains;
117
118 foreach my $ns ( PVE::Tools::split_list($nameserver)) {
119 $data .= "nameserver $ns\n";
120 }
121
2edb50e5 122 $self->ct_modify_file("/etc/resolv.conf", $data, replace => 1);
c325b32f
DM		 123}
124
1c7f4f65 125sub set_hostname {
633a7bd8 126 my ($self, $conf) = @_;
1c7f4f65 127
27916659 128 my $hostname = $conf->{hostname} || 'localhost';
1c7f4f65 129
ce289e3c 130 my $namepart = ($hostname =~ s/\..*$//r);
1c7f4f65 131
f08b2779 132 my $hostname_fn = "/etc/hostname";
1c7f4f65 133
f08b2779 134 my $oldname = $self->ct_file_read_firstline($hostname_fn) || 'localhost';
1c7f4f65 135
c325b32f
DM		 136 my ($ipv4, $ipv6) = PVE::LXC::get_primary_ips($conf);
137 my $hostip = $ipv4 || $ipv6;
b9cd9975 138
23d928a1 139 my ($searchdomains) = $self->lookup_dns_conf($conf);
b9cd9975 140
9096a91d 141 $self->update_etc_hosts($hostip, $oldname, $hostname, $searchdomains);
b9cd9975 142
ce289e3c 143 $self->ct_file_set_contents($hostname_fn, "$namepart\n");
1c7f4f65
DM		 144}
145
55fa4e09 146sub setup_network {
633a7bd8 147 my ($self, $conf) = @_;
55fa4e09
DM		 148
149 die "please implement this inside subclass"
150}
151
d66768a2 152sub setup_init {
633a7bd8 153 my ($self, $conf) = @_;
1c7f4f65 154
d66768a2
DM		 155 die "please implement this inside subclass"
156}
157
9143dec4
DM		 158sub setup_systemd_console {
159 my ($self, $conf) = @_;
160
e7deac01 161 my $systemd_dir_rel = $self->ct_is_executable("/lib/systemd/systemd") ?
9143dec4
DM		 162 "/lib/systemd/system" : "/usr/lib/systemd/system";
163
9143dec4
DM		 164 my $systemd_getty_service_rel = "$systemd_dir_rel/getty\@.service";
165
f08b2779 166 return if !$self->ct_file_exists($systemd_getty_service_rel);
9143dec4 167
1b4cf758 168 my $ttycount = PVE::LXC::Config->get_tty_count($conf);
9143dec4
DM		 169
170 for (my $i = 1; $i < 7; $i++) {
f08b2779 171 my $tty_service_lnk = "/etc/systemd/system/getty.target.wants/getty\@tty$i.service";
9143dec4 172 if ($i > $ttycount) {
f08b2779 173 $self->ct_unlink($tty_service_lnk);
9143dec4 174 } else {
f08b2779
WB		 175 if (!$self->ct_is_symlink($tty_service_lnk)) {
176 $self->ct_unlink($tty_service_lnk);
177 $self->ct_symlink($systemd_getty_service_rel, $tty_service_lnk);
9143dec4
DM		 178 }
179 }
180 }
181}
182
5e84bdc8
DM		 183# A few distros as well as unprivileged containers cannot deal with the
184# /dev/lxc/ tty subdirectory.
185sub devttydir {
186 my ($self, $conf) = @_;
187 return $conf->{unprivileged} ? '' : 'lxc/';
188}
189
dd7a436b
TL		 190sub fixup_old_getty {
191 my ($self) = @_;
192
193 my $sd_dir_rel = $self->ct_is_executable("/lib/systemd/systemd") ?
194 "/lib/systemd/system" : "/usr/lib/systemd/system";
195
196 my $sd_getty_service_rel = "$sd_dir_rel/getty\@.service";
197 return if !$self->ct_file_exists($sd_getty_service_rel);
198
199 my $raw = $self->ct_file_get_contents($sd_getty_service_rel);
200
201 my $sd_container_getty_service_rel = "$sd_dir_rel/container-getty\@.service";
202 # systemd on CenoOS 7.1 is too old (version 205), so there is no
203 # container-getty service
204 if (!$self->ct_file_exists($sd_container_getty_service_rel)) {
205 if ($raw =~ s!^ConditionPathExists=/dev/tty0$!ConditionPathExists=/dev/tty!m) {
206 $self->ct_file_set_contents($sd_getty_service_rel, $raw);
207 }
208 } else {
209 # undo above change (in case someone updated systemd)
210 if ($raw =~ s!^ConditionPathExists=/dev/tty$!ConditionPathExists=/dev/tty0!m) {
211 $self->ct_file_set_contents($sd_getty_service_rel, $raw);
212 }
213 }
214}
215
90b21cdc 216sub setup_container_getty_service {
5e84bdc8
DM		 217 my ($self, $conf) = @_;
218
bfe63c1a 219 my $sd_dir = $self->ct_is_executable("/lib/systemd/systemd") ?
8f115f7c 220 "/lib/systemd/system" : "/usr/lib/systemd/system";
bfe63c1a
TL		 221
222 # prefer container-getty.service shipped by newer systemd versions
223 # fallback to getty.service and just return if that doesn't exists either..
224 my $template_base = "container-getty\@";
225 my $template_path = "${sd_dir}/${template_base}.service";
226 my $instance_base = $template_base;
227
228 if (!$self->ct_file_exists($template_path)) {
229 $template_base = "getty\@";
230 $template_path = "${template_base}.service";
231 $instance_base = "{$template_base}tty";
232 return if !$self->ct_file_exists($template_path);
233 }
234
235 my $raw = $self->ct_file_get_contents($template_path);
5e84bdc8 236 my $ttyname = $self->devttydir($conf) . 'tty%I';
418ec240 237 if ($raw =~ s@pts/%I|lxc/tty%I@$ttyname@g) {
bfe63c1a 238 $self->ct_file_set_contents($template_path, $raw);
90b21cdc 239 }
73aa033d 240
bfe63c1a 241 my $getty_target_fn = "/etc/systemd/system/getty.target.wants/";
73aa033d 242 my $ttycount = PVE::LXC::Config->get_tty_count($conf);
73aa033d 243
bfe63c1a 244 for (my $i = 1; $i < 7; $i++) {
73aa033d
TL		 245 # ensure that not two gettys are using the same tty!
246 $self->ct_unlink("$getty_target_fn/getty\@tty$i.service");
bfe63c1a 247 $self->ct_unlink("$getty_target_fn/container-getty\@$i.service");
73aa033d 248
bfe63c1a 249 # re-enable only those requested
73aa033d 250 if ($i <= $ttycount) {
bfe63c1a
TL		 251 my $tty_service = "${instance_base}${i}.service";
252
253 $self->ct_symlink($template_path, "$getty_target_fn/$tty_service");
73aa033d
TL		 254 }
255 }
90b21cdc
WB		 256}
257
c1d32b55
WB		 258sub setup_systemd_networkd {
259 my ($self, $conf) = @_;
260
c1d32b55
WB		 261 foreach my $k (keys %$conf) {
262 next if $k !~ m/^net(\d+)$/;
1b4cf758 263 my $d = PVE::LXC::Config->parse_lxc_network($conf->{$k});
c1d32b55
WB		 264 next if !$d->{name};
265
f08b2779 266 my $filename = "/etc/systemd/network/$d->{name}.network";
c1d32b55
WB		 267
268 my $data = <<"DATA";
269[Match]
270Name = $d->{name}
271
272[Network]
273Description = Interface $d->{name} autoconfigured by PVE
274DATA
4401b7d4
WB		 275
276 my $routes = '';
277 my ($has_ipv4, $has_ipv6);
278
c1d32b55
WB		 279 # DHCP bitflags:
280 my @DHCPMODES = ('none', 'v4', 'v6', 'both');
281 my ($NONE, $DHCP4, $DHCP6, $BOTH) = (0, 1, 2, 3);
282 my $dhcp = $NONE;
bb7f06ef 283 my $accept_ra = 'false';
c1d32b55
WB		 284
285 if (defined(my $ip = $d->{ip})) {
286 if ($ip eq 'dhcp') {
287 $dhcp |= $DHCP4;
288 } elsif ($ip ne 'manual') {
4401b7d4 289 $has_ipv4 = 1;
c1d32b55
WB		 290 $data .= "Address = $ip\n";
291 }
292 }
293 if (defined(my $gw = $d->{gw})) {
294 $data .= "Gateway = $gw\n";
4401b7d4
WB		 295 if ($has_ipv4 && !PVE::Network::is_ip_in_cidr($gw, $d->{ip}, 4)) {
296 $routes .= "\n[Route]\nDestination = $gw/32\nScope = link\n";
297 }
c1d32b55
WB		 298 }
299
300 if (defined(my $ip = $d->{ip6})) {
301 if ($ip eq 'dhcp') {
302 $dhcp |= $DHCP6;
bb7f06ef
WB		 303 } elsif ($ip eq 'auto') {
304 $accept_ra = 'true';
c1d32b55 305 } elsif ($ip ne 'manual') {
4401b7d4 306 $has_ipv6 = 1;
c1d32b55
WB		 307 $data .= "Address = $ip\n";
308 }
309 }
310 if (defined(my $gw = $d->{gw6})) {
bb7f06ef 311 $accept_ra = 'false';
c1d32b55 312 $data .= "Gateway = $gw\n";
d13fd23a
WB		 313 if ($has_ipv6 && !PVE::Network::is_ip_in_cidr($gw, $d->{ip6}, 6) &&
314 !PVE::Network::is_ip_in_cidr($gw, 'fe80::/10', 6)) {
4401b7d4
WB		 315 $routes .= "\n[Route]\nDestination = $gw/128\nScope = link\n";
316 }
c1d32b55
WB		 317 }
318
319 $data .= "DHCP = $DHCPMODES[$dhcp]\n";
bb7f06ef 320 $data .= "IPv6AcceptRA = $accept_ra\n";
4401b7d4 321 $data .= $routes if $routes;
c1d32b55 322
f08b2779 323 $self->ct_file_set_contents($filename, $data);
c1d32b55 324 }
b7cd927f
WB		 325}
326
327sub setup_securetty {
328 my ($self, $conf, @add) = @_;
c1d32b55 329
f08b2779 330 my $filename = "/etc/securetty";
bd3093ef
TL		 331 # root login is already allowed on every device if no securetty present
332 return if !$self->ct_file_exists($filename);
333
5e84bdc8
DM		 334 if (!scalar(@add)) {
335 @add = qw(console tty1 tty2 tty3 tty4);
336 if (my $dir = $self->devttydir($conf)) {
337 @add = map { "${dir}$_" } @add;
338 }
339 }
340
f08b2779 341 my $data = $self->ct_file_get_contents($filename);
b7cd927f
WB		 342 chomp $data; $data .= "\n";
343 foreach my $dev (@add) {
344 if ($data !~ m!^\Q$dev\E\s*$!m) {
345 $data .= "$dev\n";
346 }
347 }
f08b2779 348 $self->ct_file_set_contents($filename, $data);
c1d32b55
WB		 349}
350
168d6b07 351my $replacepw = sub {
f08b2779 352 my ($self, $file, $user, $epw, $shadow) = @_;
168d6b07
DM		 353
354 my $tmpfile = "$file.$$";
355
356 eval {
f08b2779 357 my $src = $self->ct_open_file_read($file) ||
168d6b07
DM		 358 die "unable to open file '$file' - $!";
359
f08b2779 360 my $st = $self->ct_stat($src) ||
168d6b07
DM		 361 die "unable to stat file - $!";
362
f08b2779 363 my $dst = $self->ct_open_file_write($tmpfile) ||
168d6b07
DM		 364 die "unable to open file '$tmpfile' - $!";
365
366 # copy owner and permissions
367 chmod $st->mode, $dst;
368 chown $st->uid, $st->gid, $dst;
367a7c18
DM		 369
370 my $last_change = int(time()/(60*60*24));
371
168d6b07 372 while (defined (my $line = <$src>)) {
367a7c18
DM		 373 if ($shadow) {
374 $line =~ s/^${user}:[^:]*:[^:]*:/${user}:${epw}:${last_change}:/;
375 } else {
376 $line =~ s/^${user}:[^:]*:/${user}:${epw}:/;
377 }
168d6b07
DM		 378 print $dst $line;
379 }
380
381 $src->close() || die "close '$file' failed - $!\n";
382 $dst->close() || die "close '$tmpfile' failed - $!\n";
383 };
384 if (my $err = $@) {
f08b2779 385 $self->ct_unlink($tmpfile);
168d6b07 386 } else {
f08b2779
WB		 387 $self->ct_rename($tmpfile, $file);
388 $self->ct_unlink($tmpfile); # in case rename fails
168d6b07
DM		 389 }
390};
391
392sub set_user_password {
633a7bd8 393 my ($self, $conf, $user, $opt_password) = @_;
168d6b07 394
f08b2779 395 my $pwfile = "/etc/passwd";
168d6b07 396
f08b2779 397 return if !$self->ct_file_exists($pwfile);
168d6b07 398
f08b2779 399 my $shadow = "/etc/shadow";
168d6b07
DM		 400
401 if (defined($opt_password)) {
a46b2fb3 402 if ($opt_password !~ m/^\$(?:1|2[axy]?|5|6)\$[a-zA-Z0-9.\/]{1,16}\$[a-zA-Z0-9.\/]+$/) {
168d6b07 403 my $time = substr (Digest::SHA::sha1_base64 (time), 0, 8);
f55589da 404 $opt_password = crypt(encode("utf8", $opt_password), "\$6\$$time\$");
168d6b07
DM		 405 };
406 } else {
407 $opt_password = '*';
408 }
409
f08b2779
WB		 410 if ($self->ct_file_exists($shadow)) {
411 &$replacepw ($self, $shadow, $user, $opt_password, 1);
412 &$replacepw ($self, $pwfile, $user, 'x');
168d6b07 413 } else {
f08b2779 414 &$replacepw ($self, $pwfile, $user, $opt_password);
168d6b07
DM		 415 }
416}
417
f36ce482
FG		 418my $parse_home_dir = sub {
419 my ($self, $passwdfile, $user) = @_;
420
421 my $fh = $self->ct_open_file_read($passwdfile);
422 while (defined (my $line = <$fh>)) {
423 return $2
424 if $line =~ m/^${user}:([^:]*:){4}([^:]*):/;
425 }
426};
427
428sub set_user_authorized_ssh_keys {
429 my ($self, $conf, $user, $ssh_keys) = @_;
430
431 my $passwd = "/etc/passwd";
432 my $home = $user eq "root" ? "/root/" : "/home/$user/";
433
434 $home = &$parse_home_dir($self, $passwd, $user)
435 if $self->ct_file_exists($passwd);
436
437 die "home directory '$home' of $user does not exist!"
438 if ! ($self->ct_is_directory($home) || $self->ct_is_symlink($home));
439
440 $self->ct_mkdir("$home/.ssh", 0700)
441 if ! $self->ct_is_directory("$home/.ssh");
442
443 $self->ct_modify_file("$home/.ssh/authorized_keys", $ssh_keys, perms => 0700);
444}
445
4727bd09
DM		 446my $randomize_crontab = sub {
447 my ($self, $conf) = @_;
448
b5e62cd0
DM		 449 my @files;
450 # Note: dir_glob_foreach() untaints filenames!
f08b2779 451 PVE::Tools::dir_glob_foreach("/etc/cron.d", qr/[A-Z\-\_a-z0-9]+/, sub {
b5e62cd0 452 my ($name) = @_;
f08b2779 453 push @files, "/etc/cron.d/$name";
b5e62cd0 454 });
4727bd09 455
f08b2779
WB		 456 my $crontab_fn = "/etc/crontab";
457 unshift @files, $crontab_fn if $self->ct_file_exists($crontab_fn);
4727bd09
DM		 458
459 foreach my $filename (@files) {
f08b2779 460 my $data = $self->ct_file_get_contents($filename);
4727bd09
DM		 461 my $new = '';
462 foreach my $line (split(/\n/, $data)) {
463 # we only randomize minutes for root crontab entries
464 if ($line =~ m/^\d+(\s+\S+\s+\S+\s+\S+\s+\S+\s+root\s+\S.*)$/) {
465 my $rest = $1;
466 my $min = int(rand()*59);
467 $new .= "$min$rest\n";
468 } else {
469 $new .= "$line\n";
470 }
471 }
f08b2779 472 $self->ct_file_set_contents($filename, $new);
4727bd09
DM		 473 }
474};
475
d66768a2 476sub pre_start_hook {
633a7bd8 477 my ($self, $conf) = @_;
d66768a2 478
633a7bd8
DM		 479 $self->setup_init($conf);
480 $self->setup_network($conf);
481 $self->set_hostname($conf);
482 $self->set_dns($conf);
d66768a2
DM		 483
484 # fixme: what else ?
485}
486
487sub post_create_hook {
f36ce482 488 my ($self, $conf, $root_password, $ssh_keys) = @_;
d66768a2 489
142444d5 490 $self->template_fixup($conf);
4727bd09
DM		 491
492 &$randomize_crontab($self, $conf);
493
633a7bd8 494 $self->set_user_password($conf, 'root', $root_password);
f36ce482 495 $self->set_user_authorized_ssh_keys($conf, 'root', $ssh_keys) if $ssh_keys;
633a7bd8
DM		 496 $self->setup_init($conf);
497 $self->setup_network($conf);
498 $self->set_hostname($conf);
499 $self->set_dns($conf);
168d6b07 500
55fa4e09 501 # fixme: what else ?
1c7f4f65
DM		 502}
503
f08b2779
WB		 504# File access wrappers for container setup code.
505# For user-namespace support these might need to take uid and gid maps into account.
506
bd1dc8d1
WB		 507sub ct_is_file_ignored {
508 my ($self, $file) = @_;
509 my ($name, $path) = fileparse($file);
510 return -f "$path/.pve-ignore.$name";
511}
512
c6a605f9
WB		 513sub ct_reset_ownership {
514 my ($self, @files) = @_;
515 my $conf = $self->{conf};
516 return if !$self->{id_map};
bd1dc8d1
WB		 517
518 @files = grep { !$self->ct_is_file_ignored($_) } @files;
519 return if !@files;
520
c6a605f9
WB		 521 my $uid = $self->{rootuid};
522 my $gid = $self->{rootgid};
523 chown($uid, $gid, @files);
524}
525
2063d380
WB		 526sub ct_mkdir {
527 my ($self, $file, $mask) = @_;
f08b2779 528 # mkdir goes by parameter count - an `undef' mode acts like a mode of 0000
c6a605f9
WB		 529 if (defined($mask)) {
530 return CORE::mkdir($file, $mask) && $self->ct_reset_ownership($file);
531 } else {
532 return CORE::mkdir($file) && $self->ct_reset_ownership($file);
533 }
2063d380
WB		 534}
535
536sub ct_unlink {
f08b2779
WB		 537 my ($self, @files) = @_;
538 foreach my $file (@files) {
bd1dc8d1 539 next if $self->ct_is_file_ignored($file);
f08b2779
WB		 540 CORE::unlink($file);
541 }
542}
543
544sub ct_rename {
545 my ($self, $old, $new) = @_;
bd1dc8d1 546 return if $self->ct_is_file_ignored($new);
f08b2779 547 CORE::rename($old, $new);
2063d380
WB		 548}
549
f08b2779 550sub ct_open_file_read {
2063d380 551 my $self = shift;
f08b2779
WB		 552 my $file = shift;
553 return IO::File->new($file, O_RDONLY, @_);
2063d380
WB		 554}
555
f08b2779 556sub ct_open_file_write {
2063d380 557 my $self = shift;
f08b2779 558 my $file = shift;
bd1dc8d1 559 $file = '/dev/null' if $self->ct_is_file_ignored($file);
c6a605f9
WB		 560 my $fh = IO::File->new($file, O_WRONLY | O_CREAT, @_);
561 $self->ct_reset_ownership($fh);
562 return $fh;
2063d380
WB		 563}
564
f08b2779 565sub ct_make_path {
2063d380 566 my $self = shift;
c6a605f9
WB		 567 if ($self->{id_map}) {
568 my $opts = pop;
569 if (ref($opts) eq 'HASH') {
570 $opts->{owner} = $self->{rootuid} if !defined($self->{owner});
571 $opts->{group} = $self->{rootgid} if !defined($self->{group});
572 }
573 File::Path::make_path(@_, $opts);
574 } else {
575 File::Path::make_path(@_);
576 }
2063d380
WB		 577}
578
579sub ct_symlink {
580 my ($self, $old, $new) = @_;
bd1dc8d1 581 return if $self->ct_is_file_ignored($new);
f08b2779 582 return CORE::symlink($old, $new);
2063d380
WB		 583}
584
8f115f7c
WB		 585sub ct_readlink {
586 my ($self, $name) = @_;
587 return CORE::readlink($name);
588}
589
2063d380
WB		 590sub ct_file_exists {
591 my ($self, $file) = @_;
f08b2779
WB		 592 return -f $file;
593}
594
595sub ct_is_directory {
596 my ($self, $file) = @_;
597 return -d $file;
598}
599
600sub ct_is_symlink {
601 my ($self, $file) = @_;
602 return -l $file;
603}
604
e7deac01
WB		 605sub ct_is_executable {
606 my ($self, $file) = @_;
607 return -x $file
608}
609
f08b2779
WB		 610sub ct_stat {
611 my ($self, $file) = @_;
612 return File::stat::stat($file);
2063d380
WB		 613}
614
615sub ct_file_read_firstline {
616 my ($self, $file) = @_;
f08b2779 617 return PVE::Tools::file_read_firstline($file);
2063d380
WB		 618}
619
620sub ct_file_get_contents {
621 my ($self, $file) = @_;
f08b2779 622 return PVE::Tools::file_get_contents($file);
2063d380
WB		 623}
624
625sub ct_file_set_contents {
39243220 626 my ($self, $file, $data, $perms) = @_;
bd1dc8d1 627 return if $self->ct_is_file_ignored($file);
c6a605f9
WB		 628 PVE::Tools::file_set_contents($file, $data, $perms);
629 $self->ct_reset_ownership($file);
2063d380
WB		 630}
631
2edb50e5
WB		 632# Modify a marked portion of a file.
633# Optionally if the file becomes empty it will be deleted.
634sub ct_modify_file {
635 my ($self, $file, $data, %options) = @_;
bd1dc8d1 636 return if $self->ct_is_file_ignored($file);
2edb50e5
WB		 637
638 my $head = "# --- BEGIN PVE ---\n";
639 my $tail = "# --- END PVE ---\n";
be7ee97a 640 my $perms = $options{perms};
a5a4b5aa 641 $data .= "\n" if $data && $data !~ /\n$/;
2edb50e5
WB		 642
643 if (!$self->ct_file_exists($file)) {
be7ee97a 644 $self->ct_file_set_contents($file, $head.$data.$tail, $perms) if $data;
2edb50e5
WB		 645 return;
646 }
647
648 my $old = $self->ct_file_get_contents($file);
649 my @lines = split(/\n/, $old);
650
651 my ($beg, $end);
652 foreach my $i (0..(@lines-1)) {
653 my $line = $lines[$i];
654 $beg = $i if !defined($beg) &&
655 $line =~ /^#\s*---\s*BEGIN\s*PVE\s*/;
656 $end = $i if !defined($end) && defined($beg) &&
657 $line =~ /^#\s*---\s*END\s*PVE\s*/i;
658 last if defined($beg) && defined($end);
659 }
660
661 if (defined($beg) && defined($end)) {
662 # Found a section
663 if ($data) {
664 chomp $tail;
665 splice @lines, $beg, $end-$beg+1, $head.$data.$tail;
fa7cb12b 666 } else {
2edb50e5
WB		 667 if ($beg == 0 && $end == (@lines-1)) {
668 $self->ct_unlink($file) if $options{delete};
669 return;
670 }
671 splice @lines, $beg, $end-$beg+1, $head.$data.$tail;
672 }
673 $self->ct_file_set_contents($file, join("\n", @lines) . "\n");
674 } elsif ($data) {
675 # No section found
676 my $content = join("\n", @lines);
677 chomp $content;
678 if (!$content && !$data && $options{delete}) {
fa7cb12b 679 $self->ct_unlink($file);
2edb50e5
WB		 680 return;
681 }
682 $content .= "\n";
683 $data = $head.$data.$tail;
684 if ($options{replace}) {
be7ee97a 685 $self->ct_file_set_contents($file, $data, $perms);
2edb50e5 686 } elsif ($options{prepend}) {
be7ee97a 687 $self->ct_file_set_contents($file, $data . $content, $perms);
2edb50e5 688 } else { # append
be7ee97a 689 $self->ct_file_set_contents($file, $content . $data, $perms);
fa7cb12b 690 }
fa7cb12b
WB		 691 }
692}
693
9096a91d
WB		 694sub remove_pve_sections {
695 my ($data) = @_;
696
697 my $head = "# --- BEGIN PVE ---";
698 my $tail = "# --- END PVE ---";
699
700 # Remove the sections enclosed with the above headers and footers.
701 # from a line (^) starting with '\h*$head'
702 # to a line (the other ^) starting with '\h*$tail' up to including that
703 # line's end (.*?$).
704 return $data =~ s/^\h*\Q$head\E.*^\h*\Q$tail\E.*?$//rgms;
705}
706
1c7f4f65 7071;
PVE Container Toolkit