[pve-container.git] / src / PVE / LXC / Setup.pm

package PVE::LXC::Setup;

use strict;
use warnings;
use POSIX;
use PVE::Tools;

use PVE::LXC::Setup::Debian;
use PVE::LXC::Setup::Ubuntu;
use PVE::LXC::Setup::CentOS;
use PVE::LXC::Setup::Fedora;
use PVE::LXC::Setup::SUSE;
use PVE::LXC::Setup::ArchLinux;
use PVE::LXC::Setup::Alpine;
use PVE::LXC::Setup::Gentoo;
use PVE::LXC::Setup::Devuan;

my $plugins = {
    debian    => 'PVE::LXC::Setup::Debian',
    devuan    => 'PVE::LXC::Setup::Devuan',
    ubuntu    => 'PVE::LXC::Setup::Ubuntu',
    centos    => 'PVE::LXC::Setup::CentOS',
    fedora    => 'PVE::LXC::Setup::Fedora',
    opensuse  => 'PVE::LXC::Setup::SUSE',
    archlinux => 'PVE::LXC::Setup::ArchLinux',
    alpine    => 'PVE::LXC::Setup::Alpine',
    gentoo    => 'PVE::LXC::Setup::Gentoo',
};

# a map to allow supporting related distro flavours
my $plugin_alias = {
    arch => 'archlinux',
    sles => 'opensuse',
    'opensuse-leap' => 'opensuse',
    'opensuse-tumbleweed' => 'opensuse',
};

my $autodetect_type = sub {
    my ($self, $rootdir, $os_release) = @_;

    if (my $id = $os_release->{ID}) {
	return $id if $plugins->{$id};
	return $plugin_alias->{$id} if $plugin_alias->{$id};
	warn "unknown ID '$id' in /etc/os-release file, trying fallback detection\n";
    }

    # fallback compatibility checks

    my $lsb_fn = "$rootdir/etc/lsb-release";
    if (-f $lsb_fn) {
	my $data =  PVE::Tools::file_get_contents($lsb_fn);
	if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
	    return 'ubuntu';
	}
    }

    if (-f "$rootdir/etc/debian_version") {
	return "debian";
    } elsif (-f "$rootdir/etc/devuan_version") {
	return "devuan";
    } elsif (-f  "$rootdir/etc/SuSE-brand" || -f "$rootdir/etc/SuSE-release") {
	return "opensuse";
    } elsif (-f  "$rootdir/etc/fedora-release") {
	return "fedora";
    } elsif (-f  "$rootdir/etc/centos-release" || -f "$rootdir/etc/redhat-release") {
	return "centos";
    } elsif (-f  "$rootdir/etc/arch-release") {
	return "archlinux";
    } elsif (-f  "$rootdir/etc/alpine-release") {
	return "alpine";
    } elsif (-f  "$rootdir/etc/gentoo-release") {
	return "gentoo";
    } elsif (-f "$rootdir/etc/os-release") {
	die "unable to detect OS distribution\n";
    } else {
	warn "/etc/os-release file not found and autodetection failed, falling back to 'unmanaged'\n";
	return "unmanaged";
    }
};

sub new {
    my ($class, $conf, $rootdir, $type) = @_;

    die "no root directory\n" if !$rootdir || $rootdir eq '/';

    my $self = bless { conf => $conf, rootdir => $rootdir};

    my $os_release = $self->get_ct_os_release();

    if ($conf->{ostype} && $conf->{ostype} eq 'unmanaged') {
	return $self;
    } elsif (!defined($type)) {
	# try to autodetect type
	$type = &$autodetect_type($self, $rootdir, $os_release);
	my $expected_type = $conf->{ostype} || $type;

	warn "got unexpected ostype ($type != $expected_type)\n"
	    if $type ne $expected_type;
    }

    if ($type eq 'unmanaged') {
	$conf->{ostype} = $type;
	return $self;
    }

    my $plugin_class = $plugins->{$type} ||
	"no such OS type '$type'\n";

    my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
    $self->{plugin} = $plugin;
    $self->{in_chroot} = 0;

    # Cache some host files we need access to:
    $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');

    # pass on user namespace information:
    my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
    if (@$id_map) {
	$plugin->{id_map} = $id_map;
	$plugin->{rootuid} = $rootuid;
	$plugin->{rootgid} = $rootgid;
    }
    
    return $self;
}

# Forks into a chroot and executes $sub
sub protected_call {
    my ($self, $sub) = @_;

    # avoid recursion:
    return $sub->() if $self->{in_chroot};

    my $rootdir = $self->{rootdir};
    if (!-d "$rootdir/dev" && !mkdir("$rootdir/dev")) {
	die "failed to create temporary /dev directory: $!\n";
    }

    pipe(my $res_in, my $res_out) or die "pipe failed: $!\n";

    my $child = fork();
    die "fork failed: $!\n" if !defined($child);

    if (!$child) {
	close($res_in);
	# avoid recursive forks
	$self->{in_chroot} = 1;
	eval {
	    chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
	    chdir('/') or die "failed to change to root directory\n";
	    my $res = $sub->();
	    if (defined($res)) {
		print {$res_out} "$res";
		$res_out->flush();
	    }
	};
	if (my $err = $@) {
	    warn $err;
	    POSIX::_exit(1);
	}
	POSIX::_exit(0);
    }
    close($res_out);
    my $result = do { local $/ = undef; <$res_in> };
    while (waitpid($child, 0) != $child) {}
    if ($? != 0) {
	my $method = (caller(1))[3];
	die "error in setup task $method\n";
    }
    return $result;
}

sub template_fixup {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->template_fixup($self->{conf});
    };
    $self->protected_call($code);
}
 
sub setup_network {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->setup_network($self->{conf});
    };
    $self->protected_call($code);
}

sub set_hostname {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->set_hostname($self->{conf});
    };
    $self->protected_call($code);
}

sub set_dns {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->set_dns($self->{conf});
    };
    $self->protected_call($code);
}

sub setup_init {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->setup_init($self->{conf});
    };
    $self->protected_call($code);
}

sub set_user_password {
    my ($self, $user, $pw) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->set_user_password($self->{conf}, $user, $pw);
    };
    $self->protected_call($code);
}

sub rewrite_ssh_host_keys {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $conf = $self->{conf};
    my $plugin = $self->{plugin};
    my $rootdir = $self->{rootdir};

    return if ! -d "$rootdir/etc/ssh";

    my $keynames = {
	rsa => 'ssh_host_rsa_key',
	dsa => 'ssh_host_dsa_key',
	ecdsa => 'ssh_host_ecdsa_key', 
	ed25519 => 'ssh_host_ed25519_key',
    };

    my $hostname = $conf->{hostname} || 'localhost';
    $hostname =~ s/\..*$//;
    my $ssh_comment = "root\@$hostname";

    my $keygen_outfunc = sub {
	my $line = shift;

	print "done: $line\n"
	    if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i ||
	       $line =~ m/^SHA256:[0-9a-z+\/]{43}\s+\Q$ssh_comment\E$/i;
    };

    # Create temporary keys in /tmp on the host
    my $keyfiles = {};
    foreach my $keytype (keys %$keynames) {
	my $basename = $keynames->{$keytype};
	my $file = "/tmp/$$.$basename";
	print "Creating SSH host key '$basename' - this may take some time ...\n";
	my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype,
		   '-N', '', '-E', 'sha256', '-C', $ssh_comment];
	PVE::Tools::run_command($cmd, outfunc => $keygen_outfunc);
	$keyfiles->{"/etc/ssh/$basename"} = [PVE::Tools::file_get_contents($file), 0600];
	$keyfiles->{"/etc/ssh/$basename.pub"} = [PVE::Tools::file_get_contents("$file.pub"), 0644];
	unlink $file;
	unlink "$file.pub";
    }

    # Write keys out in a protected call

    my $code = sub {
	foreach my $file (keys %$keyfiles) {
	    $plugin->ct_file_set_contents($file, @{$keyfiles->{$file}});
	}
    };
    $self->protected_call($code);
}    

my $container_emulator_path = {
    'amd64' => '/usr/bin/qemu-x86_64-static',
    'arm64' => '/usr/bin/qemu-aarch64-static',
};

sub pre_start_hook {
    my ($self) = @_;

    return if !$self->{plugin}; # unmanaged

    my $host_arch = PVE::Tools::get_host_arch();

    # containers use different architecture names
    if ($host_arch eq 'x86_64') {
	$host_arch = 'amd64';
    } elsif ($host_arch eq 'aarch64') {
	$host_arch = 'arm64';
    } else {
	die "unsupported host architecture '$host_arch'\n";
    }

    my $container_arch = $self->{conf}->{arch};

    $container_arch = 'amd64' if $container_arch eq 'i386'; # always use 64 bit version
    $container_arch = 'arm64' if $container_arch eq 'armhf'; # always use 64 bit version

    my $emul;
    my $emul_data;

    if ($host_arch ne $container_arch) {
	if ($emul = $container_emulator_path->{$container_arch}) {
	    $emul_data = PVE::Tools::file_get_contents($emul, 10*1024*1024) if -f $emul;
	}
    }

    my $code = sub {

	if ($emul && $emul_data) {
	    $self->{plugin}->ct_file_set_contents($emul, $emul_data, 0755);
	}

	# Create /fastboot to skip run fsck
	$self->{plugin}->ct_file_set_contents('/fastboot', '');

	$self->{plugin}->pre_start_hook($self->{conf});
    };
    $self->protected_call($code);
}

sub post_create_hook {
    my ($self, $root_password, $ssh_keys) = @_;

    return if !$self->{plugin}; # unmanaged

    my $code = sub {
	$self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys);
    };
    $self->protected_call($code);
    $self->rewrite_ssh_host_keys();
}

# os-release(5):
#   (...) a newline-separated list of environment-like shell-compatible
#   variable assignments. (...) beyond mere variable assignments, no shell
#   features are supported (this means variable expansion is explicitly not
#   supported) (...). Variable assignment values must be enclosed in double or
#   single quotes *if* they include spaces, semicolons or other special
#   characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
#   backslash, backtick) must be escaped with backslashes (...). All strings
#   should be in UTF-8 format, and non-printable characters should not be used.
#   It is not supported to concatenate multiple individually quoted strings.
#   Lines beginning with "#" shall be ignored as comments.
my $parse_os_release = sub {
    my ($data) = @_;
    my $variables = {};
    while (defined($data) && $data =~ /^(.+)$/gm) {
	next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/;
	my ($var, $content) = ($1, $2);
	chomp $content;

	if ($content =~ /^'([^']*)'/) {
	    $variables->{$var} = $1;
	} elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) {
	    my $s = $1;
	    $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
	    $variables->{$var} = $s;
	} elsif ($content =~ /^([A-Za-z0-9]*)/) {
	    $variables->{$var} = $1;
	}
    }
    return $variables;
};

sub get_ct_os_release {
    my ($self) = @_;

    my $code = sub {
	if (-f '/etc/os-release') {
	    return PVE::Tools::file_get_contents('/etc/os-release');
	} elsif (-f '/usr/lib/os-release') {
	    return PVE::Tools::file_get_contents('/usr/lib/os-release');
	}
	return undef;
    };

    my $data = $self->protected_call($code);

    return &$parse_os_release($data);
}

1;
Commit	Line	Data
7af97ad5	1	package PVE::LXC::Setup;
1c7f4f65 DM	2
	3	use strict;
	4	use warnings;
f08b2779	5	use POSIX;
a8e58e9c	6	use PVE::Tools;
1c7f4f65	7
7af97ad5 DM	8	use PVE::LXC::Setup::Debian;
7af97ad5 DM	9	use PVE::LXC::Setup::Ubuntu;
81a6ec3f	10	use PVE::LXC::Setup::CentOS;
b0143ab1	11	use PVE::LXC::Setup::Fedora;
fa7cb12b	12	use PVE::LXC::Setup::SUSE;
7af97ad5	13	use PVE::LXC::Setup::ArchLinux;
a8700492	14	use PVE::LXC::Setup::Alpine;
ed027b58	15	use PVE::LXC::Setup::Gentoo;
151c5b73	16	use PVE::LXC::Setup::Devuan;
1c7f4f65 DM	17
1c7f4f65 DM	18	my $plugins = {
7af97ad5	19	debian => 'PVE::LXC::Setup::Debian',
151c5b73	20	devuan => 'PVE::LXC::Setup::Devuan',
7af97ad5	21	ubuntu => 'PVE::LXC::Setup::Ubuntu',
81a6ec3f	22	centos => 'PVE::LXC::Setup::CentOS',
b0143ab1	23	fedora => 'PVE::LXC::Setup::Fedora',
fa7cb12b	24	opensuse => 'PVE::LXC::Setup::SUSE',
7af97ad5	25	archlinux => 'PVE::LXC::Setup::ArchLinux',
a8700492	26	alpine => 'PVE::LXC::Setup::Alpine',
ed027b58	27	gentoo => 'PVE::LXC::Setup::Gentoo',
1c7f4f65 DM	28	};
1c7f4f65 DM	29
934a30b0 TL	30	# a map to allow supporting related distro flavours
	31	my $plugin_alias = {
	32	arch => 'archlinux',
	33	sles => 'opensuse',
47447841	34	'opensuse-leap' => 'opensuse',
005e72bd	35	'opensuse-tumbleweed' => 'opensuse',
934a30b0 TL	36	};
934a30b0 TL	37
bdd4194c	38	my $autodetect_type = sub {
153747ff WB	39	my ($self, $rootdir, $os_release) = @_;
	40
	41	if (my $id = $os_release->{ID}) {
934a30b0 TL	42	return $id if $plugins->{$id};
934a30b0 TL	43	return $plugin_alias->{$id} if $plugin_alias->{$id};
5c81c821	44	warn "unknown ID '$id' in /etc/os-release file, trying fallback detection\n";
153747ff WB	45	}
	46
	47	# fallback compatibility checks
a8e58e9c DM	48
	49	my $lsb_fn = "$rootdir/etc/lsb-release";
	50	if (-f $lsb_fn) {
	51	my $data = PVE::Tools::file_get_contents($lsb_fn);
	52	if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
	53	return 'ubuntu';
	54	}
75c7928e DM	55	}
	56
	57	if (-f "$rootdir/etc/debian_version") {
bdd4194c	58	return "debian";
151c5b73 TL	59	} elsif (-f "$rootdir/etc/devuan_version") {
151c5b73 TL	60	return "devuan";
fa7cb12b WB	61	} elsif (-f "$rootdir/etc/SuSE-brand" \|\| -f "$rootdir/etc/SuSE-release") {
fa7cb12b WB	62	return "opensuse";
b0143ab1 WB	63	} elsif (-f "$rootdir/etc/fedora-release") {
b0143ab1 WB	64	return "fedora";
81a6ec3f WB	65	} elsif (-f "$rootdir/etc/centos-release" \|\| -f "$rootdir/etc/redhat-release") {
81a6ec3f WB	66	return "centos";
c1d32b55 WB	67	} elsif (-f "$rootdir/etc/arch-release") {
c1d32b55 WB	68	return "archlinux";
a8700492 JV	69	} elsif (-f "$rootdir/etc/alpine-release") {
a8700492 JV	70	return "alpine";
ed027b58 WB	71	} elsif (-f "$rootdir/etc/gentoo-release") {
ed027b58 WB	72	return "gentoo";
5f94d5e5 AE	73	} elsif (-f "$rootdir/etc/os-release") {
	74	die "unable to detect OS distribution\n";
	75	} else {
	76	warn "/etc/os-release file not found and autodetection failed, falling back to 'unmanaged'\n";
	77	return "unmanaged";
bdd4194c	78	}
bdd4194c DM	79	};
bdd4194c DM	80
1c7f4f65	81	sub new {
5b4657d0	82	my ($class, $conf, $rootdir, $type) = @_;
1c7f4f65	83
5b4657d0 DM	84	die "no root directory\n" if !$rootdir \|\| $rootdir eq '/';
5b4657d0 DM	85
5b3614f8	86	my $self = bless { conf => $conf, rootdir => $rootdir};
1c7f4f65	87
153747ff WB	88	my $os_release = $self->get_ct_os_release();
153747ff WB	89
238b7e3e DM	90	if ($conf->{ostype} && $conf->{ostype} eq 'unmanaged') {
	91	return $self;
	92	} elsif (!defined($type)) {
bdd4194c	93	# try to autodetect type
153747ff	94	$type = &$autodetect_type($self, $rootdir, $os_release);
238b7e3e DM	95	my $expected_type = $conf->{ostype} \|\| $type;
238b7e3e DM	96
934a30b0	97	warn "got unexpected ostype ($type != $expected_type)\n"
238b7e3e	98	if $type ne $expected_type;
bdd4194c	99	}
238b7e3e	100
5f94d5e5 AE	101	if ($type eq 'unmanaged') {
	102	$conf->{ostype} = $type;
	103	return $self;
	104	}
	105
633a7bd8	106	my $plugin_class = $plugins->{$type} \|\|
1c7f4f65 DM	107	"no such OS type '$type'\n";
1c7f4f65 DM	108
153747ff	109	my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
23d928a1	110	$self->{plugin} = $plugin;
f08b2779	111	$self->{in_chroot} = 0;
23d928a1 WB	112
	113	# Cache some host files we need access to:
	114	$plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
c6a605f9 WB	115
	116	# pass on user namespace information:
	117	my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
	118	if (@$id_map) {
	119	$plugin->{id_map} = $id_map;
	120	$plugin->{rootuid} = $rootuid;
	121	$plugin->{rootgid} = $rootgid;
	122	}
633a7bd8	123
1c7f4f65 DM	124	return $self;
	125	}
	126
9ba0e0b5	127	# Forks into a chroot and executes $sub
f08b2779 WB	128	sub protected_call {
	129	my ($self, $sub) = @_;
	130
	131	# avoid recursion:
	132	return $sub->() if $self->{in_chroot};
	133
	134	my $rootdir = $self->{rootdir};
	135	if (!-d "$rootdir/dev" && !mkdir("$rootdir/dev")) {
	136	die "failed to create temporary /dev directory: $!\n";
	137	}
	138
9ba0e0b5 WB	139	pipe(my $res_in, my $res_out) or die "pipe failed: $!\n";
9ba0e0b5 WB	140
f08b2779 WB	141	my $child = fork();
	142	die "fork failed: $!\n" if !defined($child);
	143
	144	if (!$child) {
9ba0e0b5	145	close($res_in);
f08b2779 WB	146	# avoid recursive forks
f08b2779 WB	147	$self->{in_chroot} = 1;
f08b2779	148	eval {
f08b2779 WB	149	chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
f08b2779 WB	150	chdir('/') or die "failed to change to root directory\n";
9ba0e0b5 WB	151	my $res = $sub->();
	152	if (defined($res)) {
	153	print {$res_out} "$res";
	154	$res_out->flush();
	155	}
f08b2779 WB	156	};
f08b2779 WB	157	if (my $err = $@) {
797e12e8	158	warn $err;
f08b2779 WB	159	POSIX::_exit(1);
	160	}
	161	POSIX::_exit(0);
	162	}
9ba0e0b5 WB	163	close($res_out);
9ba0e0b5 WB	164	my $result = do { local $/ = undef; <$res_in> };
f08b2779	165	while (waitpid($child, 0) != $child) {}
952de558 WB	166	if ($? != 0) {
	167	my $method = (caller(1))[3];
	168	die "error in setup task $method\n";
	169	}
9ba0e0b5	170	return $result;
f08b2779 WB	171	}
f08b2779 WB	172
142444d5 DM	173	sub template_fixup {
	174	my ($self) = @_;
	175
238b7e3e DM	176	return if !$self->{plugin}; # unmanaged
238b7e3e DM	177
f08b2779 WB	178	my $code = sub {
	179	$self->{plugin}->template_fixup($self->{conf});
	180	};
	181	$self->protected_call($code);
142444d5 DM	182	}
142444d5 DM	183
1c7f4f65	184	sub setup_network {
55fa4e09	185	my ($self) = @_;
1c7f4f65	186
238b7e3e DM	187	return if !$self->{plugin}; # unmanaged
238b7e3e DM	188
f08b2779 WB	189	my $code = sub {
	190	$self->{plugin}->setup_network($self->{conf});
	191	};
	192	$self->protected_call($code);
1c7f4f65 DM	193	}
	194
	195	sub set_hostname {
	196	my ($self) = @_;
	197
238b7e3e DM	198	return if !$self->{plugin}; # unmanaged
238b7e3e DM	199
f08b2779 WB	200	my $code = sub {
	201	$self->{plugin}->set_hostname($self->{conf});
	202	};
	203	$self->protected_call($code);
1c7f4f65 DM	204	}
1c7f4f65 DM	205
c325b32f DM	206	sub set_dns {
	207	my ($self) = @_;
	208
238b7e3e DM	209	return if !$self->{plugin}; # unmanaged
238b7e3e DM	210
f08b2779 WB	211	my $code = sub {
	212	$self->{plugin}->set_dns($self->{conf});
	213	};
	214	$self->protected_call($code);
c325b32f DM	215	}
c325b32f DM	216
d66768a2 DM	217	sub setup_init {
	218	my ($self) = @_;
	219
238b7e3e DM	220	return if !$self->{plugin}; # unmanaged
238b7e3e DM	221
f08b2779 WB	222	my $code = sub {
	223	$self->{plugin}->setup_init($self->{conf});
	224	};
	225	$self->protected_call($code);
d66768a2 DM	226	}
d66768a2 DM	227
168d6b07 DM	228	sub set_user_password {
168d6b07 DM	229	my ($self, $user, $pw) = @_;
238b7e3e DM	230
	231	return if !$self->{plugin}; # unmanaged
	232
f08b2779 WB	233	my $code = sub {
	234	$self->{plugin}->set_user_password($self->{conf}, $user, $pw);
	235	};
	236	$self->protected_call($code);
1c7f4f65 DM	237	}
1c7f4f65 DM	238
7ee31468 DM	239	sub rewrite_ssh_host_keys {
	240	my ($self) = @_;
	241
238b7e3e DM	242	return if !$self->{plugin}; # unmanaged
238b7e3e DM	243
797e12e8 WB	244	my $conf = $self->{conf};
	245	my $plugin = $self->{plugin};
	246	my $rootdir = $self->{rootdir};
	247
feb7383b	248	return if ! -d "$rootdir/etc/ssh";
797e12e8 WB	249
797e12e8 WB	250	my $keynames = {
797e12e8 WB	251	rsa => 'ssh_host_rsa_key',
	252	dsa => 'ssh_host_dsa_key',
	253	ecdsa => 'ssh_host_ecdsa_key',
	254	ed25519 => 'ssh_host_ed25519_key',
	255	};
	256
	257	my $hostname = $conf->{hostname} \|\| 'localhost';
	258	$hostname =~ s/\..*$//;
52a2d3f8	259	my $ssh_comment = "root\@$hostname";
797e12e8	260
52a2d3f8 FG	261	my $keygen_outfunc = sub {
	262	my $line = shift;
	263
	264	print "done: $line\n"
bc77a52b WB	265	if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i \|\|
bc77a52b WB	266	$line =~ m/^SHA256:[0-9a-z+\/]{43}\s+\Q$ssh_comment\E$/i;
52a2d3f8	267	};
797e12e8	268
52a2d3f8	269	# Create temporary keys in /tmp on the host
797e12e8 WB	270	my $keyfiles = {};
	271	foreach my $keytype (keys %$keynames) {
	272	my $basename = $keynames->{$keytype};
	273	my $file = "/tmp/$$.$basename";
	274	print "Creating SSH host key '$basename' - this may take some time ...\n";
52a2d3f8	275	my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype,
bc77a52b	276	'-N', '', '-E', 'sha256', '-C', $ssh_comment];
52a2d3f8	277	PVE::Tools::run_command($cmd, outfunc => $keygen_outfunc);
39db5e47 WB	278	$keyfiles->{"/etc/ssh/$basename"} = [PVE::Tools::file_get_contents($file), 0600];
39db5e47 WB	279	$keyfiles->{"/etc/ssh/$basename.pub"} = [PVE::Tools::file_get_contents("$file.pub"), 0644];
797e12e8 WB	280	unlink $file;
	281	unlink "$file.pub";
	282	}
	283
	284	# Write keys out in a protected call
	285
f08b2779	286	my $code = sub {
797e12e8	287	foreach my $file (keys %$keyfiles) {
39db5e47	288	$plugin->ct_file_set_contents($file, @{$keyfiles->{$file}});
797e12e8	289	}
f08b2779 WB	290	};
f08b2779 WB	291	$self->protected_call($code);
7ee31468 DM	292	}
7ee31468 DM	293
0c59b609 DM	294	my $container_emulator_path = {
	295	'amd64' => '/usr/bin/qemu-x86_64-static',
	296	'arm64' => '/usr/bin/qemu-aarch64-static',
	297	};
	298
d66768a2 DM	299	sub pre_start_hook {
	300	my ($self) = @_;
	301
238b7e3e DM	302	return if !$self->{plugin}; # unmanaged
238b7e3e DM	303
a0745b47	304	my $host_arch = PVE::Tools::get_host_arch();
0c59b609	305
11e1612f SR	306	# containers use different architecture names
	307	if ($host_arch eq 'x86_64') {
	308	$host_arch = 'amd64';
	309	} elsif ($host_arch eq 'aarch64') {
	310	$host_arch = 'arm64';
	311	} else {
	312	die "unsupported host architecture '$host_arch'\n";
	313	}
	314
0c59b609 DM	315	my $container_arch = $self->{conf}->{arch};
	316
	317	$container_arch = 'amd64' if $container_arch eq 'i386'; # always use 64 bit version
	318	$container_arch = 'arm64' if $container_arch eq 'armhf'; # always use 64 bit version
	319
	320	my $emul;
	321	my $emul_data;
	322
	323	if ($host_arch ne $container_arch) {
	324	if ($emul = $container_emulator_path->{$container_arch}) {
	325	$emul_data = PVE::Tools::file_get_contents($emul, 1010241024) if -f $emul;
	326	}
	327	}
	328
f08b2779	329	my $code = sub {
0c59b609 DM	330
	331	if ($emul && $emul_data) {
	332	$self->{plugin}->ct_file_set_contents($emul, $emul_data, 0755);
	333	}
	334
f08b2779 WB	335	# Create /fastboot to skip run fsck
f08b2779 WB	336	$self->{plugin}->ct_file_set_contents('/fastboot', '');
2988dbbc	337
f08b2779 WB	338	$self->{plugin}->pre_start_hook($self->{conf});
	339	};
	340	$self->protected_call($code);
d66768a2 DM	341	}
	342
	343	sub post_create_hook {
f36ce482	344	my ($self, $root_password, $ssh_keys) = @_;
1c7f4f65	345
238b7e3e DM	346	return if !$self->{plugin}; # unmanaged
238b7e3e DM	347
f08b2779	348	my $code = sub {
f36ce482	349	$self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys);
f08b2779 WB	350	};
f08b2779 WB	351	$self->protected_call($code);
797e12e8	352	$self->rewrite_ssh_host_keys();
1c7f4f65 DM	353	}
1c7f4f65 DM	354
153747ff WB	355	# os-release(5):
	356	# (...) a newline-separated list of environment-like shell-compatible
	357	# variable assignments. (...) beyond mere variable assignments, no shell
	358	# features are supported (this means variable expansion is explicitly not
	359	# supported) (...). Variable assignment values must be enclosed in double or
	360	# single quotes if they include spaces, semicolons or other special
	361	# characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
	362	# backslash, backtick) must be escaped with backslashes (...). All strings
	363	# should be in UTF-8 format, and non-printable characters should not be used.
	364	# It is not supported to concatenate multiple individually quoted strings.
	365	# Lines beginning with "#" shall be ignored as comments.
	366	my $parse_os_release = sub {
	367	my ($data) = @_;
	368	my $variables = {};
	369	while (defined($data) && $data =~ /^(.+)$/gm) {
	370	next if $1 !~ /^\s([a-zA-Z_][a-zA-Z0-9_])=(.*)$/;
	371	my ($var, $content) = ($1, $2);
	372	chomp $content;
	373
	374	if ($content =~ /^'([^']*)'/) {
	375	$variables->{$var} = $1;
	376	} elsif ($content =~ /^"((?:[^"\\]\|\\.)*)"/) {
	377	my $s = $1;
	378	$s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
	379	$variables->{$var} = $s;
	380	} elsif ($content =~ /^([A-Za-z0-9]*)/) {
	381	$variables->{$var} = $1;
	382	}
	383	}
	384	return $variables;
	385	};
	386
	387	sub get_ct_os_release {
	388	my ($self) = @_;
	389
	390	my $code = sub {
	391	if (-f '/etc/os-release') {
	392	return PVE::Tools::file_get_contents('/etc/os-release');
	393	} elsif (-f '/usr/lib/os-release') {
	394	return PVE::Tools::file_get_contents('/usr/lib/os-release');
	395	}
	396	return undef;
	397	};
	398
	399	my $data = $self->protected_call($code);
	400
	401	return &$parse_os_release($data);
	402	}
	403
1c7f4f65	404	1;