[aab.git] / PVE / AAB.pm

package PVE::AAB;

use strict;
use warnings;

use File::Path;
use File::Copy;
use IO::File;
use IO::Select;
use IPC::Open2;
use IPC::Open3;
use UUID;
use Cwd;

my @BASE_PACKAGES = qw(base openssh);
my @BASE_EXCLUDES = qw(e2fsprogs
                       jfsutils
                       linux
                       lvm2
                       mdadm
                       netctl
                       pcmciautils
                       reiserfsprogs
                       xfsprogs);

my $PKGDIR = "/var/cache/pacman/pkg";

my ($aablibdir, $fake_init);

sub setup_defaults($) {
    my ($dir) = @_;
    $aablibdir = $dir;
    $fake_init = "$aablibdir/scripts/init.bash";
}

setup_defaults('/usr/lib/aab');

sub write_file {
    my ($data, $file, $perm) = @_;

    die "no filename" if !$file;
    unlink $file;

    my $fh = IO::File->new ($file, O_WRONLY | O_CREAT, $perm) ||
	die "unable to open file '$file'";

    print $fh $data;
    $fh->close;
}

sub copy_file {
    my ($a, $b) = @_;
    copy($a, $b) or die "failed to copy $a => $b: $!";
}

sub rename_file {
    my ($a, $b) = @_;
    rename($a, $b) or die "failed to rename $a => $b: $!";
}

sub symln {
    my ($a, $b) = @_;
    symlink($a, $b) or die "failed to symlink $a => $b: $!";
}

sub logmsg {
    my $self = shift;
    print STDERR @_;
    $self->writelog (@_);
}

sub writelog {
    my $self = shift;
    my $fd = $self->{logfd};
    print $fd @_;
}

sub read_config {
    my ($filename) = @_;

    my $res = {};

    my $fh = IO::File->new ("<$filename") || return $res;
    my $rec = '';

    while (defined (my $line = <$fh>)) {
	next if $line =~ m/^\#/;
	next if $line =~ m/^\s*$/;
	$rec .= $line;
    };

    close ($fh);

    chomp $rec;
    $rec .= "\n";

    while ($rec) {
	if ($rec =~ s/^Description:\s*([^\n]*)(\n\s+.*)*$//si) {
	    $res->{headline} = $1;
	    chomp $res->{headline};
	    my $long = $2;
	    $long =~ s/^\s+/ /;
	    $res->{description} = $long;
	    chomp $res->{description};	    
	} elsif ($rec =~ s/^([^:]+):\s*(.*\S)\s*\n//) {
	    my ($key, $value) = (lc ($1), $2);
	    if ($key eq 'source' || $key eq 'mirror') {
		push @{$res->{$key}}, $value;
	    } else {
		die "duplicate key '$key'\n" if defined ($res->{$key});
		$res->{$key} = $value;
	    }
	} else {
	    die "unable to parse config file: $rec";
	}
    }

    die "unable to parse config file" if $rec;

    return $res;
}

sub new {
    my ($class, $config) = @_;

    $config = read_config ('aab.conf') if !$config;
    my $version = $config->{version};
    die "no 'version' specified\n" if !$version;
    die "no 'section' specified\n" if !$config->{section};
    die "no 'description' specified\n" if !$config->{headline};
    die "no 'maintainer' specified\n" if !$config->{maintainer};

    my $name = $config->{name} || die "no 'name' specified\n";
    $name =~ m/^[a-z][0-9a-z\-\*\.]+$/ || 
	die "illegal characters in name '$name'\n";

    my $targetname;
    if ($name =~ m/^archlinux/) {
	$targetname = "${name}_${version}_$config->{architecture}";
    } else {
	$targetname = "archlinux-${name}_${version}_$config->{architecture}";
    }

    my $self = { logfile => 'logfile',
                 config => $config,
                 targetname => $targetname,
                 incl => [@BASE_PACKAGES],
                 excl => [@BASE_EXCLUDES],
               };

    $self->{logfd} = IO::File->new($self->{logfile}, O_WRONLY | O_APPEND | O_CREAT)
	or die "unable to open log file";

    bless $self, $class;

    $self->__allocate_ve();

    return $self;
}

sub __sample_config {
    my ($self) = @_;

    my $arch = $self->{config}->{architecture};

    return <<"CFG";
lxc.arch = $arch
lxc.include = /usr/share/lxc/config/archlinux.common.conf
lxc.utsname = localhost
lxc.rootfs = $self->{rootfs}
lxc.mount.entry = $self->{pkgcache} $self->{pkgdir} none bind 0 0
CFG
}

sub __allocate_ve {
    my ($self) = @_;

    my $cid;
    if (my $fd = IO::File->new(".veid")) {
	$cid = <$fd>;
	chomp $cid;
	close ($fd);
    }


    $self->{working_dir} = getcwd;
    $self->{veconffile} = "$self->{working_dir}/config";
    $self->{rootfs} = "$self->{working_dir}/rootfs";
    $self->{pkgdir} = "$self->{working_dir}/rootfs/$PKGDIR";
    $self->{pkgcache} = "$self->{working_dir}/pkgcache";
    $self->{'pacman.conf'} = "$self->{working_dir}/pacman.conf";

    if ($cid) {
	$self->{veid} = $cid;
	return $cid;
    }

    my $uuid;
    my $uuid_str;
    UUID::generate($uuid);
    UUID::unparse($uuid, $uuid_str);
    $self->{veid} = $uuid_str;

    my $fd = IO::File->new (">.veid") ||
	die "unable to write '.veid'\n";
    print $fd "$self->{veid}\n";
    close ($fd);
    $self->logmsg("allocated VE $self->{veid}\n");
}

sub initialize {
    my ($self) = @_;

    my $config = $self->{config};

    $self->{logfd} = IO::File->new($self->{logfile}, O_WRONLY | O_TRUNC | O_CREAT)
	or die "unable to open log file";

    my $cdata = $self->__sample_config();

    my $fh = IO::File->new($self->{veconffile}, O_WRONLY|O_CREAT|O_EXCL) ||
	die "unable to write lxc config file '$self->{veconffile}' - $!";
    print $fh $cdata;
    close ($fh);

    if (!$config->{source} && !$config->{mirror}) {
	die "no sources/mirrors specified";
    }

    $config->{source} //= [];
    $config->{mirror} //= [];

    my $servers = "Server = "
                . join("\nServer = ", @{$config->{source}}, @{$config->{mirror}})
                . "\n";

    $fh = IO::File->new($self->{'pacman.conf'}, O_WRONLY|O_CREAT|O_EXCL) ||
	die "unable to write pacman config file $self->{'pacman.conf'} - $!";
    print $fh <<"EOF";
[options]
HoldPkg = pacman glibc
Architecture = $config->{architecture}
CheckSpace
SigLevel = Never

[core]
$servers
[extra]
$servers
[community]
$servers
EOF

    if ($config->{architecture} eq 'x86_64') {
	print $fh "[multilib]\n$servers\n";
    }

    mkdir $self->{rootfs} || die "unable to create rootfs - $!";

    $self->logmsg("configured VE $self->{veid}\n");
}

sub ve_status {
    my ($self) = @_;

    my $veid = $self->{veid};

    my $res = { running => 0 };

    $res->{exist} = 1 if -d "$self->{rootfs}/usr";

    my $filename = "/proc/net/unix";

    # similar test is used by lcxcontainers.c: list_active_containers
    my $fh = IO::File->new ($filename, "r");
    return $res if !$fh;

    while (defined(my $line = <$fh>)) {
	if ($line =~ m/^[a-f0-9]+:\s\S+\s\S+\s\S+\s\S+\s\S+\s\d+\s(\S+)$/) {
	    my $path = $1;
	    if ($path =~ m!^@/\S+/$veid/command$!) {
		$res->{running} = 1;
	    }
	}
    }
    close($fh);
    
    return $res;
}

sub ve_destroy {
    my ($self) = @_;

    my $veid = $self->{veid}; # fixme

    my $vestat = $self->ve_status();
    if ($vestat->{running}) {
	$self->stop_container();
    }

    rmtree $self->{rootfs};
    unlink $self->{veconffile};
}

sub ve_init {
    my ($self) = @_;


    my $veid = $self->{veid};
    my $conffile = $self->{veconffile};

    $self->logmsg ("initialize VE $veid\n");

    my $vestat = $self->ve_status();
    if ($vestat->{running}) {
	$self->run_command ("lxc-stop -n $veid --rcfile $conffile --kill");
    } 

    rmtree $self->{rootfs};
    mkpath $self->{rootfs};
}

sub ve_command {
    my ($self, $cmd, $input) = @_;

    my $veid = $self->{veid};
    my $conffile = $self->{veconffile};

    if (ref ($cmd) eq 'ARRAY') {
	unshift @$cmd, 'lxc-attach', '-n', $veid, '--rcfile', $conffile,'--clear-env', '--';
	$self->run_command ($cmd, $input);
    } else {
	$self->run_command ("lxc-attach -n $veid --rcfile $conffile --clear-env -- $cmd", $input);
    }
}

sub ve_exec {
    my ($self, @cmd) = @_;

    my $veid = $self->{veid};
    my $conffile = $self->{veconffile};

    my $reader;
    my $pid = open2($reader, "<&STDIN", 'lxc-attach', '-n', $veid, '--rcfile', $conffile, '--', @cmd)
	or die "unable to exec command";

    while (defined (my $line = <$reader>)) {
	$self->logmsg ($line);
    }

    waitpid ($pid, 0);
    my $rc = $? >> 8;

    die "ve_exec failed - status $rc\n" if $rc != 0;
}

sub run_command {
    my ($self, $cmd, $input, $getoutput) = @_;

    my $reader = IO::File->new();
    my $writer = IO::File->new();
    my $error  = IO::File->new();

    my $orig_pid = $$;

    my $cmdstr = ref ($cmd) eq 'ARRAY' ? join (' ', @$cmd) : $cmd;

    my $pid;
    eval {
	if (ref ($cmd) eq 'ARRAY') {
	    $pid = open3 ($writer, $reader, $error, @$cmd) || die $!;
	} else {
	    $pid = open3 ($writer, $reader, $error, $cmdstr) || die $!;
	}
    };

    my $err = $@;

    # catch exec errors
    if ($orig_pid != $$) {
	$self->logmsg ("ERROR: command '$cmdstr' failed - fork failed\n");
	POSIX::_exit (1); 
	kill ('KILL', $$); 
    }

    die $err if $err;

    print $writer $input if defined $input;
    close $writer;

    my $select = new IO::Select;
    $select->add ($reader);
    $select->add ($error);

    my $res = '';
    my $logfd = $self->{logfd};

    while ($select->count) {
	my @handles = $select->can_read ();

	foreach my $h (@handles) {
	    my $buf = '';
	    my $count = sysread ($h, $buf, 4096);
	    if (!defined ($count)) {
		waitpid ($pid, 0);
		die "command '$cmdstr' failed: $!";
	    }
	    $select->remove ($h) if !$count;

	    print $logfd $buf;

	    $res .= $buf if $getoutput;
	}
    }

    waitpid ($pid, 0);
    my $ec = ($? >> 8);

    die "command '$cmdstr' failed with exit code $ec\n" if $ec;

    return $res;
}

sub start_container {
    my ($self) = @_;
    my $veid = $self->{veid};
    $self->run_command(['lxc-start', '-n', $veid, '-f', $self->{veconffile}, '/usr/bin/aab_fake_init']);
}

sub stop_container {
    my ($self) = @_;
    my $veid = $self->{veid};
    my $conffile = $self->{veconffile};
    $self->run_command ("lxc-stop -n $veid --rcfile $conffile --kill");
}

sub pacman_command {
    my ($self) = @_;
    my $root = $self->{rootfs};
    return ('/usr/bin/pacman',
            '--root', $root,
            '--config', $self->{'pacman.conf'},
            '--cachedir', $self->{pkgcache},
            '--noconfirm');
}

sub cache_packages {
    my ($self, $packages) = @_;
    my $root = $self->{rootfs};

    my @pacman = $self->pacman_command();
    $self->run_command([@pacman, '-Sw', '--', @$packages]);
}

sub bootstrap {
    my ($self, $include, $exclude) = @_;
    my $root = $self->{rootfs};

    my @pacman = $self->pacman_command();

    print "Fetching package database...\n";
    mkpath $self->{pkgcache};
    mkpath $self->{pkgdir};
    mkpath "$root/var/lib/pacman";
    $self->run_command([@pacman, '-Sy']);

    print "Figuring out what to install...\n";
    my $incl = { map { $_ => 1 } @{$self->{incl}} };
    my $excl = { map { $_ => 1 } @{$self->{excl}} };

    foreach my $addinc (@$include) {
	$incl->{$addinc} = 1;
	delete $excl->{$addinc};
    }
    foreach my $addexc (@$exclude) {
	$excl->{$addexc} = 1;
	delete $incl->{$addexc};
    }

    my $expand = sub {
	my ($lst) = @_;
	foreach my $inc (keys %$lst) {
	    my $group;
	    eval { $group = $self->run_command([@pacman, '-Sqg', $inc], undef, 1); };
	    if ($group && !$@) {
		# add the group
		delete $lst->{$inc};
		$lst->{$_} = 1 foreach split(/\s+/, $group);
	    }
	}
    };

    $expand->($incl);
    $expand->($excl);

    my $packages = [ grep { !$excl->{$_} } keys %$incl ];

    print "Setting up basic environment...\n";
    mkpath "$root/etc";
    mkpath "$root/usr/bin";

    my $data = "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n";
    write_file ($data, "$root/etc/fstab", 0644);

    write_file ("", "$root/etc/resolv.conf", 0644);
    write_file("localhost\n", "$root/etc/hostname", 0644);
    $self->run_command(['install', '-m0755', $fake_init, "$root/usr/bin/aab_fake_init"]);

    unlink "$root/etc/localtime";
    symln '/usr/share/zoneinfo/UTC', "$root/etc/localtime";

    print "Caching packages...\n";
    $self->cache_packages($packages);
    #$self->copy_packages();

    print "Installing package manager and essentials...\n";
    # inetutils for 'hostname' for our init
    $self->run_command([@pacman, '-S', 'pacman', 'inetutils', 'archlinux-keyring']);

    print "Setting up pacman for installation from cache...\n";
    my $file = "$root/etc/pacman.d/mirrorlist";
    my $backup = "${file}.aab_orig";
    if (!-f $backup) {
	rename_file($file, $backup);
	write_file("Server = file://$PKGDIR\n", $file);
    }

    print "Populating keyring...\n";
    $self->populate_keyring();

    print "Starting container...\n";
    $self->start_container();

    print "Installing packages...\n";
    $self->ve_command(['pacman', '-S', '--needed', '--noconfirm', '--', @$packages]);
}

sub populate_keyring {
    my ($self) = @_;
    my $root = $self->{rootfs};

    # devices needed for gnupg to function:
    my $devs = {
	'/dev/null'    => ['c', '1', '3'],
	'/dev/random'  => ['c', '1', '9'], # fake /dev/random (really urandom)
	'/dev/urandom' => ['c', '1', '9'],
	'/dev/tty'     => ['c', '5', '0'],
    };

    my $cleanup_dev = sub {
	# remove temporary device files
	unlink "${root}$_" foreach keys %$devs;
    };
    local $SIG{INT} = $SIG{TERM} = $cleanup_dev;

    # at least /dev/null exists as regular file after installing the filesystem package,
    # and we want to replace /dev/random, so delete devices first
    &$cleanup_dev();

    foreach my $dev (keys %$devs) {
	my ($type, $major, $minor) = @{$devs->{$dev}};
	system('mknod', "${root}${dev}", $type, $major, $minor);
    }

    # generate weak master key and populate the keyring
    system('unshare', '--fork', '--pid', 'chroot', "$root", 'pacman-key', '--init') == 0
	or die "failed to initialize keyring: $?";
    system('unshare', '--fork', '--pid', 'chroot', "$root", 'pacman-key', '--populate') == 0
	or die "failed to populate keyring: $?";

    &$cleanup_dev();
    # reset to original state
    system('touch', "$root/dev/null");
}

sub install {
    my ($self, $pkglist) = @_;

    $self->cache_packages($pkglist);
    $self->ve_command(['pacman', '-S', '--needed', '--noconfirm', '--', @$pkglist]);
}

sub write_config {
    my ($self, $filename, $size) = @_;

    my $config = $self->{config};

    my $data = '';

    $data .= "Name: $config->{name}\n";
    $data .= "Version: $config->{version}\n";
    $data .= "Type: lxc\n";
    $data .= "OS: archlinux\n";
    $data .= "Section: $config->{section}\n";
    $data .= "Maintainer: $config->{maintainer}\n";
    $data .= "Architecture: $config->{architecture}\n";
    $data .= "Infopage: https://www.archlinux.org\n";
    $data .= "Installed-Size: $size\n";

    # optional
    $data .= "Infopage: $config->{infopage}\n" if $config->{infopage};
    $data .= "ManageUrl: $config->{manageurl}\n" if $config->{manageurl};
    $data .= "Certified: $config->{certified}\n" if $config->{certified};

    # description
    $data .= "Description: $config->{headline}\n";
    $data .= "$config->{description}\n" if $config->{description};

    write_file ($data, $filename, 0644);
}

sub finalize {
    my ($self) = @_;
    my $rootdir = $self->{rootfs};

    print "Stopping container...\n";
    $self->stop_container();

    print "Rolling back mirrorlist changes...\n";
    my $file = "$rootdir/etc/pacman.d/mirrorlist";
    unlink $file;
    rename_file($file.'.aab_orig', $file);

    print "Removing weak temporary pacman keyring...\n";
    rmtree("$rootdir/etc/pacman.d/gnupg");

    my $sizestr = $self->run_command("du -sm $rootdir", undef, 1);
    my $size;
    if ($sizestr =~ m/^(\d+)\s+\Q$rootdir\E$/) {
	$size = $1;
    } else {
	die "unable to detect size\n";
    }
    $self->logmsg ("$size MB\n");

    $self->write_config ("$rootdir/etc/appliance.info", $size);

    $self->logmsg ("creating final appliance archive\n");

    my $target = "$self->{targetname}.tar";
    unlink $target;
    unlink "$target.gz";

    $self->run_command ("tar cpf $target --numeric-owner -C '$rootdir' ./etc/appliance.info");
    $self->run_command ("tar rpf $target --numeric-owner -C '$rootdir' --exclude ./etc/appliance.info .");
    $self->run_command ("gzip $target");
}

sub enter {
    my ($self) = @_;
    my $veid = $self->{veid};
    my $conffile = $self->{veconffile};

    my $vestat = $self->ve_status();
    if (!$vestat->{exist}) {
	$self->logmsg ("Please create the appliance first (bootstrap)");
	return;
    }

    if (!$vestat->{running}) {
	$self->start_container();
    }

    system ("lxc-attach -n $veid --rcfile $conffile --clear-env");
}

sub clean {
    my ($self, $all) = @_;

    unlink $self->{logfile};
    unlink $self->{'pacman.conf'};
    $self->ve_destroy();
    unlink '.veid';
    rmtree $self->{pkgcache} if $all;
}

1;
Commit	Line	Data
7b25f331 WB	1	package PVE::AAB;
	2
	3	use strict;
	4	use warnings;
	5
	6	use File::Path;
	7	use File::Copy;
	8	use IO::File;
	9	use IO::Select;
7c20fd82	10	use IPC::Open2;
7b25f331 WB	11	use IPC::Open3;
	12	use UUID;
	13	use Cwd;
	14
	15	my @BASE_PACKAGES = qw(base openssh);
	16	my @BASE_EXCLUDES = qw(e2fsprogs
	17	jfsutils
	18	linux
	19	lvm2
	20	mdadm
	21	netctl
	22	pcmciautils
	23	reiserfsprogs
	24	xfsprogs);
	25
	26	my $PKGDIR = "/var/cache/pacman/pkg";
	27
	28	my ($aablibdir, $fake_init);
	29
	30	sub setup_defaults($) {
	31	my ($dir) = @_;
	32	$aablibdir = $dir;
	33	$fake_init = "$aablibdir/scripts/init.bash";
	34	}
	35
	36	setup_defaults('/usr/lib/aab');
	37
	38	sub write_file {
	39	my ($data, $file, $perm) = @_;
	40
	41	die "no filename" if !$file;
	42	unlink $file;
	43
	44	my $fh = IO::File->new ($file, O_WRONLY \| O_CREAT, $perm) \|\|
	45	die "unable to open file '$file'";
	46
	47	print $fh $data;
	48	$fh->close;
	49	}
	50
	51	sub copy_file {
	52	my ($a, $b) = @_;
	53	copy($a, $b) or die "failed to copy $a => $b: $!";
	54	}
	55
	56	sub rename_file {
	57	my ($a, $b) = @_;
	58	rename($a, $b) or die "failed to rename $a => $b: $!";
	59	}
	60
	61	sub symln {
	62	my ($a, $b) = @_;
	63	symlink($a, $b) or die "failed to symlink $a => $b: $!";
	64	}
	65
	66	sub logmsg {
	67	my $self = shift;
	68	print STDERR @_;
	69	$self->writelog (@_);
	70	}
	71
	72	sub writelog {
	73	my $self = shift;
	74	my $fd = $self->{logfd};
75	print $fd @_;
76	}
77
78	sub read_config {
79	my ($filename) = @_;
80
81	my $res = {};
82
83	my $fh = IO::File->new ("<$filename") \|\| return $res;
84	my $rec = '';
85
86	while (defined (my $line = <$fh>)) {
87	next if $line =~ m/^\#/;
88	next if $line =~ m/^\s*$/;
89	$rec .= $line;
90	};
91
92	close ($fh);
93
94	chomp $rec;
95	$rec .= "\n";
96
97	while ($rec) {
98	if ($rec =~ s/^Description:\s([^\n])(\n\s+.)$//si) {
99	$res->{headline} = $1;
100	chomp $res->{headline};
101	my $long = $2;
102	$long =~ s/^\s+/ /;
103	$res->{description} = $long;
104	chomp $res->{description};
105	} elsif ($rec =~ s/^([^:]+):\s(.\S)\s*\n//) {
106	my ($key, $value) = (lc ($1), $2);
107	if ($key eq 'source' \|\| $key eq 'mirror') {
108	push @{$res->{$key}}, $value;
109	} else {
110	die "duplicate key '$key'\n" if defined ($res->{$key});
111	$res->{$key} = $value;
112	}
113	} else {
114	die "unable to parse config file: $rec";
115	}
116	}
117
118	die "unable to parse config file" if $rec;
119
120	return $res;
121	}
122
123	sub new {
124	my ($class, $config) = @_;
125
126	$config = read_config ('aab.conf') if !$config;
127	my $version = $config->{version};
128	die "no 'version' specified\n" if !$version;
129	die "no 'section' specified\n" if !$config->{section};
130	die "no 'description' specified\n" if !$config->{headline};
131	die "no 'maintainer' specified\n" if !$config->{maintainer};
132
133	my $name = $config->{name} \|\| die "no 'name' specified\n";
134	$name =~ m/^[a-z][0-9a-z\-\*\.]+$/ \|\|
135	die "illegal characters in name '$name'\n";
136
137	my $targetname;
138	if ($name =~ m/^archlinux/) {
139	$targetname = "${name}_${version}_$config->{architecture}";
140	} else {
141	$targetname = "archlinux-${name}_${version}_$config->{architecture}";
142	}
143
144	my $self = { logfile => 'logfile',
145	config => $config,
146	targetname => $targetname,
147	incl => [@BASE_PACKAGES],
148	excl => [@BASE_EXCLUDES],
149	};
150
151	$self->{logfd} = IO::File->new($self->{logfile}, O_WRONLY \| O_APPEND \| O_CREAT)
152	or die "unable to open log file";
153
154	bless $self, $class;
155
156	$self->__allocate_ve();
157
158	return $self;
159	}
160
161	sub __sample_config {
162	my ($self) = @_;
163
164	my $arch = $self->{config}->{architecture};
165
166	return <<"CFG";
167	lxc.arch = $arch
168	lxc.include = /usr/share/lxc/config/archlinux.common.conf
169	lxc.utsname = localhost
170	lxc.rootfs = $self->{rootfs}
171	lxc.mount.entry = $self->{pkgcache} $self->{pkgdir} none bind 0 0
172	CFG
173	}
174
175	sub __allocate_ve {
176	my ($self) = @_;
177
178	my $cid;
179	if (my $fd = IO::File->new(".veid")) {
180	$cid = <$fd>;
181	chomp $cid;
182	close ($fd);
183	}
184
185
186	$self->{working_dir} = getcwd;
187	$self->{veconffile} = "$self->{working_dir}/config";
188	$self->{rootfs} = "$self->{working_dir}/rootfs";
189	$self->{pkgdir} = "$self->{working_dir}/rootfs/$PKGDIR";
190	$self->{pkgcache} = "$self->{working_dir}/pkgcache";
191	$self->{'pacman.conf'} = "$self->{working_dir}/pacman.conf";
192
193	if ($cid) {
194	$self->{veid} = $cid;
195	return $cid;
196	}
197
198	my $uuid;
199	my $uuid_str;
200	UUID::generate($uuid);
201	UUID::unparse($uuid, $uuid_str);
202	$self->{veid} = $uuid_str;
203
204	my $fd = IO::File->new (">.veid") \|\|
205	die "unable to write '.veid'\n";
206	print $fd "$self->{veid}\n";
207	close ($fd);
208	$self->logmsg("allocated VE $self->{veid}\n");
209	}
210
211	sub initialize {
212	my ($self) = @_;
213
214	my $config = $self->{config};
215
216	$self->{logfd} = IO::File->new($self->{logfile}, O_WRONLY \| O_TRUNC \| O_CREAT)
217	or die "unable to open log file";
218
219	my $cdata = $self->__sample_config();
220
221	my $fh = IO::File->new($self->{veconffile}, O_WRONLY\|O_CREAT\|O_EXCL) \|\|
222	die "unable to write lxc config file '$self->{veconffile}' - $!";
223	print $fh $cdata;
224	close ($fh);
225
226	if (!$config->{source} && !$config->{mirror}) {
227	die "no sources/mirrors specified";
228	}
229
230	$config->{source} //= [];
231	$config->{mirror} //= [];
232
233	my $servers = "Server = "
234	. join("\nServer = ", @{$config->{source}}, @{$config->{mirror}})
235	. "\n";
236
237	$fh = IO::File->new($self->{'pacman.conf'}, O_WRONLY\|O_CREAT\|O_EXCL) \|\|
238	die "unable to write pacman config file $self->{'pacman.conf'} - $!";
239	print $fh <<"EOF";
240	[options]
241	HoldPkg = pacman glibc
242	Architecture = $config->{architecture}
243	CheckSpace
244	SigLevel = Never
245
246	[core]
247	$servers
248	[extra]
249	$servers
250	[community]
251	$servers
7b25f331 WB	252	EOF
7b25f331 WB	253
4eaaed91 WB	254	if ($config->{architecture} eq 'x86_64') {
	255	print $fh "[multilib]\n$servers\n";
	256	}
	257
7b25f331 WB	258	mkdir $self->{rootfs} \|\| die "unable to create rootfs - $!";
	259
	260	$self->logmsg("configured VE $self->{veid}\n");
	261	}
	262
	263	sub ve_status {
	264	my ($self) = @_;
	265
	266	my $veid = $self->{veid};
	267
	268	my $res = { running => 0 };
	269
	270	$res->{exist} = 1 if -d "$self->{rootfs}/usr";
	271
	272	my $filename = "/proc/net/unix";
	273
	274	# similar test is used by lcxcontainers.c: list_active_containers
	275	my $fh = IO::File->new ($filename, "r");
	276	return $res if !$fh;
	277
	278	while (defined(my $line = <$fh>)) {
	279	if ($line =~ m/^[a-f0-9]+:\s\S+\s\S+\s\S+\s\S+\s\S+\s\d+\s(\S+)$/) {
	280	my $path = $1;
	281	if ($path =~ m!^@/\S+/$veid/command$!) {
	282	$res->{running} = 1;
	283	}
	284	}
	285	}
	286	close($fh);
	287
	288	return $res;
	289	}
	290
	291	sub ve_destroy {
	292	my ($self) = @_;
	293
	294	my $veid = $self->{veid}; # fixme
	295
	296	my $vestat = $self->ve_status();
	297	if ($vestat->{running}) {
	298	$self->stop_container();
	299	}
	300
	301	rmtree $self->{rootfs};
	302	unlink $self->{veconffile};
	303	}
	304
	305	sub ve_init {
	306	my ($self) = @_;
	307
	308
	309	my $veid = $self->{veid};
d43d058d	310	my $conffile = $self->{veconffile};
7b25f331 WB	311
	312	$self->logmsg ("initialize VE $veid\n");
	313
	314	my $vestat = $self->ve_status();
	315	if ($vestat->{running}) {
d43d058d	316	$self->run_command ("lxc-stop -n $veid --rcfile $conffile --kill");
7b25f331 WB	317	}
	318
	319	rmtree $self->{rootfs};
	320	mkpath $self->{rootfs};
	321	}
	322
	323	sub ve_command {
	324	my ($self, $cmd, $input) = @_;
	325
	326	my $veid = $self->{veid};
d43d058d	327	my $conffile = $self->{veconffile};
7b25f331 WB	328
7b25f331 WB	329	if (ref ($cmd) eq 'ARRAY') {
d43d058d	330	unshift @$cmd, 'lxc-attach', '-n', $veid, '--rcfile', $conffile,'--clear-env', '--';
7b25f331 WB	331	$self->run_command ($cmd, $input);
7b25f331 WB	332	} else {
d43d058d	333	$self->run_command ("lxc-attach -n $veid --rcfile $conffile --clear-env -- $cmd", $input);
7b25f331 WB	334	}
	335	}
	336
	337	sub ve_exec {
	338	my ($self, @cmd) = @_;
	339
	340	my $veid = $self->{veid};
d43d058d	341	my $conffile = $self->{veconffile};
7b25f331 WB	342
7b25f331 WB	343	my $reader;
d43d058d	344	my $pid = open2($reader, "<&STDIN", 'lxc-attach', '-n', $veid, '--rcfile', $conffile, '--', @cmd)
7b25f331 WB	345	or die "unable to exec command";
	346
	347	while (defined (my $line = <$reader>)) {
	348	$self->logmsg ($line);
	349	}
	350
	351	waitpid ($pid, 0);
	352	my $rc = $? >> 8;
	353
	354	die "ve_exec failed - status $rc\n" if $rc != 0;
	355	}
	356
	357	sub run_command {
	358	my ($self, $cmd, $input, $getoutput) = @_;
	359
	360	my $reader = IO::File->new();
	361	my $writer = IO::File->new();
	362	my $error = IO::File->new();
	363
	364	my $orig_pid = $$;
	365
	366	my $cmdstr = ref ($cmd) eq 'ARRAY' ? join (' ', @$cmd) : $cmd;
	367
	368	my $pid;
	369	eval {
	370	if (ref ($cmd) eq 'ARRAY') {
	371	$pid = open3 ($writer, $reader, $error, @$cmd) \|\| die $!;
	372	} else {
	373	$pid = open3 ($writer, $reader, $error, $cmdstr) \|\| die $!;
	374	}
	375	};
	376
	377	my $err = $@;
	378
	379	# catch exec errors
	380	if ($orig_pid != $$) {
	381	$self->logmsg ("ERROR: command '$cmdstr' failed - fork failed\n");
	382	POSIX::_exit (1);
	383	kill ('KILL', $$);
	384	}
	385
	386	die $err if $err;
	387
	388	print $writer $input if defined $input;
	389	close $writer;
	390
	391	my $select = new IO::Select;
	392	$select->add ($reader);
	393	$select->add ($error);
	394
	395	my $res = '';
	396	my $logfd = $self->{logfd};
	397
	398	while ($select->count) {
	399	my @handles = $select->can_read ();
	400
	401	foreach my $h (@handles) {
	402	my $buf = '';
	403	my $count = sysread ($h, $buf, 4096);
	404	if (!defined ($count)) {
	405	waitpid ($pid, 0);
	406	die "command '$cmdstr' failed: $!";
	407	}
	408	$select->remove ($h) if !$count;
409
410	print $logfd $buf;
411
412	$res .= $buf if $getoutput;
413	}
414	}
415
416	waitpid ($pid, 0);
417	my $ec = ($? >> 8);
418
419	die "command '$cmdstr' failed with exit code $ec\n" if $ec;
420
421	return $res;
422	}
423
424	sub start_container {
425	my ($self) = @_;
426	my $veid = $self->{veid};
427	$self->run_command(['lxc-start', '-n', $veid, '-f', $self->{veconffile}, '/usr/bin/aab_fake_init']);
428	}
429
430	sub stop_container {
431	my ($self) = @_;
432	my $veid = $self->{veid};
d43d058d WB	433	my $conffile = $self->{veconffile};
d43d058d WB	434	$self->run_command ("lxc-stop -n $veid --rcfile $conffile --kill");
7b25f331 WB	435	}
	436
	437	sub pacman_command {
	438	my ($self) = @_;
	439	my $root = $self->{rootfs};
	440	return ('/usr/bin/pacman',
	441	'--root', $root,
5f96733f	442	'--config', $self->{'pacman.conf'},
7b25f331 WB	443	'--cachedir', $self->{pkgcache},
	444	'--noconfirm');
	445	}
	446
	447	sub cache_packages {
	448	my ($self, $packages) = @_;
	449	my $root = $self->{rootfs};
	450
	451	my @pacman = $self->pacman_command();
	452	$self->run_command([@pacman, '-Sw', '--', @$packages]);
	453	}
	454
	455	sub bootstrap {
	456	my ($self, $include, $exclude) = @_;
	457	my $root = $self->{rootfs};
	458
	459	my @pacman = $self->pacman_command();
	460
	461	print "Fetching package database...\n";
	462	mkpath $self->{pkgcache};
	463	mkpath $self->{pkgdir};
	464	mkpath "$root/var/lib/pacman";
	465	$self->run_command([@pacman, '-Sy']);
	466
	467	print "Figuring out what to install...\n";
	468	my $incl = { map { $_ => 1 } @{$self->{incl}} };
	469	my $excl = { map { $_ => 1 } @{$self->{excl}} };
	470
	471	foreach my $addinc (@$include) {
	472	$incl->{$addinc} = 1;
	473	delete $excl->{$addinc};
	474	}
	475	foreach my $addexc (@$exclude) {
	476	$excl->{$addexc} = 1;
	477	delete $incl->{$addexc};
	478	}
	479
	480	my $expand = sub {
	481	my ($lst) = @_;
	482	foreach my $inc (keys %$lst) {
	483	my $group;
	484	eval { $group = $self->run_command([@pacman, '-Sqg', $inc], undef, 1); };
	485	if ($group && !$@) {
	486	# add the group
	487	delete $lst->{$inc};
	488	$lst->{$_} = 1 foreach split(/\s+/, $group);
	489	}
	490	}
	491	};
	492
	493	$expand->($incl);
	494	$expand->($excl);
	495
	496	my $packages = [ grep { !$excl->{$_} } keys %$incl ];
	497
	498	print "Setting up basic environment...\n";
	499	mkpath "$root/etc";
	500	mkpath "$root/usr/bin";
	501
	502	my $data = "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n";
	503	write_file ($data, "$root/etc/fstab", 0644);
	504
	505	write_file ("", "$root/etc/resolv.conf", 0644);
	506	write_file("localhost\n", "$root/etc/hostname", 0644);
507	$self->run_command(['install', '-m0755', $fake_init, "$root/usr/bin/aab_fake_init"]);
508
509	unlink "$root/etc/localtime";
510	symln '/usr/share/zoneinfo/UTC', "$root/etc/localtime";
511
512	print "Caching packages...\n";
513	$self->cache_packages($packages);
514	#$self->copy_packages();
515
516	print "Installing package manager and essentials...\n";
517	# inetutils for 'hostname' for our init
518	$self->run_command([@pacman, '-S', 'pacman', 'inetutils', 'archlinux-keyring']);
519
520	print "Setting up pacman for installation from cache...\n";
521	my $file = "$root/etc/pacman.d/mirrorlist";
522	my $backup = "${file}.aab_orig";
523	if (!-f $backup) {
524	rename_file($file, $backup);
525	write_file("Server = file://$PKGDIR\n", $file);
526	}
527
528	print "Populating keyring...\n";
766f0fa3	529	$self->populate_keyring();
7b25f331 WB	530
	531	print "Starting container...\n";
	532	$self->start_container();
	533
	534	print "Installing packages...\n";
	535	$self->ve_command(['pacman', '-S', '--needed', '--noconfirm', '--', @$packages]);
	536	}
	537
766f0fa3 WB	538	sub populate_keyring {
	539	my ($self) = @_;
	540	my $root = $self->{rootfs};
	541
	542	# devices needed for gnupg to function:
	543	my $devs = {
	544	'/dev/null' => ['c', '1', '3'],
	545	'/dev/random' => ['c', '1', '9'], # fake /dev/random (really urandom)
	546	'/dev/urandom' => ['c', '1', '9'],
	547	'/dev/tty' => ['c', '5', '0'],
	548	};
	549
	550	my $cleanup_dev = sub {
	551	# remove temporary device files
	552	unlink "${root}$_" foreach keys %$devs;
	553	};
	554	local $SIG{INT} = $SIG{TERM} = $cleanup_dev;
	555
	556	# at least /dev/null exists as regular file after installing the filesystem package,
	557	# and we want to replace /dev/random, so delete devices first
	558	&$cleanup_dev();
	559
	560	foreach my $dev (keys %$devs) {
	561	my ($type, $major, $minor) = @{$devs->{$dev}};
	562	system('mknod', "${root}${dev}", $type, $major, $minor);
	563	}
	564
	565	# generate weak master key and populate the keyring
	566	system('unshare', '--fork', '--pid', 'chroot', "$root", 'pacman-key', '--init') == 0
	567	or die "failed to initialize keyring: $?";
	568	system('unshare', '--fork', '--pid', 'chroot', "$root", 'pacman-key', '--populate') == 0
	569	or die "failed to populate keyring: $?";
	570
	571	&$cleanup_dev();
	572	# reset to original state
	573	system('touch', "$root/dev/null");
	574	}
	575
7b25f331 WB	576	sub install {
	577	my ($self, $pkglist) = @_;
	578
	579	$self->cache_packages($pkglist);
	580	$self->ve_command(['pacman', '-S', '--needed', '--noconfirm', '--', @$pkglist]);
	581	}
	582
	583	sub write_config {
	584	my ($self, $filename, $size) = @_;
	585
	586	my $config = $self->{config};
	587
	588	my $data = '';
	589
	590	$data .= "Name: $config->{name}\n";
	591	$data .= "Version: $config->{version}\n";
	592	$data .= "Type: lxc\n";
	593	$data .= "OS: archlinux\n";
	594	$data .= "Section: $config->{section}\n";
	595	$data .= "Maintainer: $config->{maintainer}\n";
	596	$data .= "Architecture: $config->{architecture}\n";
b65bfe8c	597	$data .= "Infopage: https://www.archlinux.org\n";
7b25f331 WB	598	$data .= "Installed-Size: $size\n";
	599
	600	# optional
	601	$data .= "Infopage: $config->{infopage}\n" if $config->{infopage};
	602	$data .= "ManageUrl: $config->{manageurl}\n" if $config->{manageurl};
	603	$data .= "Certified: $config->{certified}\n" if $config->{certified};
	604
	605	# description
	606	$data .= "Description: $config->{headline}\n";
	607	$data .= "$config->{description}\n" if $config->{description};
	608
	609	write_file ($data, $filename, 0644);
	610	}
	611
	612	sub finalize {
	613	my ($self) = @_;
	614	my $rootdir = $self->{rootfs};
	615
	616	print "Stopping container...\n";
	617	$self->stop_container();
	618
	619	print "Rolling back mirrorlist changes...\n";
	620	my $file = "$rootdir/etc/pacman.d/mirrorlist";
	621	unlink $file;
	622	rename_file($file.'.aab_orig', $file);
	623
e61d6533 WB	624	print "Removing weak temporary pacman keyring...\n";
	625	rmtree("$rootdir/etc/pacman.d/gnupg");
	626
7b25f331 WB	627	my $sizestr = $self->run_command("du -sm $rootdir", undef, 1);
	628	my $size;
	629	if ($sizestr =~ m/^(\d+)\s+\Q$rootdir\E$/) {
	630	$size = $1;
	631	} else {
	632	die "unable to detect size\n";
	633	}
	634	$self->logmsg ("$size MB\n");
	635
	636	$self->write_config ("$rootdir/etc/appliance.info", $size);
	637
	638	$self->logmsg ("creating final appliance archive\n");
	639
	640	my $target = "$self->{targetname}.tar";
	641	unlink $target;
	642	unlink "$target.gz";
	643
	644	$self->run_command ("tar cpf $target --numeric-owner -C '$rootdir' ./etc/appliance.info");
	645	$self->run_command ("tar rpf $target --numeric-owner -C '$rootdir' --exclude ./etc/appliance.info .");
	646	$self->run_command ("gzip $target");
	647	}
	648
	649	sub enter {
	650	my ($self) = @_;
	651	my $veid = $self->{veid};
d43d058d	652	my $conffile = $self->{veconffile};
7b25f331 WB	653
	654	my $vestat = $self->ve_status();
	655	if (!$vestat->{exist}) {
	656	$self->logmsg ("Please create the appliance first (bootstrap)");
	657	return;
	658	}
	659
	660	if (!$vestat->{running}) {
	661	$self->start_container();
	662	}
	663
d43d058d	664	system ("lxc-attach -n $veid --rcfile $conffile --clear-env");
7b25f331 WB	665	}
	666
	667	sub clean {
	668	my ($self, $all) = @_;
	669
	670	unlink $self->{logfile};
	671	unlink $self->{'pacman.conf'};
	672	$self->ve_destroy();
	673	unlink '.veid';
	674	rmtree $self->{pkgcache} if $all;
	675	}
	676
	677	1;