From 7c7c276747553b98c9f81d1f25774ed9e312f391 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Mon, 8 Apr 2024 18:30:20 +0200 Subject: [PATCH 1/5] osbuild: new Environment options for systemd.unit.create See https://github.com/osbuild/osbuild/pull/1684 Signed-off-by: Achilleas Koutsou --- pkg/osbuild/systemd_unit_create_stage.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkg/osbuild/systemd_unit_create_stage.go b/pkg/osbuild/systemd_unit_create_stage.go index 19eea44b80..bf82b45f67 100644 --- a/pkg/osbuild/systemd_unit_create_stage.go +++ b/pkg/osbuild/systemd_unit_create_stage.go @@ -26,11 +26,13 @@ type Unit struct { } type Service struct { - Type serviceType `json:"Type,omitempty"` - RemainAfterExit bool `json:"RemainAfterExit,omitempty"` - ExecStartPre []string `json:"ExecStartPre,omitempty"` - ExecStopPost []string `json:"ExecStopPost,omitempty"` - ExecStart []string `json:"ExecStart,omitempty"` + Type serviceType `json:"Type,omitempty"` + RemainAfterExit bool `json:"RemainAfterExit,omitempty"` + ExecStartPre []string `json:"ExecStartPre,omitempty"` + ExecStopPost []string `json:"ExecStopPost,omitempty"` + ExecStart []string `json:"ExecStart,omitempty"` + Environment []EnvironmentVariable `json:"Environment,omitempty"` + EnvironmentFile []string `json:"EnvironmentFile,omitempty"` } type Install struct { From e70a9a2f636220f289bc927b4afabe23f642326e Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Mon, 8 Apr 2024 18:41:44 +0200 Subject: [PATCH 2/5] osbuild: new Environment options for systemd.unit The Environment option in osbuild is now either a string or an array of key-value pairs. Let's just implement the array of key-value pairs here. It supports multiple instances and we don't need to make things complicated here by supporting both. This change modifies all RHEL EC2 and Azure images, but there is no functional change. See https://github.com/osbuild/osbuild/pull/1684 Signed-off-by: Achilleas Koutsou --- pkg/distro/rhel/rhel10/ami.go | 2 +- pkg/distro/rhel/rhel10/azure.go | 2 +- pkg/distro/rhel/rhel8/ami.go | 2 +- pkg/distro/rhel/rhel8/azure.go | 2 +- pkg/distro/rhel/rhel9/ami.go | 2 +- pkg/distro/rhel/rhel9/azure.go | 2 +- pkg/osbuild/systemd_unit_stage.go | 3 ++- 7 files changed, 8 insertions(+), 7 deletions(-) diff --git a/pkg/distro/rhel/rhel10/ami.go b/pkg/distro/rhel/rhel10/ami.go index e61d985348..714f27899a 100644 --- a/pkg/distro/rhel/rhel10/ami.go +++ b/pkg/distro/rhel/rhel10/ami.go @@ -125,7 +125,7 @@ func baseEc2ImageConfig() *distro.ImageConfig { Dropin: "10-rh-enable-for-ec2.conf", Config: osbuild.SystemdServiceUnitDropin{ Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_EC2=yes", + Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_EC2", Value: "yes"}}, }, }, }, diff --git a/pkg/distro/rhel/rhel10/azure.go b/pkg/distro/rhel/rhel10/azure.go index 28f3b362ef..2d748363d5 100644 --- a/pkg/distro/rhel/rhel10/azure.go +++ b/pkg/distro/rhel/rhel10/azure.go @@ -294,7 +294,7 @@ var defaultAzureImageConfig = &distro.ImageConfig{ Dropin: "10-rh-enable-for-azure.conf", Config: osbuild.SystemdServiceUnitDropin{ Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_AZURE=yes", + Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_AZURE", Value: "yes"}}, }, }, }, diff --git a/pkg/distro/rhel/rhel8/ami.go b/pkg/distro/rhel/rhel8/ami.go index fc9386023c..1c9e3bbe58 100644 --- a/pkg/distro/rhel/rhel8/ami.go +++ b/pkg/distro/rhel/rhel8/ami.go @@ -269,7 +269,7 @@ func baseEc2ImageConfig() *distro.ImageConfig { Dropin: "10-rh-enable-for-ec2.conf", Config: osbuild.SystemdServiceUnitDropin{ Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_EC2=yes", + Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_EC2", Value: "yes"}}, }, }, }, diff --git a/pkg/distro/rhel/rhel8/azure.go b/pkg/distro/rhel/rhel8/azure.go index a4d3170501..b078de050b 100644 --- a/pkg/distro/rhel/rhel8/azure.go +++ b/pkg/distro/rhel/rhel8/azure.go @@ -644,7 +644,7 @@ var defaultAzureImageConfig = &distro.ImageConfig{ Dropin: "10-rh-enable-for-azure.conf", Config: osbuild.SystemdServiceUnitDropin{ Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_AZURE=yes", + Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_AZURE", Value: "yes"}}, }, }, }, diff --git a/pkg/distro/rhel/rhel9/ami.go b/pkg/distro/rhel/rhel9/ami.go index 53025e07c3..2326a6acde 100644 --- a/pkg/distro/rhel/rhel9/ami.go +++ b/pkg/distro/rhel/rhel9/ami.go @@ -126,7 +126,7 @@ func baseEc2ImageConfig() *distro.ImageConfig { Dropin: "10-rh-enable-for-ec2.conf", Config: osbuild.SystemdServiceUnitDropin{ Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_EC2=yes", + Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_EC2", Value: "yes"}}, }, }, }, diff --git a/pkg/distro/rhel/rhel9/azure.go b/pkg/distro/rhel/rhel9/azure.go index fafbc5277b..04ad0a2590 100644 --- a/pkg/distro/rhel/rhel9/azure.go +++ b/pkg/distro/rhel/rhel9/azure.go @@ -593,7 +593,7 @@ var defaultAzureImageConfig = &distro.ImageConfig{ Dropin: "10-rh-enable-for-azure.conf", Config: osbuild.SystemdServiceUnitDropin{ Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_AZURE=yes", + Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_AZURE", Value: "yes"}}, }, }, }, diff --git a/pkg/osbuild/systemd_unit_stage.go b/pkg/osbuild/systemd_unit_stage.go index b46094e977..4dff1831c8 100644 --- a/pkg/osbuild/systemd_unit_stage.go +++ b/pkg/osbuild/systemd_unit_stage.go @@ -32,7 +32,8 @@ type SystemdServiceUnitDropin struct { // 'Service' configuration section of a unit file type SystemdUnitServiceSection struct { // Sets environment variables for executed process - Environment string `json:"Environment,omitempty"` + Environment []EnvironmentVariable `json:"Environment,omitempty"` + EnvironmentFile []string `json:"EnvironmentFile,omitempty"` } // 'Unit' configuration section of a unit file From c221f2d99b19c973ed6abbe10bc5a9780a353502 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Mon, 8 Apr 2024 18:50:10 +0200 Subject: [PATCH 3/5] osbuild: validate env var name in systemd.unit.create Signed-off-by: Achilleas Koutsou --- pkg/osbuild/systemd_unit_create_stage.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pkg/osbuild/systemd_unit_create_stage.go b/pkg/osbuild/systemd_unit_create_stage.go index bf82b45f67..e4bd4b8ae2 100644 --- a/pkg/osbuild/systemd_unit_create_stage.go +++ b/pkg/osbuild/systemd_unit_create_stage.go @@ -1,5 +1,10 @@ package osbuild +import ( + "fmt" + "regexp" +) + type serviceType string type unitPath string @@ -55,7 +60,22 @@ type SystemdUnitCreateStageOptions struct { func (SystemdUnitCreateStageOptions) isStageOptions() {} +func (o *SystemdUnitCreateStageOptions) validate() error { + vre := regexp.MustCompile(envVarRegex) + if service := o.Config.Service; service != nil { + for _, envVar := range service.Environment { + if !vre.MatchString(envVar.Key) { + return fmt.Errorf("variable name %q doesn't conform to schema (%s)", envVar.Key, envVarRegex) + } + } + } + return nil +} + func NewSystemdUnitCreateStageOptions(options *SystemdUnitCreateStageOptions) *Stage { + if err := options.validate(); err != nil { + panic(err) + } return &Stage{ Type: "org.osbuild.systemd.unit.create", Options: options, From 4c7c3fce6cc4515d291baff5f1124b854db59ab9 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Mon, 8 Apr 2024 18:51:51 +0200 Subject: [PATCH 4/5] osbuild: validate env var name in systemd.unit Signed-off-by: Achilleas Koutsou --- pkg/osbuild/systemd_unit_stage.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pkg/osbuild/systemd_unit_stage.go b/pkg/osbuild/systemd_unit_stage.go index 4dff1831c8..0d1326091d 100644 --- a/pkg/osbuild/systemd_unit_stage.go +++ b/pkg/osbuild/systemd_unit_stage.go @@ -1,5 +1,10 @@ package osbuild +import ( + "fmt" + "regexp" +) + type unitType string const ( @@ -16,7 +21,22 @@ type SystemdUnitStageOptions struct { func (SystemdUnitStageOptions) isStageOptions() {} +func (o *SystemdUnitStageOptions) validate() error { + vre := regexp.MustCompile(envVarRegex) + if service := o.Config.Service; service != nil { + for _, envVar := range service.Environment { + if !vre.MatchString(envVar.Key) { + return fmt.Errorf("variable name %q doesn't conform to schema (%s)", envVar.Key, envVarRegex) + } + } + } + return nil +} + func NewSystemdUnitStage(options *SystemdUnitStageOptions) *Stage { + if err := options.validate(); err != nil { + panic(err) + } return &Stage{ Type: "org.osbuild.systemd.unit", Options: options, From cd9a4ff0b0cb66a92233ee1c6dce8603908bfada Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Mon, 8 Apr 2024 22:26:14 +0200 Subject: [PATCH 5/5] Schutzfile: update osbuild dependency Signed-off-by: Achilleas Koutsou --- Schutzfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Schutzfile b/Schutzfile index 3f6625304e..c47bd7efa2 100644 --- a/Schutzfile +++ b/Schutzfile @@ -8,7 +8,7 @@ "fedora-39": { "dependencies": { "osbuild": { - "commit": "ec496769c5905bc07264ffdb26f6facb3cb3cdd6" + "commit": "6549bf1992b9731d52df5416584fab3f014a421f" } }, "repos": [