From 1771727ce17286f6e938e74fe384479754b17b6a Mon Sep 17 00:00:00 2001 From: Anurag Awasthi Date: Mon, 13 Jan 2020 16:54:43 +0530 Subject: [PATCH] Revert "Extract systemvm.iso using bsdtar (#3536)" (#3800) This reverts commit 8a55c931e806a64f7f00153d4a58c4463caa7a47. --- debian/control | 2 +- packaging/centos7/cloud.spec | 1 - scripts/vm/systemvm/injectkeys.sh | 47 ++++++++++++++++++++----------- 3 files changed, 31 insertions(+), 19 deletions(-) diff --git a/debian/control b/debian/control index e9b9be1ae8d..3fde8d6d415 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Homepage: http://www.cloudstack.org/ Package: cloudstack-common Architecture: all -Depends: ${misc:Depends}, ${python:Depends}, genisoimage, nfs-common, bsdtar +Depends: ${misc:Depends}, ${python:Depends}, genisoimage, nfs-common Conflicts: cloud-scripts, cloud-utils, cloud-system-iso, cloud-console-proxy, cloud-daemonize, cloud-deps, cloud-python, cloud-setup Description: A common package which contains files which are shared by several CloudStack packages diff --git a/packaging/centos7/cloud.spec b/packaging/centos7/cloud.spec index e7f7b5ba27c..2dbc5ec8780 100644 --- a/packaging/centos7/cloud.spec +++ b/packaging/centos7/cloud.spec @@ -90,7 +90,6 @@ Requires: python Requires: python3 Requires: python-argparse Requires: python-netaddr -Requires: bsdtar Group: System Environment/Libraries %description common The Apache CloudStack files shared between agent and management server diff --git a/scripts/vm/systemvm/injectkeys.sh b/scripts/vm/systemvm/injectkeys.sh index b66b8b5f77e..9df1718253f 100755 --- a/scripts/vm/systemvm/injectkeys.sh +++ b/scripts/vm/systemvm/injectkeys.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -30,31 +30,35 @@ TMPDIR=${TMP}/cloud/systemvm umask 022 clean_up() { - rm -rf --preserve-root $MOUNTPATH -} - -backup_iso() { - $SUDO cp -b ${systemvmpath} ${systemvmpath}.bak + $SUDO umount $MOUNTPATH } inject_into_iso() { local isofile=${systemvmpath} local newpubkey=$2 + local backup=${isofile}.bak local tmpiso=${TMP}/$1 mkdir -p $MOUNTPATH [ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1 - bsdtar -C $MOUNTPATH -xf $isofile - [ $? -ne 0 ] && echo "$(basename $0): Failed to extract original iso $isofile" && clean_up && return 1 + $SUDO mount -o loop $isofile $MOUNTPATH + [ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && clean_up && return 1 diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && clean_up && return 0 - backup_iso + $SUDO cp -b $isofile $backup [ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && clean_up && return 1 - $SUDO cp $newpubkey $MOUNTPATH/authorized_keys + rm -rf $TMPDIR + mkdir -p $TMPDIR + [ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && clean_up && return 1 + $SUDO cp -fr $MOUNTPATH/* $TMPDIR/ + [ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && clean_up && return 1 + $SUDO cp $newpubkey $TMPDIR/authorized_keys [ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && clean_up && return 1 - mkisofs -quiet -r -o $tmpiso $MOUNTPATH - [ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $MOUNTPATH" && clean_up && return 1 + mkisofs -quiet -r -o $tmpiso $TMPDIR + [ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $TMPDIR" && clean_up && return 1 + $SUDO umount $MOUNTPATH + [ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1 $SUDO cp -f $tmpiso $isofile [ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1 - clean_up + rm -rf $TMPDIR } copy_priv_key() { @@ -70,7 +74,7 @@ then SUDO="sudo -n " fi -mkdir -p $MOUNTPATH +$SUDO mkdir -p $MOUNTPATH [ $# -ne 3 ] && echo "Usage: $(basename $0) " && exit 3 newpubkey=$1 @@ -81,8 +85,17 @@ systemvmpath=$3 command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4) -if [ ! -x "$(command -v bsdtar)" ]; then - echo "bsdtar is unavailable. Skipping ssh key insertion in systemvm.iso" +# if running into Docker as unprivileges, skip ssh verification as iso cannot be mounted due to missing loop device. +if [ -f /.dockerenv ]; then + if [ -e /dev/loop0 ]; then + # it's a docker instance with privileges. + inject_into_iso systemvm.iso $newpubkey + [ $? -ne 0 ] && exit 5 + copy_priv_key $newprivkey + else + # this mean it's a docker instance, ssh key cannot be verify. + echo "We run inside Docker, skipping ssh key insertion in systemvm.iso" + fi else inject_into_iso systemvm.iso $newpubkey [ $? -ne 0 ] && exit 5