[gnome-initial-setup/wip/pwithnall/misc-fixes: 16/70] eos-test-mode: add eos-test-mode script
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-initial-setup/wip/pwithnall/misc-fixes: 16/70] eos-test-mode: add eos-test-mode script
- Date: Fri, 11 Sep 2020 13:29:10 +0000 (UTC)
commit 73b53afdc5c433fcbc9a1159628016fdceefbc49
Author: Alessandro Puccetti <alessandro kinvolk io>
Date: Fri May 12 13:27:19 2017 +0200
eos-test-mode: add eos-test-mode script
- We ensure that eos-phone-home is disabled.
https://phabricator.endlessm.com/T16836
- eos-live-boot-overlayfs-setup takes special steps to ensure that
Flatpaks can be installed.
https://phabricator.endlessm.com/T18999#478663
- In case of an external SD card, we call eos-live-boot-overlayfs-setup
twice; that's OK because the script is idempotent and will not operate
twice on the same directory.
- This file needs to be executable, otherwise it fails to be spawned
with the message "Child process exited with code 127". Its mode is set
in the source tree, and the install step in the build system also sets
the correct mode on the installed file.
https://phabricator.endlessm.com/T24356
- Adds a polkit policy for the eos-test-mode script as
com.endlessm.TestMode. Update the polkit rules so that the action can
be run privileged through pkexec by the gnome-initial-setup user.
(Rebase 3.38: Fix minor rebase conflicts.)
https://phabricator.endlessm.com/T5036
data/20-gnome-initial-setup.rules | 1 +
data/com.endlessm.TestMode.policy.in | 20 ++++++
data/meson.build | 10 +++
gnome-initial-setup/meson.build | 2 +-
gnome-initial-setup/pages/language/eos-test-mode | 88 ++++++++++++++++++++++++
gnome-initial-setup/pages/language/meson.build | 6 ++
meson.build | 3 +
7 files changed, 129 insertions(+), 1 deletion(-)
---
diff --git a/data/20-gnome-initial-setup.rules b/data/20-gnome-initial-setup.rules
index f0a15ac7..135b26e8 100644
--- a/data/20-gnome-initial-setup.rules
+++ b/data/20-gnome-initial-setup.rules
@@ -11,6 +11,7 @@ polkit.addRule(function(action, subject) {
var actionMatches = (action.id.indexOf('org.freedesktop.hostname1.') === 0 ||
action.id === 'com.endlessm.Metrics.SetEnabled' ||
+ action.id === 'com.endlessm.TestMode' ||
action.id.indexOf('org.freedesktop.NetworkManager.') === 0 ||
action.id.indexOf('org.freedesktop.locale1.') === 0 ||
action.id.indexOf('org.freedesktop.accounts.') === 0 ||
diff --git a/data/com.endlessm.TestMode.policy.in b/data/com.endlessm.TestMode.policy.in
new file mode 100644
index 00000000..538f770c
--- /dev/null
+++ b/data/com.endlessm.TestMode.policy.in
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";>
+<policyconfig>
+ <vendor>Endless</vendor>
+ <vendor_url>https://endlessm.com/</vendor_url>
+
+ <action id="com.endlessm.TestMode">
+ <description>Initiate system test mode</description>
+ <message>Authentication is required to start test mode</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">@LIBEXECDIR@/eos-test-mode</annotate>
+ </action>
+</policyconfig>
diff --git a/data/meson.build b/data/meson.build
index ec3378dd..aa4f7983 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -80,6 +80,16 @@ install_data('initial-setup.json', install_dir: mode_dir)
install_data('gnome-welcome-tour', install_dir: get_option('libexecdir'))
+policykit_actions_dir = policykit_dep.get_pkgconfig_variable('policydir')
+
+configure_file(
+ input: 'com.endlessm.TestMode.policy.in',
+ output: 'com.endlessm.TestMode.policy',
+ install: true,
+ install_dir: policykit_actions_dir,
+ configuration: desktop_conf,
+)
+
systemd_dep = dependency ('systemd')
install_data(
diff --git a/gnome-initial-setup/meson.build b/gnome-initial-setup/meson.build
index 1d2388ba..3a6d3428 100644
--- a/gnome-initial-setup/meson.build
+++ b/gnome-initial-setup/meson.build
@@ -30,7 +30,7 @@ sources += [
dependencies = [
dependency ('libnm', version: '>= 1.2'),
dependency ('libnma', version: '>= 1.0'),
- dependency ('polkit-gobject-1', version: '>= 0.103'),
+ policykit_dep,
dependency ('accountsservice'),
dependency ('gnome-desktop-3.0', version: '>= 3.7.5'),
dependency ('gsettings-desktop-schemas', version: '>= 3.37.1'),
diff --git a/gnome-initial-setup/pages/language/eos-test-mode
b/gnome-initial-setup/pages/language/eos-test-mode
new file mode 100755
index 00000000..5bb7f9a4
--- /dev/null
+++ b/gnome-initial-setup/pages/language/eos-test-mode
@@ -0,0 +1,88 @@
+#!/bin/bash -e
+
+# eos-test-mode - Setup system for non-persistent testing.
+# Copyright (C) 2015 Dan Nicholson <nicholson endlessm com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Check to see if we've run eos-live-boot-overlayfs-setup already
+[ -d /run/eos-live ] && exit 0
+
+# The /var/endless-extra SD card filesystem needs to be unmounted before
+# adding the overlays below since the /var overlay will mask it.
+extra_unit="var-endless\x2dextra.mount"
+systemctl -q is-active "$extra_unit" && extra_active=true || extra_active=false
+
+# Unmount the SD card
+$extra_active && systemctl stop "$extra_unit"
+
+# Mount overlays over any directory that might be written to
+eos-live-boot-overlayfs-setup etc
+
+# Allow xattrs in the user namespace on /run, and by extension in the ostree
+# repo, where they are used to record permissions when run as an unprivileged
+# user.
+mount -o remount,user_xattr /run
+
+# /sysroot/ostree needs special handling:
+setup_ostree_flatpak_overlay() {
+ # The flatpak deployment dirs must be on the same filesystem (namely
+ # /sysroot) as the ostree repo, so files can be hardlinked between them
+ # rather than copied. We normally achieve this with these symlinks:
+ #
+ # /var/lib/flatpak --> /sysroot/flatpak
+ # /sysroot/flatpak/repo --> /ostree/repo
+ # /ostree --> /sysroot/ostree
+ #
+ # For a live boot, we cannot overlay /sysroot directly: we need to read an
+ # xattr from the real (lower) directory, but if the upper dir exists (which
+ # it always does at the root of the mount!) then overlayfs returns xattrs
+ # from that. But if we put separate overlays on /sysroot/ostree and
+ # /sysroot/flatpak, hardlinks between them do not work.
+ #
+ # It just so happens that the only entry that /sysroot/ostree and
+ # /sysroot/flatpak have in common is 'repo', which is meant to be identical
+ # anyway. So, we merge both directories together over /sysroot/ostree:
+ local lowerdir=/sysroot/ostree:/sysroot/flatpak
+ local upperdir=/run/eos-test/ostree-flatpak
+ local workdir=$upperdir-workdir
+ [ -d $workdir ] && return;
+ mkdir -p $upperdir $workdir
+ mount -t overlay -o \
+ rw,upperdir=$upperdir,lowerdir=$lowerdir,workdir=$workdir \
+ eos-test-ostree-flatpak /sysroot/ostree
+
+ # Adjust the symlink to point to this ostree/flatpak chimera:
+ rm -f /var/lib/flatpak
+ ln -s /sysroot/ostree /var/lib/flatpak
+
+ # And leave /sysroot/flatpak uncovered; since it is only ever referenced
+ # via the /var/lib/flatpak symlink.
+}
+
+# Once /var is writable, we can set up the special ostree+flatpak overlay:
+setup_ostree_flatpak_overlay
+
+# Remount the SD card and mount a scratch overlay over it
+if $extra_active; then
+ systemctl start "$extra_unit"
+ eos-live-boot-overlayfs-setup var/endless-extra
+fi
+
+# Disable the updater for this boot
+systemctl mask --runtime --now eos-autoupdater.timer eos-autoupdater.service
+
+# Disable phoning home for this boot, too
+systemctl mask --runtime --now eos-phone-home.{service,timer,path}
diff --git a/gnome-initial-setup/pages/language/meson.build b/gnome-initial-setup/pages/language/meson.build
index ef6ba3f7..1b80f6d4 100644
--- a/gnome-initial-setup/pages/language/meson.build
+++ b/gnome-initial-setup/pages/language/meson.build
@@ -14,3 +14,9 @@ sources += files(
'gis-language-page.c',
'gis-language-page.h',
)
+
+install_data(
+ 'eos-test-mode',
+ install_dir: libexec_dir,
+ install_mode: 'rwxr-xr-x'
+)
diff --git a/meson.build b/meson.build
index a9c65bc6..6d1c56f3 100644
--- a/meson.build
+++ b/meson.build
@@ -78,6 +78,9 @@ libmalcontent_ui_dep = dependency ('malcontent-ui-0',
required: get_option('parental_controls'))
conf.set('HAVE_PARENTAL_CONTROLS', libmalcontent_dep.found() and libmalcontent_ui_dep.found())
+# Needed in both gnome-initial-setup/ and data/
+policykit_dep = dependency('polkit-gobject-1', version: '>= 0.103')
+
configure_file(output: 'config.h',
configuration: conf)
config_h_dir = include_directories('.')
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
