move configs to dkl crate
This commit is contained in:
Mikaël Cluseau
@ -1,14 +1,18 @@
|
||||
use eyre::{format_err, Result};
|
||||
use eyre::{Result, format_err};
|
||||
use log::{info, warn};
|
||||
use std::path::Path;
|
||||
use tokio::{
|
||||
fs,
|
||||
io::{AsyncBufReadExt, BufReader},
|
||||
};
|
||||
|
||||
use dkl::{
|
||||
self,
|
||||
apply::{self, chroot, set_perms},
|
||||
bootstrap::Config,
|
||||
};
|
||||
|
||||
use super::{exec, mount, retry, retry_or_ignore, try_exec};
|
||||
use crate::bootstrap::config::Config;
|
||||
use crate::{dkl, utils};
|
||||
use crate::utils;
|
||||
|
||||
pub async fn bootstrap(cfg: Config) {
|
||||
let verifier = retry(async || Verifier::from_config(&cfg)).await;
|
||||
@ -50,7 +54,7 @@ pub async fn bootstrap(cfg: Config) {
|
||||
})
|
||||
.await;
|
||||
|
||||
retry_or_ignore(async || apply_files(&sys_cfg.files, "/system").await).await;
|
||||
retry_or_ignore(async || apply::files(&sys_cfg.files, "/system").await).await;
|
||||
|
||||
apply_groups(&sys_cfg.groups, "/system").await;
|
||||
apply_users(&sys_cfg.users, "/system").await;
|
||||
@ -77,7 +81,7 @@ impl Verifier {
|
||||
return Ok(Self { pubkey: None });
|
||||
};
|
||||
|
||||
use base64::{prelude::BASE64_STANDARD, Engine};
|
||||
use base64::{Engine, prelude::BASE64_STANDARD};
|
||||
let pubkey = BASE64_STANDARD.decode(pubkey)?;
|
||||
let pubkey = Some(pubkey);
|
||||
|
||||
@ -250,47 +254,6 @@ async fn mount_system(cfg: &dkl::Config, bs_dir: &str, verifier: &Verifier) {
|
||||
.await;
|
||||
}
|
||||
|
||||
fn chroot(root: &str, path: &str) -> String {
|
||||
format!("{root}/{}", path.trim_start_matches(|c| c == '/'))
|
||||
}
|
||||
|
||||
async fn apply_files(files: &[dkl::File], root: &str) -> Result<()> {
|
||||
for file in files {
|
||||
let path = chroot(root, &file.path);
|
||||
let path = Path::new(&path);
|
||||
|
||||
if let Some(parent) = path.parent() {
|
||||
fs::create_dir_all(parent).await?;
|
||||
}
|
||||
|
||||
use crate::dkl::FileKind as K;
|
||||
match &file.kind {
|
||||
K::Content(content) => fs::write(path, content.as_bytes()).await?,
|
||||
K::Dir(true) => fs::create_dir(path).await?,
|
||||
K::Dir(false) => {} // shouldn't happen, but semantic is to ignore
|
||||
K::Symlink(tgt) => fs::symlink(tgt, path).await?,
|
||||
}
|
||||
|
||||
match file.kind {
|
||||
K::Symlink(_) => {}
|
||||
_ => set_perms(path, file.mode).await?,
|
||||
}
|
||||
|
||||
info!("created {}", file.path);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn set_perms(path: impl AsRef<Path>, mode: Option<u32>) -> std::io::Result<()> {
|
||||
if let Some(mode) = mode.filter(|m| *m != 0) {
|
||||
use std::os::unix::fs::PermissionsExt;
|
||||
let mode = std::fs::Permissions::from_mode(mode);
|
||||
fs::set_permissions(path, mode).await?;
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn apply_groups(groups: &[dkl::Group], root: &str) {
|
||||
for group in groups {
|
||||
let mut args = vec![root, "groupadd", "-r"];
|
||||
|
||||
Reference in New Issue
Block a user