From 326d89752a775cd94bfe556f86979e7e1ccb3e23 Mon Sep 17 00:00:00 2001 From: Saqib Ali Date: Mon, 9 May 2022 12:39:32 -0400 Subject: [PATCH 1/2] ostree-systroot-deploy: parse bls-append-except-default key We want to parse a new "bls-append-except-default" key from ostree config. The key-value pairs specified by this key will be added to the generated BLS fragments of non-default deployments. They must follow the format "key1,value1;key2,value2" and so on. This change will allow us to land GRUB password support in FCOS. Relevant: https://github.com/coreos/fedora-coreos-tracker/issues/134 --- src/libostree/ostree-sysroot-deploy.c | 44 +++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c index 96cc0753..3a4f8d41 100644 --- a/src/libostree/ostree-sysroot-deploy.c +++ b/src/libostree/ostree-sysroot-deploy.c @@ -2082,6 +2082,50 @@ install_deployment_kernel (OstreeSysroot *sysroot, g_autofree char *options_key = ostree_kernel_args_to_string (kargs); ostree_bootconfig_parser_set (bootconfig, "options", options_key); + g_autoptr(GError) local_error = NULL; + GKeyFile *config = ostree_repo_get_config (repo); + gchar **read_values = g_key_file_get_string_list (config, "sysroot", "bls-append-except-default", NULL, &local_error); + /* We can ignore not found errors */ + if (!read_values) + { + gboolean not_found = g_error_matches (local_error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND) || \ + g_error_matches (local_error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_GROUP_NOT_FOUND); + if (not_found) + { + g_clear_error (&local_error); + } + else + { + g_propagate_error (error, g_steal_pointer (&local_error)); + return FALSE; + } + } + + /* Only append to this BLS config if: + * - this is not the default deployment + */ + /* If deployment was prepended, it is the new default */ + gboolean is_new_default = (ostree_deployment_get_index (deployment) == 0); + gboolean allow_append = !is_new_default; + if (allow_append) + { + /* get all key value pairs in bls-append */ + for (char **iter = read_values; iter && *iter; iter++) + { + const char *key_value = *iter; + const char *sep = strchr (key_value, '='); + if (sep == NULL) + { + glnx_throw (error, "bls-append-except-default key must be of the form \"key1=value1;key2=value2...\""); + return FALSE; + } + g_autofree char *key = g_strndup (key_value, sep - key_value); + g_autofree char *value = g_strdup (sep + 1); + ostree_bootconfig_parser_set (bootconfig, key, value); + } + + } + glnx_autofd int bootconf_dfd = -1; if (!glnx_opendirat (sysroot->boot_fd, bootconfdir, TRUE, &bootconf_dfd, error)) return FALSE; From 248b2936ace89631aba79a90cfe8f81b329d63bf Mon Sep 17 00:00:00 2001 From: Saqib Ali Date: Wed, 11 May 2022 10:54:42 -0400 Subject: [PATCH 2/2] man/ostree.repo-config.xml: add docs for bls-append-except-default key Relevant: https://github.com/coreos/fedora-coreos-tracker/issues/134 --- man/ostree.repo-config.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/man/ostree.repo-config.xml b/man/ostree.repo-config.xml index 3fa02cac..5afeac8a 100644 --- a/man/ostree.repo-config.xml +++ b/man/ostree.repo-config.xml @@ -404,6 +404,17 @@ License along with this library. If not, see . + + bls-append-except-default + A semicolon seperated string list of key-value pairs. For example: + bls-append-except-default=key1=value1;key2=value2. These key-value + pairs will be injected into the generated BLS fragments of the non-default deployments. + In other words, the BLS fragment of the default deployment will be unaffected by + bls-append-except-default. + + + +