X-Git-Url: https://code.grnet.gr/git/snf-image-creator/blobdiff_plain/f165adc0d7dd0816def505588dd184ed8c2d805f..fa65eda12290726b54998d7fe60a0448a4bc22d0:/image_creator/os_type/linux.py diff --git a/image_creator/os_type/linux.py b/image_creator/os_type/linux.py index de82e7d..86638c0 100644 --- a/image_creator/os_type/linux.py +++ b/image_creator/os_type/linux.py @@ -32,18 +32,42 @@ # or implied, of GRNET S.A. from image_creator.os_type.unix import Unix, sysprep -from image_creator.util import warn, output import re import time class Linux(Unix): - def __init__(self, rootdev, ghandler): - super(Linux, self).__init__(rootdev, ghandler) + """OS class for Linux""" + def __init__(self, rootdev, ghandler, output): + super(Linux, self).__init__(rootdev, ghandler, output) self._uuid = dict() self._persistent = re.compile('/dev/[hsv]d[a-z][1-9]*') + self.meta["USERS"] = " ".join(self._get_passworded_users()) + + # Delete the USERS metadata if empty + if not len(self.meta['USERS']): + self.out.warn("No passworded users found!") + del self.meta['USERS'] + + def _get_passworded_users(self): + users = [] + regexp = re.compile('(\S+):((?:!\S+)|(?:[^!*]\S+)|):(?:\S*:){6}') + + for line in self.g.cat('/etc/shadow').splitlines(): + match = regexp.match(line) + if not match: + continue + + user, passwd = match.groups() + if len(passwd) > 0 and passwd[0] == '!': + self.out.warn("Ignoring locked %s account." % user) + else: + users.append(user) + + return users + def is_persistent(self, dev): return not self._persistent.match(dev) @@ -51,10 +75,86 @@ class Linux(Unix): if dev in self._uuid: return self._uuid[dev] - for attr in self.g.blkid(dev): - if attr[0] == 'UUID': - self._uuid[dev] = attr[1] - return attr[1] + uuid = self.g.vfs_uuid(dev) + assert len(uuid) + self._uuid[dev] = uuid + return uuid + + @sysprep(enabled=False) + def remove_user_accounts(self, print_header=True): + """Remove all user accounts with id greater than 1000""" + + if print_header: + self.out.output("Removing all user accounts with id greater than " + "1000") + + if 'USERS' not in self.meta: + return + + # Remove users from /etc/passwd + passwd = [] + removed_users = {} + metadata_users = self.meta['USERS'].split() + for line in self.g.cat('/etc/passwd').splitlines(): + fields = line.split(':') + if int(fields[2]) > 1000: + removed_users[fields[0]] = fields + # remove it from the USERS metadata too + if fields[0] in metadata_users: + metadata_users.remove(fields[0]) + else: + passwd.append(':'.join(fields)) + + self.meta['USERS'] = " ".join(metadata_users) + + # Delete the USERS metadata if empty + if not len(self.meta['USERS']): + del self.meta['USERS'] + + self.g.write('/etc/passwd', '\n'.join(passwd) + '\n') + + # Remove the corresponding /etc/shadow entries + shadow = [] + for line in self.g.cat('/etc/shadow').splitlines(): + fields = line.split(':') + if fields[0] not in removed_users: + shadow.append(':'.join(fields)) + + self.g.write('/etc/shadow', "\n".join(shadow) + '\n') + + # Remove the corresponding /etc/group entries + group = [] + for line in self.g.cat('/etc/group').splitlines(): + fields = line.split(':') + # Remove groups tha have the same name as the removed users + if fields[0] not in removed_users: + group.append(':'.join(fields)) + + self.g.write('/etc/group', '\n'.join(group) + '\n') + + # Remove home directories + for home in [field[5] for field in removed_users.values()]: + if self.g.is_dir(home) and home.startswith('/home/'): + self.g.rm_rf(home) + + @sysprep() + def cleanup_passwords(self, print_header=True): + """Remove all passwords and lock all user accounts""" + + if print_header: + self.out.output("Cleaning up passwords & locking all user " + "accounts") + + shadow = [] + + for line in self.g.cat('/etc/shadow').splitlines(): + fields = line.split(':') + if fields[1] not in ('*', '!'): + fields[1] = '!' + + shadow.append(":".join(fields)) + + self.g.write('/etc/shadow', "\n".join(shadow) + '\n') @sysprep() def fix_acpid(self, print_header=True): @@ -63,14 +163,14 @@ class Linux(Unix): """ if print_header: - output('Fixing acpid powerdown action') + self.out.output('Fixing acpid powerdown action') powerbtn_action = '#!/bin/sh\n\nPATH=/sbin:/bin:/usr/bin\n' \ - 'shutdown -h now \"Power button pressed\"\n' + 'shutdown -h now "Power button pressed"\n' events_dir = '/etc/acpi/events' if not self.g.is_dir(events_dir): - warn("No acpid event directory found") + self.out.warn("No acpid event directory found") return event_exp = re.compile('event=(.+)', re.I) @@ -92,47 +192,77 @@ class Linux(Unix): action = m.group(1) continue - if event.strip() == "button[ /]power": + if event.strip() in ("button[ /]power", "button/power.*"): if action: if not self.g.is_file(action): - warn("Acpid action file: %s does not exist" % action) + self.out.warn("Acpid action file: %s does not exist" % + action) return - self.g.copy_file_to_file(action, \ - "%s.orig.snf-image-creator-%d" % (action, time.time())) + self.g.copy_file_to_file(action, + "%s.orig.snf-image-creator-%d" % + (action, time.time())) self.g.write(action, powerbtn_action) return else: - warn("Acpid event file %s does not contain and action") + self.out.warn("Acpid event file %s does not contain and " + "action") return elif event.strip() == ".*": - warn("Found action `.*'. Don't know how to handle this." \ - " Please edit \%s' image file manually to make the " \ - "system immediatelly shutdown when an power button acpi " \ - "event occures" % action) + self.out.warn("Found action `.*'. Don't know how to handle " + "this. Please edit `%s' image file manually to " + "make the system immediatelly shutdown when an " + "power button acpi event occures." % + action.strip().split()[0]) return + self.out.warn("No acpi power button event found!") + @sysprep() - def persistent_net_rules(self, print_header=True): + def remove_persistent_net_rules(self, print_header=True): """Remove udev rules that will keep network interface names persistent after hardware changes and reboots. Those rules will be created again the next time the image runs. """ if print_header: - output('Removing persistent network interface names') + self.out.output('Removing persistent network interface names') rule_file = '/etc/udev/rules.d/70-persistent-net.rules' if self.g.is_file(rule_file): self.g.rm(rule_file) @sysprep() - def persistent_devs(self, print_header=True): + def remove_swap_entry(self, print_header=True): + """Remove swap entry from /etc/fstab. If swap is the last partition + then the partition will be removed when shrinking is performed. If the + swap partition is not the last partition in the disk or if you are not + going to shrink the image you should probably disable this. + """ + + if print_header: + self.out.output('Removing swap entry from fstab') + + new_fstab = "" + fstab = self.g.cat('/etc/fstab') + for line in fstab.splitlines(): + + entry = line.split('#')[0].strip().split() + if len(entry) == 6 and entry[2] == 'swap': + continue + + new_fstab += "%s\n" % line + + self.g.write('/etc/fstab', new_fstab) + + @sysprep() + def use_persistent_block_device_names(self, print_header=True): """Scan fstab & grub configuration files and replace all non-persistent - device appearences with UUIDs. + device references with UUIDs. """ if print_header: - output('Replacing fstab & grub non-persistent device appearences') + self.out.output("Replacing fstab & grub non-persistent device " + "references") # convert all devices in fstab to persistent persistent_root = self._persistent_fstab() @@ -194,7 +324,7 @@ class Linux(Unix): entry = line.split() if len(entry) != 6: - warn("Detected abnormal entry in fstab") + self.out.warn("Detected abnormal entry in fstab") return orig, "", "" dev = entry[0]