[initcpio] Replace Python implementation with C++

- This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for *something*) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190
6 years ago · bb6530577d
parent d5340f9743
commit bb6530577d
6 changed files with 150 additions and 55 deletions
--- a/src/modules/initcpio/CMakeLists.txt
+++ b/src/modules/initcpio/CMakeLists.txt
@ -0,0 +1,9 @@
 calamares_add_plugin( initcpio
    TYPE job
    EXPORT_MACRO PLUGINDLLEXPORT_PRO
    SOURCES
        InitcpioJob.cpp
    LINK_PRIVATE_LIBRARIES
        calamares
    SHARED_LIB
 )
--- a/src/modules/initcpio/InitcpioJob.cpp
+++ b/src/modules/initcpio/InitcpioJob.cpp
@ -0,0 +1,77 @@
 /* === This file is part of Calamares - <https://github.com/calamares> ===
 *
 *   Copyright 2019, Adriaan de Groot <groot@kde.org>
 *
 *   Calamares is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   Calamares is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "InitcpioJob.h"
 #include "utils/CalamaresUtilsSystem.h"
 #include "utils/Logger.h"
 #include "utils/UMask.h"
 #include "utils/Variant.h"
 InitcpioJob::InitcpioJob( QObject* parent )
    : Calamares::CppJob( parent )
 {
 }
 InitcpioJob::~InitcpioJob() {}
 QString
 InitcpioJob::prettyName() const
 {
    return tr( "Creating initramfs with mkinitcpio." );
 }
 Calamares::JobResult
 InitcpioJob::exec()
 {
    CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe );
    cDebug() << "Updating initramfs with kernel" << m_kernel;
    auto r = CalamaresUtils::System::instance()->targetEnvCommand(
        { "mkinitcpio", "-p", m_kernel }, QString(), QString(), 0 );
    return r.explainProcess( "mkinitcpio", 10 );
 }
 void
 InitcpioJob::setConfigurationMap( const QVariantMap& configurationMap )
 {
    m_kernel = CalamaresUtils::getString( configurationMap, "kernel" );
    if ( m_kernel.isEmpty() )
    {
        m_kernel = QStringLiteral( "all" );
    }
    else if ( m_kernel == "$uname" )
    {
        auto r = CalamaresUtils::System::runCommand(
            CalamaresUtils::System::RunLocation::RunInHost, { "/bin/uname", "-r" }, QString(), QString(), 3 );
        if ( r.getExitCode() == 0 )
        {
            m_kernel = r.getOutput();
            cDebug() << "*initcpio* using running kernel" << m_kernel;
        }
        else
        {
            cWarning() << "*initcpio* could not determine running kernel, using 'all'." << Logger::Continuation
                       << r.getExitCode() << r.getOutput();
        }
    }
 }
 CALAMARES_PLUGIN_FACTORY_DEFINITION( InitcpioJobFactory, registerPlugin< InitcpioJob >(); )
--- a/src/modules/initcpio/InitcpioJob.h
+++ b/src/modules/initcpio/InitcpioJob.h
@ -0,0 +1,49 @@
 /* === This file is part of Calamares - <https://github.com/calamares> ===
 *
 *   Copyright 2019, Adriaan de Groot <groot@kde.org>
 *
 *   Calamares is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   Calamares is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef INITCPIOJOB_H
 #define INITCPIOJOB_H
 #include "CppJob.h"
 #include "PluginDllMacro.h"
 #include "utils/PluginFactory.h"
 #include <QObject>
 #include <QVariantMap>
 class PLUGINDLLEXPORT InitcpioJob : public Calamares::CppJob
 {
    Q_OBJECT
 public:
    explicit InitcpioJob( QObject* parent = nullptr );
    virtual ~InitcpioJob() override;
    QString prettyName() const override;
    Calamares::JobResult exec() override;
    void setConfigurationMap( const QVariantMap& configurationMap ) override;
 private:
    QString m_kernel;
 };
 CALAMARES_PLUGIN_FACTORY_DECLARATION( InitcpioJobFactory )
 #endif  // INITCPIOJOB_H
--- a/src/modules/initcpio/initcpio.conf
+++ b/src/modules/initcpio/initcpio.conf
@ -1,3 +1,18 @@
 # Run mkinitcpio(8) with the given preset value
 ---
 # There is only one configuration item for this module,
 # the kernel to be loaded. This can have the following
 # values:
 #  - empty or unset, interpreted as "all"
 #  - the literal string "$uname" (without quotes, with dollar),
 #    which will use the output of `uname -r` to determine the
 #    running kernel, and use that.
 #  - any other string.
 #
 # Whatever is set, that string is passed as *preset* argument to the
 # `-p` option of *mkinitcpio*. Take care that both "$uname" operates
 # in the host system, and might not be correct if the target system is
 # updated (to a newer kernel) as part of the installation.
 #
 # Note that "all" is probably not a good preset to use either.
 kernel: linux312
--- a/src/modules/initcpio/main.py
+++ b/src/modules/initcpio/main.py
@ -1,50 +0,0 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
 # === This file is part of Calamares - <https://github.com/calamares> ===
 #
 #   Copyright 2014, Philip Müller <philm@manjaro.org>
 #   Copyright 2019, Adriaan de Groot <groot@kde.org>
 #
 #   Calamares is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
 #   the Free Software Foundation, either version 3 of the License, or
 #   (at your option) any later version.
 #
 #   Calamares is distributed in the hope that it will be useful,
 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #   GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public License
 #   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
 import libcalamares
 from libcalamares.utils import check_target_env_call
 import gettext
 _ = gettext.translation("calamares-python",
                        localedir=libcalamares.utils.gettext_path(),
                        languages=libcalamares.utils.gettext_languages(),
                        fallback=True).gettext
 def pretty_name():
    return _("Creating initramfs with mkinitcpio.")
 def run():
    """ Calls routine to create kernel initramfs image.
    :return:
    """
    from subprocess import CalledProcessError
    kernel = libcalamares.job.configuration['kernel']
    try:
        check_target_env_call(['mkinitcpio', '-p', kernel])
    except CalledProcessError as e:
        libcalamares.utils.warning(str(e))
        return ( _( "Process Failed" ),
                 _( "Process <pre>mkinitcpio</pre> failed with error code {!s}. The command was <pre>{!s}</pre>." ).format( e.returncode, e.cmd ) )
    return None
--- a/src/modules/initcpio/module.desc
+++ b/src/modules/initcpio/module.desc
@ -1,5 +0,0 @@
 ---
 type:       "job"
 name:       "initcpio"
 interface:  "python"
 script:     "main.py"