curtin

Merge ~mitchellaugustin/curtin/+git/curtin-1:missing-ischroot-mitigation into curtin:master

  1. Git
  2. lp:~mitchellaugustin/curtin/+git/curtin-1
  3. missing-ischroot-mitigation
  4. Merge into master
Proposed by Mitchell Augustin
Status: Merged
Approved by: Dan Bungert
Approved revision: 935c59ff250d1b61d4e092f2fc0c06bcfd9ad991
Merge reported by: Server Team CI bot
Merged at revision: not available
Proposed branch: ~mitchellaugustin/curtin/+git/curtin-1:missing-ischroot-mitigation
Merge into: curtin:master
Diff against target: 82 lines (+52/-2)
2 files modified
curtin/util.py (+4/-2)
tests/unittests/test_util.py (+48/-0)
Reviewer Review Type Date Requested Status
Dan Bungert Approve
Server Team CI bot continuous-integration Approve
Review via email: mp+461730@code.launchpad.net

Commit message

Check to ensure ischroot exists before ChrootableTarget bind mount

Some systems (such as centos7) do not include /usr/bin/ischroot,
which will cause the bind mount to it in ChrootableTarget to fail.

Adding a check for this ensures that the file exists before
mounting and aborts the mount if it does not.

Description of the change

Check to ensure ischroot exists before ChrootableTarget bind mount

To post a comment you must log in.
Revision history for this message
Dan Bungert (dbungert) wrote :

Thanks, I think this is correct.
Do you mind adding a unittest case for that?

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:dc37aa2895114b8306afc1d446a5a7f0b4856946
https://jenkins.canonical.com/server-team/job/curtin-ci/244/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/244/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/244/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/244/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/244/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/244//rebuild

review: Approve (continuous-integration)
Revision history for this message
Mitchell Augustin (mitchellaugustin) wrote :

CI passed after I committed the tests, so I went ahead and squashed that commit.

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:c34fe6f5117e23ccf99f794d0378b195f5c493a4
https://jenkins.canonical.com/server-team/job/curtin-ci/246/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/246/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/246/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/246/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/246/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/246//rebuild

review: Approve (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:935c59ff250d1b61d4e092f2fc0c06bcfd9ad991
https://jenkins.canonical.com/server-team/job/curtin-ci/247/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/247/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/247/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/247/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/247/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/247//rebuild

review: Approve (continuous-integration)
Revision history for this message
Dan Bungert (dbungert) wrote :

Nice work!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/curtin/util.py b/curtin/util.py
index 8be6d20..58ee7e1 100644
--- a/curtin/util.py
+++ b/curtin/util.py
@@ -784,8 +784,10 @@ class ChrootableTarget(object):
784 ischroot_mount_path = paths.target_path(self.target,784 ischroot_mount_path = paths.target_path(self.target,
785 '/usr/bin/ischroot')785 '/usr/bin/ischroot')
786 true_exists = os.path.isfile(true_mount_path)786 true_exists = os.path.isfile(true_mount_path)
787 if true_exists and do_mount(true_mount_path, ischroot_mount_path,787 ischroot_exists = os.path.isfile(ischroot_mount_path)
788 opts='--bind'):788 both_exist = true_exists and ischroot_exists
789 if both_exist and do_mount(true_mount_path, ischroot_mount_path,
790 opts='--bind'):
789 self.umounts.append(ischroot_mount_path)791 self.umounts.append(ischroot_mount_path)
790792
791 return self793 return self
diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
index 5dcef36..2dd63a7 100644
--- a/tests/unittests/test_util.py
+++ b/tests/unittests/test_util.py
@@ -642,6 +642,7 @@ class TestChrootableTargetIsChrootBehavior(CiTestCase):
642 Assumptions:642 Assumptions:
643 - /usr/bin/true exists inside the target. (If it does not,643 - /usr/bin/true exists inside the target. (If it does not,
644 util.py does not attempt this bind mount)644 util.py does not attempt this bind mount)
645 - /usr/bin/ischroot exists inside the target.
645646
646 Notes:647 Notes:
647 - This test ignores any attempts to bind-mount anything other648 - This test ignores any attempts to bind-mount anything other
@@ -694,6 +695,53 @@ class TestChrootableTargetIsChrootBehavior(CiTestCase):
694 self.assertEqual(self.true_content, target_ischroot_file)695 self.assertEqual(self.true_content, target_ischroot_file)
695696
696697
698class TestChrootableTargetIsChrootBehaviorMissingFiles(CiTestCase):
699 """Test ChrootableTargets do *not* mount ischroot if ischroot or
700 true do not exist
701
702 The test checks to make sure that, in a ChrootableTarget that is
703 missing /usr/bin/ischroot or /usr/bin/true:
704 The ischroot->true bind mount is not attempted
705
706 Notes:
707 - This test ignores any attempts to bind-mount anything other
708 than files, as such mounts are out-of-scope for this test.
709 """
710
711 def setUp(self):
712 super(TestChrootableTargetIsChrootBehaviorMissingFiles, self).setUp()
713 self.target = self.tmp_dir()
714 self.truebin = os.path.join(self.target, 'usr/bin/true')
715 self.ischrootbin = os.path.join(self.target, 'usr/bin/ischroot')
716 os.makedirs(os.path.dirname(self.truebin))
717 self.add_patch('curtin.util.do_mount', 'm_do_mount')
718 # Patching subp is necessary here since subp calls are attempted
719 # in ChrootableTarget.__exit__(), which will fail since
720 # self.allowed_subp=False
721 self.add_patch('curtin.util.subp', 'm_subp')
722 self.umounts = []
723
724 def mymount(self, src, dst, opts):
725 print('mymount(src=%s dst=%s, opts=%s)' % (src, dst, opts))
726 if dst not in self.umounts:
727 self.umounts.append(dst)
728 else:
729 return False
730
731 if os.path.isfile(src):
732 util.write_file(dst, util.load_file(src))
733 else:
734 print("Ignoring non-file bind mounts for this test")
735 return True
736
737 def test_chrootable_target_does_not_bind_if_files_missing(self):
738 target_ischroot = os.path.join(self.target, 'usr/bin/ischroot')
739
740 self.m_do_mount.side_effect = self.mymount
741 with util.ChrootableTarget(self.target) as chroot:
742 self.assertFalse(target_ischroot in chroot.umounts)
743
744
697class TestChrootableTargetResolvConf(CiTestCase):745class TestChrootableTargetResolvConf(CiTestCase):
698 """Test ChrootableTargets handles target /etc/resolv.conf gracefully"""746 """Test ChrootableTargets handles target /etc/resolv.conf gracefully"""
699747

Subscribers

People subscribed via source and target branches