kernelmanager: New specs and support file permissions

This commit is contained in:
Mustafa Gezen 2023-10-06 12:39:19 +02:00
parent 60e664b8ae
commit 8e80167da4
Signed by: mustafa
GPG key ID: DCDF010D946438C1
13 changed files with 5239 additions and 6695 deletions

View file

@ -105,7 +105,9 @@ export function ResourceTable<T extends StandardResource>(
const [rows, setRows] = React.useState<T[] | undefined>(undefined);
const [loading, setLoading] = React.useState<boolean>(false);
const [filter, setFilter] = React.useState<string | undefined>(initFilter);
const [filterValue, setFilterValue] = React.useState<string | undefined>(initFilter);
const [filterValue, setFilterValue] = React.useState<string | undefined>(
initFilter,
);
const updateSearch = (replace = false) => {
const search = new URLSearchParams(location.search);
@ -170,7 +172,8 @@ export function ResourceTable<T extends StandardResource>(
setRowsPerPage(initRowsPerPage);
}
if (
JSON.stringify(pageTokenHistory) !== JSON.stringify(initPageTokenHistory)
JSON.stringify(pageTokenHistory) !==
JSON.stringify(initPageTokenHistory)
) {
setPageTokenHistory(initPageTokenHistory);
}
@ -251,10 +254,19 @@ export function ResourceTable<T extends StandardResource>(
sx={{ '&:last-child td, &:last-child th': { border: 0 } }}
>
{props.fields.map((field) => {
// If row has prefix of location.pathname, then we should remove it
// from the name.
// Then we can use a relative link.
const doesStartWithPathname = row.name?.startsWith(location.pathname);
if (doesStartWithPathname) {
// Only replace the first occurrence
row.name = row.name?.replace(location.pathname, '');
}
return (
<TableCell key={field.key}>
{field.key === 'name' ? (
<Link to={`/${row.name}`}>{row.name}</Link>
<Link to={row.name}>{row.name}</Link>
) : (
<>{row[field.key] ? row[field.key].toString() : '--'}</>
)}
@ -274,7 +286,9 @@ export function ResourceTable<T extends StandardResource>(
variant="outlined"
size="small"
value={filterValue}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => setFilterValue(event.target.value)}
onChange={(event: React.ChangeEvent<HTMLInputElement>) =>
setFilterValue(event.target.value)
}
/>
<Button
variant="contained"

View file

@ -6,8 +6,9 @@ import (
)
type File struct {
Name string
Data []byte
Name string
Data []byte
Permissions os.FileMode
}
type Output struct {
@ -30,7 +31,7 @@ func (o *Output) ToFS(fs billy.Filesystem) error {
// Create SOURCES files
for _, file := range o.OtherFiles {
f, err := fs.OpenFile("SOURCES/"+file.Name, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
f, err := fs.OpenFile("SOURCES/"+file.Name, os.O_CREATE|os.O_RDWR|os.O_TRUNC, file.Permissions)
if err != nil {
return err
}

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -569,21 +569,21 @@ sed -i "s@^EXTRAVERSION.*@EXTRAVERSION = -%{release}.%{_target_cpu}@" Makefile
%ifarch x86_64 || aarch64
cp config-%{_target_cpu} .config
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions-el9-%{_target_cpu}.txt || true
if [ -s newoptions-el9-%{_target_cpu}.txt ]; then
cat newoptions-el9-%{_target_cpu}.txt
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions%{_target_cpu}.txt || true
if [ -s newoptions%{_target_cpu}.txt ]; then
cat newoptions%{_target_cpu}.txt
exit 1
fi
rm -f newoptions-el9-%{_target_cpu}.txt
rm -f newoptions%{_target_cpu}.txt
%endif
# Add DUP and kpatch certificates to system trusted keys for RHEL.
# Add DUP and kpatch certificates to system trusted keys for Rocky.
%if %{signkernel} || %{signmodules}
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
cat rheldup3.pem rhelkpatch1.pem > certs/rhel.pem
openssl x509 -inform der -in %{SOURCE100} -out rockydup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rockykpatch1.pem
cat rockydup3.pem rockykpatch1.pem > certs/rocky.pem
for i in config-*; do
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rocky.pem"@' $i
done
%else
for i in config-*; do
@ -591,9 +591,9 @@ for i in config-*; do
done
%endif
# Adjust the FIPS module name for RHEL9.
# Adjust the FIPS module name for Rocky9.
for i in config-*; do
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux 9 - Kernel Cryptographic API"@' $i
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Rocky Linux 9 - Kernel Cryptographic API"@' $i
done
%{__make} -s distclean

View file

@ -572,21 +572,21 @@ sed -i "s@^EXTRAVERSION.*@EXTRAVERSION = -%{release}.%{_target_cpu}@" Makefile
%ifarch x86_64 || aarch64
cp config-%{_target_cpu} .config
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions-el9-%{_target_cpu}.txt || true
if [ -s newoptions-el9-%{_target_cpu}.txt ]; then
cat newoptions-el9-%{_target_cpu}.txt
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions-%{_target_cpu}.txt || true
if [ -s newoptions-%{_target_cpu}.txt ]; then
cat newoptions-%{_target_cpu}.txt
exit 1
fi
rm -f newoptions-el9-%{_target_cpu}.txt
rm -f newoptions-%{_target_cpu}.txt
%endif
# Add DUP and kpatch certificates to system trusted keys for RHEL.
# Add DUP and kpatch certificates to system trusted keys for Rocky.
%if %{signkernel} || %{signmodules}
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
cat rheldup3.pem rhelkpatch1.pem > certs/rhel.pem
openssl x509 -inform der -in %{SOURCE100} -out rockydup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rockykpatch1.pem
cat rockydup3.pem rockykpatch1.pem > certs/rocky.pem
for i in config-*; do
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rocky.pem"@' $i
done
%else
for i in config-*; do
@ -594,9 +594,9 @@ for i in config-*; do
done
%endif
# Adjust the FIPS module name for RHEL9.
# Adjust the FIPS module name for Rocky9.
for i in config-*; do
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux 9 - Kernel Cryptographic API"@' $i
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Rocky Linux 9 - Kernel Cryptographic API"@' $i
done
%{__make} -s distclean

View file

@ -24,11 +24,12 @@ type ChangelogEntry struct {
}
type Input struct {
Version string
BuildID string
KernelPackage string
Changelog []*ChangelogEntry
Tarball []byte
Version string
BuildID string
KernelPackage string
Changelog []*ChangelogEntry
AdditionalKernelConfig []string
Tarball []byte
}
func kernel(kernelType string, in *Input) (*kernel_repack.Output, error) {
@ -78,9 +79,31 @@ func kernel(kernelType string, in *Input) (*kernel_repack.Output, error) {
return nil, err
}
// If the file starts with "config-", then it's a kernel config file.
// Append additional kernel config to the end of the file.
if strings.HasPrefix(file.Name(), "config-") {
data = append(data, []byte("\n")...)
for _, config := range in.AdditionalKernelConfig {
data = append(data, []byte(config)...)
data = append(data, []byte("\n")...)
}
}
stat, err := f.Stat()
if err != nil {
return nil, err
}
mode := stat.Mode()
// If file name ends with ".sh", set executable bit
if strings.HasSuffix(file.Name(), ".sh") {
mode |= 0111
}
files = append(files, &kernel_repack.File{
Name: file.Name(),
Data: data,
Name: file.Name(),
Data: data,
Permissions: mode,
})
}

View file

@ -57,6 +57,9 @@ message RepackOptions {
}
// Repack version
Version version = 4;
// Additional kernel config entries.
repeated string additional_kernel_config = 5;
}
// PeridotProject contains information about the Peridot project

View file

@ -30,7 +30,7 @@ service KernelManager {
// GetKernel returns a kernel by name.
rpc GetKernel(GetKernelRequest) returns (Kernel) {
option (google.api.http) = {
get: "/v1/{name=kernels/*}"
get: "/v1/{name=kernels/*/kernels/*}"
};
option (google.api.method_signature) = "name";
}
@ -46,7 +46,7 @@ service KernelManager {
// UpdateKernel updates an existing kernel.
rpc UpdateKernel(UpdateKernelRequest) returns (Kernel) {
option (google.api.http) = {
patch: "/v1/{kernel.name=kernels/*}"
patch: "/v1/{kernel.name=kernels/*/kernels/*}"
body: "kernel"
};
option (google.api.method_signature) = "kernel,update_mask";
@ -57,7 +57,7 @@ service KernelManager {
// update of the kernel. And the update window will be reset.
rpc TriggerKernelUpdate(TriggerKernelUpdateRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{name=kernels/*}:triggerUpdate"
post: "/v1/{name=kernels/*/kernels/*}:triggerUpdate"
};
option (google.longrunning.operation_info) = {
response_type: "TriggerKernelUpdateResponse"

View file

@ -10,6 +10,7 @@ import (
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/proto"
"strings"
)
func getPrefixEnd(key []byte) []byte {
@ -65,8 +66,11 @@ func (s *Server) GetKernel(ctx context.Context, req *kernelmanagerpb.GetKernelRe
return nil, status.Error(codes.InvalidArgument, "name must be provided")
}
kernelBytes, err := s.kv.Get(ctx, fmt.Sprintf("/kernels/entries/%s", req.Name))
kernelBytes, err := s.kv.Get(ctx, fmt.Sprintf("/kernels/entries/%s", strings.TrimPrefix(req.Name, "kernels/")))
if err != nil {
if errors.Is(err, kv.ErrNotFound) {
return nil, status.Error(codes.NotFound, "kernel not found")
}
base.LogErrorf("failed to get kernel: %v", err)
return nil, status.Error(codes.Internal, "failed to get kernel")
}

View file

@ -23,6 +23,8 @@ import Typography from '@mui/material/Typography';
import Button from '@mui/material/Button';
import { Theme } from '@mui/material/styles';
import { Kernels } from './Kernels';
import { GetKernel } from 'tools/kernelmanager/ui/GetKernel';
import Link from '@mui/material/Link';
export const App = () => {
return (
@ -34,7 +36,9 @@ export const App = () => {
>
<Toolbar variant="dense">
<Typography variant="h6" component="div" sx={{ flexGrow: 1 }}>
RESF KernelManager{window.__beta__ ? ' (beta)' : ''}
<Link to="/">
RESF KernelManager{window.__beta__ ? ' (beta)' : ''}
</Link>
</Typography>
<Box sx={{ flexGrow: 1, textAlign: 'right' }}>
{window.__peridot_user__ ? (
@ -68,6 +72,7 @@ export const App = () => {
<Route index element={<Navigate to="/kernels" replace />} />
<Route path="/kernels">
<Route index element={<Kernels />} />
<Route path="*" element={<GetKernel />} />
</Route>
</Routes>
</Box>

View file

@ -0,0 +1,74 @@
/**
* Copyright 2023 Peridot Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import React from 'react';
import { useParams } from 'react-router-dom';
import Box from '@mui/material/Box';
import Divider from '@mui/material/Divider';
import { ResourceView } from 'base/ts/mui/ResourceView';
import { reqap } from 'base/ts/reqap';
import { V1Kernel } from 'bazel-bin/tools/kernelmanager/proto/v1/kernelmanagerpb_ts_proto_gen';
import { kernelManagerApi } from 'tools/kernelmanager/ui/api';
export const GetKernel = () => {
const params = useParams();
const [resource, setResource] = React.useState<V1Kernel | undefined | null>(
undefined,
);
// Load the resource
React.useEffect(() => {
(async () => {
const [res, err] = await reqap(
kernelManagerApi.getKernel({
name: location.pathname.substring(1),
}),
);
if (err) {
setResource(null);
return;
}
setResource(res);
})().then();
}, []);
return (
<Box>
<Box
sx={{
px: 1.5,
height: '48px',
display: 'flex',
justifyContent: 'justify-between',
alignItems: 'center',
}}
>
<span>{location.pathname.substring(1)}</span>
</Box>
<Divider />
<Box sx={{ p: 1.5 }}>
<pre>
{resource ? JSON.stringify(resource, null, 2) : 'Loading'}
</pre>
</Box>
</Box>
);
};

View file

@ -135,11 +135,12 @@ func (w *Worker) KernelRepack(ctx context.Context, kernel *kernelmanagerpb.Kerne
version = mlVersion
out, err := repack_v1.ML(&repack_v1.Input{
Version: mlVersion,
BuildID: buildID,
KernelPackage: kernel.Pkg,
Tarball: mlTarball,
Changelog: changelog(mlVersion),
Version: mlVersion,
BuildID: buildID,
KernelPackage: kernel.Pkg,
Tarball: mlTarball,
Changelog: changelog(mlVersion),
AdditionalKernelConfig: kernel.Config.RepackOptions.AdditionalKernelConfig,
})
if err != nil {
return nil, err
@ -158,11 +159,12 @@ func (w *Worker) KernelRepack(ctx context.Context, kernel *kernelmanagerpb.Kerne
version = ltVersion
out, err := repack_v1.LT(&repack_v1.Input{
Version: ltVersion,
BuildID: buildID,
KernelPackage: kernel.Pkg,
Tarball: ltTarball,
Changelog: changelog(ltVersion),
Version: ltVersion,
BuildID: buildID,
KernelPackage: kernel.Pkg,
Tarball: ltTarball,
Changelog: changelog(ltVersion),
AdditionalKernelConfig: kernel.Config.RepackOptions.AdditionalKernelConfig,
})
if err != nil {
return nil, err