mirror of
https://github.com/peridotbuild/peridot.git
synced 2024-12-30 14:00:56 +00:00
kernelmanager: New specs and support file permissions
This commit is contained in:
parent
60e664b8ae
commit
8e80167da4
13 changed files with 5239 additions and 6695 deletions
|
@ -105,7 +105,9 @@ export function ResourceTable<T extends StandardResource>(
|
|||
const [rows, setRows] = React.useState<T[] | undefined>(undefined);
|
||||
const [loading, setLoading] = React.useState<boolean>(false);
|
||||
const [filter, setFilter] = React.useState<string | undefined>(initFilter);
|
||||
const [filterValue, setFilterValue] = React.useState<string | undefined>(initFilter);
|
||||
const [filterValue, setFilterValue] = React.useState<string | undefined>(
|
||||
initFilter,
|
||||
);
|
||||
|
||||
const updateSearch = (replace = false) => {
|
||||
const search = new URLSearchParams(location.search);
|
||||
|
@ -170,7 +172,8 @@ export function ResourceTable<T extends StandardResource>(
|
|||
setRowsPerPage(initRowsPerPage);
|
||||
}
|
||||
if (
|
||||
JSON.stringify(pageTokenHistory) !== JSON.stringify(initPageTokenHistory)
|
||||
JSON.stringify(pageTokenHistory) !==
|
||||
JSON.stringify(initPageTokenHistory)
|
||||
) {
|
||||
setPageTokenHistory(initPageTokenHistory);
|
||||
}
|
||||
|
@ -251,10 +254,19 @@ export function ResourceTable<T extends StandardResource>(
|
|||
sx={{ '&:last-child td, &:last-child th': { border: 0 } }}
|
||||
>
|
||||
{props.fields.map((field) => {
|
||||
// If row has prefix of location.pathname, then we should remove it
|
||||
// from the name.
|
||||
// Then we can use a relative link.
|
||||
const doesStartWithPathname = row.name?.startsWith(location.pathname);
|
||||
if (doesStartWithPathname) {
|
||||
// Only replace the first occurrence
|
||||
row.name = row.name?.replace(location.pathname, '');
|
||||
}
|
||||
|
||||
return (
|
||||
<TableCell key={field.key}>
|
||||
{field.key === 'name' ? (
|
||||
<Link to={`/${row.name}`}>{row.name}</Link>
|
||||
<Link to={row.name}>{row.name}</Link>
|
||||
) : (
|
||||
<>{row[field.key] ? row[field.key].toString() : '--'}</>
|
||||
)}
|
||||
|
@ -274,7 +286,9 @@ export function ResourceTable<T extends StandardResource>(
|
|||
variant="outlined"
|
||||
size="small"
|
||||
value={filterValue}
|
||||
onChange={(event: React.ChangeEvent<HTMLInputElement>) => setFilterValue(event.target.value)}
|
||||
onChange={(event: React.ChangeEvent<HTMLInputElement>) =>
|
||||
setFilterValue(event.target.value)
|
||||
}
|
||||
/>
|
||||
<Button
|
||||
variant="contained"
|
||||
|
|
|
@ -6,8 +6,9 @@ import (
|
|||
)
|
||||
|
||||
type File struct {
|
||||
Name string
|
||||
Data []byte
|
||||
Name string
|
||||
Data []byte
|
||||
Permissions os.FileMode
|
||||
}
|
||||
|
||||
type Output struct {
|
||||
|
@ -30,7 +31,7 @@ func (o *Output) ToFS(fs billy.Filesystem) error {
|
|||
|
||||
// Create SOURCES files
|
||||
for _, file := range o.OtherFiles {
|
||||
f, err := fs.OpenFile("SOURCES/"+file.Name, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
|
||||
f, err := fs.OpenFile("SOURCES/"+file.Name, os.O_CREATE|os.O_RDWR|os.O_TRUNC, file.Permissions)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -569,21 +569,21 @@ sed -i "s@^EXTRAVERSION.*@EXTRAVERSION = -%{release}.%{_target_cpu}@" Makefile
|
|||
|
||||
%ifarch x86_64 || aarch64
|
||||
cp config-%{_target_cpu} .config
|
||||
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions-el9-%{_target_cpu}.txt || true
|
||||
if [ -s newoptions-el9-%{_target_cpu}.txt ]; then
|
||||
cat newoptions-el9-%{_target_cpu}.txt
|
||||
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions%{_target_cpu}.txt || true
|
||||
if [ -s newoptions%{_target_cpu}.txt ]; then
|
||||
cat newoptions%{_target_cpu}.txt
|
||||
exit 1
|
||||
fi
|
||||
rm -f newoptions-el9-%{_target_cpu}.txt
|
||||
rm -f newoptions%{_target_cpu}.txt
|
||||
%endif
|
||||
|
||||
# Add DUP and kpatch certificates to system trusted keys for RHEL.
|
||||
# Add DUP and kpatch certificates to system trusted keys for Rocky.
|
||||
%if %{signkernel} || %{signmodules}
|
||||
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
|
||||
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
|
||||
cat rheldup3.pem rhelkpatch1.pem > certs/rhel.pem
|
||||
openssl x509 -inform der -in %{SOURCE100} -out rockydup3.pem
|
||||
openssl x509 -inform der -in %{SOURCE101} -out rockykpatch1.pem
|
||||
cat rockydup3.pem rockykpatch1.pem > certs/rocky.pem
|
||||
for i in config-*; do
|
||||
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
|
||||
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rocky.pem"@' $i
|
||||
done
|
||||
%else
|
||||
for i in config-*; do
|
||||
|
@ -591,9 +591,9 @@ for i in config-*; do
|
|||
done
|
||||
%endif
|
||||
|
||||
# Adjust the FIPS module name for RHEL9.
|
||||
# Adjust the FIPS module name for Rocky9.
|
||||
for i in config-*; do
|
||||
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux 9 - Kernel Cryptographic API"@' $i
|
||||
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Rocky Linux 9 - Kernel Cryptographic API"@' $i
|
||||
done
|
||||
|
||||
%{__make} -s distclean
|
||||
|
|
|
@ -572,21 +572,21 @@ sed -i "s@^EXTRAVERSION.*@EXTRAVERSION = -%{release}.%{_target_cpu}@" Makefile
|
|||
|
||||
%ifarch x86_64 || aarch64
|
||||
cp config-%{_target_cpu} .config
|
||||
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions-el9-%{_target_cpu}.txt || true
|
||||
if [ -s newoptions-el9-%{_target_cpu}.txt ]; then
|
||||
cat newoptions-el9-%{_target_cpu}.txt
|
||||
%{__make} -s ARCH=%{bldarch} listnewconfig | grep -E '^CONFIG_' > newoptions-%{_target_cpu}.txt || true
|
||||
if [ -s newoptions-%{_target_cpu}.txt ]; then
|
||||
cat newoptions-%{_target_cpu}.txt
|
||||
exit 1
|
||||
fi
|
||||
rm -f newoptions-el9-%{_target_cpu}.txt
|
||||
rm -f newoptions-%{_target_cpu}.txt
|
||||
%endif
|
||||
|
||||
# Add DUP and kpatch certificates to system trusted keys for RHEL.
|
||||
# Add DUP and kpatch certificates to system trusted keys for Rocky.
|
||||
%if %{signkernel} || %{signmodules}
|
||||
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
|
||||
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
|
||||
cat rheldup3.pem rhelkpatch1.pem > certs/rhel.pem
|
||||
openssl x509 -inform der -in %{SOURCE100} -out rockydup3.pem
|
||||
openssl x509 -inform der -in %{SOURCE101} -out rockykpatch1.pem
|
||||
cat rockydup3.pem rockykpatch1.pem > certs/rocky.pem
|
||||
for i in config-*; do
|
||||
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
|
||||
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rocky.pem"@' $i
|
||||
done
|
||||
%else
|
||||
for i in config-*; do
|
||||
|
@ -594,9 +594,9 @@ for i in config-*; do
|
|||
done
|
||||
%endif
|
||||
|
||||
# Adjust the FIPS module name for RHEL9.
|
||||
# Adjust the FIPS module name for Rocky9.
|
||||
for i in config-*; do
|
||||
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux 9 - Kernel Cryptographic API"@' $i
|
||||
sed -i 's@CONFIG_CRYPTO_FIPS_NAME=.*@CONFIG_CRYPTO_FIPS_NAME="Rocky Linux 9 - Kernel Cryptographic API"@' $i
|
||||
done
|
||||
|
||||
%{__make} -s distclean
|
||||
|
|
|
@ -24,11 +24,12 @@ type ChangelogEntry struct {
|
|||
}
|
||||
|
||||
type Input struct {
|
||||
Version string
|
||||
BuildID string
|
||||
KernelPackage string
|
||||
Changelog []*ChangelogEntry
|
||||
Tarball []byte
|
||||
Version string
|
||||
BuildID string
|
||||
KernelPackage string
|
||||
Changelog []*ChangelogEntry
|
||||
AdditionalKernelConfig []string
|
||||
Tarball []byte
|
||||
}
|
||||
|
||||
func kernel(kernelType string, in *Input) (*kernel_repack.Output, error) {
|
||||
|
@ -78,9 +79,31 @@ func kernel(kernelType string, in *Input) (*kernel_repack.Output, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// If the file starts with "config-", then it's a kernel config file.
|
||||
// Append additional kernel config to the end of the file.
|
||||
if strings.HasPrefix(file.Name(), "config-") {
|
||||
data = append(data, []byte("\n")...)
|
||||
for _, config := range in.AdditionalKernelConfig {
|
||||
data = append(data, []byte(config)...)
|
||||
data = append(data, []byte("\n")...)
|
||||
}
|
||||
}
|
||||
|
||||
stat, err := f.Stat()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
mode := stat.Mode()
|
||||
|
||||
// If file name ends with ".sh", set executable bit
|
||||
if strings.HasSuffix(file.Name(), ".sh") {
|
||||
mode |= 0111
|
||||
}
|
||||
|
||||
files = append(files, &kernel_repack.File{
|
||||
Name: file.Name(),
|
||||
Data: data,
|
||||
Name: file.Name(),
|
||||
Data: data,
|
||||
Permissions: mode,
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -57,6 +57,9 @@ message RepackOptions {
|
|||
}
|
||||
// Repack version
|
||||
Version version = 4;
|
||||
|
||||
// Additional kernel config entries.
|
||||
repeated string additional_kernel_config = 5;
|
||||
}
|
||||
|
||||
// PeridotProject contains information about the Peridot project
|
||||
|
|
|
@ -30,7 +30,7 @@ service KernelManager {
|
|||
// GetKernel returns a kernel by name.
|
||||
rpc GetKernel(GetKernelRequest) returns (Kernel) {
|
||||
option (google.api.http) = {
|
||||
get: "/v1/{name=kernels/*}"
|
||||
get: "/v1/{name=kernels/*/kernels/*}"
|
||||
};
|
||||
option (google.api.method_signature) = "name";
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ service KernelManager {
|
|||
// UpdateKernel updates an existing kernel.
|
||||
rpc UpdateKernel(UpdateKernelRequest) returns (Kernel) {
|
||||
option (google.api.http) = {
|
||||
patch: "/v1/{kernel.name=kernels/*}"
|
||||
patch: "/v1/{kernel.name=kernels/*/kernels/*}"
|
||||
body: "kernel"
|
||||
};
|
||||
option (google.api.method_signature) = "kernel,update_mask";
|
||||
|
@ -57,7 +57,7 @@ service KernelManager {
|
|||
// update of the kernel. And the update window will be reset.
|
||||
rpc TriggerKernelUpdate(TriggerKernelUpdateRequest) returns (google.longrunning.Operation) {
|
||||
option (google.api.http) = {
|
||||
post: "/v1/{name=kernels/*}:triggerUpdate"
|
||||
post: "/v1/{name=kernels/*/kernels/*}:triggerUpdate"
|
||||
};
|
||||
option (google.longrunning.operation_info) = {
|
||||
response_type: "TriggerKernelUpdateResponse"
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/proto"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func getPrefixEnd(key []byte) []byte {
|
||||
|
@ -65,8 +66,11 @@ func (s *Server) GetKernel(ctx context.Context, req *kernelmanagerpb.GetKernelRe
|
|||
return nil, status.Error(codes.InvalidArgument, "name must be provided")
|
||||
}
|
||||
|
||||
kernelBytes, err := s.kv.Get(ctx, fmt.Sprintf("/kernels/entries/%s", req.Name))
|
||||
kernelBytes, err := s.kv.Get(ctx, fmt.Sprintf("/kernels/entries/%s", strings.TrimPrefix(req.Name, "kernels/")))
|
||||
if err != nil {
|
||||
if errors.Is(err, kv.ErrNotFound) {
|
||||
return nil, status.Error(codes.NotFound, "kernel not found")
|
||||
}
|
||||
base.LogErrorf("failed to get kernel: %v", err)
|
||||
return nil, status.Error(codes.Internal, "failed to get kernel")
|
||||
}
|
||||
|
|
|
@ -23,6 +23,8 @@ import Typography from '@mui/material/Typography';
|
|||
import Button from '@mui/material/Button';
|
||||
import { Theme } from '@mui/material/styles';
|
||||
import { Kernels } from './Kernels';
|
||||
import { GetKernel } from 'tools/kernelmanager/ui/GetKernel';
|
||||
import Link from '@mui/material/Link';
|
||||
|
||||
export const App = () => {
|
||||
return (
|
||||
|
@ -34,7 +36,9 @@ export const App = () => {
|
|||
>
|
||||
<Toolbar variant="dense">
|
||||
<Typography variant="h6" component="div" sx={{ flexGrow: 1 }}>
|
||||
RESF KernelManager{window.__beta__ ? ' (beta)' : ''}
|
||||
<Link to="/">
|
||||
RESF KernelManager{window.__beta__ ? ' (beta)' : ''}
|
||||
</Link>
|
||||
</Typography>
|
||||
<Box sx={{ flexGrow: 1, textAlign: 'right' }}>
|
||||
{window.__peridot_user__ ? (
|
||||
|
@ -68,6 +72,7 @@ export const App = () => {
|
|||
<Route index element={<Navigate to="/kernels" replace />} />
|
||||
<Route path="/kernels">
|
||||
<Route index element={<Kernels />} />
|
||||
<Route path="*" element={<GetKernel />} />
|
||||
</Route>
|
||||
</Routes>
|
||||
</Box>
|
||||
|
|
74
tools/kernelmanager/ui/GetKernel.tsx
Normal file
74
tools/kernelmanager/ui/GetKernel.tsx
Normal file
|
@ -0,0 +1,74 @@
|
|||
/**
|
||||
* Copyright 2023 Peridot Authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import React from 'react';
|
||||
import { useParams } from 'react-router-dom';
|
||||
|
||||
import Box from '@mui/material/Box';
|
||||
import Divider from '@mui/material/Divider';
|
||||
|
||||
import { ResourceView } from 'base/ts/mui/ResourceView';
|
||||
import { reqap } from 'base/ts/reqap';
|
||||
|
||||
import { V1Kernel } from 'bazel-bin/tools/kernelmanager/proto/v1/kernelmanagerpb_ts_proto_gen';
|
||||
import { kernelManagerApi } from 'tools/kernelmanager/ui/api';
|
||||
|
||||
export const GetKernel = () => {
|
||||
const params = useParams();
|
||||
const [resource, setResource] = React.useState<V1Kernel | undefined | null>(
|
||||
undefined,
|
||||
);
|
||||
|
||||
// Load the resource
|
||||
React.useEffect(() => {
|
||||
(async () => {
|
||||
const [res, err] = await reqap(
|
||||
kernelManagerApi.getKernel({
|
||||
name: location.pathname.substring(1),
|
||||
}),
|
||||
);
|
||||
|
||||
if (err) {
|
||||
setResource(null);
|
||||
return;
|
||||
}
|
||||
|
||||
setResource(res);
|
||||
})().then();
|
||||
}, []);
|
||||
|
||||
return (
|
||||
<Box>
|
||||
<Box
|
||||
sx={{
|
||||
px: 1.5,
|
||||
height: '48px',
|
||||
display: 'flex',
|
||||
justifyContent: 'justify-between',
|
||||
alignItems: 'center',
|
||||
}}
|
||||
>
|
||||
<span>{location.pathname.substring(1)}</span>
|
||||
</Box>
|
||||
<Divider />
|
||||
<Box sx={{ p: 1.5 }}>
|
||||
<pre>
|
||||
{resource ? JSON.stringify(resource, null, 2) : 'Loading'}
|
||||
</pre>
|
||||
</Box>
|
||||
</Box>
|
||||
);
|
||||
};
|
|
@ -135,11 +135,12 @@ func (w *Worker) KernelRepack(ctx context.Context, kernel *kernelmanagerpb.Kerne
|
|||
version = mlVersion
|
||||
|
||||
out, err := repack_v1.ML(&repack_v1.Input{
|
||||
Version: mlVersion,
|
||||
BuildID: buildID,
|
||||
KernelPackage: kernel.Pkg,
|
||||
Tarball: mlTarball,
|
||||
Changelog: changelog(mlVersion),
|
||||
Version: mlVersion,
|
||||
BuildID: buildID,
|
||||
KernelPackage: kernel.Pkg,
|
||||
Tarball: mlTarball,
|
||||
Changelog: changelog(mlVersion),
|
||||
AdditionalKernelConfig: kernel.Config.RepackOptions.AdditionalKernelConfig,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -158,11 +159,12 @@ func (w *Worker) KernelRepack(ctx context.Context, kernel *kernelmanagerpb.Kerne
|
|||
version = ltVersion
|
||||
|
||||
out, err := repack_v1.LT(&repack_v1.Input{
|
||||
Version: ltVersion,
|
||||
BuildID: buildID,
|
||||
KernelPackage: kernel.Pkg,
|
||||
Tarball: ltTarball,
|
||||
Changelog: changelog(ltVersion),
|
||||
Version: ltVersion,
|
||||
BuildID: buildID,
|
||||
KernelPackage: kernel.Pkg,
|
||||
Tarball: ltTarball,
|
||||
Changelog: changelog(ltVersion),
|
||||
AdditionalKernelConfig: kernel.Config.RepackOptions.AdditionalKernelConfig,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
Loading…
Reference in a new issue