WIP: Port osmodifier from Go binary to native Rust crate#638
Draft
bfjelds wants to merge 12 commits into
Draft
Conversation
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bfjelds
changed the title
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bfjelds
force-pushed
the
user/bfjelds/mjolnir/port-osmodifier-to-rust
branch
3 times, most recently
from
9fff08e to
2fb0625
Compare
Member
Author
|
/azp run [GITHUB]-trident-pr |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bfjelds
force-pushed
the
user/bfjelds/mjolnir/port-osmodifier-to-rust
branch
5 times, most recently
from
becb22b to
ccabced
Compare
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
Replace the external Go osmodifier binary from azure-linux-image-tools with a native Rust library crate (crates/osmodifier). Trident now calls osmodifier functions directly instead of serializing config to YAML, writing a temp file, and exec'ing the Go binary. The new crate implements: - User management (useradd, password hashing, SSH keys, groups) - Hostname configuration (/etc/hostname) - Service management (systemctl enable/disable) - Kernel module configuration (modules-load.d, modprobe.d) - SELinux configuration (/etc/selinux/config and kernel cmdline) - /etc/default/grub parsing and writing - grub.cfg parsing for update-default-grub flow - grub2-mkconfig execution Public API: - modify_os() - replaces osmodifier --config-file for OS modifications - update_default_grub() - replaces osmodifier --update-grub - modify_boot() - replaces osmodifier --config-file for boot config This eliminates: - External Go binary build dependency (azure-linux-image-tools clone) - Binary bind-mounting into newroot - YAML serialization round-trip overhead - OS_MODIFIER_BINARY_PATH and OS_MODIFIER_NEWROOT_PATH constants - Makefile, Dockerfile, RPM spec, and pipeline osmodifier references Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ed import Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…l tests Remove all download-osmodifier.yml template invocations, make artifacts/osmodifier targets, and functional test binary upload steps. The osmodifier is now compiled into the trident binary as a library crate. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add back std::path::Path import in osconfig/mod.rs (needed for provision() signature) - Remove unused crate::engine::EngineContext import in newroot.rs - Remove unused std::path::Path import in boot/mod.rs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fixes based on 9-agent adversarial code review: Security: - Use chpasswd -e via stdin instead of useradd -p to avoid leaking password hashes through /proc/cmdline - Validate startup_command for colons/newlines to prevent /etc/passwd corruption - Implement PasswordType::Locked for existing users (write ! marker) Atomicity: - All /etc/shadow and /etc/passwd edits now use atomic write-temp-rename pattern via tempfile::NamedTempFile::persist() Correctness: - Fix set_password_expiry: add missing found-check (was silent no-op) - Fix add_extra_cmdline: deduplicate by key to be idempotent on re-run - Fix stale comment in modify_os about not touching grub Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Go osmodifier wrote hostname without trailing newline. The Rust port added one, causing the functional test assertion to fail: left: 'carry-over-hostname\n' right: 'carry-over-hostname' Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add Rust functional tests for the osmodifier modules that run inside the test VM. Tests cover: - hostname: write and overwrite /etc/hostname - modules: always-load, disable, options, idempotency, disable-removes-load - selinux: config file update (enforcing/disabled), missing file error, GRUB cmdline SELinux args - services: enable/disable with synthetic systemd units, already-disabled - lib.rs integration: modify_os with hostname+modules, empty config no-op, hostname+services combined All tests use tempdir-rooted OsModifierContext to avoid modifying the real system. Service tests use synthetic unit files rather than depending on installed services. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
force-pushed
the
user/bfjelds/mjolnir/port-osmodifier-to-rust
branch
from
ccabced to
23ca4c8
Compare
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace the external Go osmodifier binary from azure-linux-image-tools with a native Rust library crate (crates/osmodifier). Trident now calls osmodifier functions directly instead of serializing config to YAML, writing a temp file, and exec'ing the Go binary.