From b75db5ae653b7b87859e582528df9b03aa5366f1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 17 Nov 2015 15:22:29 -0400 Subject: DiskImage creation automatically uses Chroot.noServices. --- src/Propellor/Property/DiskImage.hs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'src/Propellor/Property/DiskImage.hs') diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs index 5b8619ba..4878c365 100644 --- a/src/Propellor/Property/DiskImage.hs +++ b/src/Propellor/Property/DiskImage.hs @@ -1,8 +1,6 @@ -- | Disk image generation. -- -- This module is designed to be imported unqualified. --- --- TODO avoid starting services while populating chroot and running final module Propellor.Property.DiskImage ( -- * Partition specification @@ -69,6 +67,11 @@ type DiskImage = FilePath -- Note that the disk image file is reused if it already exists, -- to avoid expensive IO to generate a new one. And, it's updated in-place, -- so its contents are undefined during the build process. +-- +-- Note that the `Chroot.noServices` property is automatically added to the +-- chroot while the disk image is being built, which should prevent any +-- daemons that are included from being started on the system that is +-- building the disk image. imageBuilt :: DiskImage -> (FilePath -> Chroot) -> TableType -> Finalization -> [PartSpec] -> RevertableProperty HasInfo imageBuilt = imageBuilt' False @@ -93,6 +96,9 @@ imageBuilt' rebuild img mkchroot tabletype final partspec = | otherwise = doNothing chrootdir = img ++ ".chroot" chroot = mkchroot chrootdir + -- Before ensuring any other properties of the chroot, avoid + -- starting services. Reverted by imageFinalized. + &^ Chroot.noServices -- First stage finalization. & fst final -- Avoid wasting disk image space on the apt cache @@ -227,6 +233,7 @@ imageFinalized (_, final) mnts mntopts devs (PartTable _ parts) = go top = do liftIO $ mountall top liftIO $ writefstab top + liftIO $ allowservices top ensureProperty $ final top devs -- Ordered lexographically by mount point, so / comes before /usr @@ -260,6 +267,8 @@ imageFinalized (_, final) mnts mntopts devs (PartTable _ parts) = -- Eg "UNCONFIGURED FSTAB FOR BASE SYSTEM" unconfigured s = "UNCONFIGURED" `isInfixOf` s + allowservices top = nukeFile (top ++ "/usr/sbin/policy-rc.d") + noFinalization :: Finalization noFinalization = (doNothing, \_ _ -> doNothing) -- cgit v1.2.3