Merge pull request #78 from desultory/plymouth

Add plymouth support, improve dependency resolution

Author: desultory

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ugrd"
-version = "1.24.2"
+version = "1.25.0"
 authors = [
   { name="Desultory", email="[email protected]" },
 ]

src/ugrd/base/base.py

@@ -1,5 +1,5 @@
 __author__ = 'desultory'
-__version__ = '4.9.1'
+__version__ = '5.1.0'
 
 from importlib.metadata import version
 from pathlib import Path
@@ -117,7 +117,14 @@ def rd_fail(self) -> list[str]:
             r'eerror "Mounts:\n$(mount)"',
             'if [ "$(readvar recovery)" == "1" ]; then',
             '    einfo "Entering recovery shell"',
-            '    bash -l',
+            '    if check_var plymouth; then',
+            '        plymouth display-message --text="Entering recovery shell"',
+            '        plymouth hide-splash',
+            '        bash -l',
+            '        plymouth show-splash',
+            '    else',
+            '        bash -l',
+            '    fi',
             'fi',
             'prompt_user "Press enter to restart init."',
             'rd_restart']
@@ -163,9 +170,15 @@ def prompt_user(self) -> str:
     Returns a bash function that pauses until the user presses enter.
     The first argument is the prompt message.
     The second argument is the timeout in seconds.
+
+    if plymouth is running, run 'plymouth display-message --text="$prompt" instead of echo.
     """
     return ['prompt=${1:-"Press enter to continue."}',
-            r'echo -e "\e[1;35m *\e[0m $prompt"',
+            'if check_var plymouth; then',
+            '    plymouth display-message --text="$prompt"',
+            'else',
+            r'    echo -e "\e[1;35m *\e[0m $prompt"',
+            'fi',
             'if [ -n "$2" ]; then',
             '    read -t "$2" -rs',
             'else',
@@ -210,29 +223,35 @@ def edebug(self) -> str:
             'if [ "$(readvar debug)" != "1" ]; then',
             '    return',
             'fi',
-            r'echo -e "\e[1;34m *\e[0m ${*}"'
-            ]
+            r'echo -e "\e[1;34m *\e[0m ${*}"']
 
 
 def einfo(self) -> str:
     """ Returns a bash function like einfo. """
     return ['if check_var quiet; then',
             '    return',
             'fi',
-            r'echo -e "\e[1;32m *\e[0m ${*}"'
-            ]
+            r'echo -e "\e[1;32m *\e[0m ${*}"']
 
 
 def ewarn(self) -> str:
     """ Returns a bash function like ewarn. """
-    return ['if check_var quiet; then',
+    return ['if check_var plymouth; then',
+            '    plymouth display-message --text="Warning: ${*}"',
+            '    return',
+            'fi',
+            'if check_var quiet; then',
             '    return',
             'fi',
             r'echo -e "\e[1;33m *\e[0m ${*}"']
 
 
 def eerror(self) -> str:
     """ Returns a bash function like eerror. """
-    return r'echo -e "\e[1;31m *\e[0m ${*}"'
+    return ['if check_var plymouth; then',
+            '    plymouth display-message --text="Error: ${*}"',
+            '    return',
+            'fi',
+            r'echo -e "\e[1;31m *\e[0m ${*}"']
 
 

src/ugrd/base/core.py

@@ -1,5 +1,5 @@
 __author__ = 'desultory'
-__version__ = '3.8.0'
+__version__ = '3.9.1'
 
 from pathlib import Path
 from typing import Union
@@ -263,9 +263,15 @@ def _process_dependencies_multi(self, dependency: Union[Path, str]) -> None:
     """
     dependency = _validate_dependency(self, dependency)
 
-    if dependency.is_symlink():
+    if dependency.is_dir():
+        self.logger.debug("Dependency is a directory, adding to paths: %s" % dependency)
+        self['paths'] = dependency
+        return
+
+    while dependency.is_symlink():
         if self['symlinks'].get(f'_auto_{dependency.name}'):
             self.logger.log(5, "Dependency is a symlink which is already in the symlinks list, skipping: %s" % dependency)
+            break
         else:
             resolved_path = dependency.resolve()
             self.logger.debug("Dependency is a symlink, adding to symlinks: %s -> %s" % (dependency, resolved_path))
@@ -328,7 +334,7 @@ def _process_copies_multi(self, name: str, parameters: dict) -> None:
     if 'source' not in parameters:
         raise ValueError("[%s] No source specified" % name)
     if 'destination' not in parameters:
-        raise ValueError("[%s] No target specified" % name)
+        raise ValueError("[%s] No destination specified" % name)
 
     self.logger.debug("[%s] Adding copies: %s" % (name, parameters))
     self['copies'][name] = parameters

src/ugrd/base/plymouth.py

@@ -1,14 +1,67 @@
+from zenlib.util import unset
+from configparser import ConfigParser
+from pathlib import Path
 
+PLYMOUTH_CONFIG_FILES = ['/etc/plymouth/plymouthd.conf', '/usr/share/plymouth/plymouthd.defaults']
 
-def populate_initrd(self):
-    """
-    Runs /usr/libexec/plymouth/plymouth-populate-initrd
-    """
-    self._run(['/usr/libexec/plymouth/plymouth-populate-initrd', '-t', self.build_dir])
+
+@unset('plymouth_config')
+def find_plymouth_config(self):
+    """ Adds the plymouth config files to the build directory """
+    self.logger.info("Finding plymouthd.conf")
+    for file in PLYMOUTH_CONFIG_FILES:
+        plymouth_config = ConfigParser()
+        plymouth_config.read(file)
+        if plymouth_config.has_section('Daemon') and plymouth_config.has_option('Daemon', 'Theme'):
+            self['plymouth_config'] = file
+            break
+        self.logger.debug("Plymouth config file missing theme option: %s" % file)
+    else:
+        raise FileNotFoundError('Failed to find plymouthd.conf')
+
+
+def _process_plymouth_config(self, file):
+    """ Checks that the config file is valid """
+    self.logger.info("Processing plymouthd.conf: %s" % file)
+    plymouth_config = ConfigParser()
+    plymouth_config.read(file)
+    self['plymouth_theme'] = plymouth_config['Daemon']['Theme']
+    self.data['plymouth_config'] = file
+    self['copies'] = {'plymouth_config_file': {'source': file, 'destination': '/etc/plymouth/plymouthd.conf'}}
+
+
+def _process_plymouth_theme(self, theme):
+    """ Checks that the theme is valid """
+    theme_dir = Path('/usr/share/plymouth/themes') / theme
+    if not theme_dir.exists():
+        raise FileNotFoundError('Theme directory not found: %s' % theme_dir)
+
+    self.data['plymouth_theme'] = theme
+
+
+def pull_plymouth(self):
+    """ Adds plymouth files to dependencies """
+    dir_list = [Path('/usr/lib64/plymouth'), Path('/usr/share/plymouth/themes/') / self["plymouth_theme"]]
+    self.logger.info("Adding plymouth files to dependencies.")
+    for directory in dir_list:
+        for file in directory.rglob('*'):
+            self['dependencies'] = file
+
+    self['dependencies'] = ['/usr/share/plymouth/themes/text/text.plymouth',
+                            '/usr/share/plymouth/themes/details/details.plymouth']
+
+
+def make_devpts(self):
+    """ Creates /dev/pts and mounts the fstab entry """
+    return ['mkdir -m755 -p /dev/pts',
+            'mount /dev/pts']
 
 
 def start_plymouth(self):
     """
     Runs plymouthd
     """
-    return ['plymouthd --attach-to-session --pid-file /run/plymouth/pid --mode=boot', 'plymouth show-splash']
+    return ['mkdir -p /run/plymouth',
+            'plymouthd --mode boot --pid-file /run/plymouth/plymouth.pid --attach-to-session',
+            'setvar plymouth 1',
+            'plymouth show-splash']

src/ugrd/base/plymouth.toml

@@ -1,15 +1,27 @@
+binaries = ['plymouthd', 'plymouth', 'plymouth-set-default-theme']
 
-binaries = ['plymouthd', 'plymouth']
-
-paths = ['/run/plymouth']
+[imports.config_processing]
+"ugrd.base.plymouth" = [ "_process_plymouth_config", "_process_plymouth_theme" ]
 
 [mounts.devpts]
 type = "devpts"
 destination = "/dev/pts"
-source = "/dev/pts"
+options = ['noauto', 'nosuid', 'noexec', 'mode=0620', 'gid=5']
+path = "/dev/pts"
+no_validate = true
 
 [imports.build_pre]
-"ugrd.base.plymouth" = [ "populate_initrd" ]
+"ugrd.base.plymouth" = [ "find_plymouth_config" ]
+
+[imports.build_tasks]
+"ugrd.base.plymouth" = [ "pull_plymouth" ]
+
+[imports.init_early]
+"ugrd.base.plymouth" = [ "make_devpts" ]
 
 [imports.init_main]
 "ugrd.base.plymouth" = [ "start_plymouth" ]
+
+[custom_parameters]
+plymouth_config = "Path"  # Path to the plymouth configuration file
+plymouth_theme = "str"  # Name of the plymouth theme to use

src/ugrd/crypto/cryptsetup.py

@@ -1,16 +1,17 @@
 __author__ = 'desultory'
-__version__ = '2.9.0'
+__version__ = '3.2.0'
 
 from zenlib.util import contains
 
 from pathlib import Path
 
 _module_name = 'ugrd.crypto.cryptsetup'
 
-CRYPTSETUP_PARAMETERS = ['key_type', 'partuuid', 'uuid', 'path',
-                         'key_file', 'header_file', 'retries',
-                         'key_command', 'reset_command', 'try_nokey',
-                         'include_key', 'validate_key', 'validate']
+
+CRYPTSETUP_KEY_PARAMETERS = ['key_command', 'plymouth_key_command', 'reset_command']
+CRYPTSETUP_PARAMETERS = ['key_type', 'partuuid', 'uuid', 'path', 'key_file', 'header_file', 'retries',
+                         *CRYPTSETUP_KEY_PARAMETERS, 'try_nokey', 'include_key', 'validate_key']
+
 
 
 def _merge_cryptsetup(self, mapped_name: str, config: dict) -> None:
@@ -30,7 +31,7 @@ def _process_cryptsetup_key_types_multi(self, key_type: str, config: dict) -> No
     """
     self.logger.debug("[%s] Processing cryptsetup key type configuration: %s" % (key_type, config))
     for parameter in config:
-        if parameter not in CRYPTSETUP_PARAMETERS:
+        if parameter not in CRYPTSETUP_KEY_PARAMETERS:
             raise ValueError("Invalid parameter: %s" % parameter)
 
     # Update the key if it already exists, otherwise create a new key type
@@ -115,7 +116,7 @@ def _process_cryptsetup_multi(self, mapped_name: str, config: dict) -> None:
         config['key_type'] = key_type
 
         # Inherit from the key type configuration
-        for parameter in ['key_command', 'reset_command']:
+        for parameter in CRYPTSETUP_KEY_PARAMETERS:
             if value := self['cryptsetup_key_types'][key_type].get(parameter):
                 config[parameter] = value.format(**config)
 
@@ -282,51 +283,58 @@ def open_crypt_device(self, name: str, parameters: dict) -> list[str]:
     out = [f"prompt_user 'Press enter to unlock device: {name}'"] if self['cryptsetup_prompt'] else []
     out += [f"for ((i = 1; i <= {retries}; i++)); do"]
 
-    # When there is a key command, read from the named pipe and use that as the key
+    # Resolve the device source using get_crypt_dev, if no source is returned, run rd_fail
+    out += [f'    crypt_dev="$(get_crypt_dev {name})"',
+            '    if [ -z "$crypt_dev" ]; then',
+            f'        rd_fail "Failed to resolve device source for cryptsetup mount: {name}"',
+            '    fi']
+
+    # When there is a key command, evaluate it into $key_data
     if 'key_command' in parameters:
         self.logger.debug("[%s] Using key command: %s" % (name, parameters['key_command']))
         out += [f"    einfo 'Attempting to open LUKS key: {parameters['key_file']}'",
-                f"    edebug 'Using key command: {parameters['key_command']}'"]
-        cryptsetup_command = f'{parameters["key_command"]} | cryptsetup open --key-file -'
-    elif 'key_file' in parameters:
-        self.logger.debug("[%s] Using key file: %s" % (name, parameters['key_file']))
-        cryptsetup_command = f'cryptsetup open --key-file {parameters["key_file"]}'
-    else:
-        # Set tries to 1 since it runs in the loop
-        cryptsetup_command = 'cryptsetup open --tries 1'
+                f"    edebug 'Using key command: {parameters['key_command']}'",
+                '    if check_var plymouth; then',
+                f'        plymouth ask-for-password --prompt "[${{i}} / {retries}] Enter passphrase to unlock key for: {name}" --command "{parameters["plymouth_key_command"]}" --number-of-tries 1 > /run/vars/key_data || continue',
+                '    else',
+                f'        {parameters["key_command"]} > /run/vars/key_data || continue',
+                '    fi']
 
-    # Add the header file if it exists
-    if header_file := parameters.get('header_file'):
+    cryptsetup_command = 'cryptsetup open --tries 1'  # Set tries to 1 since it runs in the loop
+    cryptsetup_target = f'"$crypt_dev" {name}'  # Add a variable for the source device and mapped name
+
+    if header_file := parameters.get('header_file'):  # Use the header file if it exists
         out += [f"    einfo 'Using header file: {header_file}'"]
         cryptsetup_command += f' --header {header_file}'
 
     if self['cryptsetup_trim']:
         cryptsetup_command += ' --allow-discards'
         self.logger.warning("Using --allow-discards can be a security risk.")
 
-    # Resolve the device source using get_crypt_dev, if no source is returned, run rd_fail
-    out += [f'crypt_dev="$(get_crypt_dev {name})"',
-            'if [ -z "$crypt_dev" ]; then',
-            f'    rd_fail "Failed to resolve device source for cryptsetup mount: {name}"',
-            'fi']
-
-    # Add the variable for the source device and mapped name
-    cryptsetup_command += f' "$crypt_dev" {name}'
-
     # Check if the device was successfully opened
-    out += [f'    if {cryptsetup_command}; then',
-            f'        einfo "Successfully opened device: {name}"',
-            '        break',
-            '    else',
-            f'        ewarn "Failed to open device: {name} ($i / {retries})"']
+    out += ['    einfo "Unlocking device: $crypt_dev"',  # Unlock using key data if it exists
+            '    if [ -e /run/vars/key_data ]; then',
+            f'        if {cryptsetup_command} --key-file=/run/vars/key_data {cryptsetup_target}; then',
+            '            rm /run/vars/key_data',  # Remove the key data file
+            '            break',
+            '        fi',  # Try to open the device using plymouth if it's running
+            '        rm /run/vars/key_data',  # Remove the key data file
+            f'    elif check_var plymouth && plymouth ask-for-password --prompt "[${{i}} / {retries}] Enter passphrase to unlock {name}" --command "{cryptsetup_command} {cryptsetup_target}" --number-of-tries 1; then',
+            '        break']  # Break if the device was successfully opened
+    if 'key_file' in parameters:  # try a key file directly if it exists
+        out += [f'    elif {cryptsetup_command} --key-file {parameters["key_file"]} {cryptsetup_target}; then']
+    else:  # Otherwise, open directly
+        out += [f'    elif {cryptsetup_command} {cryptsetup_target}; then']
+    out += ['        break',
+            '    fi',
+            f'    ewarn "Failed to open device: {name} ($i / {retries})"']
     # Halt if the autoretry is disabled
     if not self['cryptsetup_autoretry']:
-        out += ['        prompt_user "Press enter to retry"']
+        out += ['    prompt_user "Press enter to retry"']
     # Add the reset command if it exists
     if reset_command := parameters.get('reset_command'):
-        out += ['        einfo "Running key reset command"',
-                f'        {reset_command}']
-    out += ['    fi']
+        out += ['    einfo "Running key reset command"',
+                f'    {reset_command}']
     out += ['done\n']
 
     return out

src/ugrd/crypto/cryptsetup.toml

@@ -22,9 +22,6 @@ cryptsetup_keyfile_validation = true
 [imports.functions]
 "ugrd.crypto.cryptsetup" = [ "get_crypt_dev" ]
 
-[cryptsetup_key_types.keyfile]
-key_command = "cat {key_file} |"
-
 [custom_parameters]
 cryptsetup_key_type = "str"  # The default key type to use for unlocking devices
 cryptsetup_keyfile_validation = "bool"  # Whether to validate the key file

src/ugrd/crypto/gpg.toml

@@ -1,11 +1,13 @@
 modules = [ "ugrd.base.console", "ugrd.crypto.cryptsetup" ]
 
-binaries = [ "/usr/bin/gpg", "/usr/bin/gpg-agent", "/usr/bin/gpgconf", "/usr/bin/gpg-connect-agent", "/usr/bin/pinentry-tty"]
+binaries = [ "/usr/bin/gpg", "/usr/bin/gpg-agent", "/usr/bin/gpgconf", "/usr/bin/gpg-connect-agent", "/usr/bin/pinentry-tty",
+             "rm" ]  # rm needed to remove the decrypted key file
 opt_dependencies = [ '/usr/libexec/keyboxd' ]  # Pull keyboxd in as an optional dependency
 
 
 [cryptsetup_key_types.gpg]
 key_command = "gpg --decrypt {key_file}"
+plymouth_key_command = "gpg --batch --pinentry-mode loopback --passphrase-fd 0 --decrypt {key_file}"
 
 [symlinks.pinentry]
 source = "/usr/bin/pinentry-tty"

src/ugrd/fs/mounts.py

@@ -85,7 +85,7 @@ def _process_mount(self, mount_name: str, mount_config, mount_class="mounts") ->
             if 'ugrd.fs.btrfs' not in self['modules']:
                 self.logger.info("Auto-enabling module: btrfs")
                 self['modules'] = 'ugrd.fs.btrfs'
-        elif mount_type not in ['proc', 'sysfs', 'devtmpfs', 'tmpfs']:
+        elif mount_type not in ['proc', 'sysfs', 'devtmpfs', 'tmpfs', 'devpts']:
             self.logger.warning("Unknown mount type: %s" % mount_type)
 
     self[mount_class][mount_name] = mount_config