Skip to content

Bug 1890074: pkg/daemon: avoid duplicate extension verification #2178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vrutkovs wants to merge 1 commit into from
Closed

Bug 1890074: pkg/daemon: avoid duplicate extension verification #2178

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions pkg/daemon/constants/constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,12 @@ const (
// to proceed and attempt to "reconcile" to the new "desiredConfig" state regardless.
MachineConfigDaemonForceFile = "/run/machine-config-daemon-force"
)

var (
// SupportedPackages lists RPMs available in machine-os-content for RHCOS
SupportedPackages = []string{"kernel-headers", "usbguard"}
// SupportedPackageAliases expands allowed aliases to a list of RPMs to install
SupportedPackageAliases = map[string][]string{
"kernel-devel": {"kernel-headers", "kernel-devel"},
}
)
42 changes: 24 additions & 18 deletions pkg/daemon/update.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -865,45 +865,51 @@ func generateExtensionsArgs(oldConfig, newConfig *mcfgv1.MachineConfig) []string
}
}

// Supported extensions has package list info that is required
// to enable an extension
extensions := getSupportedExtensions()

// Extension may be an RPM name or an alias for a list of RPMs
extArgs := []string{"update"}
for _, ext := range added {
for _, pkg := range extensions[ext] {
for _, pkg := range extensionToRPMList(ext) {
extArgs = append(extArgs, "--install", pkg)
}
}
for _, ext := range removed {
for _, pkg := range extensions[ext] {
for _, pkg := range extensionToRPMList(ext) {
extArgs = append(extArgs, "--uninstall", pkg)
}
}

return extArgs
}

// Returns list of extensions possible to install on a CoreOS based system.
func getSupportedExtensions() map[string][]string {
// In future when list of extensions grow, it will make
// more sense to populate it in a dynamic way.
// getAliasList returns a list of keys from SupportedPackageAliases
func getAliasList() []string {
keys := make([]string, 0, len(constants.SupportedPackageAliases))
for k := range constants.SupportedPackageAliases {
keys = append(keys, k)
}
return keys
}

// These are RHCOS supported extensions.
// Each extension keeps a list of packages required to get enabled on host.
return map[string][]string{
"usbguard": {"usbguard"},
"kernel-devel": {"kernel-devel", "kernel-headers"},
// return a list of RPMs to install for particular extension
func extensionToRPMList(ext string) []string {
if ctrlcommon.InSlice(ext, getAliasList()) {
return constants.SupportedPackageAliases[ext]
}
return []string{ext}
}

func validateExtensions(exts []string) error {
supportedExtensions := getSupportedExtensions()
// Extension can either be an RPM or an alias
aliases := getAliasList()
invalidExts := []string{}
for _, ext := range exts {
if _, ok := supportedExtensions[ext]; !ok {
invalidExts = append(invalidExts, ext)
if ctrlcommon.InSlice(ext, constants.SupportedPackages) {
continue
}
if ctrlcommon.InSlice(ext, aliases) {
continue
}
invalidExts = append(invalidExts, ext)
}
if len(invalidExts) != 0 {
return fmt.Errorf("invalid extensions found: %v", invalidExts)
Expand Down