Sync with the archive

2 months ago · b887130d44
parent ee26ce4eb5
commit b887130d44
4 changed files with 154 additions and 41 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,9 +1,34 @@
-calamares (3.3.4-0ubuntu2~1) noble; urgency=medium
+calamares (3.3.5-0ubuntu4) noble; urgency=medium

-  * Add Active Directory support.
-  * needs one more bugfix iteration
+  * Populate grub-{efi,pc}/install_devices debconf config (LP: #2063354).

- -- Simon Quigley <tsimonq2@ubuntu.com>  Thu, 29 Feb 2024 17:28:08 -0600
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Wed, 24 Apr 2024 15:28:29 -0500
+
+calamares (3.3.5-0ubuntu3) noble; urgency=medium
+
+  * No-change rebuild for CVE-2024-3094
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 31 Mar 2024 08:44:36 +0000
+
+calamares (3.3.5-0ubuntu2) noble; urgency=medium
+
+  * No-change rebuild against libqt5core5t64
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 15 Mar 2024 04:00:12 +0000
+
+calamares (3.3.5-0ubuntu1) noble; urgency=medium
+
+  * New upstream release.
+  * Fully finish Active Directory prototype, leave the patch commented out for
+    now.
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Thu, 07 Mar 2024 15:32:51 -0600
+
+calamares (3.3.4-0ubuntu2) noble; urgency=medium
+
+  * No-change rebuild for python3.12 t64.
+
+ -- Matthias Klose <doko@ubuntu.com>  Sat, 02 Mar 2024 21:08:26 +0100

 calamares (3.3.4-0ubuntu1) noble; urgency=medium

--- a/debian/patches/active-directory.patch
+++ b/debian/patches/active-directory.patch
@ -54,15 +54,15 @@
 +    m_activeDirectoryIP = s;
 +}
 +
-+const QStringList&
+QStringList&
 +Config::getActiveDirectory() const
 +{
-+    QStringList activeDirectory;
-+    activeDirectory << m_activeDirectoryUsername
-+                    << m_activeDirectoryPassword
-+                    << m_activeDirectoryDomain
-+                    << m_activeDirectoryIP;
-+    return activeDirectory;
+    m_activeDirectorySettings.clear();
+    m_activeDirectorySettings << m_activeDirectoryUsername
+                              << m_activeDirectoryPassword
+                              << m_activeDirectoryDomain
+                              << m_activeDirectoryIP;
+    return m_activeDirectorySettings;
 +}
 +
 QString
@ -99,7 +99,7 @@
 +    /// Is it both enabled and activated?
 +    bool getActiveDirectoryUsed() const;
 +    /// Config for Active Directory
-+    const QStringList& getActiveDirectory() const;
+    QStringList& getActiveDirectory() const;
 
     const QList< GroupDescription >& defaultGroups() const { return m_defaultGroups; }
     /** @brief the names of all the groups for the current user
@ -116,10 +116,11 @@
 signals:
     void userShellChanged( const QString& );
     void autoLoginGroupChanged( const QString& );
-@@ -343,6 +355,13 @@ private:
+@@ -343,6 +355,14 @@ private:
 
     bool m_isReady = false;  ///< Used to reduce readyChanged signals
 
+    mutable QStringList m_activeDirectorySettings;
 +    bool m_activeDirectory = false;
 +    bool m_activeDirectoryUsed = false;
 +    QString m_activeDirectoryUsername;
@ -290,7 +291,7 @@
     onReuseUserPasswordChanged( m_config->reuseUserPasswordForRoot() );
 --- /dev/null
 +++ b/src/modules/users/ActiveDirectoryJob.cpp
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,91 @@
 +/* === This file is part of Calamares - <https://calamares.io> ===
 + *
 + *   SPDX-FileCopyrightText: 2024 Simon Quigley <tsimonq2@ubuntu.com>
@ -314,7 +315,7 @@
 +#include <QTextStream>
 +#include <QProcess>
 +
-+ActiveDirectoryJob::ActiveDirectoryJob(const QStringList& activeDirectoryInfo)
+ActiveDirectoryJob::ActiveDirectoryJob(QStringList& activeDirectoryInfo)
 +    : Calamares::Job()
 +    , m_activeDirectoryInfo(activeDirectoryInfo)
 +{
@ -341,41 +342,45 @@
 +Calamares::JobResult
 +ActiveDirectoryJob::exec()
 +{
-+    const QStringList& adInfo = m_activeDirectoryInfo;
+    QString username = m_activeDirectoryInfo.value(0);
+    QString password = m_activeDirectoryInfo.value(1);
+    QString domain = m_activeDirectoryInfo.value(2);
+    QString ip = m_activeDirectoryInfo.value(3);
 +
-+    QString username = adInfo.value(0);
-+    QString password = adInfo.value(1);
-+    QString domain = adInfo.value(2);
-+    //QString ip = adInfo.value(3);
-+
-+    QStringList args;
-+    args << "join" << "--user" << username << "--verbose" << domain;
-+
-+    QDir destDir;
 +    Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage();
-+    QString rootMountPoint = gs->value("rootMountPoint").toString();
-+    destDir = QDir(rootMountPoint);
+    QString rootMountPoint = gs ? gs->value("rootMountPoint").toString() : QString();
+
+    if (!ip.isEmpty()) {
+        QString hostsFilePath = !rootMountPoint.isEmpty() ? rootMountPoint + "/etc/hosts" : "/etc/hosts";
+        QFile hostsFile(hostsFilePath);
+        if (hostsFile.open(QIODevice::Append | QIODevice::Text)) {
+            QTextStream out(&hostsFile);
+            out << ip << " " << domain << "\n";
+            hostsFile.close();
+        } else {
+            return Calamares::JobResult::error("Failed to open /etc/hosts for writing.");
+        }
+    }
 +
-+    QString command = "chroot " + destDir.path() + " realm " + args.join(" ");
+    QString installPath = !rootMountPoint.isEmpty() ? rootMountPoint : "/";
+    QStringList args = {"join", domain, "-U", username, "--install=" + installPath, "--verbose"};
 +
 +    QProcess process;
-+    process.setStandardInputFile("/dev/stdin");
-+    process.start(command, QStringList(), QIODevice::WriteOnly);
+    process.start("realm", args);
+    process.waitForStarted();
 +
-+    // Write the password to the standard input of the process
-+    process.write((password + "\n").toUtf8());
-+    process.write("\n"); // Ensure a newline after the password
-+    process.write("\n"); // Ensure an extra newline to confirm the end of the input
-+    process.closeWriteChannel(); // Close the write channel to indicate end of input
+    if (!password.isEmpty()) {
+        process.write((password + "\n").toUtf8());
+        process.closeWriteChannel();
+    }
 +
-+    // Wait for the process to finish
 +    process.waitForFinished(-1);
 +
-+    auto exitCode = process.exitCode();
-+    if (exitCode == 0) {
+    if (process.exitCode() == 0) {
 +        return Calamares::JobResult::ok();
 +    } else {
-+        return Calamares::JobResult::error("Failed to join realm.");
+        QString errorOutput = process.readAllStandardError();
+        return Calamares::JobResult::error(QString("Failed to join realm: %1").arg(errorOutput));
 +    }
 +}
 --- /dev/null
@ -399,7 +404,7 @@
 +{
 +    Q_OBJECT
 +public:
-+    ActiveDirectoryJob( const QStringList& activeDirectoryInfo );
+    ActiveDirectoryJob( QStringList& activeDirectoryInfo );
 +    QString prettyName() const override;
 +    QString prettyDescription() const override;
 +    QString prettyStatusMessage() const override;
--- a/debian/patches/grub-debconf-config.patch
+++ b/debian/patches/grub-debconf-config.patch
@ -0,0 +1,82 @@
+Description: Populate grub-{efi,pc}/install_devices debconf config
+Author: Simon Quigley <tsimonq2@ubuntu.com>
+Origin: vendor
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/2063354
+Last-Update: 2024-04-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/modules/bootloader/main.py
+++ b/src/modules/bootloader/main.py
+@@ -25,6 +25,7 @@ import os
+ import re
+ import shutil
+ import subprocess
+import tempfile
+ 
+ import libcalamares
+ 
+@@ -581,6 +582,46 @@ def get_grub_efi_parameters():
+     return None
+ 
+ 
+def get_disk_id(device_name, efi):
+    by_id_path = "/dev/disk/by-id"
+
+    if efi:
+        partitions = libcalamares.globalstorage.value("partitions")
+        device_name = None
+
+        for partition in partitions:
+            if "/boot/efi" in partition["mountPoint"]:
+                device_name = partition["device"]
+                break
+
+    device_path = os.path.realpath(device_name)
+
+    for entry in os.listdir(by_id_path):
+        full_entry_path = os.path.join(by_id_path, entry)
+        if os.path.realpath(full_entry_path) == device_path:
+            return full_entry_path
+
+    return None
+
+
+def set_grub_debconf_config(device_name, efi=False):
+    dev_id_path = get_disk_id(device_name, efi=efi)
+
+    if not dev_id_path:
+        return None
+
+    temp_dir = libcalamares.globalstorage.value("rootMountPoint") + "/tmp/"
+    with tempfile.NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as tmpfile:
+        debconf_target = "grub-efi" if efi else "grub-pc"
+
+        tmpfile.write(f"grub-pc {debconf_target}/install_devices multiselect {dev_id_path}\n")
+        tmpfile_path = tmpfile.name
+
+    debconf_config = "/tmp/" + os.path.basename(tmpfile_path)
+    check_target_env_call(["/usr/bin/debconf-set-selections", debconf_config])
+    os.remove(tmpfile_path)
+
+
+ def run_grub_mkconfig(partitions, output_file):
+     """
+     Runs grub-mkconfig in the target environment
+@@ -631,6 +672,8 @@ def run_grub_install(fw_type, partitions
+                                    "--efi-directory=" + efi_directory,
+                                    "--bootloader-id=" + efi_bootloader_id,
+                                    "--force"])
+
+        set_grub_debconf_config(efi_target, efi=True)
+     else:
+         assert efi_directory is None
+         if libcalamares.globalstorage.value("bootLoader") is None:
+@@ -652,6 +695,8 @@ def run_grub_install(fw_type, partitions
+                                    "--force",
+                                    boot_loader["installPath"]])
+ 
+        set_grub_debconf_config(boot_loader["installPath"])
+
+ 
+ def install_grub(efi_directory, fw_type):
+     """
--- a/debian/patches/series
+++ b/debian/patches/series
@ -1,4 +1,5 @@
 0001-replace-pkexec-by-sudo.patch
 apport-package-hook.patch
 enable-only-present-with-encryption-partitions.patch
-active-directory.patch
+#active-directory.patch
+grub-debconf-config.patch