Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
metadata-collect-agent
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
metadata-collect-agent
Commits
caaa89be
Commit
caaa89be
authored
Nov 22, 2021
by
root
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add a light data version in the Cython+ filesystem scanner. Change minor elements or various files.
parent
62ff37e4
Changes
8
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
406 additions
and
37 deletions
+406
-37
dracut.module/90metadata-collect/flb.conf
dracut.module/90metadata-collect/flb.conf
+1
-1
dracut.module/collect-sh-template.mk
dracut.module/collect-sh-template.mk
+2
-0
install.sh
install.sh
+3
-3
scan-filesystem/cython/command-line.main.pyx
scan-filesystem/cython/command-line.main.pyx
+17
-10
scan-filesystem/cython/main.pyx
scan-filesystem/cython/main.pyx
+38
-5
scan-filesystem/cython/new.uefi.main.pyx
scan-filesystem/cython/new.uefi.main.pyx
+333
-0
scan-filesystem/cython/uefi.main.pyx
scan-filesystem/cython/uefi.main.pyx
+6
-15
secure-boot-automation.sh
secure-boot-automation.sh
+6
-3
No files found.
dracut.module/90metadata-collect/flb.conf
View file @
caaa89be
...
@@ -14,4 +14,4 @@
...
@@ -14,4 +14,4 @@
buffer_type
memory
buffer_type
memory
flush_interval
60
s
flush_interval
60
s
disable_retry_limit
true
disable_retry_limit
true
reference
test_server
reference
c
-
light
-
data_02
dracut.module/collect-sh-template.mk
View file @
caaa89be
...
@@ -3,6 +3,8 @@ define collect_sh :=
...
@@ -3,6 +3,8 @@ define collect_sh :=
.
/lib/dracut-lib.sh
.
/lib/dracut-lib.sh
>&2
echo
"$$NEWROOT"
sleep
10
/sbin/metadata-collect-agent
"$$NEWROOT"
/sbin/metadata-collect-agent
"$$NEWROOT"
...
...
install.sh
View file @
caaa89be
...
@@ -90,8 +90,8 @@ if [ ! -e /etc/uefi-key/db.crt ]; then
...
@@ -90,8 +90,8 @@ if [ ! -e /etc/uefi-key/db.crt ]; then
openssl req -newkey rsa:2048 -nodes -keyout /etc/uefi-key/db.key -new -x509 -sha256 -days 36500 -subj "/CN=TEST" -out /etc/uefi-key/db.crt
openssl req -newkey rsa:2048 -nodes -keyout /etc/uefi-key/db.key -new -x509 -sha256 -days 36500 -subj "/CN=TEST" -out /etc/uefi-key/db.crt
openssl x509 -outform DER -in /etc/uefi-key/db.crt -out /etc/uefi-key/db.cer
openssl x509 -outform DER -in /etc/uefi-key/db.crt -out /etc/uefi-key/db.cer
fi
fi
'
#
'
source
secure-boot-automation.sh
#
source secure-boot-automation.sh
rm
-rf
dracut_tmp
rm
-rf
dracut_tmp
mkdir
dracut_tmp
mkdir
dracut_tmp
...
@@ -113,4 +113,4 @@ cp /etc/uefi-key/db.cer /EFI/db.cer
...
@@ -113,4 +113,4 @@ cp /etc/uefi-key/db.cer /EFI/db.cer
cp
/etc/uefi-key/db.cer /boot/efi/db.cer
cp
/etc/uefi-key/db.cer /boot/efi/db.cer
uefi
=
$(
ls
/EFI/Linux
)
uefi
=
$(
ls
/EFI/Linux
)
efibootmgr
--quiet
--create
--disk
${
disk_info_list
[3]
}
--label
'debian UEFI
wrong keys
'
--loader
/EFI/Linux/
$uefi
efibootmgr
--quiet
--create
--disk
${
disk_info_list
[3]
}
--label
'debian UEFI
test_root
'
--loader
/EFI/Linux/
$uefi
scan-filesystem/cython/command-line.main.pyx
View file @
caaa89be
...
@@ -80,13 +80,14 @@ cdef cypclass DirNode(Node):
...
@@ -80,13 +80,14 @@ cdef cypclass DirNode(Node):
if
ignore_paths
is
not
NULL
:
if
ignore_paths
is
not
NULL
:
if
self
.
path
in
ignore_paths
:
if
self
.
path
in
ignore_paths
:
return
return
if
dev_whitelist
is
not
NULL
:
if
dev_whitelist
is
not
NULL
:
if
self
.
st
is
NULL
:
if
self
.
st
is
NULL
:
return
return
#""" temporarily desabling white list
elif
not
self
.
st
.
st_data
.
st_dev
in
dev_whitelist
:
elif
not
self
.
st
.
st_data
.
st_dev
in
dev_whitelist
:
return
return
#"""
d
=
opendir
(
self
.
path
.
c_str
())
d
=
opendir
(
self
.
path
.
c_str
())
if
d
is
not
NULL
:
if
d
is
not
NULL
:
while
1
:
while
1
:
...
@@ -247,7 +248,7 @@ cdef int start(const char *path) nogil:
...
@@ -247,7 +248,7 @@ cdef int start(const char *path) nogil:
cdef
pid_t
child_pid
=
-
1
# DEBUG
cdef
pid_t
child_pid
=
-
1
# DEBUG
child_pid
=
fork
()
# DEBUG
child_pid
=
fork
()
# DEBUG
cdef
int
err
cdef
int
err
cdef
char
ip_address
[
100
]
#
cdef char ip_address[100]
#cdef FILE *address_path = fopen("/sys/class/net/ens3/address", "r")
#cdef FILE *address_path = fopen("/sys/class/net/ens3/address", "r")
if
child_pid
==
0
:
# CHILD
if
child_pid
==
0
:
# CHILD
err
=
execlp
(
"flb/fluent-bit"
,
program_name
,
arg1
,
arg2
,
arg3
,
arg4
,
0
)
err
=
execlp
(
"flb/fluent-bit"
,
program_name
,
arg1
,
arg2
,
arg3
,
arg4
,
0
)
...
@@ -268,6 +269,9 @@ cdef int start(const char *path) nogil:
...
@@ -268,6 +269,9 @@ cdef int start(const char *path) nogil:
dev_whitelist_paths
.
append
(
b'.'
)
dev_whitelist_paths
.
append
(
b'.'
)
dev_whitelist_paths
.
append
(
b'/'
)
dev_whitelist_paths
.
append
(
b'/'
)
dev_whitelist_paths
.
append
(
b'/boot/efi'
)
dev_whitelist_paths
.
append
(
b'/boot/efi'
)
dev_whitelist_paths
.
append
(
b'/root'
)
dev_whitelist_paths
.
append
(
b'/sysroot'
)
dev_whitelist_paths
.
append
(
path
)
dev_whitelist
=
cyplist
[
dev_t
]()
dev_whitelist
=
cyplist
[
dev_t
]()
for
p
in
dev_whitelist_paths
:
for
p
in
dev_whitelist_paths
:
...
@@ -290,7 +294,7 @@ cdef int start(const char *path) nogil:
...
@@ -290,7 +294,7 @@ cdef int start(const char *path) nogil:
node
=
consume
active_node
node
=
consume
active_node
#""" # DEBUG
#""" # DEBUG
result
=
fopen
(
'
/var/log
/metadata_collect.log'
,
'w'
)
result
=
fopen
(
'
flb
/metadata_collect.log'
,
'w'
)
if
result
is
NULL
:
if
result
is
NULL
:
fprintf
(
stderr
,
'Error creating the log file.
\
n
'
)
# DEBUG
fprintf
(
stderr
,
'Error creating the log file.
\
n
'
)
# DEBUG
fflush
(
stderr
)
fflush
(
stderr
)
...
@@ -298,11 +302,11 @@ cdef int start(const char *path) nogil:
...
@@ -298,11 +302,11 @@ cdef int start(const char *path) nogil:
fprintf
(
stderr
,
'Log opened successfully.
\
n
'
)
# DEBUG
fprintf
(
stderr
,
'Log opened successfully.
\
n
'
)
# DEBUG
fprintf
(
stderr
,
'WRITE_NOTE STAGE
\
n
\
n
'
)
# DEBUG
fprintf
(
stderr
,
"WRITE_NOTE STAGE
\
n
\
n
"
)
# DEBUG
#fscanf(address_path, "%s", ip_address)
# ADDRESS
#fscanf(address_path, "%s", ip_address)
#fclose(address_path)
# ADDRESS
#fclose(address_path)
#fprintf(result, '{"mac_address": "%s"}\n', ip_address)
# ADDRESS
#fprintf(result, '{"mac_address": "%s"}\n', ip_address)
node
.
write_node
(
result
)
node
.
write_node
(
result
)
fprintf
(
result
,
'{}
\
n
'
)
fprintf
(
result
,
'{}
\
n
'
)
fprintf
(
result
,
'fluentbit_end
\
n
'
)
fprintf
(
result
,
'fluentbit_end
\
n
'
)
...
@@ -319,8 +323,11 @@ cdef int start(const char *path) nogil:
...
@@ -319,8 +323,11 @@ cdef int start(const char *path) nogil:
return
0
return
0
cdef
public
int
main
()
nogil
:
cdef
public
int
main
(
int
argc
,
char
*
argv
[])
nogil
:
return
start
(
<
char
*>
'/'
)
if
argc
>=
2
:
return
start
(
<
char
*>
argv
[
1
])
else
:
return
start
(
<
char
*>
'/'
)
#def python_main():
#def python_main():
# start(<char*>'.')
# start(<char*>'.')
scan-filesystem/cython/main.pyx
View file @
caaa89be
# distutils: language = c++
# distutils: language = c++
# TODO:
# + take the needed hashes (and more broadly, the needed informations) as a parameter
from
libcythonplus.list
cimport
cyplist
from
libcythonplus.list
cimport
cyplist
from
libc.stdio
cimport
fprintf
,
fopen
,
fclose
,
fread
,
fwrite
,
FILE
,
stdout
,
stderr
,
printf
,
ferror
,
fscanf
,
fflush
from
libc.stdio
cimport
fprintf
,
fopen
,
fclose
,
fread
,
fwrite
,
FILE
,
stdout
,
stderr
,
printf
,
ferror
,
fscanf
,
fflush
...
@@ -40,10 +43,17 @@ cdef cypclass Node activable:
...
@@ -40,10 +43,17 @@ cdef cypclass Node activable:
pass
pass
void
format_node
(
self
):
void
format_node
(
self
):
#''' light data version
self
.
formatted
=
sprintf
(
"""{"path": "%s"}
\
n
"""
,
self
.
path
,
)
#'''
''' full data version
self.formatted = sprintf("""{"path": "%s", "stat": %s}
\
n
""",
self.formatted = sprintf("""{"path": "%s", "stat": %s}
\
n
""",
self.path,
self.path,
self.st.to_json(),
self.st.to_json(),
)
)
#'''
void
write_node
(
self
,
FILE
*
stream
):
void
write_node
(
self
,
FILE
*
stream
):
# abstract
# abstract
...
@@ -84,7 +94,7 @@ cdef cypclass DirNode(Node):
...
@@ -84,7 +94,7 @@ cdef cypclass DirNode(Node):
if
dev_whitelist
is
not
NULL
:
if
dev_whitelist
is
not
NULL
:
if
self
.
st
is
NULL
:
if
self
.
st
is
NULL
:
return
return
#
""" temporarily desabling white list
""" temporarily desabling white list
elif not self.st.st_data.st_dev in dev_whitelist:
elif not self.st.st_data.st_dev in dev_whitelist:
return
return
#"""
#"""
...
@@ -114,10 +124,17 @@ cdef cypclass DirNode(Node):
...
@@ -114,10 +124,17 @@ cdef cypclass DirNode(Node):
active_child
.
build_node
(
NULL
,
dev_whitelist
,
ignore_paths
)
active_child
.
build_node
(
NULL
,
dev_whitelist
,
ignore_paths
)
void
format_node
(
self
):
void
format_node
(
self
):
#''' light data version
self
.
formatted
=
sprintf
(
"""{"path": "%s/"}
\
n
"""
,
self
.
path
,
)
#'''
''' full data version
self.formatted = sprintf("""{"path": "%s/", "stat": %s}
\
n
""",
self.formatted = sprintf("""{"path": "%s/", "stat": %s}
\
n
""",
self.path,
self.path,
self.st.to_json(),
self.st.to_json(),
)
)
#'''
void
write_node
(
self
,
FILE
*
stream
):
void
write_node
(
self
,
FILE
*
stream
):
fwrite
(
self
.
formatted
.
data
(),
1
,
self
.
formatted
.
size
(),
stream
)
fwrite
(
self
.
formatted
.
data
(),
1
,
self
.
formatted
.
size
(),
stream
)
...
@@ -194,6 +211,13 @@ cdef cypclass FileNode(Node):
...
@@ -194,6 +211,13 @@ cdef cypclass FileNode(Node):
if
self
.
error
:
if
self
.
error
:
Node
.
format_node
(
self
)
Node
.
format_node
(
self
)
else
:
else
:
#''' light data version
self
.
formatted
=
sprintf
(
"""{"path: "%s", "hash": {"md5": "%s"}}
\
n
"""
,
self
.
path
,
self
.
md5_data
,
)
#'''
''' full data version
self.formatted = sprintf("""{"path": "%s", "stat": %s, "hash": {"md5": "%s", "sha1": "%s", "sha256": "%s", "sha512": "%s"}}
\
n
""",
self.formatted = sprintf("""{"path": "%s", "stat": %s, "hash": {"md5": "%s", "sha1": "%s", "sha256": "%s", "sha512": "%s"}}
\
n
""",
self.path,
self.path,
self.st.to_json(),
self.st.to_json(),
...
@@ -202,6 +226,7 @@ cdef cypclass FileNode(Node):
...
@@ -202,6 +226,7 @@ cdef cypclass FileNode(Node):
self.sha256_data,
self.sha256_data,
self.sha512_data,
self.sha512_data,
)
)
#'''
void
write_node
(
self
,
FILE
*
stream
):
void
write_node
(
self
,
FILE
*
stream
):
fwrite
(
self
.
formatted
.
data
(),
1
,
self
.
formatted
.
size
(),
stream
)
fwrite
(
self
.
formatted
.
data
(),
1
,
self
.
formatted
.
size
(),
stream
)
...
@@ -223,11 +248,19 @@ cdef cypclass SymlinkNode(Node):
...
@@ -223,11 +248,19 @@ cdef cypclass SymlinkNode(Node):
if
self
.
error
:
if
self
.
error
:
Node
.
format_node
(
self
)
Node
.
format_node
(
self
)
else
:
else
:
#''' light data version
self
.
formatted
=
sprintf
(
"""{"path": "%s", "target": "%s"}
\
n
"""
,
self
.
path
,
self
.
target
,
)
#'''
''' full data version
self.formatted = sprintf("""{"path": "%s", "stat": %s, "target": "%s"}
\
n
""",
self.formatted = sprintf("""{"path": "%s", "stat": %s, "target": "%s"}
\
n
""",
self
.
path
,
self.path,
self
.
st
.
to_json
(),
self.st.to_json(),
self
.
target
,
self.target,
)
)
#'''
void
write_node
(
self
,
FILE
*
stream
):
void
write_node
(
self
,
FILE
*
stream
):
fwrite
(
self
.
formatted
.
data
(),
1
,
self
.
formatted
.
size
(),
stream
)
fwrite
(
self
.
formatted
.
data
(),
1
,
self
.
formatted
.
size
(),
stream
)
...
...
scan-filesystem/cython/new.uefi.main.pyx
0 → 100644
View file @
caaa89be
This diff is collapsed.
Click to expand it.
scan-filesystem/cython/uefi.main.pyx
View file @
caaa89be
...
@@ -80,13 +80,14 @@ cdef cypclass DirNode(Node):
...
@@ -80,13 +80,14 @@ cdef cypclass DirNode(Node):
if
ignore_paths
is
not
NULL
:
if
ignore_paths
is
not
NULL
:
if
self
.
path
in
ignore_paths
:
if
self
.
path
in
ignore_paths
:
return
return
if
dev_whitelist
is
not
NULL
:
if
dev_whitelist
is
not
NULL
:
if
self
.
st
is
NULL
:
if
self
.
st
is
NULL
:
return
return
#""" temporarily desabling white list
elif
not
self
.
st
.
st_data
.
st_dev
in
dev_whitelist
:
elif
not
self
.
st
.
st_data
.
st_dev
in
dev_whitelist
:
return
return
#"""
d
=
opendir
(
self
.
path
.
c_str
())
d
=
opendir
(
self
.
path
.
c_str
())
if
d
is
not
NULL
:
if
d
is
not
NULL
:
while
1
:
while
1
:
...
@@ -267,7 +268,8 @@ cdef int start(const char *path) nogil:
...
@@ -267,7 +268,8 @@ cdef int start(const char *path) nogil:
dev_whitelist_paths
=
cyplist
[
string
]()
dev_whitelist_paths
=
cyplist
[
string
]()
dev_whitelist_paths
.
append
(
b'.'
)
dev_whitelist_paths
.
append
(
b'.'
)
dev_whitelist_paths
.
append
(
b'/'
)
dev_whitelist_paths
.
append
(
b'/'
)
dev_whitelist_paths
.
append
(
b'/boot'
)
dev_whitelist_paths
.
append
(
b'/boot/efi'
)
dev_whitelist_paths
.
append
(
b'/root'
)
dev_whitelist
=
cyplist
[
dev_t
]()
dev_whitelist
=
cyplist
[
dev_t
]()
for
p
in
dev_whitelist_paths
:
for
p
in
dev_whitelist_paths
:
...
@@ -276,8 +278,6 @@ cdef int start(const char *path) nogil:
...
@@ -276,8 +278,6 @@ cdef int start(const char *path) nogil:
p_dev
=
p_stat
.
st_data
.
st_dev
p_dev
=
p_stat
.
st_data
.
st_dev
dev_whitelist
.
append
(
p_dev
)
dev_whitelist
.
append
(
p_dev
)
fprintf
(
stderr
,
"test 001
\
n
"
)
# DEBUG
fflush
(
stderr
)
# DEBUG
realpath
(
path
,
resolved_path
)
realpath
(
path
,
resolved_path
)
fprintf
(
stderr
,
resolved_path
)
# DEBUG
fprintf
(
stderr
,
resolved_path
)
# DEBUG
fprintf
(
stderr
,
"
\
n
"
)
# DEBUG
fprintf
(
stderr
,
"
\
n
"
)
# DEBUG
...
@@ -286,18 +286,9 @@ cdef int start(const char *path) nogil:
...
@@ -286,18 +286,9 @@ cdef int start(const char *path) nogil:
if
node
is
NULL
:
if
node
is
NULL
:
return
-
1
return
-
1
fprintf
(
stderr
,
"test 002
\
n
"
)
# DEBUG
fflush
(
stderr
)
# DEBUG
active_node
=
activate
(
consume
node
)
active_node
=
activate
(
consume
node
)
fprintf
(
stderr
,
'test 003
\
n
'
)
# DEBUG
fflush
(
stderr
)
# DEBUG
active_node
.
build_node
(
NULL
,
consume
dev_whitelist
,
consume
ignore_paths
)
active_node
.
build_node
(
NULL
,
consume
dev_whitelist
,
consume
ignore_paths
)
fprintf
(
stderr
,
'test 004
\
n
'
)
# DEBUG
fflush
(
stderr
)
# DEBUG
scheduler
.
finish
()
scheduler
.
finish
()
fprintf
(
stderr
,
'test 005
\
n
'
)
# DEBUG
fflush
(
stderr
)
# DEBUG
node
=
consume
active_node
node
=
consume
active_node
#""" # DEBUG
#""" # DEBUG
...
@@ -331,7 +322,7 @@ cdef int start(const char *path) nogil:
...
@@ -331,7 +322,7 @@ cdef int start(const char *path) nogil:
return
0
return
0
cdef
public
int
main
()
nogil
:
cdef
public
int
main
()
nogil
:
return
start
(
<
char
*>
'
.
'
)
return
start
(
<
char
*>
'
/
'
)
#def python_main():
#def python_main():
# start(<char*>'.')
# start(<char*>'.')
secure-boot-automation.sh
View file @
caaa89be
...
@@ -4,7 +4,7 @@
...
@@ -4,7 +4,7 @@
## KEYS CREATION
## KEYS CREATION
if
false
;
then
# DEBUG
rm
-rf
secure-boot-automation
rm
-rf
secure-boot-automation
mkdir
-p
secure-boot-automation
mkdir
-p
secure-boot-automation
cd
secure-boot-automation
cd
secure-boot-automation
...
@@ -41,12 +41,13 @@ sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
...
@@ -41,12 +41,13 @@ sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-k
KEK.key
-c
KEK.crt db DB.esl DB.auth
-k
KEK.key
-c
KEK.crt db DB.esl DB.auth
chmod
0600
*
.key
chmod
0600
*
.key
fi
# DEBUG
if
[
!
-e
/etc/uefi-key/db.crt
]
;
then
if
[
!
-e
/etc/uefi-key/db.crt
]
;
then
cp
DB.crt /etc/uefi-key/db.crt
cp
DB.crt /etc/uefi-key/db.crt
cp
DB.cer /etc/uefi-key/db.cer
cp
DB.cer /etc/uefi-key/db.cer
cp
DB.key /etc/uefi-key/db.key
fi
fi
if
false
;
then
# DEBUG
## SECURE BOOT SETUP
## SECURE BOOT SETUP
...
@@ -54,3 +55,5 @@ fi
...
@@ -54,3 +55,5 @@ fi
efi-updatevar
-f
PK.auth PK
efi-updatevar
-f
PK.auth PK
efi-updatevar
-a
-c
KEK.crt
-k
PK.key KEK
efi-updatevar
-a
-c
KEK.crt
-k
PK.key KEK
efi-updatevar
-a
-c
DB.crt
-k
KEK.key db
efi-updatevar
-a
-c
DB.crt
-k
KEK.key db
fi
# DEBUG
cd
..
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment