kameleon-builder 2.0.0.dev

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in kameleon.gemspec
+gemspec

data/README.md

@@ -0,0 +1,53 @@
+# Kameleon
+
+Kameleon should be seen as a simple but powerful tool to generate customized
+appliances. With Kameleon, you make your recipe that describes how to create
+step by step your own distribution. At start Kameleon is used to create custom
+kvm, LXC, VirtualBox, iso images, ..., but as it is designed to be very
+generic you can probably do a lot more than that.
+
+## Installation
+Simply install it from the Gem repository (not working yet):
+
+    gem install kameleon
+
+Or from source:
+
+    git clone git://scm.gforge.inria.fr/kameleon/kameleon.git
+    cd kameleon
+    gem build kameleon.gemspec
+    gem install kameleon-<version>.gem
+
+## Usage
+
+Just type:
+
+    kameleon
+
+## Quick start
+
+First, you should select a template. To see the available templates use:
+
+    kameleon templates
+
+Then, create a new recipe from the template you've just choose. This will
+create a `recipes` folder in the current directory. (use `-w` option to set a
+different workspace).
+
+    kameleon new my_test_recipe -t template_name
+
+Then build your new recipe with the build command:
+
+    kameleon build my_test_recipe
+
+A `builds` directory was created and contains your new image!
+
+To go further, get more documentation in the docs folder.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,24 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+begin
+  require 'coveralls/rake/task'
+
+  Coveralls::RakeTask.new
+  task :ci => ['set_coverage', 'test', 'coveralls:push']
+rescue LoadError; end
+
+
+task :set_coverage do
+  ENV['COVERAGE'] = 'true'
+end
+
+
+Rake::TestTask.new do |t|
+  t.libs << 'tests'
+  t.pattern = "tests/test_*.rb"
+end
+
+
+desc 'Default task which runs all tests with code coverage enabled'
+task :default => ['set_coverage', 'test']

data/Vagrantfile

@@ -0,0 +1,68 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "debian7-dev"
+  config.vm.box_url = "http://cdn.quicker.fr/vagrant/libvirt/debian7-dev.box"
+  config.vm.hostname = "kameleon-devel"
+
+  # Config provider
+  config.vm.provider :libvirt do |vm|
+    vm.memory = 2024
+    vm.cpus = 2
+  end
+
+  # shared folders
+  config.vm.synced_folder ".", "/vagrant", :nfs => true
+
+  # Provision
+  config.vm.provision "shell", privileged: true, inline: <<-EOF
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get update
+    apt-get -y --force-yes install git python-pip debootstrap \
+      rsync sed qemu-utils
+
+    apt-get -y --force-yes install ruby1.9.1 ruby1.9.1-dev \
+      rubygems1.9.1 irb1.9.1 ri1.9.1 rdoc1.9.1 \
+      build-essential libopenssl-ruby1.9.1 libssl-dev zlib1g-dev
+
+    update-alternatives --install /usr/bin/ruby ruby /usr/bin/ruby1.9.1 400 \
+             --slave   /usr/share/man/man1/ruby.1.gz ruby.1.gz \
+                            /usr/share/man/man1/ruby1.9.1.1.gz \
+            --slave   /usr/bin/ri ri /usr/bin/ri1.9.1 \
+            --slave   /usr/bin/irb irb /usr/bin/irb1.9.1 \
+            --slave   /usr/bin/rdoc rdoc /usr/bin/rdoc1.9.1
+
+    # choose your interpreter
+    # changes symlinks for /usr/bin/ruby , /usr/bin/gem
+    # /usr/bin/irb, /usr/bin/ri and man (1) ruby
+    update-alternatives --set ruby /usr/bin/ruby1.9.1
+
+    gem install bundle
+
+    # Helpful tools
+    pip install pyped
+  EOF
+
+  config.vm.provision "shell", privileged: false, inline: <<-EOF
+    cat > ~/.bash_profile <<< "
+    export FORCE_AUTOENV=1
+    source ~/.profile
+    source /vagrant/.env
+    cd /vagrant
+    "
+    cd /vagrant && git stash && bundle install && git stash pop
+  EOF
+
+  # shared folders
+  if File.exists? File.expand_path('~/.dotfiles')
+    config.vm.synced_folder "~/.dotfiles", "/home/vagrant/.dotfiles", :nfs => true
+    config.vm.provision "shell", privileged: false, inline: "python /home/vagrant/.dotfiles/install.py"
+  end
+
+  # Network
+  config.ssh.forward_agent = true
+  config.vm.network :private_network, ip: "10.10.10.120"
+end

data/bin/kameleon

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+# Exit cleanly from an early interrupt
+Signal.trap("INT") { exit 1 }
+
+# Stdout/stderr should not buffer output
+$stdout.sync = true
+$stderr.sync = true
+
+require 'kameleon'
+
+require 'kameleon/cli'
+# Force Thor to raise exceptions so we can exit non-zero.
+ENV["THOR_DEBUG"] = "1"
+
+Kameleon.with_friendly_errors { Kameleon::CLI.start }

data/contrib/kameleon_bashrc.sh

@@ -0,0 +1,138 @@
+# If not running interactively, don't do anything
+export USER=${USER:-"root"}
+export HOME=${HOME:-"/root"}
+export PATH=/usr/bin:/usr/sbin:/bin:/sbin:$PATH
+export LC_ALL=${LC_ALL:-"POSIX"}
+
+export DEBIAN_FRONTEND=noninteractive
+
+mkdir -p $(dirname <%= @bash_history_file %>) ; touch "<%= @bash_history_file %>"
+mkdir -p $(dirname <%= @bash_env_file %>) ; touch "<%= @bash_env_file %>"
+
+source /etc/bash.bashrc 2> /dev/null
+
+export KAMELEON_CONTEXT_NAME="<%= @context_name %>_context"
+export HISTFILE="<%= @bash_history_file %>"
+
+## functions
+
+function fail {
+    echo $@ 1>&2
+    false
+}
+
+## aliases
+if [ -t 1 ] ; then
+# restore previous env
+source "<%= @bash_env_file %>"  2> /dev/null
+export TERM=xterm
+# for fast typing
+alias h='history'
+alias g='git status'
+alias l='ls -lah'
+alias ll='ls -lh'
+alias la='ls -Ah'
+
+# for human readable output
+alias ls='ls -h'
+alias df='df -h'
+alias du='du -h'
+
+# simple history browsing
+export HISTCONTROL=erasedups
+export HISTSIZE=10000
+export HISTIGNORE="history*"
+shopt -s histappend
+bind '"\e[A"':history-search-backward
+bind '"\e[B"':history-search-forward
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# If this is an xterm set the title to user@host:dir
+PROMPT_COMMAND='echo -ne "\033]0;${KAMELEON_CONTEXT_NAME:+($KAMELEON_CONTEXT_NAME)}${USER}@${HOSTNAME}: ${PWD}\007"'
+
+# set variable to show git branch when in a git repository
+# source: https://github.com/jimeh/git-aware-prompt/blob/master/prompt.sh
+# added highlighting of repo part in path
+function find_git_branch {
+    git_subpath='/'
+    local dir=${PWD} head
+    until [ "$dir" = "" ]; do
+        if [ -f "$dir/.git/HEAD" ]; then
+            head=$(< "$dir/.git/HEAD")
+            if [[ $head == ref:\ refs/heads/* ]]; then
+                git_branch=" (${head#*/*/})"
+            elif [[ $head != '' ]]; then
+                git_describe=$(git describe --always)
+                git_branch=" (detached: $git_describe)"
+            else
+                git_branch=' (unknown)'
+            fi
+            prompt_dir="${dir/$HOME/~}"
+            return
+        fi
+        git_subpath="/${dir##*/}$git_subpath"
+        dir="${dir%/*}"
+    done
+    git_branch=''
+    prompt_dir="${PWD/$HOME/~}"
+    git_subpath=''
+}
+function find_git_dirty {
+    st=$(git status -s 2>/dev/null | tail -n 1)
+    if [[ $st == "" ]]; then
+        git_dirty=''
+    else
+        git_dirty='*'
+    fi
+}
+export find_git_branch
+export find_git_dirty
+PROMPT_COMMAND="find_git_branch; find_git_dirty; history -a ; $PROMPT_COMMAND"
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+        # We have color support; assume it's compliant with Ecma-48
+        # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+        # a case would tend to support setf rather than setaf.)
+        color_prompt=yes
+    else
+        color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${KAMELEON_CONTEXT_NAME:+($KAMELEON_CONTEXT_NAME) }\[\033[01;32m\]\u@\h\[\033[00m\]: \[\e[1;37m\]$prompt_dir\[\e[1;36m\]$git_subpath\[\e[0;31m\]$git_branch\[\e[1;33m\]$git_dirty\[\033[01;34m\] \$\[\033[00m\] '
+else
+    PS1='${KAMELEON_CONTEXT_NAME:+($KAMELEON_CONTEXT_NAME) }\u@\h: $prompt_dir$git_subpath$git_branch$git_dirty \$ '
+fi
+
+# colors
+if [ -x /usr/bin/dircolors ]; then
+    eval "`dircolors -b`"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    alias grep='grep --color=auto'
+    alias fgrep='fgrep --color=auto'
+    alias egrep='egrep --color=auto'
+else
+    alias ls='ls -G'
+fi
+fi

data/contrib/scripts/VirtualBox_deploy.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+NAME=$1
+VBOX_DISK=$2
+
+VBoxManage createvm --name $NAME --register
+VBoxManage modifyvm $NAME --memory 512
+VBoxManage storagectl $NAME --name SATA --add sata --controller IntelAhci --bootable on --sataportcount 1
+VBoxManage storageattach $NAME --storagectl SATA --port 0 --device 0 --type hdd --medium $VBOX_DISK
+#VBoxManage modifyvm $NAME --nic1 hostonly
+#VBoxManage modifyvm $NAME --nic1 nat
+VBoxManage startvm $NAME
+#VBoxManage unregistervm $NAME --delete

data/contrib/scripts/chroot_env

@@ -0,0 +1,9 @@
+#kameleon chroot base bash environnement
+
+umask 022
+
+export USER=root
+export HOME=/root
+export PATH=/usr/bin:/usr/sbin:/bin:/sbin
+export LC_ALL=POSIX
+

data/contrib/scripts/create_passwd.py

@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+### WARNING ###
+# requires Python >= 3.3
+
+import sys, crypt, getpass;
+
+# this script generate a password using salted SHA512 whitch is the default on debian wheezy
+
+cleartext = getpass.getpass("Password:")
+cleartext2 = getpass.getpass("Again:")
+if cleartext2 != cleartext:
+	print ('Not matched!')
+	sys.exit(1)
+	
+salt = crypt.mksalt(crypt.METHOD_SHA512)
+print (crypt.crypt(cleartext, salt))
+

data/contrib/scripts/umount-chroot.sh

@@ -0,0 +1,290 @@
+#!/bin/sh -e
+# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+APPLICATION="${0##*/}"
+ALLCHROOTS=''
+BINDIR="`dirname "\`readlink -f "$0"\`"`"
+CHROOTS="`readlink -f "$BINDIR/../chroots"`"
+EXCLUDEROOT=''
+FORCE=''
+PRINT=''
+SIGNAL='TERM'
+TRIES=5
+YES=''
+
+USAGE="$APPLICATION [options] name [...]
+
+Unmounts one or more chroots, optionally killing any processes still running
+inside them.
+
+By default, it will run in interactive mode where it will ask to kill any
+remaining processes if unable to unmount the chroot within 5 seconds.
+
+Options:
+    -a          Unmount all chroots in the CHROOTS directory.
+    -c CHROOTS  Directory the chroots are in. Default: $CHROOTS
+    -f          Forces a chroot to unmount, potentially breaking or killing
+                other instances of the same chroot.
+    -k KILL     Send the processes SIGKILL instead of SIGTERM.
+    -p          Print to STDOUT the processes stopping a chroot from unmounting.
+    -t TRIES    Number of seconds to try before signalling the processes.
+                Use -t inf to be exceedingly patient. Default: $TRIES
+    -x          Keep the root directory of the chroot mounted.
+    -y          Signal any remaining processes without confirmation.
+                Automatically escalates from SIGTERM to SIGKILL."
+
+# Function to exit with exit code $1, spitting out message $@ to stderr
+error() {
+    local ecode="$1"
+    shift
+    echo "$*" 1>&2
+    exit "$ecode"
+}
+
+# Process arguments
+while getopts 'ac:fkpt:xy' f; do
+    case "$f" in
+    a) ALLCHROOTS='y';;
+    c) CHROOTS="`readlink -f "$OPTARG"`";;
+    f) FORCE='y';;
+    k) SIGNAL="KILL";;
+    p) PRINT='y';;
+    t) TRIES="$OPTARG";;
+    x) EXCLUDEROOT='y';;
+    y) YES='a';;
+    \?) error 2 "$USAGE";;
+    esac
+done
+shift "$((OPTIND-1))"
+
+# Need at least one chroot listed, or -a; not both.
+if [ $# = 0 -a -z "$ALLCHROOTS" ] || [ ! $# = 0 -a -n "$ALLCHROOTS" ]; then
+    error 2 "$USAGE"
+fi
+
+# Make sure TRIES is valid
+if [ "$TRIES" = inf ]; then
+    TRIES=-1
+elif [ "$TRIES" -lt -1 ]; then
+    error 2 "$USAGE"
+fi
+
+# We need to run as root
+if [ ! "$USER" = root -a ! "$UID" = 0 ]; then
+    error 2 "$APPLICATION must be run as root."
+fi
+
+# Check if a chroot is running with this directory. We detect the
+# appropriate commands by checking if the command's parent root is not equal
+# to the pid's root. This avoids not unmounting due to a lazy-quitting
+# background application within the chroot. We also don't consider processes
+# that have a parent PID of 1 (which would mean an orphaned process in this
+# case), as enter-chroot never orphans its children, and we don't consider
+# processes that have CROUTON=CORE in the environment.
+# $1: $base; the canonicalized base path of the chroot
+# Returns: non-zero if the chroot is in use.
+checkusage() {
+    if [ -n "$FORCE" ]; then
+        return 0
+    fi
+    local b="${1%/}/" pid ppid proot prootdir root rootdir
+    for root in /proc/*/root; do
+        if [ ! -r "$root" ]; then
+            continue
+        fi
+        rootdir="`readlink -f "$root"`"
+        rootdir="${rootdir%/}/"
+        if [ "${rootdir#"$b"}" = "$rootdir" ]; then
+            continue
+        fi
+        pid="${root#/proc/}"
+        pid="${pid%/root}"
+        ppid="`ps -p "$pid" -o ppid= 2>/dev/null | sed 's/ //g'`"
+        if [ -z "$ppid" ] || [ "$ppid" -eq 1 ]; then
+            continue
+        fi
+        proot="/proc/$ppid/root"
+        if [ -r "$proot" ]; then
+            prootdir="`readlink -f "$proot"`"
+            if [ "${prootdir%/}/" = "$rootdir" ]; then
+                continue
+            fi
+        fi
+        if grep -q 'CROUTON=CORE' "/proc/$pid/environ" 2>/dev/null; then
+            continue
+        fi
+        if [ -n "$PRINT" ]; then
+            ps -p "$pid" -o pid= -o cmd= || true
+        fi
+        return 1
+    done
+    return 0
+}
+
+# If we specified all chroots, bring in all chroots.
+if [ -n "$ALLCHROOTS" ]; then
+    set -- "$CHROOTS/"*
+fi
+
+# Follows and fixes dangerous symlinks, returning the canonicalized path.
+fixabslinks() {
+    local p="$CHROOT/$1" c
+    # Follow and fix dangerous absolute symlinks
+    while c="`readlink -m "$p"`" && [ ! "$c" = "$p" ]; do
+        p="$CHROOT${c#"$CHROOT"}"
+    done
+    echo "$p"
+}
+
+# Unmount each chroot
+ret=0
+for NAME in "$@"; do
+    if [ -z "$NAME" ]; then
+        continue
+    fi
+
+    NAME="${NAME#"$CHROOTS/"}"
+
+    # Check for existence
+    CHROOT="$CHROOTS/$NAME"
+    if [ ! -d "$CHROOT" ]; then
+        echo "$CHROOT not found." 1>&2
+        ret=1
+        continue
+    fi
+
+    # Switch to the unencrypted mount for encrypted chroots.
+    if [ -f "$CHROOT/.ecryptfs" ]; then
+        CHROOT="$CHROOTS/.secure/$NAME"
+    fi
+
+    base="`readlink -f "$CHROOT"`"
+
+    if ! checkusage "$base"; then
+        echo "Not unmounting $CHROOT as another instance is using it." 1>&2
+        ret=1
+        continue
+    fi
+
+    # Kill the chroot's system dbus if one is running; failure is fine
+    env -i chroot "$CHROOT" su -s '/bin/sh' -c '
+        pidfile="/var/run/dbus/pid"
+        if [ ! -f "$pidfile" ]; then
+            exit 0
+        fi
+        pid="`cat "$pidfile"`"
+        if ! grep -q "^dbus-daemon" "/proc/$pid/cmdline" 2>/dev/null; then
+            exit 0
+        fi
+        kill $pid' - root 2>/dev/null || true
+
+    # Unmount all mounts
+    ntries=0
+    if [ -z "$EXCLUDEROOT" ]; then
+        echo "Unmounting $CHROOT..." 1>&2
+    else
+        echo "Pruning $CHROOT mounts..." 1>&2
+    fi
+    baseesc="`echo "$base" | sed 's= =//=g'`"
+
+    # Define the mountpoint filter to only unmount specific mounts.
+    # The filter is run on the escaped version of the mountpoint.
+    filter() {
+        if [ -z "$EXCLUDEROOT" ]; then
+            grep "^$baseesc\\(/.*\\)\\?\$"
+        else
+            # Don't include the base directory
+            grep "^$baseesc/."
+        fi
+    }
+
+    # Sync for safety
+    sync
+
+    # Make sure the chroot's system media bind-mount is marked as slave to avoid
+    # unmounting devices system-wide. We still want to unmount locally-mounted
+    # media, though.
+    media="`fixabslinks '/var/host/media'`"
+    if mountpoint -q "$media"; then
+        mount --make-rslave "$media"
+    fi
+
+    while ! sed "s=\\\\040=//=g" /proc/mounts | cut -d' ' -f2 \
+              | filter | sed 's=//= =g' | xargs --no-run-if-empty -d '
+' -n 50 umount 2>/dev/null; do
+        if [ "$ntries" -eq "$TRIES" ]; then
+            # Send signal to all processes running under the chroot
+            # ...but confirm first.
+            printonly=''
+            if [ "${YES#[Aa]}" = "$YES" ]; then
+                echo -n "Failed to unmount $CHROOT. Kill processes? [a/k/y/p/N] " 1>&2
+                read YES
+                if [ ! "${YES#[Kk]}" = "$YES" ]; then
+                    SIGNAL='KILL'
+                elif [ ! "${YES#[Pp]}" = "$YES" ]; then
+                    printonly=y
+                elif [ "${YES#[AaYy]}" = "$YES" ]; then
+                    echo "Skipping unmounting of $CHROOT" 1>&2
+                    ret=1
+                    break
+                fi
+            fi
+            if [ -z "$printonly" ]; then
+                echo "Sending SIG$SIGNAL to processes under $CHROOT..." 1>&2
+            fi
+            for root in /proc/*/root; do
+                if [ ! -r "$root" ] \
+                        || [ ! "`readlink -f "$root"`" = "$base" ]; then
+                    continue
+                fi
+                pid="${root#/proc/}"
+                pid="${pid%/root}"
+                if [ -z "$FORCE" ] \
+                        && grep -q 'CROUTON=CORE' \
+                                   "/proc/$pid/environ" 2>/dev/null; then
+                    continue
+                fi
+                if [ -n "${printonly:-"$PRINT"}" ]; then
+                    ps -p "$pid" -o pid= -o cmd= || true
+                fi
+                if [ -z "$printonly" ]; then
+                    kill "-$SIGNAL" "$pid" 2>/dev/null || true
+                fi
+            done
+
+            # Escalate
+            if [ ! "${YES#[Aa]}" = "$YES" ]; then
+                SIGNAL='KILL'
+            fi
+
+            if [ -z "$printonly" ]; then
+                ntries=0
+            fi
+        else
+            ntries="$((ntries+1))"
+        fi
+        sleep 1
+        if ! checkusage "$base"; then
+            echo "Aborting unmounting $CHROOT as another instance has begun using it." 1>&2
+            ret=1
+            break
+        fi
+    done
+
+    # More sync for more safety
+    sync
+done
+
+# Re-disable USB persistence (the Chromium OS default) if we no longer
+# have chroots running with a root in removable media
+if checkusage /media; then
+    for usbp in /sys/bus/usb/devices/*/power/persist; do
+        if [ -e "$usbp" ]; then
+            echo 0 > "$usbp"
+        fi
+    done
+fi
+
+exit $ret