From 6c3dd634ef79eea8309f6c894500bd9359e9a5e6 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 18 Mar 2021 20:02:06 +0300 Subject: [PATCH] google-guest-agent: init at 20220104.00 --- .../google-guest-agent/default.nix | 53 ++++++++++++++++++ .../disable-etc-mutation.patch | 54 +++++++++++++++++++ .../google-guest-agent/fix-paths.patch | 43 +++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 4 files changed, 152 insertions(+) create mode 100644 pkgs/tools/virtualization/google-guest-agent/default.nix create mode 100644 pkgs/tools/virtualization/google-guest-agent/disable-etc-mutation.patch create mode 100644 pkgs/tools/virtualization/google-guest-agent/fix-paths.patch diff --git a/pkgs/tools/virtualization/google-guest-agent/default.nix b/pkgs/tools/virtualization/google-guest-agent/default.nix new file mode 100644 index 000000000000..a4ebd2db8f54 --- /dev/null +++ b/pkgs/tools/virtualization/google-guest-agent/default.nix @@ -0,0 +1,53 @@ +{ buildGoModule, fetchFromGitHub, fetchpatch, lib, coreutils, makeWrapper +, google-guest-configs, google-guest-oslogin, iproute2, dhcp, procps +}: + +buildGoModule rec { + pname = "guest-agent"; + version = "20220104.00"; + + src = fetchFromGitHub { + owner = "GoogleCloudPlatform"; + repo = pname; + rev = version; + sha256 = "sha256-BC2qpnGJU/D0z8jlmAEwvmFwBk1n0ZvqPBB6Zon9N/U="; + }; + + vendorSha256 = "sha256-YcWKSiN715Z9lmNAQx+sHEgxWnhFhenCNXBS7gdMV4M="; + + patches = [ ./disable-etc-mutation.patch ]; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + substitute ${./fix-paths.patch} fix-paths.patch \ + --subst-var out \ + --subst-var-by true "${coreutils}/bin/true" + patch -p1 < ./fix-paths.patch + ''; + + # We don't add `shadow` here; it's added to PATH if `mutableUsers` is enabled. + binPath = lib.makeBinPath [ google-guest-configs google-guest-oslogin iproute2 dhcp procps ]; + + # Skip tests which require networking. + preCheck = '' + rm google_guest_agent/wsfc_test.go + ''; + + postInstall = '' + mkdir -p $out/etc/systemd/system + cp *.service $out/etc/systemd/system + install -Dm644 instance_configs.cfg $out/etc/default/instance_configs.cfg + + wrapProgram $out/bin/google_guest_agent \ + --prefix PATH ":" "$binPath" + ''; + + meta = with lib; { + homepage = "https://github.com/GoogleCloudPlatform/guest-agent"; + description = "Guest Agent for Google Compute Engine"; + license = licenses.asl20; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/tools/virtualization/google-guest-agent/disable-etc-mutation.patch b/pkgs/tools/virtualization/google-guest-agent/disable-etc-mutation.patch new file mode 100644 index 000000000000..fe076baacd20 --- /dev/null +++ b/pkgs/tools/virtualization/google-guest-agent/disable-etc-mutation.patch @@ -0,0 +1,54 @@ +From 2e8060f9ade13ba18ae5930c0781227bfcce11a5 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Mon, 10 Jan 2022 22:16:38 +0300 +Subject: [PATCH] Disable accounts setup phase and oslogin + +On NixOS we set up necessary groups and sudoers rules declaratively, +and have most of `/etc` directory read-only. This creates (harmless) +error messages when trying to create google-sudoers file. + +"oslogin" daemon sets up configuration necessary for OS Login to +work, including PAM, NSS and sudoers. On NixOS we perform all this +configuration declaratively and have most of /etc mounted read-only. +This creates (harmless) error messages when running the daemon. +--- + google_guest_agent/non_windows_accounts.go | 9 --------- + google_guest_agent/oslogin.go | 2 +- + 2 files changed, 1 insertion(+), 10 deletions(-) + +diff --git a/google_guest_agent/non_windows_accounts.go b/google_guest_agent/non_windows_accounts.go +index 81013e3..05b830f 100644 +--- a/google_guest_agent/non_windows_accounts.go ++++ b/google_guest_agent/non_windows_accounts.go +@@ -104,15 +104,6 @@ func (a *accountsMgr) set() error { + sshKeys = make(map[string][]string) + } + +- logger.Debugf("create sudoers file if needed") +- if err := createSudoersFile(); err != nil { +- logger.Errorf("Error creating google-sudoers file: %v.", err) +- } +- logger.Debugf("create sudoers group if needed") +- if err := createSudoersGroup(); err != nil { +- logger.Errorf("Error creating google-sudoers group: %v.", err) +- } +- + mdkeys := newMetadata.Instance.Attributes.SSHKeys + if !newMetadata.Instance.Attributes.BlockProjectKeys { + mdkeys = append(mdkeys, newMetadata.Project.Attributes.SSHKeys...) +diff --git a/google_guest_agent/oslogin.go b/google_guest_agent/oslogin.go +index d05f733..980e84c 100644 +--- a/google_guest_agent/oslogin.go ++++ b/google_guest_agent/oslogin.go +@@ -76,7 +76,7 @@ func (o *osloginMgr) timeout() bool { + } + + func (o *osloginMgr) disabled(os string) bool { +- return os == "windows" ++ return true + } + + func (o *osloginMgr) set() error { +-- +2.34.1 + diff --git a/pkgs/tools/virtualization/google-guest-agent/fix-paths.patch b/pkgs/tools/virtualization/google-guest-agent/fix-paths.patch new file mode 100644 index 000000000000..07bb112ae289 --- /dev/null +++ b/pkgs/tools/virtualization/google-guest-agent/fix-paths.patch @@ -0,0 +1,43 @@ +diff --git a/google-guest-agent.service b/google-guest-agent.service +index 79b8e39..a39097b 100644 +--- a/google-guest-agent.service ++++ b/google-guest-agent.service +@@ -14,7 +14,7 @@ PartOf=network.service networking.service NetworkManager.service systemd-network + + [Service] + Type=notify +-ExecStart=/usr/bin/google_guest_agent ++ExecStart=@out@/bin/google_guest_agent + OOMScoreAdjust=-999 + Restart=always + +diff --git a/google-shutdown-scripts.service b/google-shutdown-scripts.service +index 16bb9c2..ae02067 100644 +--- a/google-shutdown-scripts.service ++++ b/google-shutdown-scripts.service +@@ -5,10 +5,10 @@ After=network-online.target rsyslog.service + + [Service] + Type=oneshot +-ExecStart=/bin/true ++ExecStart=@true@ + RemainAfterExit=true + # This service does nothing on start, and runs shutdown scripts on stop. +-ExecStop=/usr/bin/google_metadata_script_runner shutdown ++ExecStop=@out@/bin/google_metadata_script_runner shutdown + TimeoutStopSec=0 + KillMode=process + +diff --git a/google-startup-scripts.service b/google-startup-scripts.service +index dfc9838..2465265 100644 +--- a/google-startup-scripts.service ++++ b/google-startup-scripts.service +@@ -6,7 +6,7 @@ Before=apt-daily.service + + [Service] + Type=oneshot +-ExecStart=/usr/bin/google_metadata_script_runner startup ++ExecStart=@out@/bin/google_metadata_script_runner startup + #TimeoutStartSec is ignored for Type=oneshot service units. + KillMode=process + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 266a2c92a542..254978860704 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6109,6 +6109,8 @@ with pkgs; google-java-format = callPackage ../development/tools/google-java-format { }; + google-guest-agent = callPackage ../tools/virtualization/google-guest-agent { }; + gdown = with python3Packages; toPythonApplication gdown; gopro = callPackage ../tools/video/gopro { };