google-guest-agent: init at 20220104.00
This commit is contained in:
parent
554d2d8aa2
commit
6c3dd634ef
53
pkgs/tools/virtualization/google-guest-agent/default.nix
Normal file
53
pkgs/tools/virtualization/google-guest-agent/default.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ buildGoModule, fetchFromGitHub, fetchpatch, lib, coreutils, makeWrapper
|
||||||
|
, google-guest-configs, google-guest-oslogin, iproute2, dhcp, procps
|
||||||
|
}:
|
||||||
|
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "guest-agent";
|
||||||
|
version = "20220104.00";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "GoogleCloudPlatform";
|
||||||
|
repo = pname;
|
||||||
|
rev = version;
|
||||||
|
sha256 = "sha256-BC2qpnGJU/D0z8jlmAEwvmFwBk1n0ZvqPBB6Zon9N/U=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorSha256 = "sha256-YcWKSiN715Z9lmNAQx+sHEgxWnhFhenCNXBS7gdMV4M=";
|
||||||
|
|
||||||
|
patches = [ ./disable-etc-mutation.patch ];
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
substitute ${./fix-paths.patch} fix-paths.patch \
|
||||||
|
--subst-var out \
|
||||||
|
--subst-var-by true "${coreutils}/bin/true"
|
||||||
|
patch -p1 < ./fix-paths.patch
|
||||||
|
'';
|
||||||
|
|
||||||
|
# We don't add `shadow` here; it's added to PATH if `mutableUsers` is enabled.
|
||||||
|
binPath = lib.makeBinPath [ google-guest-configs google-guest-oslogin iproute2 dhcp procps ];
|
||||||
|
|
||||||
|
# Skip tests which require networking.
|
||||||
|
preCheck = ''
|
||||||
|
rm google_guest_agent/wsfc_test.go
|
||||||
|
'';
|
||||||
|
|
||||||
|
postInstall = ''
|
||||||
|
mkdir -p $out/etc/systemd/system
|
||||||
|
cp *.service $out/etc/systemd/system
|
||||||
|
install -Dm644 instance_configs.cfg $out/etc/default/instance_configs.cfg
|
||||||
|
|
||||||
|
wrapProgram $out/bin/google_guest_agent \
|
||||||
|
--prefix PATH ":" "$binPath"
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
homepage = "https://github.com/GoogleCloudPlatform/guest-agent";
|
||||||
|
description = "Guest Agent for Google Compute Engine";
|
||||||
|
license = licenses.asl20;
|
||||||
|
platforms = platforms.linux;
|
||||||
|
maintainers = with maintainers; [ abbradar ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,54 @@
|
||||||
|
From 2e8060f9ade13ba18ae5930c0781227bfcce11a5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nikolay Amiantov <ab@fmap.me>
|
||||||
|
Date: Mon, 10 Jan 2022 22:16:38 +0300
|
||||||
|
Subject: [PATCH] Disable accounts setup phase and oslogin
|
||||||
|
|
||||||
|
On NixOS we set up necessary groups and sudoers rules declaratively,
|
||||||
|
and have most of `/etc` directory read-only. This creates (harmless)
|
||||||
|
error messages when trying to create google-sudoers file.
|
||||||
|
|
||||||
|
"oslogin" daemon sets up configuration necessary for OS Login to
|
||||||
|
work, including PAM, NSS and sudoers. On NixOS we perform all this
|
||||||
|
configuration declaratively and have most of /etc mounted read-only.
|
||||||
|
This creates (harmless) error messages when running the daemon.
|
||||||
|
---
|
||||||
|
google_guest_agent/non_windows_accounts.go | 9 ---------
|
||||||
|
google_guest_agent/oslogin.go | 2 +-
|
||||||
|
2 files changed, 1 insertion(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/google_guest_agent/non_windows_accounts.go b/google_guest_agent/non_windows_accounts.go
|
||||||
|
index 81013e3..05b830f 100644
|
||||||
|
--- a/google_guest_agent/non_windows_accounts.go
|
||||||
|
+++ b/google_guest_agent/non_windows_accounts.go
|
||||||
|
@@ -104,15 +104,6 @@ func (a *accountsMgr) set() error {
|
||||||
|
sshKeys = make(map[string][]string)
|
||||||
|
}
|
||||||
|
|
||||||
|
- logger.Debugf("create sudoers file if needed")
|
||||||
|
- if err := createSudoersFile(); err != nil {
|
||||||
|
- logger.Errorf("Error creating google-sudoers file: %v.", err)
|
||||||
|
- }
|
||||||
|
- logger.Debugf("create sudoers group if needed")
|
||||||
|
- if err := createSudoersGroup(); err != nil {
|
||||||
|
- logger.Errorf("Error creating google-sudoers group: %v.", err)
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
mdkeys := newMetadata.Instance.Attributes.SSHKeys
|
||||||
|
if !newMetadata.Instance.Attributes.BlockProjectKeys {
|
||||||
|
mdkeys = append(mdkeys, newMetadata.Project.Attributes.SSHKeys...)
|
||||||
|
diff --git a/google_guest_agent/oslogin.go b/google_guest_agent/oslogin.go
|
||||||
|
index d05f733..980e84c 100644
|
||||||
|
--- a/google_guest_agent/oslogin.go
|
||||||
|
+++ b/google_guest_agent/oslogin.go
|
||||||
|
@@ -76,7 +76,7 @@ func (o *osloginMgr) timeout() bool {
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *osloginMgr) disabled(os string) bool {
|
||||||
|
- return os == "windows"
|
||||||
|
+ return true
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *osloginMgr) set() error {
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
43
pkgs/tools/virtualization/google-guest-agent/fix-paths.patch
Normal file
43
pkgs/tools/virtualization/google-guest-agent/fix-paths.patch
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
diff --git a/google-guest-agent.service b/google-guest-agent.service
|
||||||
|
index 79b8e39..a39097b 100644
|
||||||
|
--- a/google-guest-agent.service
|
||||||
|
+++ b/google-guest-agent.service
|
||||||
|
@@ -14,7 +14,7 @@ PartOf=network.service networking.service NetworkManager.service systemd-network
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
-ExecStart=/usr/bin/google_guest_agent
|
||||||
|
+ExecStart=@out@/bin/google_guest_agent
|
||||||
|
OOMScoreAdjust=-999
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
diff --git a/google-shutdown-scripts.service b/google-shutdown-scripts.service
|
||||||
|
index 16bb9c2..ae02067 100644
|
||||||
|
--- a/google-shutdown-scripts.service
|
||||||
|
+++ b/google-shutdown-scripts.service
|
||||||
|
@@ -5,10 +5,10 @@ After=network-online.target rsyslog.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
-ExecStart=/bin/true
|
||||||
|
+ExecStart=@true@
|
||||||
|
RemainAfterExit=true
|
||||||
|
# This service does nothing on start, and runs shutdown scripts on stop.
|
||||||
|
-ExecStop=/usr/bin/google_metadata_script_runner shutdown
|
||||||
|
+ExecStop=@out@/bin/google_metadata_script_runner shutdown
|
||||||
|
TimeoutStopSec=0
|
||||||
|
KillMode=process
|
||||||
|
|
||||||
|
diff --git a/google-startup-scripts.service b/google-startup-scripts.service
|
||||||
|
index dfc9838..2465265 100644
|
||||||
|
--- a/google-startup-scripts.service
|
||||||
|
+++ b/google-startup-scripts.service
|
||||||
|
@@ -6,7 +6,7 @@ Before=apt-daily.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
-ExecStart=/usr/bin/google_metadata_script_runner startup
|
||||||
|
+ExecStart=@out@/bin/google_metadata_script_runner startup
|
||||||
|
#TimeoutStartSec is ignored for Type=oneshot service units.
|
||||||
|
KillMode=process
|
||||||
|
|
|
@ -6109,6 +6109,8 @@ with pkgs;
|
||||||
|
|
||||||
google-java-format = callPackage ../development/tools/google-java-format { };
|
google-java-format = callPackage ../development/tools/google-java-format { };
|
||||||
|
|
||||||
|
google-guest-agent = callPackage ../tools/virtualization/google-guest-agent { };
|
||||||
|
|
||||||
gdown = with python3Packages; toPythonApplication gdown;
|
gdown = with python3Packages; toPythonApplication gdown;
|
||||||
|
|
||||||
gopro = callPackage ../tools/video/gopro { };
|
gopro = callPackage ../tools/video/gopro { };
|
||||||
|
|
Loading…
Reference in a new issue