首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 10

崔立昊/leapp

forked from anolis/leapp 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
0006-add-check-extra-modules.patch 6.51 KB
一键复制 编辑 原始数据 按行查看 历史
Meredith 提交于 2021-08-27 10:48 . add leapp-repository related files
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
From c99b7859d72054ec070d28ea7e8123ce65d019ba Mon Sep 17 00:00:00 2001

From: Chunmei Xu <xuchunmei@openanolis.org>

Date: Thu, 17 Jun 2021 10:24:56 +0800

Subject: [PATCH 2/3] add check extra modules



`lsmod` show the active modules in current system.

we use `modinfo -F signer $module` to get signer of module,

if module is not signed by CentOS or Red Hat, then it must

be provided by third party or users.

since kernel will be updated in upgrade, extra modules may need

modify to compat with new kernel.



Signed-off-by: Chunmei Xu <xuchunmei@openanolis.org>

---

 .../el7toel8/actors/checkextramodule/actor.py | 39 +++++++++++++++++++

 .../tests/test_check_extramodules.py          | 28 +++++++++++++

 .../systemfacts/libraries/systemfacts.py      | 22 +++++------

 3 files changed, 78 insertions(+), 11 deletions(-)

 create mode 100644 repos/system_upgrade/el7toel8/actors/checkextramodule/actor.py

 create mode 100644 repos/system_upgrade/el7toel8/actors/checkextramodule/tests/test_check_extramodules.py



diff --git a/repos/system_upgrade/el7toel8/actors/checkextramodule/actor.py b/repos/system_upgrade/el7toel8/actors/checkextramodule/actor.py

new file mode 100644

index 0000000..6e74915

--- /dev/null

+++ b/repos/system_upgrade/el7toel8/actors/checkextramodule/actor.py

@@ -0,0 +1,39 @@

+from leapp.actors import Actor

+from leapp.models import ActiveKernelModulesFacts

+from leapp.tags import ChecksPhaseTag, IPUWorkflowTag

+from leapp import reporting

+from leapp.reporting import Report, create_report

+

+

+class CheckExtraModules(Actor):

+    """

+    Check if any extra modules not signed by redhat or centos.

+    

+    If the kernel module is not signed by redhat or centos, it may be provided

+    by third party or users.

+    """

+

+    name = 'check_extramodules'

+    consumes = (ActiveKernelModulesFacts,)

+    produces = (Report,)

+    tags = (ChecksPhaseTag, IPUWorkflowTag)

+

+    def process(self):

+        extra_modules = []

+        for fact in self.consume(ActiveKernelModulesFacts):

+            for active_module in fact.kernel_modules:

+                signer = str(active_module.signature)

+                if signer.find('CentOS') == -1 and signer.find('Red Hat') == -1:

+                    extra_modules.append(active_module.filename)

+

+        if list(extra_modules):

+            extra_modules_new_line = '\n'.join(['- ' + p for p in extra_modules])

+            create_report([

+                        reporting.Title('Found some active modules not signed by redhat or centos'),

+                        reporting.Summary(

+                            'The following active modules are not signed by redhat or centos, '

+                            'please make sure they can be compat with new kernel:\n{}'

+                            .format(extra_modules_new_line)

+                        ),

+                        reporting.Severity(reporting.Severity.HIGH),

+                    ])

diff --git a/repos/system_upgrade/el7toel8/actors/checkextramodule/tests/test_check_extramodules.py b/repos/system_upgrade/el7toel8/actors/checkextramodule/tests/test_check_extramodules.py

new file mode 100644

index 0000000..8f5227f

--- /dev/null

+++ b/repos/system_upgrade/el7toel8/actors/checkextramodule/tests/test_check_extramodules.py

@@ -0,0 +1,28 @@

+from leapp.snactor.fixture import current_actor_context

+from leapp.models import ActiveKernelModule, ActiveKernelModulesFacts

+from leapp.reporting import Report

+

+

+def create_modulesfacts(kernel_modules):

+    return ActiveKernelModulesFacts(kernel_modules=kernel_modules)

+

+

+def test_actor_with_extra_module(current_actor_context):

+    with_extramodules = [

+        ActiveKernelModule(filename='btrfs', parameters=[], signature=''),

+        ActiveKernelModule(filename='kvm', parameters=[], signature='')]

+

+    current_actor_context.feed(create_modulesfacts(kernel_modules=with_extramodules))

+    current_actor_context.run()

+    report_fields = current_actor_context.consume(Report)[0].report

+    assert report_fields['severity'] == 'high'

+

+

+def test_actor_without_extra_module(current_actor_context):

+    without_extramodules = [

+        ActiveKernelModule(filename='kvm_intel', parameters=[], signature='CentOS'),

+        ActiveKernelModule(filename='kvm', parameters=[], signature='Red Hat')]

+

+    current_actor_context.feed(create_modulesfacts(kernel_modules=without_extramodules))

+    current_actor_context.run()

+    assert not current_actor_context.consume(Report)

diff --git a/repos/system_upgrade/el7toel8/actors/systemfacts/libraries/systemfacts.py b/repos/system_upgrade/el7toel8/actors/systemfacts/libraries/systemfacts.py

index 072c4bf..c2be8cb 100644

--- a/repos/system_upgrade/el7toel8/actors/systemfacts/libraries/systemfacts.py

+++ b/repos/system_upgrade/el7toel8/actors/systemfacts/libraries/systemfacts.py

@@ -76,19 +76,9 @@ def _get_active_kernel_modules(logger):

     for l in lines[1:]:

         name = l.split(' ')[0]

 

-        # Read parameters of the given module as exposed by the

-        # `/sys` VFS, if there are no parameters exposed we just

-        # take the name of the module

-        base_path = '/sys/module/{module}'.format(module=name)

-        parameters_path = os.path.join(base_path, 'parameters')

-        if not os.path.exists(parameters_path):

-            yield ActiveKernelModule(filename=name, parameters=[])

-            continue

-

         # Use `modinfo` to probe for signature information

-        parameter_dict = {}

         try:

-            signature = run(['modinfo', '-F', 'signature', name], split=False)['stdout']

+            signature = run(['modinfo', '-F', 'signer', name], split=False)['stdout']

         except CalledProcessError:

             signature = None

 

@@ -97,6 +87,16 @@ def _get_active_kernel_modules(logger):

             # Remove whitspace from the signature string

             signature_string = re.sub(r"\s+", "", signature, flags=re.UNICODE)

 

+        # Read parameters of the given module as exposed by the

+        # `/sys` VFS, if there are no parameters exposed we just

+        # take the name of the module

+        base_path = '/sys/module/{module}'.format(module=name)

+        parameters_path = os.path.join(base_path, 'parameters')

+        if not os.path.exists(parameters_path):

+            yield ActiveKernelModule(filename=name, parameters=[], signature=signature_string)

+            continue

+

+        parameter_dict = {}

         # Since we're using the `/sys` VFS we need to use `os.listdir()` to get

         # all the property names and then just read from all the listed paths

         parameters = sorted(os.listdir(parameters_path))

-- 

2.29.2
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化