calamares/src/modules/initcpio/InitcpioJob.cpp

/* === This file is part of Calamares - <https://calamares.io> ===
 *
 *   SPDX-FileCopyrightText: 2019 Adriaan de Groot <groot@kde.org>
 *   SPDX-FileCopyrightText: 2022 Evan James <dalto@fastmail.com>
 *   SPDX-License-Identifier: GPL-3.0-or-later
 *
 *   Calamares is Free Software: see the License-Identifier above.
 *
 */

#include "InitcpioJob.h"

#include "utils/CalamaresUtilsSystem.h"
#include "utils/Logger.h"
#include "utils/UMask.h"
#include "utils/Variant.h"

#include <QDir>
#include <QFile>

InitcpioJob::InitcpioJob( QObject* parent )
    : Calamares::CppJob( parent )
{
}

InitcpioJob::~InitcpioJob() {}


QString
InitcpioJob::prettyName() const
{
    return tr( "Creating initramfs with mkinitcpio." );
}

/** @brief Sets secure permissions on each initramfs
 *
 * Iterates over each initramfs contained directly in the directory @p d.
 * For each initramfs found, the permissions are set to owner read/write only.
 *
 */
void
fixPermissions( const QDir& d )
{
    const auto initramList = d.entryInfoList( { "initramfs*" }, QDir::Files );
    for ( const auto& fi : initramList )
    {
        QFile f( fi.absoluteFilePath() );
        if ( f.exists() )
        {
            cDebug() << "initcpio setting permissions for" << f.fileName();
            f.setPermissions( QFileDevice::ReadOwner | QFileDevice::WriteOwner );
        }
    }
}

Calamares::JobResult
InitcpioJob::exec()
{
    CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe );

    if ( m_unsafe )
    {
        cDebug() << "Skipping mitigations for unsafe initramfs permissions.";
    }
    else
    {
        QDir d( CalamaresUtils::System::instance()->targetPath( "/boot" ) );
        if ( d.exists() )
        {
            fixPermissions( d );
        }
    }

    // If the kernel option isn't set to a specific kernel, run mkinitcpio on all kernels
    QStringList command = { "mkinitcpio" };
    if ( m_kernel.isEmpty() || m_kernel == "all" )
    {
        command.append( "-P" );
    }
    else
    {
        command.append( { "-p", m_kernel } );
    }

    cDebug() << "Updating initramfs with kernel" << m_kernel;
    auto r = CalamaresUtils::System::instance()->targetEnvCommand( command, QString(), QString() /* no timeout , 0 */ );
    return r.explainProcess( "mkinitcpio", std::chrono::seconds( 10 ) /* fake timeout */ );
}

void
InitcpioJob::setConfigurationMap( const QVariantMap& configurationMap )
{
    m_kernel = CalamaresUtils::getString( configurationMap, "kernel" );

    m_unsafe = CalamaresUtils::getBool( configurationMap, "be_unsafe", false );
}

CALAMARES_PLUGIN_FACTORY_DEFINITION( InitcpioJobFactory, registerPlugin< InitcpioJob >(); )
REUSE: Giant boilerplate cleanup - point to main Calamares site in the 'part of' headers instead of to github (this is the "this file is part of Calamares" opening line for most files). - remove boilerplate from all source files, CMake modules and completions, this is the 3-paragraph summary of the GPL-3.0-or-later, which has a meaning entirely covered by the SPDX tag. 2020-08-25 16:05:56 +02:00			`/* === This file is part of Calamares - <https://calamares.io> ===`
[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`*`
REUSE: (GPL-3.0-or-later) C++ modules 2020-08-22 01:19:58 +02:00			`* SPDX-FileCopyrightText: 2019 Adriaan de Groot <groot@kde.org>`
[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`* SPDX-FileCopyrightText: 2022 Evan James <dalto@fastmail.com>`
REUSE: (GPL-3.0-or-later) C++ modules 2020-08-22 01:19:58 +02:00			`* SPDX-License-Identifier: GPL-3.0-or-later`
[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`*`
REUSE: Giant boilerplate cleanup - point to main Calamares site in the 'part of' headers instead of to github (this is the "this file is part of Calamares" opening line for most files). - remove boilerplate from all source files, CMake modules and completions, this is the 3-paragraph summary of the GPL-3.0-or-later, which has a meaning entirely covered by the SPDX tag. 2020-08-25 16:05:56 +02:00			`* Calamares is Free Software: see the License-Identifier above.`
[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`*`
			`*/`

			`#include "InitcpioJob.h"`

			`#include "utils/CalamaresUtilsSystem.h"`
			`#include "utils/Logger.h"`
			`#include "utils/UMask.h"`
			`#include "utils/Variant.h"`

[initcpio] Improve security by making initramfs files not world-readable 2019-07-05 13:17:55 +02:00			`#include <QDir>`
			`#include <QFile>`

[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`InitcpioJob::InitcpioJob( QObject* parent )`
			`: Calamares::CppJob( parent )`
			`{`
			`}`

			`InitcpioJob::~InitcpioJob() {}`


			`QString`
			`InitcpioJob::prettyName() const`
			`{`
			`return tr( "Creating initramfs with mkinitcpio." );`
			`}`

[initcpio] Minor documentation updates 2022-01-01 19:14:42 +01:00			`/** @brief Sets secure permissions on each initramfs`
[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`*`
			`* Iterates over each initramfs contained directly in the directory @p d.`
			`* For each initramfs found, the permissions are set to owner read/write only.`
			`*`
			`*/`
[initcpio] Simple test for fixPermissions() 2019-07-05 13:28:32 +02:00			`void`
[initcpio] Improve security by making initramfs files not world-readable 2019-07-05 13:17:55 +02:00			`fixPermissions( const QDir& d )`
			`{`
[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`const auto initramList = d.entryInfoList( { "initramfs*" }, QDir::Files );`
			`for ( const auto& fi : initramList )`
[initcpio] Improve security by making initramfs files not world-readable 2019-07-05 13:17:55 +02:00			`{`
			`QFile f( fi.absoluteFilePath() );`
			`if ( f.exists() )`
			`{`
[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`cDebug() << "initcpio setting permissions for" << f.fileName();`
[initcpio] Improve security by making initramfs files not world-readable 2019-07-05 13:17:55 +02:00			`f.setPermissions( QFileDevice::ReadOwner \| QFileDevice::WriteOwner );`
			`}`
			`}`
			`}`
[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00
			`Calamares::JobResult`
			`InitcpioJob::exec()`
			`{`
			`CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe );`

[initcpio] [initramfs] Allow turning off CVE mitigations - The mitigations are slightly intrusive, and may clash with other, similar mitigations (especially for initramfs, the recommended solution is to configure the system with the snippet outside of Calamares). 2019-07-06 00:04:16 +02:00			`if ( m_unsafe )`
[initcpio] Improve security by making initramfs files not world-readable 2019-07-05 13:17:55 +02:00			`{`
[initcpio] [initramfs] Allow turning off CVE mitigations - The mitigations are slightly intrusive, and may clash with other, similar mitigations (especially for initramfs, the recommended solution is to configure the system with the snippet outside of Calamares). 2019-07-06 00:04:16 +02:00			`cDebug() << "Skipping mitigations for unsafe initramfs permissions.";`
[initcpio] Improve security by making initramfs files not world-readable 2019-07-05 13:17:55 +02:00			`}`
[initcpio] [initramfs] Allow turning off CVE mitigations - The mitigations are slightly intrusive, and may clash with other, similar mitigations (especially for initramfs, the recommended solution is to configure the system with the snippet outside of Calamares). 2019-07-06 00:04:16 +02:00			`else`
			`{`
			`QDir d( CalamaresUtils::System::instance()->targetPath( "/boot" ) );`
			`if ( d.exists() )`
			`{`
			`fixPermissions( d );`
			`}`
			`}`

[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`// If the kernel option isn't set to a specific kernel, run mkinitcpio on all kernels`
[initcpio] Spell mkinitcpio properly 2022-01-01 17:48:48 +01:00			`QStringList command = { "mkinitcpio" };`
[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`if ( m_kernel.isEmpty() \|\| m_kernel == "all" )`
			`{`
			`command.append( "-P" );`
			`}`
			`else`
			`{`
			`command.append( { "-p", m_kernel } );`
			`}`

[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`cDebug() << "Updating initramfs with kernel" << m_kernel;`
[initcpio] Make implementation match config description and remove broken uname option 2022-01-01 17:05:00 +01:00			`auto r = CalamaresUtils::System::instance()->targetEnvCommand( command, QString(), QString() /* no timeout , 0 */ );`
Modules: chase API change, use std::chrono::seconds 2019-08-01 22:59:06 +02:00			`return r.explainProcess( "mkinitcpio", std::chrono::seconds( 10 ) /* fake timeout */ );`
[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`}`

			`void`
			`InitcpioJob::setConfigurationMap( const QVariantMap& configurationMap )`
			`{`
			`m_kernel = CalamaresUtils::getString( configurationMap, "kernel" );`
[initcpio] [initramfs] Allow turning off CVE mitigations - The mitigations are slightly intrusive, and may clash with other, similar mitigations (especially for initramfs, the recommended solution is to configure the system with the snippet outside of Calamares). 2019-07-06 00:04:16 +02:00
			`m_unsafe = CalamaresUtils::getBool( configurationMap, "be_unsafe", false );`
[initcpio] Replace Python implementation with C++ - This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for something) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190 2019-07-04 20:21:13 +02:00			`}`

			`CALAMARES_PLUGIN_FACTORY_DEFINITION( InitcpioJobFactory, registerPlugin< InitcpioJob >(); )`