Add a light data version in the Cython+ filesystem scanner. Change minor elements or various files.

dracut.module/90metadata-collect/flb.conf

@@ -14,4 +14,4 @@
   buffer_type memory
   flush_interval 60s
   disable_retry_limit true
-  reference test_server
+  reference c-light-data_02

dracut.module/collect-sh-template.mk

@@ -3,6 +3,8 @@ define collect_sh :=
 
 . /lib/dracut-lib.sh
 
+>&2 echo "$$NEWROOT"
+sleep 10
 
 /sbin/metadata-collect-agent "$$NEWROOT"
 

install.sh

@@ -90,8 +90,8 @@ if [ ! -e /etc/uefi-key/db.crt ]; then
   openssl req -newkey rsa:2048 -nodes -keyout /etc/uefi-key/db.key -new -x509 -sha256 -days 36500 -subj "/CN=TEST" -out /etc/uefi-key/db.crt
   openssl x509 -outform DER -in /etc/uefi-key/db.crt -out /etc/uefi-key/db.cer
 fi
-'
-source secure-boot-automation.sh
+#'
+#source secure-boot-automation.sh
 
 rm -rf dracut_tmp
 mkdir dracut_tmp
@@ -113,4 +113,4 @@ cp /etc/uefi-key/db.cer /EFI/db.cer
 cp /etc/uefi-key/db.cer /boot/efi/db.cer
 uefi=$(ls /EFI/Linux)
 
-efibootmgr --quiet --create --disk ${disk_info_list[3]} --label 'debian UEFI wrong keys' --loader /EFI/Linux/$uefi
+efibootmgr --quiet --create --disk ${disk_info_list[3]} --label 'debian UEFI test_root' --loader /EFI/Linux/$uefi

scan-filesystem/cython/command-line.main.pyx

@@ -80,13 +80,14 @@ cdef cypclass DirNode(Node):
         if ignore_paths is not NULL:
             if self.path in ignore_paths:
                 return
-
+        
         if dev_whitelist is not NULL:
             if self.st is NULL:
                 return
+            #""" temporarily desabling white list
             elif not self.st.st_data.st_dev in dev_whitelist:
                 return
-
+            #"""
         d = opendir(self.path.c_str())
         if d is not NULL:
             while 1:
@@ -247,7 +248,7 @@ cdef int start(const char *path) nogil:
     cdef pid_t child_pid = -1 # DEBUG
     child_pid = fork() # DEBUG
     cdef int err
-    cdef char ip_address[100]
+    #cdef char ip_address[100]
     #cdef FILE *address_path = fopen("/sys/class/net/ens3/address", "r")
     if child_pid == 0:  # CHILD
         err = execlp("flb/fluent-bit", program_name, arg1, arg2, arg3, arg4, 0)
@@ -268,6 +269,9 @@ cdef int start(const char *path) nogil:
         dev_whitelist_paths.append(b'.')
         dev_whitelist_paths.append(b'/')
         dev_whitelist_paths.append(b'/boot/efi')
+        dev_whitelist_paths.append(b'/root')
+        dev_whitelist_paths.append(b'/sysroot')
+        dev_whitelist_paths.append(path)
 
         dev_whitelist = cyplist[dev_t]()
         for p in dev_whitelist_paths:
@@ -290,7 +294,7 @@ cdef int start(const char *path) nogil:
         node = consume active_node
 
         #""" # DEBUG
-        result = fopen('/var/log/metadata_collect.log', 'w')
+        result = fopen('flb/metadata_collect.log', 'w')
         if result is NULL:
             fprintf(stderr, 'Error creating the log file.\n') # DEBUG
             fflush(stderr)
@@ -298,11 +302,11 @@ cdef int start(const char *path) nogil:
 
         fprintf(stderr, 'Log opened successfully.\n') # DEBUG
 
-        fprintf(stderr, 'WRITE_NOTE STAGE\n\n') # DEBUG
+        fprintf(stderr, "WRITE_NOTE STAGE\n\n") # DEBUG
 
-        #fscanf(address_path, "%s", ip_address) # ADDRESS
-        #fclose(address_path) # ADDRESS
-        #fprintf(result, '{"mac_address": "%s"}\n', ip_address) # ADDRESS
+        #fscanf(address_path, "%s", ip_address)
+        #fclose(address_path)
+        #fprintf(result, '{"mac_address": "%s"}\n', ip_address)
         node.write_node(result)
         fprintf(result, '{}\n')
         fprintf(result, 'fluentbit_end\n')
@@ -319,8 +323,11 @@ cdef int start(const char *path) nogil:
 
         return 0
 
-cdef public int main() nogil:
-    return start(<char*>'/')
+cdef public int main(int argc, char* argv[]) nogil:
+    if argc >= 2:
+        return start(<char*>argv[1])
+    else:
+        return start(<char*>'/')
 
 #def python_main():
 #    start(<char*>'.')

scan-filesystem/cython/main.pyx

 # distutils: language = c++
 
+# TODO:
+# + take the needed hashes (and more broadly, the needed informations) as a parameter
+
 from libcythonplus.list cimport cyplist
 
 from libc.stdio cimport fprintf, fopen, fclose, fread, fwrite, FILE, stdout, stderr, printf, ferror, fscanf, fflush
@@ -40,10 +43,17 @@ cdef cypclass Node activable:
         pass
 
     void format_node(self):
+        #''' light data version
+        self.formatted = sprintf("""{"path": "%s"}\n""",
+            self.path,
+        )
+        #'''
+        ''' full data version
         self.formatted = sprintf("""{"path": "%s", "stat": %s}\n""",
             self.path,
             self.st.to_json(),
         )
+        #'''
 
     void write_node(self, FILE * stream):
         # abstract
@@ -84,7 +94,7 @@ cdef cypclass DirNode(Node):
         if dev_whitelist is not NULL:
             if self.st is NULL:
                 return
-            #""" temporarily desabling white list
+            """ temporarily desabling white list
             elif not self.st.st_data.st_dev in dev_whitelist:
                 return
             #"""
@@ -114,10 +124,17 @@ cdef cypclass DirNode(Node):
             active_child.build_node(NULL, dev_whitelist, ignore_paths)
 
     void format_node(self):
+        #''' light data version
+        self.formatted = sprintf("""{"path": "%s/"}\n""",
+            self.path,
+        )
+        #'''
+        ''' full data version
         self.formatted = sprintf("""{"path": "%s/", "stat": %s}\n""",
             self.path,
             self.st.to_json(),
         )
+        #'''
 
     void write_node(self, FILE * stream):
         fwrite(self.formatted.data(), 1, self.formatted.size(), stream)
@@ -194,6 +211,13 @@ cdef cypclass FileNode(Node):
         if self.error:
             Node.format_node(self)
         else:
+            #''' light data version
+            self.formatted = sprintf("""{"path: "%s", "hash": {"md5": "%s"}}\n""",
+                self.path,
+                self.md5_data,
+            )
+            #'''
+            ''' full data version
             self.formatted = sprintf("""{"path": "%s", "stat": %s, "hash": {"md5": "%s", "sha1": "%s", "sha256": "%s", "sha512": "%s"}}\n""",
                 self.path,
                 self.st.to_json(),
@@ -202,6 +226,7 @@ cdef cypclass FileNode(Node):
                 self.sha256_data,
                 self.sha512_data,
             )
+            #'''
 
     void write_node(self, FILE * stream):
         fwrite(self.formatted.data(), 1, self.formatted.size(), stream)
@@ -223,11 +248,19 @@ cdef cypclass SymlinkNode(Node):
         if self.error:
             Node.format_node(self)
         else:
+            #''' light data version
+            self.formatted = sprintf("""{"path": "%s", "target": "%s"}\n""",
+                self.path,
+                self.target,
+            )
+            #'''
+            ''' full data version
             self.formatted = sprintf("""{"path": "%s", "stat": %s, "target": "%s"}\n""",
-            self.path,
-            self.st.to_json(),
-            self.target,
-        )
+                self.path,
+                self.st.to_json(),
+                self.target,
+            )
+            #'''
 
     void write_node(self, FILE * stream):
         fwrite(self.formatted.data(), 1, self.formatted.size(), stream)

scan-filesystem/cython/uefi.main.pyx

@@ -80,13 +80,14 @@ cdef cypclass DirNode(Node):
         if ignore_paths is not NULL:
             if self.path in ignore_paths:
                 return
-
+        
         if dev_whitelist is not NULL:
             if self.st is NULL:
                 return
+            #""" temporarily desabling white list
             elif not self.st.st_data.st_dev in dev_whitelist:
                 return
-
+            #"""
         d = opendir(self.path.c_str())
         if d is not NULL:
             while 1:
@@ -267,7 +268,8 @@ cdef int start(const char *path) nogil:
         dev_whitelist_paths = cyplist[string]()
         dev_whitelist_paths.append(b'.')
         dev_whitelist_paths.append(b'/')
-        dev_whitelist_paths.append(b'/boot')
+        dev_whitelist_paths.append(b'/boot/efi')
+        dev_whitelist_paths.append(b'/root')
 
         dev_whitelist = cyplist[dev_t]()
         for p in dev_whitelist_paths:
@@ -276,8 +278,6 @@ cdef int start(const char *path) nogil:
                 p_dev = p_stat.st_data.st_dev
                 dev_whitelist.append(p_dev)
        
-        fprintf(stderr, "test 001\n") # DEBUG
-        fflush(stderr) # DEBUG
         realpath(path, resolved_path)
         fprintf(stderr, resolved_path) # DEBUG
         fprintf(stderr, "\n") # DEBUG
@@ -286,18 +286,9 @@ cdef int start(const char *path) nogil:
         if node is NULL:
             return -1
 
-        fprintf(stderr, "test 002\n") # DEBUG
-        fflush(stderr) # DEBUG
-
         active_node = activate(consume node)
-        fprintf(stderr, 'test 003\n') # DEBUG
-        fflush(stderr) # DEBUG
         active_node.build_node(NULL, consume dev_whitelist, consume ignore_paths)
-        fprintf(stderr, 'test 004\n') # DEBUG
-        fflush(stderr) # DEBUG
         scheduler.finish()
-        fprintf(stderr, 'test 005\n') # DEBUG
-        fflush(stderr) # DEBUG
         node = consume active_node
 
         #""" # DEBUG
@@ -331,7 +322,7 @@ cdef int start(const char *path) nogil:
         return 0
 
 cdef public int main() nogil:
-    return start(<char*>'.')
+    return start(<char*>'/')
 
 #def python_main():
 #    start(<char*>'.')

secure-boot-automation.sh

@@ -4,7 +4,7 @@
 
 
 ## KEYS CREATION
-
+if false; then # DEBUG
 rm -rf secure-boot-automation
 mkdir -p secure-boot-automation
 cd secure-boot-automation
@@ -41,12 +41,13 @@ sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
                   -k KEK.key -c KEK.crt db DB.esl DB.auth
 
 chmod 0600 *.key
-
+fi # DEBUG
 if [ ! -e /etc/uefi-key/db.crt ]; then
   cp DB.crt /etc/uefi-key/db.crt
   cp DB.cer /etc/uefi-key/db.cer
+  cp DB.key /etc/uefi-key/db.key
 fi
-
+if false; then # DEBUG
 
 ## SECURE BOOT SETUP
 
@@ -54,3 +55,5 @@ fi
 efi-updatevar -f PK.auth PK
 efi-updatevar -a -c KEK.crt -k PK.key KEK
 efi-updatevar -a -c DB.crt -k KEK.key db
+fi # DEBUG
+cd ..