From ac0b635f9183671e5a2c3bf1888c331b719ea0dd Mon Sep 17 00:00:00 2001
From: Adam Rozman <adam.rozman@est.tech>
Date: Thu, 18 Jan 2024 13:37:38 +0200
Subject: [PATCH] add new features to file injector

This commit ads:
  - File permission support for IPA file injector
  - Adds the ability to start services on a live IPA
  - Configures file injector to run before the basic.target as this is
    a more robust way to ensure that the injector runs before IPA.

Signed-off-by: Adam Rozman <adam.rozman@est.tech>
---
 .../root.d/ipa-file-injector.service.template |  7 +--
 .../root.d/ipa-file-injector.sh               | 56 +++++++++++++------
 2 files changed, 42 insertions(+), 21 deletions(-)

diff --git a/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.service.template b/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.service.template
index 9bd4b6273..5194d11b2 100644
--- a/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.service.template
+++ b/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.service.template
@@ -1,18 +1,15 @@
 [Unit]
 Description=IPA file injection process
-Before=network-pre.target
-Wants=network-pre.target
-After=local-fs.target
+After=network-pre.target
 
 [Service]
 Type=oneshot
 User=root
 ExecStart=/usr/bin/ipa-file-injector.sh
 RemainAfterExit=true
-
 StandardOutput=journal+console
 Environment=
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=basic.target
 
diff --git a/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.sh b/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.sh
index 827e301fb..49d836f38 100755
--- a/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.sh
+++ b/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.sh
@@ -7,19 +7,43 @@ set -eu
 # config-drive.
 
 copy_files_from_drive() {
-    local MOUNT_POINT="$1"
-    local MANIFEST="$2"
-    local RETURN_VAL="0"
-    if ! [ -f "${MANIFEST}" ]; then
-	echo "ERROR: The config-drive's file injection manifest is not present here: ${MANIFEST}"
+    local mount_point="$1"
+    local manifest="$2"
+    if ! [[ -f "${manifest}" ]]; then
+        echo "ERROR: The config-drive's file injection manifest is not present here: ${manifest}"
         exit 1
     fi
-    while IFS=":" read -r src dst; do
-        if ! cp -r "${MOUNT_POINT}/${src}" "${dst}"; then
-           RETURN_VAL="1"
+    while IFS=":" read -r src dst perm; do
+        # Copy file based on manifest definition.
+        if ! cp -r "${mount_point}/${src}" "${dst}"; then
+           echo "ERROR: command 'cp -r ${mount_point}/${src} ${dst}' has failed!"
+           exit 1
         fi
-    done < "${MANIFEST}"
-    return "${RETURN_VAL}"
+        # Set permissions for newly copied file.
+        if ! chmod "${perm:-644}" "${dst}"; then
+           echo "ERROR: command 'chmod ${perm:-644} ${dst}' has failed!"
+           exit 1
+        fi
+    done < "${manifest}"
+}
+
+configure_services() {
+    local mount_point="$1"
+    local manifest="$2"
+    if ! [[ -f "${manifest}" ]]; then
+        echo "INFO: The config-drive's service configuration manifest is not present here: ${manifest}"
+        echo "INFO: skipping systemd service configuration step."
+        return 0
+    fi
+    # Refresh the list of available unit files.
+    systemctl daemon-reload
+    while IFS=":" read -r service action; do
+        # Execute state transition on service.
+        if ! systemctl "${action}" "${service}"; then
+           echo "ERROR: command 'systemctl ${action} ${service}' has failed!"
+           exit 1
+        fi
+    done < "${manifest}"
 }
 
 # In case tehre is no config-drive label specifed, the script will
@@ -30,14 +54,14 @@ copy_files_from_drive() {
 CONFIG_DRIVE_LABEL="${FILE_INJECTOR_CONFIG_DRIVE_LABEL:-}"
 MOUNT_POINT="/mnt/config"
 
-if [ -z "${CONFIG_DRIVE_LABEL}" ]; then
+if [[ -z "${CONFIG_DRIVE_LABEL}" ]]; then
     if blkid -t LABEL="config-2" ; then
         CONFIG_DRIVE_LABEL="config-2"
     elif blkid -t LABEL="CONFIG-2" ; then
         CONFIG_DRIVE_LABEL="CONFIG-2"
     else
         echo "ERROR: There is no config-drive label specified and the default label is not present!"
-	exit 1
+        exit 1
     fi
 fi
 
@@ -47,7 +71,7 @@ fi
 # blkid failures are ignored as they are handled explicitly later to help with debugging.
 mkdir -p "${MOUNT_POINT}"
 BLOCKDEV=$(blkid -L "${CONFIG_DRIVE_LABEL}") || true
-if [ -z "${BLOCKDEV}" ]; then
+if [[ -z "${BLOCKDEV}" ]]; then
     echo "ERROR: The block device with the ${CONFIG_DRIVE_LABEL} label can't be found!"
     exit 1
 fi
@@ -55,9 +79,9 @@ TYPE=$(blkid -t LABEL="${CONFIG_DRIVE_LABEL}" -s TYPE -o value || true )
 
 # Mounting won't fail if the mount already exists
 # If the mount didn't exists at all it is expected to fail in the copy_files_from_drive function
-if [ "${TYPE}" == 'vfat' ]; then
+if [[ "${TYPE}" == 'vfat' ]]; then
     mount -t vfat -o umask=0077 "${BLOCKDEV}" "${MOUNT_POINT}" || true
-elif [ "${TYPE}" == 'iso9660' ]; then
+elif [[ "${TYPE}" == 'iso9660' ]]; then
     mount -t iso9660 -o ro,mode=0700 "${BLOCKDEV}" "${MOUNT_POINT}" || true
 else
     mount -o mode=0700 "${BLOCKDEV}" "${MOUNT_POINT}" || true
@@ -65,4 +89,4 @@ fi
 
 # Execute the copying process
 copy_files_from_drive "${MOUNT_POINT}" "${MOUNT_POINT}/file_injection.manifest"
-
+configure_services "${MOUNT_POINT}" "${MOUNT_POINT}/service_config.manifest"