build: allow to define additional configs #728
Conversation
|
Please fix the failing test. |
a-gave
force-pushed
the
feat/allow-to-define-additional-configs
branch
from
3ef4de3 to
60b45b9
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #728 +/- ##
==========================================
+ Coverage 80.94% 86.70% +5.75%
==========================================
Files 15 15
Lines 976 985 +9
==========================================
+ Hits 790 854 +64
+ Misses 186 131 -55 ☔ View full report in Codecov by Sentry. |
aparcar
force-pushed
the
feat/allow-to-define-additional-configs
branch
from
60b45b9 to
88f632b
Compare
|
What is the status of this PR? |
|
I'm not a huge fan to allow arbitrary changes but since we moved into containers, it might be fine. Is anyone interested in using this? |
a-gave
force-pushed
the
feat/allow-to-define-additional-configs
branch
from
88f632b to
b81385f
Compare
|
Hi, rebased on current Git HEAD, let me know if there is any interest on this, and/or if there are things that should be improved. I would still be interested. |
a-gave
force-pushed
the
feat/allow-to-define-additional-configs
branch
from
b81385f to
e8cede9
Compare
|
Should we add a configuration which sets specific CONFIG options which are allowed? I'm a bit unsure this doesn't cause any issues down the road. For example you could simply bypass the root filesystem size limitation of rootfs_size_mb and set it to 100GB, filling up the servers storage... |
a-gave
force-pushed
the
feat/allow-to-define-additional-configs
branch
from
e8cede9 to
858b0f7
Compare
Thanks, this make a lot of sense, I've pushed some modifications to have an allow-list of configs, stored in settings. |
a-gave
force-pushed
the
feat/allow-to-define-additional-configs
branch
from
858b0f7 to
8d010b4
Compare
|
pushed fixes on formatting (https://github.com/openwrt/asu/actions/runs/12634720904) |
|
@efahl what do you think about this? |
|
I'd say before proceeding that a clear case needs to be made for the specific config vars of interest, and that each would need a good description as to effects and possible issues. (If, for example, CONFIG_TARGET_ROOTFS_TARGZ is disabled, will that create huge uncompressed images that fill the server?) And, if there is a good case to be made for specific ones, they should be incorporated into the imagebuilder first, exposing them just as ROOTFS_PARTSIZE and EXTRA_IMAGE_NAME are... But, I'm curious what ASU clients would use this? And for some of the values, I think it would cause the client some problems. For example, if you change the rootfs to |
| @@ -243,6 +260,21 @@ def build(build_request: BuildRequest, job=None): | |||
| packages_hash: str = get_packages_hash(manifest.keys()) | |||
| log.debug(f"Packages Hash: {packages_hash}") | |||
|
|
|||
| if build_request.configs: | |||
| log.info("Appling local configs") | |||
| "sh", | ||
| "-c", | ||
| ( | ||
| "for config in $(grep '#' .config_local | awk '{print $2}'); do sed -i 's/'$config'.*//' .config ; done; cat .config_local >> .config" |
There was a problem hiding this comment.
Why not do this filtering when you are creating the .config_local file?
| @@ -17,6 +17,10 @@ | |||
| get_request_hash, | |||
| ) | |||
|
|
|||
| import re | |||
|
|
|||
| configs_extract = r"^# (CONFIG_[\w_.-]) is not set|(CONFIG_[\w_.-]+)" | |||
There was a problem hiding this comment.
Shouldn't the second clause also be anchored? As is, the second clause matches anywhere in the line.
| for config in build_request.configs: | ||
| config_key = re.search(configs_extract, config) | ||
| if config_key[0] not in settings.configs_allowed: | ||
| return validation_failure("Illegal config requested: {config_key[0]}") |
There was a problem hiding this comment.
Should be an f-string to evaluate the expression.
| Returns: | ||
| str: hash of `req` | ||
| """ | ||
| return get_str_hash(" ".join(sorted(list(set(configs))))) |
There was a problem hiding this comment.
You could leave out that extra list call, just say sorted(set( as that has the same effect and eliminates an extra list-ification.
|
After sleeping on this, I think this is inappropriate for inclusion in the server. The philosophy of ASU server should be to provide a robust, secure solution for assembling images with as little attack surface as possible. This would add a little used hole in the API for no benefit to the existing ASU clients. If a person wants to change imagebuilder config, they are already sophisticated enough to do so without involving the ASU server. |
Thanks also for the reviews, I agree with that, and with considerations on asu. I will continue for a while to use a fork that does that. But I'm actually interested in the first two options, the others were added as possibilities that were present, but didn't generate interest, so I think they are not used, and at the limit as you say should be added to the imagebuilder. I had missed then that the use of JFF2 is also discouraged. [0] [0] https://openwrt.org/docs/techref/filesystems#can_we_switch_the_filesystem_to_be_entirely_jffs2 |
|
If you do end up submitting something for imagebuilder to directly support your usage, tag me on the PR. I'd be glad to review and if it's accepted, then get it into ASU. |
This introduces the possibility of passing additional configs to the request.
Only the few not related to kernel/packages, as they are not recompiled by the imagebuilder, would make sense.
For example, to request a specific name/number for a firmware image:
Or to request a format other than the default format for the output firmware image, for example: