From e73b73b9617fc25f27bce04d8a64ad59e43429a8 Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Tue, 25 Mar 2014 15:37:43 -0700
Subject: [PATCH] feat(app-emulation/google-daemon): initial google daemon

This installs the google_daemon to /usr/share/oem/google_daemon. The
service files are not installed but will instead be installed by the
cloud-config.yml
---
 ...xes-authorized_keys-file-permissions.patch | 40 ++++++++
 ...google-daemon-use-for-the-passwd-not.patch | 29 ++++++
 ...nager-use-CoreOS-names-and-locations.patch | 92 +++++++++++++++++++
 .../google-compute-daemon-1.1.1.ebuild        | 31 +++++++
 4 files changed, 192 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
new file mode 100644
index 0000000000..1289643af2
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
@@ -0,0 +1,40 @@
+From 6b9c8b8ae50dd3530c80fdd26fbeef7fc9ae8dff Mon Sep 17 00:00:00 2001
+From: Ferran Rodenas <frodenas@gmail.com>
+Date: Tue, 18 Feb 2014 00:21:17 -0800
+Subject: [PATCH] Fixes authorized_keys file permissions
+
+Owner and group id are not inherit when calling shutil move. This commit
+moves setting permissions logic for the authorized_keys file to be sure
+that the final destination file has the proper permissions.
+---
+ google-daemon/usr/share/google/google_daemon/accounts.py | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/google-daemon/usr/share/google/google_daemon/accounts.py b/google-daemon/usr/share/google/google_daemon/accounts.py
+index 4c572ca..6f970c4 100755
+--- a/google-daemon/usr/share/google/google_daemon/accounts.py
++++ b/google-daemon/usr/share/google/google_daemon/accounts.py
+@@ -378,10 +378,6 @@ class Accounts(object):
+       user_lines = [
+           lines[i] for i in range(len(lines)) if i not in google_added_ixs]
+ 
+-      # Make sure the keys_file has the right perms (u+rw).
+-      self.os.fchmod(keys_file.fileno(), 0600)
+-      self.os.fchown(keys_file.fileno(), uid, gid)
+-
+       # First write user's entries.
+       for user_line in user_lines:
+         keys_file.write(EnsureTrailingNewline(user_line))
+@@ -394,5 +390,9 @@ class Accounts(object):
+     # Override the old authorized keys file with the new one.
+     self.system.MoveFile(new_keys_path, authorized_keys_file)
+ 
++    # Make sure the authorized_keys_file has the right perms (u+rw).
++    self.os.chmod(authorized_keys_file, 0600)
++    self.os.chown(authorized_keys_file, uid, gid)
++
+     # Set SELinux context, if applicable to this system
+     self.SetSELinuxContext(authorized_keys_file)
+-- 
+1.8.5.2 (Apple Git-48)
+
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
new file mode 100644
index 0000000000..45aad642b9
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
@@ -0,0 +1,29 @@
+From 0243ab89cd941f15344ef03b63c96f3f0e1ffa45 Mon Sep 17 00:00:00 2001
+From: Brandon Philips <brandon@ifup.co>
+Date: Tue, 1 Apr 2014 11:51:13 -0700
+Subject: [PATCH] fix(google-daemon): use * for the passwd not !
+
+useradd defaults to using ! as the "locked" password marker.
+Unfortunatly, openssh interprets this to mean that it shouldn't let the
+user in via ssh if PAM is missing. Work around this by using the *
+marker which also means locked but is allowed by openssh.
+---
+ google-daemon/usr/share/google/google_daemon/utils.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/google-daemon/usr/share/google/google_daemon/utils.py b/google-daemon/usr/share/google/google_daemon/utils.py
+index 0f17f34..371034d 100755
+--- a/google-daemon/usr/share/google/google_daemon/utils.py
++++ b/google-daemon/usr/share/google/google_daemon/utils.py
+@@ -69,7 +69,7 @@ class System(object):
+   def UserAdd(self, user, groups):
+     logging.info('Creating account %s', user)
+     result = self.RunCommand([
+-        '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-G',
++        '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-p', '*', '-G',
+         ','.join(groups)])
+     if self.RunCommandFailed(result, 'Could not create user %s', user):
+       return False
+-- 
+1.8.5.2 (Apple Git-48)
+
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
new file mode 100644
index 0000000000..adafdf9769
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
@@ -0,0 +1,92 @@
+From 265f951bc8d55bfb988050dda6332511b58e72e8 Mon Sep 17 00:00:00 2001
+From: Brandon Philips <brandon@ifup.co>
+Date: Tue, 1 Apr 2014 15:18:20 -0700
+Subject: [PATCH] hack(address_manager): use CoreOS names and locations
+
+ip is in /usr/bin/ip and the network interface is ens4v1 via
+http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+---
+ .../share/google/google_daemon/address_manager.py  | 24 +++++++++++-----------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/google-daemon/usr/share/google/google_daemon/address_manager.py b/google-daemon/usr/share/google/google_daemon/address_manager.py
+index 1b3997c..568720d 100644
+--- a/google-daemon/usr/share/google/google_daemon/address_manager.py
++++ b/google-daemon/usr/share/google/google_daemon/address_manager.py
+@@ -15,16 +15,16 @@
+ """Manage extra network interface addresses on a GCE instance.
+ 
+ Fetch a list of public endpoint IPs from the metadata server, compare it with
+-what's configured on eth0, and add/remove addresses from eth0 to make them
++what's configured on ens4v1, and add/remove addresses from ens4v1 to make them
+ match.  Only remove those which match our proto code.
+ 
+ This must be run by root. If it reads any malformed data, it will take no
+ action.
+ 
+ Command used to add ips:
+-  ip route add to local $IP/32 dev eth0 proto 66
++  ip route add to local $IP/32 dev ens4v1 proto 66
+ Command used to fetch list of configured IPs:
+-  ip route ls table local type local dev eth0 scope host proto 66
++  ip route ls table local type local dev ens4v1 scope host proto 66
+ """
+ 
+ 
+@@ -103,8 +103,8 @@ class AddressManager(object):
+     return self.ParseIPAddrs(addrs_data)
+ 
+   def ReadLocalConfiguredAddrs(self):
+-    """Fetch list of addresses we've configured on eth0 already."""
+-    cmd = ('/sbin/ip route ls table local type local dev eth0 scope host ' +
++    """Fetch list of addresses we've configured on ens4v1 already."""
++    cmd = ('/usr/bin/ip route ls table local type local dev ens4v1 scope host ' +
+            'proto %d' % GOOGLE_PROTO_ID)
+     result = self.system.RunCommand(cmd.split())
+     if self.IPCommandFailed(result, cmd):
+@@ -132,27 +132,27 @@ class AddressManager(object):
+             to_remove or None))
+ 
+   def AddAddresses(self, to_add):
+-    """Configure new addresses on eth0."""
++    """Configure new addresses on ens4v1."""
+     for addr in to_add:
+        self.AddOneAddress(addr)
+ 
+   def AddOneAddress(self, addr):
+-    """Configure one address on eth0."""
+-    cmd = '/sbin/ip route add to local %s/32 dev eth0 proto %d' % (
++    """Configure one address on ens4v1."""
++    cmd = '/usr/bin/ip route add to local %s/32 dev ens4v1 proto %d' % (
+         addr, GOOGLE_PROTO_ID)
+     result = self.system.RunCommand(cmd.split())
+     self.IPCommandFailed(result, cmd)  # Ignore return code
+ 
+   def DeleteAddresses(self, to_remove):
+-    """Un-configure a list of addresses from eth0."""
++    """Un-configure a list of addresses from ens4v1."""
+     for addr in to_remove:
+       self.DeleteOneAddress(addr)
+ 
+   def DeleteOneAddress(self, addr):
+-    """Delete one address from eth0."""
++    """Delete one address from ens4v1."""
+     # This will fail if it doesn't match exactly the specs listed.
+     # That'll help ensure we don't remove one added by someone else.
+-    cmd = '/sbin/ip route delete to local %s/32 dev eth0 proto %d' % (
++    cmd = '/usr/bin/ip route delete to local %s/32 dev ens4v1 proto %d' % (
+         addr, GOOGLE_PROTO_ID)
+     result = self.system.RunCommand(cmd.split())
+     self.IPCommandFailed(result, cmd)  # Ignore return code
+@@ -168,7 +168,7 @@ class AddressManager(object):
+     return addrs
+ 
+   def IPCommandFailed(self, result, cmd):
+-    """If an /sbin/ip command failed, log and return True."""
++    """If an /usr/bin/ip command failed, log and return True."""
+     if self.system.RunCommandFailed(
+         result, 'Non-zero exit status from: "%s"' % cmd):
+       return True
+-- 
+1.8.5.2 (Apple Git-48)
+
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1.ebuild
new file mode 100644
index 0000000000..ddc869b529
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1.ebuild
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2014 CoreOS, Inc. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+#
+
+EAPI=5
+inherit toolchain-funcs systemd
+
+DESCRIPTION="Google Daemon for Compute Engine"
+HOMEPAGE="https://github.com/GoogleCloudPlatform/compute-image-packages"
+SRC_URI="https://github.com/GoogleCloudPlatform/compute-image-packages/releases/download/${PV}/google-daemon-${PV}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+
+RDEPEND="dev-lang/python-oem"
+
+S="${WORKDIR}"
+
+src_prepare() {
+	epatch "${FILESDIR}"/0001-Fixes-authorized_keys-file-permissions.patch
+	epatch "${FILESDIR}"/0001-fix-google-daemon-use-for-the-passwd-not.patch
+	epatch "${FILESDIR}"/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
+}
+
+src_install() {
+	mkdir -p ${D}/usr/share/oem/google-compute-daemon/
+	cp -Ra ${WORKDIR}/usr/share/google/google_daemon/. ${D}/usr/share/oem/google-compute-daemon/ || die
+}