feat(app-emulation/google-daemon): initial google daemon

This installs the google_daemon to /usr/share/oem/google_daemon. The service files are not installed but will instead be installed by the cloud-config.yml
2025-08-19 05:21:23 +02:00 · 2014-03-25 15:37:43 -07:00 · 2014-03-25 15:37:43 -07:00 · e73b73b961
commit e73b73b961
parent 773de477da
4 changed files with 192 additions and 0 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
@ -0,0 +1,40 @@
 From 6b9c8b8ae50dd3530c80fdd26fbeef7fc9ae8dff Mon Sep 17 00:00:00 2001
 From: Ferran Rodenas <frodenas@gmail.com>
 Date: Tue, 18 Feb 2014 00:21:17 -0800
 Subject: [PATCH] Fixes authorized_keys file permissions
 Owner and group id are not inherit when calling shutil move. This commit
 moves setting permissions logic for the authorized_keys file to be sure
 that the final destination file has the proper permissions.
 ---
 google-daemon/usr/share/google/google_daemon/accounts.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/google-daemon/usr/share/google/google_daemon/accounts.py b/google-daemon/usr/share/google/google_daemon/accounts.py
 index 4c572ca..6f970c4 100755
 --- a/google-daemon/usr/share/google/google_daemon/accounts.py
 +++ b/google-daemon/usr/share/google/google_daemon/accounts.py
@@ -378,10 +378,6 @@ class Accounts(object):
       user_lines = [
           lines[i] for i in range(len(lines)) if i not in google_added_ixs]
 -      # Make sure the keys_file has the right perms (u+rw).
 -      self.os.fchmod(keys_file.fileno(), 0600)
 -      self.os.fchown(keys_file.fileno(), uid, gid)
 -
       # First write user's entries.
       for user_line in user_lines:
         keys_file.write(EnsureTrailingNewline(user_line))
@@ -394,5 +390,9 @@ class Accounts(object):
     # Override the old authorized keys file with the new one.
     self.system.MoveFile(new_keys_path, authorized_keys_file)
 +    # Make sure the authorized_keys_file has the right perms (u+rw).
 +    self.os.chmod(authorized_keys_file, 0600)
 +    self.os.chown(authorized_keys_file, uid, gid)
 +
     # Set SELinux context, if applicable to this system
     self.SetSELinuxContext(authorized_keys_file)
 -- 
 1.8.5.2 (Apple Git-48)
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
@ -0,0 +1,29 @@
 From 0243ab89cd941f15344ef03b63c96f3f0e1ffa45 Mon Sep 17 00:00:00 2001
 From: Brandon Philips <brandon@ifup.co>
 Date: Tue, 1 Apr 2014 11:51:13 -0700
 Subject: [PATCH] fix(google-daemon): use * for the passwd not !
 useradd defaults to using ! as the "locked" password marker.
 Unfortunatly, openssh interprets this to mean that it shouldn't let the
 user in via ssh if PAM is missing. Work around this by using the *
 marker which also means locked but is allowed by openssh.
 ---
 google-daemon/usr/share/google/google_daemon/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/google-daemon/usr/share/google/google_daemon/utils.py b/google-daemon/usr/share/google/google_daemon/utils.py
 index 0f17f34..371034d 100755
 --- a/google-daemon/usr/share/google/google_daemon/utils.py
 +++ b/google-daemon/usr/share/google/google_daemon/utils.py
@@ -69,7 +69,7 @@ class System(object):
   def UserAdd(self, user, groups):
     logging.info('Creating account %s', user)
     result = self.RunCommand([
 -        '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-G',
 +        '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-p', '*', '-G',
         ','.join(groups)])
     if self.RunCommandFailed(result, 'Could not create user %s', user):
       return False
 -- 
 1.8.5.2 (Apple Git-48)
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
@ -0,0 +1,92 @@
 From 265f951bc8d55bfb988050dda6332511b58e72e8 Mon Sep 17 00:00:00 2001
 From: Brandon Philips <brandon@ifup.co>
 Date: Tue, 1 Apr 2014 15:18:20 -0700
 Subject: [PATCH] hack(address_manager): use CoreOS names and locations
 ip is in /usr/bin/ip and the network interface is ens4v1 via
 http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
 ---
 .../share/google/google_daemon/address_manager.py  | 24 +++++++++++-----------
 1 file changed, 12 insertions(+), 12 deletions(-)
 diff --git a/google-daemon/usr/share/google/google_daemon/address_manager.py b/google-daemon/usr/share/google/google_daemon/address_manager.py
 index 1b3997c..568720d 100644
 --- a/google-daemon/usr/share/google/google_daemon/address_manager.py
 +++ b/google-daemon/usr/share/google/google_daemon/address_manager.py
@@ -15,16 +15,16 @@
 """Manage extra network interface addresses on a GCE instance.
 Fetch a list of public endpoint IPs from the metadata server, compare it with
 -what's configured on eth0, and add/remove addresses from eth0 to make them
 +what's configured on ens4v1, and add/remove addresses from ens4v1 to make them
 match.  Only remove those which match our proto code.
 This must be run by root. If it reads any malformed data, it will take no
 action.
 Command used to add ips:
 -  ip route add to local $IP/32 dev eth0 proto 66
 +  ip route add to local $IP/32 dev ens4v1 proto 66
 Command used to fetch list of configured IPs:
 -  ip route ls table local type local dev eth0 scope host proto 66
 +  ip route ls table local type local dev ens4v1 scope host proto 66
 """
@@ -103,8 +103,8 @@ class AddressManager(object):
     return self.ParseIPAddrs(addrs_data)
   def ReadLocalConfiguredAddrs(self):
 -    """Fetch list of addresses we've configured on eth0 already."""
 -    cmd = ('/sbin/ip route ls table local type local dev eth0 scope host ' +
 +    """Fetch list of addresses we've configured on ens4v1 already."""
 +    cmd = ('/usr/bin/ip route ls table local type local dev ens4v1 scope host ' +
            'proto %d' % GOOGLE_PROTO_ID)
     result = self.system.RunCommand(cmd.split())
     if self.IPCommandFailed(result, cmd):
@@ -132,27 +132,27 @@ class AddressManager(object):
             to_remove or None))
   def AddAddresses(self, to_add):
 -    """Configure new addresses on eth0."""
 +    """Configure new addresses on ens4v1."""
     for addr in to_add:
        self.AddOneAddress(addr)
   def AddOneAddress(self, addr):
 -    """Configure one address on eth0."""
 -    cmd = '/sbin/ip route add to local %s/32 dev eth0 proto %d' % (
 +    """Configure one address on ens4v1."""
 +    cmd = '/usr/bin/ip route add to local %s/32 dev ens4v1 proto %d' % (
         addr, GOOGLE_PROTO_ID)
     result = self.system.RunCommand(cmd.split())
     self.IPCommandFailed(result, cmd)  # Ignore return code
   def DeleteAddresses(self, to_remove):
 -    """Un-configure a list of addresses from eth0."""
 +    """Un-configure a list of addresses from ens4v1."""
     for addr in to_remove:
       self.DeleteOneAddress(addr)
   def DeleteOneAddress(self, addr):
 -    """Delete one address from eth0."""
 +    """Delete one address from ens4v1."""
     # This will fail if it doesn't match exactly the specs listed.
     # That'll help ensure we don't remove one added by someone else.
 -    cmd = '/sbin/ip route delete to local %s/32 dev eth0 proto %d' % (
 +    cmd = '/usr/bin/ip route delete to local %s/32 dev ens4v1 proto %d' % (
         addr, GOOGLE_PROTO_ID)
     result = self.system.RunCommand(cmd.split())
     self.IPCommandFailed(result, cmd)  # Ignore return code
@@ -168,7 +168,7 @@ class AddressManager(object):
     return addrs
   def IPCommandFailed(self, result, cmd):
 -    """If an /sbin/ip command failed, log and return True."""
 +    """If an /usr/bin/ip command failed, log and return True."""
     if self.system.RunCommandFailed(
         result, 'Non-zero exit status from: "%s"' % cmd):
       return True
 -- 
 1.8.5.2 (Apple Git-48)
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1.ebuild
@ -0,0 +1,31 @@
 #
 # Copyright (c) 2014 CoreOS, Inc. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 #
 EAPI=5
 inherit toolchain-funcs systemd
 DESCRIPTION="Google Daemon for Compute Engine"
 HOMEPAGE="https://github.com/GoogleCloudPlatform/compute-image-packages"
 SRC_URI="https://github.com/GoogleCloudPlatform/compute-image-packages/releases/download/${PV}/google-daemon-${PV}.tar.gz"
 LICENSE="MIT"
 SLOT="0"
 KEYWORDS="amd64 x86"
 IUSE=""
 RDEPEND="dev-lang/python-oem"
 S="${WORKDIR}"
 src_prepare() {
 	epatch "${FILESDIR}"/0001-Fixes-authorized_keys-file-permissions.patch
 	epatch "${FILESDIR}"/0001-fix-google-daemon-use-for-the-passwd-not.patch
 	epatch "${FILESDIR}"/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
 }
 src_install() {
 	mkdir -p ${D}/usr/share/oem/google-compute-daemon/
 	cp -Ra ${WORKDIR}/usr/share/google/google_daemon/. ${D}/usr/share/oem/google-compute-daemon/ || die
 }