From d22399a23bf3189fad8b4c008f6e91d3761b7a62 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Sat, 24 May 2025 22:47:08 -0500 Subject: T7352: add check for privileges in utility --- src/helpers/set_vyconf_backend.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/helpers/set_vyconf_backend.py b/src/helpers/set_vyconf_backend.py index 6747e51c3..816452f3b 100755 --- a/src/helpers/set_vyconf_backend.py +++ b/src/helpers/set_vyconf_backend.py @@ -19,10 +19,14 @@ # N.B. only for use within testing framework; explicit invocation will leave # system in inconsistent state. +import os +import sys from argparse import ArgumentParser from vyos.utils.backend import set_vyconf_backend +if os.getuid() != 0: + sys.exit('Requires root privileges') parser = ArgumentParser() parser.add_argument('--disable', action='store_true', -- cgit v1.2.3 From 372fe641f0f7b0c068c8da75c2782cbec7a5d8b2 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Mon, 26 May 2025 19:18:59 -0500 Subject: T7365: call commit hooks in vyconf session --- python/vyos/defaults.py | 4 ++++ python/vyos/utils/commit.py | 27 +++++++++++++++++++++++++++ python/vyos/vyconf_session.py | 6 +++++- 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index b57dcac89..f84b14040 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -84,3 +84,7 @@ rt_global_table = rt_symbolic_names['main'] vyconfd_conf = '/etc/vyos/vyconfd.conf' DEFAULT_COMMIT_CONFIRM_MINUTES = 10 + +commit_hooks = {'pre': '/etc/commit/pre-hooks.d', + 'post': '/etc/commit/post-hooks.d' + } diff --git a/python/vyos/utils/commit.py b/python/vyos/utils/commit.py index 9167c78d2..fc259dadb 100644 --- a/python/vyos/utils/commit.py +++ b/python/vyos/utils/commit.py @@ -101,3 +101,30 @@ def release_commit_lock_file(file_descr): return fcntl.lockf(file_descr, fcntl.LOCK_UN) file_descr.close() + + +def call_commit_hooks(which: str): + import re + import os + from pathlib import Path + from vyos.defaults import commit_hooks + from vyos.utils.process import rc_cmd + + if which not in list(commit_hooks): + raise ValueError(f'no entry {which} in commit_hooks') + + hook_dir = commit_hooks[which] + file_list = list(Path(hook_dir).glob('*')) + regex = re.compile('^[a-zA-Z0-9._-]+$') + hook_list = sorted([str(f) for f in file_list if regex.match(f.name)]) + err = False + out = '' + for runf in hook_list: + try: + e, o = rc_cmd(runf) + except FileNotFoundError: + continue + err = err | bool(e) + out = out + o + + return out, int(err) diff --git a/python/vyos/vyconf_session.py b/python/vyos/vyconf_session.py index 4250f0cfb..747aaf932 100644 --- a/python/vyos/vyconf_session.py +++ b/python/vyos/vyconf_session.py @@ -29,6 +29,7 @@ from vyos.utils.session import in_config_session from vyos.proto.vyconf_proto import Errnum from vyos.utils.commit import acquire_commit_lock_file from vyos.utils.commit import release_commit_lock_file +from vyos.utils.commit import call_commit_hooks class VyconfSessionError(Exception): @@ -145,10 +146,13 @@ class VyconfSession: if lock_fd is None: return out, Errnum.COMMIT_IN_PROGRESS + pre_out, _ = call_commit_hooks('pre') out = vyconf_client.send_request('commit', token=self.__token) + post_out, _ = call_commit_hooks('post') + release_commit_lock_file(lock_fd) - return self.output(out), out.status + return pre_out + self.output(out) + post_out, out.status @raise_exception @config_mode -- cgit v1.2.3 From 2461baedaba130105c2578156ea13ca54ccb7603 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Sun, 25 May 2025 18:00:07 -0500 Subject: T7365: add env var used by post-commit scripts --- python/vyos/vyconf_session.py | 1 + 1 file changed, 1 insertion(+) diff --git a/python/vyos/vyconf_session.py b/python/vyos/vyconf_session.py index 747aaf932..3cf847b6c 100644 --- a/python/vyos/vyconf_session.py +++ b/python/vyos/vyconf_session.py @@ -148,6 +148,7 @@ class VyconfSession: pre_out, _ = call_commit_hooks('pre') out = vyconf_client.send_request('commit', token=self.__token) + os.environ['COMMIT_STATUS'] = 'FAILURE' if out.status else 'SUCCESS' post_out, _ = call_commit_hooks('post') release_commit_lock_file(lock_fd) -- cgit v1.2.3 From c3e7346ec7b514fe1f3276bbd29ed7719bcbe5cf Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Mon, 26 May 2025 15:57:25 -0500 Subject: T7374: add python cli script to compliment executable vyconf_cli For certain commands, notably 'commit', a python script is preferable to the more responsive executable vyconf_cli. Criteria are (1) longer running process, not benefiting from a compiled tool (2) convenience of integration with the ecosystem, for example pre-/post-commit hooks. --- src/helpers/vyconf_cli.py | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 src/helpers/vyconf_cli.py diff --git a/src/helpers/vyconf_cli.py b/src/helpers/vyconf_cli.py new file mode 100755 index 000000000..a159a2678 --- /dev/null +++ b/src/helpers/vyconf_cli.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2025 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import os +import sys + +from vyos.vyconf_session import VyconfSession + + +pid = os.getppid() + +vs = VyconfSession(pid=pid) + +script_path = sys.argv[0] +script_name = os.path.basename(script_path) +# drop prefix 'vy_' if present +if script_name.startswith('vy_'): + func_name = script_name[3:] +else: + func_name = script_name + +if hasattr(vs, func_name): + func = getattr(vs, func_name) +else: + sys.exit(f'Call unimplemented: {func_name}') + +out = func() +if isinstance(out, bool): + # for use in shell scripts + sys.exit(int(not out)) + +print(out) -- cgit v1.2.3 From e1c765c912b9e313b9367b87b273075618a208da Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Mon, 26 May 2025 15:58:30 -0500 Subject: T7374: add environment variable vyconf_bin_dir --- src/etc/default/vyatta | 1 + 1 file changed, 1 insertion(+) diff --git a/src/etc/default/vyatta b/src/etc/default/vyatta index e5fa3bb30..0a5129e8b 100644 --- a/src/etc/default/vyatta +++ b/src/etc/default/vyatta @@ -173,6 +173,7 @@ unset _vyatta_extglob declare -x -r vyos_bin_dir=/usr/bin declare -x -r vyos_sbin_dir=/usr/sbin declare -x -r vyos_share_dir=/usr/share + declare -x -r vyconf_bin_dir=/usr/libexec/vyos/vyconf/bin if test -z "$vyos_conf_scripts_dir" ; then declare -x -r vyos_conf_scripts_dir=$vyos_libexec_dir/conf_mode -- cgit v1.2.3 From fdeff3eec27ec8e6a3ffa4b4c992d9adc039663c Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Mon, 26 May 2025 15:58:47 -0500 Subject: T7374: add links for vyconf_cli.py --- debian/vyos-1x.links | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/vyos-1x.links b/debian/vyos-1x.links index 402c91306..aef22555c 100644 --- a/debian/vyos-1x.links +++ b/debian/vyos-1x.links @@ -1,2 +1,4 @@ /etc/netplug/linkup.d/vyos-python-helper /etc/netplug/linkdown.d/vyos-python-helper /usr/libexec/vyos/system/standalone_root_pw_reset /opt/vyatta/sbin/standalone_root_pw_reset +/usr/libexec/vyos/vyconf_cli.py /usr/libexec/vyos/vyconf/bin/vy_commit +/usr/libexec/vyos/vyconf_cli.py /usr/libexec/vyos/vyconf/bin/vy_in_session -- cgit v1.2.3 From adac553635cc50a3f5488fb95ec932b8b4ce95f2 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Mon, 9 Jun 2025 09:51:54 -0500 Subject: T7374: update hash for vyconf_cli tool --- libvyosconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvyosconfig b/libvyosconfig index 3e295c0c0..f632edbc9 160000 --- a/libvyosconfig +++ b/libvyosconfig @@ -1 +1 @@ -Subproject commit 3e295c0c0256746f0811a9cb90d2489fd76a4652 +Subproject commit f632edbc947fbcda1916ababacc5f2659cf6cfb8 -- cgit v1.2.3