Merge branch 'master' into better-progress

live/root/etc/systemd/system/agama-certificate-issue.service

@@ -1,6 +1,5 @@
 [Unit]
 Description=Generate issue file for Agama SSL certificate
-Before=systemd-user-sessions.service
 
 [Service]
 Type=oneshot

live/root/etc/systemd/system/agama-certificate-wait.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=Postpone login prompt after the SSL fingerprint issue is generated
+
+After=agama-web-server.service
+
+# copied from YaST2-Second-Stage.service
+Before=getty@tty1.service
+Before=getty@tty2.service
+Before=getty@tty3.service
+Before=getty@tty4.service
+Before=getty@tty5.service
+Before=getty@tty6.service
+Before=serial-getty@hvc0.service
+Before=serial-getty@sclp_line0.service
+Before=serial-getty@ttyAMA0.service
+Before=serial-getty@ttyS0.service
+Before=serial-getty@ttyS1.service
+Before=serial-getty@ttyS2.service
+Before=serial-getty@ttysclp0.service
+
+[Service]
+Type=oneshot
+# wait at most 15 seconds to not block
+ExecStart=agama-issue-generator --wait-for-ssl 15
+
+[Install]
+WantedBy=default.target

live/root/etc/systemd/system/live-password-dialog.service

@@ -22,21 +22,28 @@ Before=serial-getty@ttyS1.service
 Before=serial-getty@ttyS2.service
 Before=serial-getty@ttysclp0.service
 
-# start at the end to avoid overwriting the screen with systemd messages
-After=agama.service
-After=modprobe@drm.service
-
 # kernel command line option
 ConditionKernelCommandLine=live.password_dialog
 
 [Service]
 Type=oneshot
 Environment=TERM=linux
+
+# disable the kernel output on the console
 ExecStartPre=dmesg --console-off
+# disable the systemd status messages on the console
+ExecStartPre=kill -SIGRTMIN+21 1
+
 ExecStart=live-password --dialog
+
+# reset the console state after closing the dialog otherwise the dialog
+# content would stay on the screen
+ExecStartPost=reset
+# enable back the kernel output on the console
 ExecStartPost=dmesg --console-on
-TTYReset=yes
-TTYVHangup=yes
+# enable back the systemd status messages on the console
+ExecStartPost=kill -SIGRTMIN+20 1
+
 StandardInput=tty
 RemainAfterExit=true
 TimeoutSec=0

live/root/etc/systemd/system/live-password-systemd.service

@@ -22,18 +22,24 @@ Before=serial-getty@ttyS1.service
 Before=serial-getty@ttyS2.service
 Before=serial-getty@ttysclp0.service
 
-# start at the end to avoid overwriting the screen with systemd messages
-After=agama.service
-After=modprobe@drm.service
-
 # kernel command line option
 ConditionKernelCommandLine=live.password_systemd
 
 [Service]
 Type=oneshot
+
+# disable the kernel output on the console
 ExecStartPre=dmesg --console-off
+# disable the systemd status messages on the console
+ExecStartPre=kill -SIGRTMIN+21 1
+
 ExecStart=live-password --systemd
+
+# enable back the kernel output on the console
 ExecStartPost=dmesg --console-on
+# enable back the systemd status messages on the console
+ExecStartPost=kill -SIGRTMIN+20 1
+
 StandardOutput=tty
 RemainAfterExit=true
 TimeoutSec=0

live/root/usr/bin/agama-issue-generator

@@ -149,6 +149,14 @@ generate_network_url() {
   fi
 }
 
+# wait until the SSL fingreprint issue is create, but at most 10 seconds
+wait_for_ssl_issue() {
+  for i in $(seq 1 "$1"); do
+    [ -f "$CERT_ISSUE" ] && exit 0
+    sleep 1
+  done
+}
+
 # make sure the parent directory for the issues exists
 mkdir -p /run/issue.d
 
@@ -159,6 +167,8 @@ elif [ "$1" = "--ssh" ]; then
   generate_ssh_fingerprints
 elif [ "$1" = "--ssl" ]; then
   generate_certificate_fingerprints
+elif [ "$1" = "--wait-for-ssl" ]; then
+  wait_for_ssl_issue "$2"
 elif [ "$1" = "--network" ]; then
   generate_network_url "$2" "$3"
 elif [ "$1" = "--watch-avahi" ]; then

live/root/usr/bin/live-password

@@ -16,22 +16,23 @@ TITLE="Set Login Password"
 
 # functions for entering the password in an interactive dialog
 confirm_exit() {
-  if dialog --backtitle "$BTITLE" --defaultno --yesno "Are you sure you want to cancel?" 5 40; then
+  # --keep-tite is not a misspelling of "title"
+  if dialog --keep-tite --backtitle "$BTITLE" --defaultno --yesno "Are you sure you want to cancel?" 5 40; then
     exit 1
   fi
 }
 
 msg_box() {
-  dialog --backtitle "$BTITLE" --msgbox "$1" 6 30
+  dialog --keep-tite --backtitle "$BTITLE" --msgbox "$1" 6 30
 }
 
 ask_password() {
-  if ! PWD1=$(dialog --title "$TITLE" --backtitle "$BTITLE" --stdout --insecure --passwordbox "Password:" 8 40); then
+  if ! PWD1=$(dialog --keep-tite --title "$TITLE" --backtitle "$BTITLE" --stdout --insecure --passwordbox "Password:" 8 40); then
     confirm_exit
     ask_password
   fi
 
-  if ! PWD2=$(dialog --title "$TITLE" --backtitle "$BTITLE" --stdout --insecure --passwordbox "Verify Password:" 8 40); then
+  if ! PWD2=$(dialog --keep-tite --title "$TITLE" --backtitle "$BTITLE" --stdout --insecure --passwordbox "Verify Password:" 8 40); then
     confirm_exit
     ask_password
   fi

live/src/config.sh

@@ -29,6 +29,7 @@ systemctl enable agama-auto.service
 systemctl enable agama-hostname.service
 systemctl enable agama-proxy-setup.service
 systemctl enable agama-certificate-issue.path
+systemctl enable agama-certificate-wait.service
 systemctl enable agama-welcome-issue.service
 systemctl enable agama-avahi-issue.service
 systemctl enable agama-ssh-issue.service

service/lib/agama/software/manager.rb

@@ -199,10 +199,8 @@ def install
       def finish
         Yast::Pkg.SourceSaveAll
         Yast::Pkg.TargetFinish
-        # FIXME: Pkg.SourceCacheCopyTo works correctly only from the inst-sys
-        # (original target "/"), it does not work correctly when using
-        # "chroot" /run/agama/zypp, it needs to be reimplemented :-(
-        # Yast::Pkg.SourceCacheCopyTo(Yast::Installation.destdir)
+        # copy the libzypp caches to the target
+        copy_zypp_to_target
         registration.finish
       end
 
@@ -500,6 +498,46 @@ def pattern_exist?(pattern_name)
         !Y2Packager::Resolvable.find(kind: :pattern, name: pattern_name).empty?
       end
 
+      # this reimplements the Pkg.SourceCacheCopyTo call which works correctly
+      # only from the inst-sys (it copies the data from "/" where is actually
+      # the Live system package manager)
+      # @see https://github.com/yast/yast-pkg-bindings/blob/3d314480b70070299f90da4c6e87a5574e9c890c/src/Source_Installation.cc#L213-L267
+      def copy_zypp_to_target
+        # copy the zypp "raw" cache
+        cache = File.join(TARGET_DIR, "/var/cache/zypp/raw")
+        if Dir.exist?(cache)
+          target_cache = File.join(Yast::Installation.destdir, "/var/cache/zypp")
+          FileUtils.mkdir_p(target_cache)
+          FileUtils.cp_r(cache, target_cache)
+        end
+
+        # copy the "solv" cache but skip the "@System" directory because it
+        # contains empty installed packages (there were no installed packages
+        # before moving the target to "/mnt")
+        solv_cache = File.join(TARGET_DIR, "/var/cache/zypp/solv")
+        target_solv = File.join(Yast::Installation.destdir, "/var/cache/zypp/solv")
+        solvs = Dir.entries(solv_cache) - [".", "..", "@System"]
+        solvs.each do |s|
+          FileUtils.cp_r(File.join(solv_cache, s), target_solv)
+        end
+
+        # copy the zypp credentials if present
+        credentials = File.join(TARGET_DIR, "/etc/zypp/credentials.d")
+        if Dir.exist?(credentials)
+          target_credentials = File.join(Yast::Installation.destdir, "/etc/zypp")
+          FileUtils.mkdir_p(target_credentials)
+          FileUtils.cp_r(credentials, target_credentials)
+        end
+
+        # copy the global credentials if present
+        glob_credentials = File.join(TARGET_DIR, "/etc/zypp/credentials.cat")
+        return unless File.exist?(glob_credentials)
+
+        target_dir = File.join(Yast::Installation.destdir, "/etc/zypp")
+        FileUtils.mkdir_p(target_dir)
+        FileUtils.copy(glob_credentials, target_dir)
+      end
+
       # update the zypp repositories for the new product, either delete them
       # or keep them untouched
       # @param new_product [Agama::Software::Product] the new selected product

service/package/rubygem-agama-yast.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jun 19 06:04:46 UTC 2024 - Ladislav Slezák <lslezak@suse.com>
+
+- Use a different libzypp target for Agama, do not use the Live
+  system package management (gh#openSUSE/agama#1329)
+- Properly delete the libzypp cache when changing the products
+  (gh#openSUSE/agama#1349)
+
 -------------------------------------------------------------------
 Thu Jun 13 10:53:27 UTC 2024 - Imobach Gonzalez Sosa <igonzalezsosa@suse.com>
 

service/test/agama/software/manager_test.rb

@@ -102,6 +102,10 @@
     allow(Agama::Software::RepositoriesManager).to receive(:new).and_return(repositories)
     allow(Agama::Software::Proposal).to receive(:new).and_return(proposal)
     allow(Agama::ProductReader).to receive(:new).and_call_original
+    allow(FileUtils).to receive(:mkdir_p)
+    allow(FileUtils).to receive(:rm_rf)
+    allow(FileUtils).to receive(:cp_r)
+    allow(File).to receive(:exist?).and_call_original
   end
 
   after do
@@ -359,11 +363,66 @@
 
   describe "#finish" do
     it "releases the packaging system" do
+      allow(subject).to receive(:copy_zypp_to_target)
       expect(Yast::Pkg).to receive(:SourceSaveAll)
       expect(Yast::Pkg).to receive(:TargetFinish)
 
       subject.finish
     end
+
+    it "copies the libzypp cache and credentials to the target system" do
+      allow(Dir).to receive(:exist?).and_call_original
+      allow(Dir).to receive(:entries).and_call_original
+
+      # copying the raw cache
+      expect(Dir).to receive(:exist?).with(
+        File.join(target_dir, "/var/cache/zypp/raw")
+      ).and_return(true)
+      expect(FileUtils).to receive(:mkdir_p).with(
+        File.join(Yast::Installation.destdir, "/var/cache/zypp")
+      )
+      expect(FileUtils).to receive(:cp_r).with(
+        File.join(target_dir, "/var/cache/zypp/raw"),
+        File.join(Yast::Installation.destdir, "/var/cache/zypp")
+      )
+
+      # copy the solv cache
+      repo_alias = "https-download.opensuse.org-94cc89aa"
+      expect(Dir).to receive(:entries)
+        .with(File.join(target_dir, "/var/cache/zypp/solv"))
+        .and_return([".", "..", "@System", repo_alias])
+      expect(FileUtils).to receive(:cp_r).with(
+        File.join(target_dir, "/var/cache/zypp/solv/", repo_alias),
+        File.join(Yast::Installation.destdir, "/var/cache/zypp/solv")
+      )
+      # ensure the @System cache is not copied
+      expect(FileUtils).to_not receive(:cp_r).with(
+        File.join(target_dir, "/var/cache/zypp/solv/@System"),
+        File.join(Yast::Installation.destdir, "/var/cache/zypp/solv")
+      )
+
+      # copying the credentials.d directory
+      expect(Dir).to receive(:exist?)
+        .with(File.join(target_dir, "/etc/zypp/credentials.d"))
+        .and_return(true)
+      expect(FileUtils).to receive(:mkdir_p)
+        .with(File.join(Yast::Installation.destdir, "/etc/zypp"))
+      expect(FileUtils).to receive(:cp_r).with(
+        File.join(target_dir, "/etc/zypp/credentials.d"),
+        File.join(Yast::Installation.destdir, "/etc/zypp")
+      )
+
+      # copying the global credentials file
+      expect(File).to receive(:exist?)
+        .with(File.join(target_dir, "/etc/zypp/credentials.cat"))
+        .and_return(true)
+      expect(FileUtils).to receive(:copy).with(
+        File.join(target_dir, "/etc/zypp/credentials.cat"),
+        File.join(Yast::Installation.destdir, "/etc/zypp")
+      )
+
+      subject.finish
+    end
   end
 
   describe "#package_installed?" do