From 51fbd8c92021f21d014147a97c015185d13166b4 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 14 Nov 2014 11:53:21 -0500
Subject: [PATCH] compose: Support 'postprocess-script'

This is obviously a total cop-out.  However, without glibc fixes, we
can't do better.  See:

https://bugzilla.redhat.com/show_bug.cgi?id=156477
---
 doc/treefile.md                      | 20 +++++++++++++++++
 src/rpmostree-compose-builtin-tree.c |  3 ++-
 src/rpmostree-postprocess.c          | 32 ++++++++++++++++++++++++++++
 src/rpmostree-postprocess.h          |  1 +
 4 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/doc/treefile.md b/doc/treefile.md
index f1cefcea..4c56b0a9 100644
--- a/doc/treefile.md
+++ b/doc/treefile.md
@@ -52,6 +52,26 @@ Treefile
 
    Note this does not alter the RPM database, so `rpm -V` will complain.
 
+ * `postprocess-script`: String, optional: Full filesystem path to a script
+   that will be executed in the context of the target tree.  The script
+   will be copied into the target into `/tmp`, and run as a container
+   (a restricted chroot, with no network access).  After execution is
+   complete, it will be deleted.
+
+   It is *strongly recommended* to avoid using this except as a last resort.
+   Having the system generated through RPMs allows administrators to understand
+   the inputs to the system.  Any new files created through this mechanism will
+   not have the versioning inherent in RPM.
+
+   Only the script file will be copied in; thus if it has any dependencies,
+   on data beyond what is in the target tree, you must embed them in the binary
+   itself.
+
+   An example use for this is working around bugs in the input RPMs that are
+   hard to fix in stable releases.
+
+   Note this does not alter the RPM database, so `rpm -V` will complain.
+
  * `include`: string, optional: Path to another treefile which will be
    used as an inheritance base.  The semantics for inheritance are:
    Non-array values in child values override parent values.  Array
diff --git a/src/rpmostree-compose-builtin-tree.c b/src/rpmostree-compose-builtin-tree.c
index cd29acdb..8b82e69c 100644
--- a/src/rpmostree-compose-builtin-tree.c
+++ b/src/rpmostree-compose-builtin-tree.c
@@ -1038,7 +1038,8 @@ rpmostree_compose_builtin_tree (int             argc,
   if (g_strcmp0 (g_getenv ("RPM_OSTREE_BREAK"), "post-yum") == 0)
     goto out;
 
-  if (!rpmostree_treefile_postprocessing (yumroot, self->serialized_treefile, treefile,
+  if (!rpmostree_treefile_postprocessing (yumroot, self->treefile_context_dirs->pdata[0],
+                                          self->serialized_treefile, treefile,
                                           cancellable, error))
     goto out;
 
diff --git a/src/rpmostree-postprocess.c b/src/rpmostree-postprocess.c
index 7e07150c..a5132475 100644
--- a/src/rpmostree-postprocess.c
+++ b/src/rpmostree-postprocess.c
@@ -1061,6 +1061,7 @@ handle_remove_files_from_package (GFile         *yumroot,
 
 gboolean
 rpmostree_treefile_postprocessing (GFile         *yumroot,
+                                   GFile         *context_directory,
                                    GBytes        *serialized_treefile,
                                    JsonObject    *treefile,
                                    GCancellable  *cancellable,
@@ -1071,6 +1072,7 @@ rpmostree_treefile_postprocessing (GFile         *yumroot,
   JsonArray *units = NULL;
   JsonArray *remove = NULL;
   const char *default_target = NULL;
+  const char *postprocess_script = NULL;
 
   if (json_object_has_member (treefile, "units"))
     units = json_object_get_array_member (treefile, "units");
@@ -1209,6 +1211,36 @@ rpmostree_treefile_postprocessing (GFile         *yumroot,
             goto out;
         }
     }
+
+  if (!_rpmostree_jsonutil_object_get_optional_string_member (treefile, "postprocess-script",
+                                                              &postprocess_script, error))
+    goto out;
+    
+  if (postprocess_script)
+    {
+      gs_unref_object GFile *src = g_file_resolve_relative_path (context_directory, postprocess_script);
+      const char *bn = gs_file_get_basename_cached (src);
+      gs_unref_object GFile *yumroot_tmp = g_file_resolve_relative_path (yumroot, "tmp");
+      gs_unref_object GFile *dest = g_file_resolve_relative_path (yumroot_tmp, bn);
+      gs_free char *targetpath = g_build_filename ("/tmp", gs_file_get_basename_cached (src), NULL);
+
+      if (!g_file_copy (src, dest, 0, cancellable, NULL, NULL, error))
+        {
+          g_prefix_error (error, "Copying postprocess-script '%s' into target: ", bn);
+          goto out;
+        }
+      
+      g_print ("Executing postprocessing script '%s'...\n", bn);
+      if (!gs_subprocess_simple_run_sync (NULL, GS_SUBPROCESS_STREAM_DISPOSITION_NULL,
+                                          cancellable, error,
+                                          "systemd-nspawn", "-D", gs_file_get_path_cached (yumroot),
+                                          "--private-network",
+                                          targetpath,
+                                          NULL))
+        goto out;
+                                          
+      g_print ("Executing postprocessing script '%s'...done\n", bn);
+    }
   
   ret = TRUE;
  out:
diff --git a/src/rpmostree-postprocess.h b/src/rpmostree-postprocess.h
index a9de4cda..7aa0a402 100644
--- a/src/rpmostree-postprocess.h
+++ b/src/rpmostree-postprocess.h
@@ -30,6 +30,7 @@ typedef enum {
 
 gboolean
 rpmostree_treefile_postprocessing (GFile         *rootfs,
+                                   GFile         *context_directory,
                                    GBytes        *serialized_treefile,
                                    JsonObject    *treefile,
                                    GCancellable  *cancellable,