add "dependency" provisioning mode

Signed-off-by: Justin Alvarez <[email protected]>

Author: pendo324

examples/default.yaml

@@ -199,6 +199,16 @@ containerd:
 # - mode: boot
 #   script: |
 #     systemctl disable NetworkManager-wait-online.service
+# # `dependency` is executed before the regular dependency resolution workflow in
+# # pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh
+# # If skipDefaultDependencyResolution is set on at least one `dependency` mode provisioning script, the regular
+# # dependency resolution workflow in pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh will be skipped.
+# - mode: dependency
+#   skipDefaultDependencyResolution: false
+#   script: |
+#     #!/bin/bash
+#     dnf config-manager --add-repo ...
+#     dnf install ...
 
 # Probe scripts to check readiness.
 # 🟢 Builtin default: null

pkg/cidata/cidata.TEMPLATE.d/boot/09-host-dns-setup.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -eux
 
-# Wait until iptables has been installed; 30-install-packages.sh will call this script again
+# Wait until iptables has been installed; 35-configure-packages.sh will call this script again
 if command -v iptables >/dev/null 2>&1; then
 	if [ -n "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" -ne 0 ]; then
 		# Only add the rule once

pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh

@@ -1,19 +1,6 @@
 #!/bin/sh
 set -eux
 
-update_fuse_conf() {
-	# Modify /etc/fuse.conf (/etc/fuse3.conf) to allow "-o allow_root"
-	if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ]; then
-		fuse_conf="/etc/fuse.conf"
-		if [ -e /etc/fuse3.conf ]; then
-			fuse_conf="/etc/fuse3.conf"
-		fi
-		if ! grep -q "^user_allow_other" "${fuse_conf}"; then
-			echo "user_allow_other" >>"${fuse_conf}"
-		fi
-	fi
-}
-
 INSTALL_IPTABLES=0
 if [ "${LIMA_CIDATA_CONTAINERD_SYSTEM}" = 1 ] || [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ]; then
 	INSTALL_IPTABLES=1
@@ -23,11 +10,30 @@ if [ "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" -ne 0 ] || [ "${LIMA_CIDATA_TCP_DNS_LOC
 fi
 
 # Install minimum dependencies
+# Run any user provided dependency scripts first
+if [ -d "${LIMA_CIDATA_MNT}"/provision.dependency ]; then
+	echo "Detected dependency provisioning scripts, running before default dependency installation"
+	CODE=0
+	for f in "${LIMA_CIDATA_MNT}"/provision.dependency/*; do
+		if ! "$f"; then
+			CODE=1
+		fi
+	done
+	if [ $CODE != 0 ]; then
+		exit "$CODE"
+	fi
+fi
+
 # apt-get detected through the first bytes of apt-get binary to ensure we're
 # matching to an actual binary and not a wrapper script. This case is an issue
 # on OpenSuse which wraps its own package manager in to a script named apt-get
 # to mimic certain options but doesn't offer full parameters compatibility
 # See : https://github.com/lima-vm/lima/pull/1014
+if [ "${LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION}" = 1 ]; then
+	echo "LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION is set, skipping regular dependency installation"
+	exit 0
+fi
+
 if hexdump -C -n 4 "$(command -v apt-get)" | grep -qF 'ELF' >/dev/null 2>&1; then
 	pkgs=""
 	if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
@@ -168,21 +174,3 @@ elif command -v apk >/dev/null 2>&1; then
 		apk add ${pkgs}
 	fi
 fi
-
-SETUP_DNS=0
-if [ -n "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" -ne 0 ]; then
-	SETUP_DNS=1
-fi
-if [ -n "${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}" -ne 0 ]; then
-	SETUP_DNS=1
-fi
-if [ "${SETUP_DNS}" = 1 ]; then
-	# Try to setup iptables rule again, in case we just installed iptables
-	"${LIMA_CIDATA_MNT}/boot/09-host-dns-setup.sh"
-fi
-
-# update_fuse_conf has to be called after installing all the packages,
-# otherwise apt-get fails with conflict
-if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
-	update_fuse_conf
-fi

pkg/cidata/cidata.TEMPLATE.d/boot/35-setup-packages.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+set -eux
+
+update_fuse_conf() {
+	# Modify /etc/fuse.conf (/etc/fuse3.conf) to allow "-o allow_root"
+	if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ]; then
+		fuse_conf="/etc/fuse.conf"
+		if [ -e /etc/fuse3.conf ]; then
+			fuse_conf="/etc/fuse3.conf"
+		fi
+		if ! grep -q "^user_allow_other" "${fuse_conf}"; then
+			echo "user_allow_other" >>"${fuse_conf}"
+		fi
+	fi
+}
+
+SETUP_DNS=0
+if [ -n "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" -ne 0 ]; then
+	SETUP_DNS=1
+fi
+if [ -n "${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}" -ne 0 ]; then
+	SETUP_DNS=1
+fi
+if [ "${SETUP_DNS}" = 1 ]; then
+	# Try to setup iptables rule again, in case we just installed iptables
+	"${LIMA_CIDATA_MNT}/boot/09-host-dns-setup.sh"
+fi
+
+# update_fuse_conf has to be called after installing all the packages,
+# otherwise apt-get fails with conflict
+if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
+	update_fuse_conf
+fi

pkg/cidata/cidata.TEMPLATE.d/lima.env

@@ -29,3 +29,8 @@ LIMA_CIDATA_UDP_DNS_LOCAL_PORT={{.UDPDNSLocalPort}}
 LIMA_CIDATA_TCP_DNS_LOCAL_PORT={{.TCPDNSLocalPort}}
 LIMA_CIDATA_ROSETTA_ENABLED={{.RosettaEnabled}}
 LIMA_CIDATA_ROSETTA_BINFMT={{.RosettaBinFmt}}
+{{- if .SkipDefaultDependencyResolution}}
+LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION=1
+{{- else}}
+LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION=
+{{- end}}

pkg/cidata/cidata.go

@@ -262,6 +262,12 @@ func GenerateISO9660(instDir, name string, y *limayaml.LimaYAML, udpDNSLocalPort
 
 	args.BootCmds = getBootCmds(y.Provision)
 
+	for _, f := range y.Provision {
+		if f.Mode == limayaml.ProvisionModeDependency && *f.SkipDefaultDependencyResolution {
+			args.SkipDefaultDependencyResolution = true
+		}
+	}
+
 	if err := ValidateTemplateArgs(args); err != nil {
 		return err
 	}
@@ -273,7 +279,7 @@ func GenerateISO9660(instDir, name string, y *limayaml.LimaYAML, udpDNSLocalPort
 
 	for i, f := range y.Provision {
 		switch f.Mode {
-		case limayaml.ProvisionModeSystem, limayaml.ProvisionModeUser:
+		case limayaml.ProvisionModeSystem, limayaml.ProvisionModeUser, limayaml.ProvisionModeDependency:
 			layout = append(layout, iso9660util.Entry{
 				Path:   fmt.Sprintf("provision.%s/%08d", f.Mode, i),
 				Reader: strings.NewReader(f.Script),

pkg/cidata/template.go

@@ -50,29 +50,30 @@ type Disk struct {
 	Device string
 }
 type TemplateArgs struct {
-	Name               string // instance name
-	IID                string // instance id
-	User               string // user name
-	UID                int
-	SSHPubKeys         []string
-	Mounts             []Mount
-	MountType          string
-	Disks              []Disk
-	Containerd         Containerd
-	Networks           []Network
-	SlirpNICName       string
-	SlirpGateway       string
-	SlirpDNS           string
-	SlirpIPAddress     string
-	UDPDNSLocalPort    int
-	TCPDNSLocalPort    int
-	Env                map[string]string
-	DNSAddresses       []string
-	CACerts            CACerts
-	HostHomeMountPoint string
-	BootCmds           []BootCmds
-	RosettaEnabled     bool
-	RosettaBinFmt      bool
+	Name                            string // instance name
+	IID                             string // instance id
+	User                            string // user name
+	UID                             int
+	SSHPubKeys                      []string
+	Mounts                          []Mount
+	MountType                       string
+	Disks                           []Disk
+	Containerd                      Containerd
+	Networks                        []Network
+	SlirpNICName                    string
+	SlirpGateway                    string
+	SlirpDNS                        string
+	SlirpIPAddress                  string
+	UDPDNSLocalPort                 int
+	TCPDNSLocalPort                 int
+	Env                             map[string]string
+	DNSAddresses                    []string
+	CACerts                         CACerts
+	HostHomeMountPoint              string
+	BootCmds                        []BootCmds
+	RosettaEnabled                  bool
+	RosettaBinFmt                   bool
+	SkipDefaultDependencyResolution bool
 }
 
 func ValidateTemplateArgs(args TemplateArgs) error {

pkg/limayaml/defaults.go

@@ -308,6 +308,9 @@ func FillDefault(y, d, o *LimaYAML, filePath string) {
 		if provision.Mode == "" {
 			provision.Mode = ProvisionModeSystem
 		}
+		if provision.Mode == ProvisionModeDependency && provision.SkipDefaultDependencyResolution == nil {
+			provision.SkipDefaultDependencyResolution = pointer.Bool(false)
+		}
 	}
 
 	if y.Containerd.System == nil {

pkg/limayaml/limayaml.go

@@ -141,14 +141,16 @@ type Video struct {
 type ProvisionMode = string
 
 const (
-	ProvisionModeSystem ProvisionMode = "system"
-	ProvisionModeUser   ProvisionMode = "user"
-	ProvisionModeBoot   ProvisionMode = "boot"
+	ProvisionModeSystem     ProvisionMode = "system"
+	ProvisionModeUser       ProvisionMode = "user"
+	ProvisionModeBoot       ProvisionMode = "boot"
+	ProvisionModeDependency ProvisionMode = "dependency"
 )
 
 type Provision struct {
-	Mode   ProvisionMode `yaml:"mode" json:"mode"` // default: "system"
-	Script string        `yaml:"script" json:"script"`
+	Mode                            ProvisionMode `yaml:"mode" json:"mode"` // default: "system"
+	SkipDefaultDependencyResolution *bool         `yaml:"skipDefaultDependencyResolution,omitempty" json:"skipDefaultDependencyResolution,omitempty"`
+	Script                          string        `yaml:"script" json:"script"`
 }
 
 type Containerd struct {

pkg/limayaml/validate.go

@@ -153,9 +153,14 @@ func Validate(y LimaYAML, warn bool) error {
 	for i, p := range y.Provision {
 		switch p.Mode {
 		case ProvisionModeSystem, ProvisionModeUser, ProvisionModeBoot:
+			if p.SkipDefaultDependencyResolution != nil {
+				return fmt.Errorf("field `provision[%d].mode` cannot set skipDefaultDependencyResolution, only valid on scripts of type %q",
+					i, ProvisionModeDependency)
+			}
+		case ProvisionModeDependency:
 		default:
-			return fmt.Errorf("field `provision[%d].mode` must be either %q, %q, or %q",
-				i, ProvisionModeSystem, ProvisionModeUser, ProvisionModeBoot)
+			return fmt.Errorf("field `provision[%d].mode` must one of %q, %q, %q, or %q",
+				i, ProvisionModeSystem, ProvisionModeUser, ProvisionModeBoot, ProvisionModeDependency)
 		}
 	}
 	needsContainerdArchives := (y.Containerd.User != nil && *y.Containerd.User) || (y.Containerd.System != nil && *y.Containerd.System)