Moved disco-ball to universe, added functions necessary for fetching, templating, and executing a given disco ball. Made all existing scripts aware of NOOP and how to change their DISCOROOT accordingly. Added skeleton restricted.d/* files for a semi-safe base system. Added disco-param that allows management of parameters on the client (currently isn't smart enough to manage them on the server, or per-module). Added client/bin/disco that actually allows the entire thing to come together and get executed. Still lots of bugs to work out.

client/bin/disco

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+DISCOCFG=/etc/disco
+if [ "$NOOP" != "" ]; then
+    DISCOROOT=/var/disco/testfs/noop
+else
+    DISCOROOT=/var/disco/testfs/real
+fi
+
+function main() {
+    
+    mount | grep $DISCOROOT >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+	echo "error: disco filesystem does not appear to be mounted, please exec disco-fs-init, disco-fs-mount, and try again."
+	exit 1
+    fi
+	
+    disco-ball fetch_params
+    if [ $? -ne 0 ]; then
+	echo "error: Unable to fetch parameters for this host from remote server"
+	exit 1
+    fi
+
+    # Create the toposort of all the modules
+    for module in $(disco-param keys $(hostname)/modules)
+    do
+	NOOP="true" disco-ball fetch $module
+	disco-ball requires $module >> /tmp/$$.tsort
+    done
+
+    for module in $(cat /tmp/$$.tsort | tsort | tac)
+    do
+	echo "info: Processing ${module}"
+	NOOP="true" disco-ball template $module
+	disco-fs-diff
+	if [ "$NOOP" == "" ]; then
+	    rsync -aWH /var/disco/testfs/noop/* /
+	fi
+	NOOP="$NOOP" disco-ball exec $module
+	RETVAL=$?
+	rm -rf /var/disco/testfs/noop/scratchfs/*
+	if [ $RETVAL -ne 0 ]; then
+	    echo "error: Failed to apply $module."
+	fi
+    done
+}
+
+main $@

client/bin/disco-fs-fixup.py

@@ -1,8 +1,13 @@
 import os
 import sys
 
+DISCOROOT="/var/disco/testfs/real"
+if ("NOOP" in os.environ) and (os.environ["NOOP"] != ""):
+    DISCOROOT="/var/disco/testfs/noop"
+
 def file_is_text(fname):
-    os.system("file %s > /tmp/%s.typeof" % (os.path.abspath("/var/disco/testfs/scratchfs/" + fname), os.getpid()))
+    global DISCOROOT
+    os.system("file %s > /tmp/%s.typeof" % (os.path.abspath(DISCOROOT + "/scratchfs/" + fname), os.getpid()))
     with open("/tmp/%s.typeof" % os.getpid(), "r") as ifile:
         line = ifile.readline()
         if "ASCII" in line:
@@ -10,6 +15,7 @@ def file_is_text(fname):
     return False
 
 def main(argc, argv):
+    global DISCOROOT
     for line in sys.stdin.readlines():
         line = line.strip("\n")
         pid = os.getpid()
@@ -18,13 +24,13 @@ def main(argc, argv):
             if file_is_text(fname):
                 content = ""
                 
-                with open(os.path.abspath("/var/disco/testfs/scratchfs/%s" % fname), "r") as ifile:
+                with open(os.path.abspath(DISCOROOT + "/scratchfs/%s" % fname), "r") as ifile:
                     content = "> " + "> ".join(ifile.readlines())
                 line = line.replace("(CONTENT)", "\n%s" % (content))
-            elif os.path.isdir("/var/disco/testfs/scratchfs/" + fname):
+            elif os.path.isdir(DISCOROOT + "/scratchfs/" + fname):
                 line = line.replace("(CONTENT)", "directory")
             else:
-                os.system("md5sum /var/disco/testfs/scratchfs/%s > /tmp/%s" % (fname, pid))
+                os.system("md5sum " + os.path.abspath(DISCOROOT + "/scratchfs/" + fname) + " > /tmp/%s" % (pid))
                 content = ""
                 with open("/tmp/%s" % (pid), "r") as ifile:
                     content = ifile.readline().split(" ")[0]
@@ -32,14 +38,14 @@ def main(argc, argv):
             line = line.strip("\n")
         if "(OLDMD5SUM)" in line:
             fname = line.split(" ")[3]
-            os.system("md5sum /var/disco/testfs/rootfs/%s > /tmp/%s" % (fname, pid))
+            os.system("md5sum " + os.path.abspath(DISCOROOT + "/rootfs/" + fname) + " > /tmp/%s" % (pid))
             content = ""
             with open("/tmp/%s" % (pid), "r") as ifile:
                 content = ifile.readline().split(" ")[0]
             line = line.replace("(OLDMD5SUM)", content).strip("\n")
         if "(NEWMD5SUM)" in line:
             fname = line.split(" ")[3]
-            os.system("md5sum /var/disco/testfs/scratchfs/%s > /tmp/%s" % (fname, pid))
+            os.system("md5sum " + os.path.abspath(DISCOROOT + "/scratchfs/" + fname) + " > /tmp/%s" % (pid))
             content = ""
             with open("/tmp/%s" % (pid), "r") as ifile:
                 content = ifile.readline().split(" ")[0]

client/bin/disco-fs-unmount

@@ -1,6 +1,10 @@
 #!/bin/bash
 
-DISCOROOT=/var/disco/testfs
+if [ "$NOOP" == "" ]; then
+    DISCOROOT=/var/disco/testfs/real
+else
+    DISCOROOT=/var/disco/testfs/noop
+fi
 
 mount | grep $DISCOROOT > /dev/null 2>&1
 if [ $? -ne 0 ]; then

client/bin/disco-sh-exec

@@ -1,14 +1,18 @@
 #!/bin/bash
 
-DISCOROOT=/var/disco/testfs
+if [ "$NOOP" == "" ]; then
+    DISCOROOT=/var/disco/testfs/real
+else
+    DISCOROOT=/var/disco/testfs/noop
+fi
 
 mount | grep $DISCOROOT >/dev/null 2>&1
 if [ $? -ne 0 ]; then
-    ./disco-fs-mount
+    ./disco-fs-mount || exit 1
 fi
 
 # Strip out any shebang and put the script in the root
 mkdir -p ${DISCOROOT}/restricted/$(dirname $2)
 cat $1 | sed s/'^#!.*'/''/g > ${DISCOROOT}/restricted/$2
-$(dirname $0)/disco-sh-shell ${DISCOROOT}/restricted/$2
+NOOP="$NOOP" $(dirname $0)/disco-sh-shell ${DISCOROOT}/restricted/$2
 exit $?

client/bin/disco-sh-shell

@@ -9,13 +9,12 @@ fi
 mount | grep $DISCOROOT >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "disco filesystem is not mounted"
-    exit 0
+    exit 1
 fi
 
 if [ "$NOOP" != "" ]; then
-    #chroot ${DISCOROOT}/chroot /bin/env PATH=${DISCOROOT}/restricted/bin:${DISCOROOT}/munge/mungebin /bin/bash --login --restricted $@
-    chroot ${DISCOROOT}/chroot //bin/bash --login --restricted $@
+    chroot ${DISCOROOT}/chroot /bin/env PATH=${DISCOROOT}/restricted/bin:${DISCOROOT}/munge/mungebin /bin/bash --restricted $@
 else
-    chroot ${DISCOROOT}/chroot /bin/bash --login $@
+    chroot ${DISCOROOT}/chroot /bin/bash $@
 fi
 exit $?

client/etc/disco/restricted.d/base.bin.d

@@ -0,0 +1,68 @@
+/bin/arch
+/bin/basename
+/bin/cat
+/bin/chgrp
+/bin/chmod
+/bin/chown
+/bin/cp
+/bin/cpio
+/bin/cut
+/bin/dash
+/bin/date
+/bin/dd
+/bin/df
+/bin/dmesg
+/bin/dnsdomainname
+/bin/domainname
+/bin/dumpkeys
+/bin/echo
+/bin/ed
+/bin/egrep
+# This can execute code, but if we wrap it, bash fails to start.
+/bin/env
+# -----
+/bin/find
+/bin/false
+/bin/fgrep
+/bin/findmnt
+/bin/grep
+/bin/gtar
+/bin/gunzip
+/bin/gzip
+/bin/hostname
+/bin/ipcalc
+/bin/keyctl
+/bin/link
+/bin/ln
+/bin/loadkeys
+/bin/ls
+/bin/lsblk
+/bin/mkdir
+/bin/mknod
+/bin/mktemp
+/bin/mv
+/bin/netstat
+/bin/nisdomainname
+/bin/ping
+/bin/ping6
+/bin/ps
+/bin/pwd
+/bin/readlink
+/bin/rm
+/bin/rmdir
+/bin/sed
+/bin/sleep
+/bin/sort
+/bin/sync
+/bin/tar
+/bin/touch
+/bin/tracepath
+/bin/tracepath6
+/bin/traceroute
+/bin/traceroute6
+/bin/true
+/bin/uname
+/bin/unlink
+/bin/usleep
+/bin/ypdomainname
+/bin/zcat

client/etc/disco/restricted.d/base.usr.bin.d

@@ -0,0 +1,146 @@
+/usr/bin/attr
+/usr/bin/base64
+/usr/bin/bashbug-32
+/usr/bin/bc
+/usr/bin/bunzip2
+/usr/bin/bzcat
+/usr/bin/bzcmp
+/usr/bin/bzdiff
+/usr/bin/bzgrep
+/usr/bin/bzip2
+/usr/bin/bzip2recover
+/usr/bin/bzless
+/usr/bin/bzmore
+/usr/bin/chacl
+/usr/bin/chage
+/usr/bin/chattr
+/usr/bin/chcon
+/usr/bin/chfn
+/usr/bin/chvt
+/usr/bin/clear
+/usr/bin/cmp
+/usr/bin/crontab
+/usr/bin/cut
+/usr/bin/diff
+/usr/bin/diff3
+/usr/bin/dig
+/usr/bin/dir
+/usr/bin/dircolors
+/usr/bin/dirname
+/usr/bin/du
+/usr/bin/expand
+/usr/bin/expr
+/usr/bin/file
+/usr/bin/find-repos-of-install
+/usr/bin/fmt
+/usr/bin/fold
+/usr/bin/free
+/usr/bin/funzip
+/usr/bin/getent
+/usr/bin/getfacl
+/usr/bin/getfattr
+/usr/bin/gethostip
+/usr/bin/getkeycodes
+/usr/bin/getopt
+/usr/bin/gpasswd
+/usr/bin/gpg
+/usr/bin/gpg2
+/usr/bin/gpgconf
+/usr/bin/gpg-error
+/usr/bin/gpgkey2ssh
+/usr/bin/groups
+/usr/bin/gunzip
+/usr/bin/gzip
+/usr/bin/head
+/usr/bin/hexdump
+/usr/bin/host
+/usr/bin/hostid
+/usr/bin/iconv
+/usr/bin/id
+/usr/bin/install
+/usr/bin/install-catalog
+/usr/bin/iostat
+/usr/bin/join
+/usr/bin/last
+/usr/bin/lastlog
+/usr/bin/locale
+/usr/bin/localedef
+/usr/bin/locate
+/usr/bin/logger
+/usr/bin/lsattr
+/usr/bin/lscpu
+/usr/bin/lsusb
+/usr/bin/md5sum
+/usr/bin/mkfifo
+/usr/bin/mkisofs
+/usr/bin/needs-restarting
+/usr/bin/nslookup
+/usr/bin/ntpstat
+/usr/bin/openssl
+/usr/bin/passwd
+/usr/bin/paste
+/usr/bin/pidstat
+/usr/bin/pr
+/usr/bin/printenv
+/usr/bin/printf
+/usr/bin/pstree
+/usr/bin/quota
+/usr/bin/rdate
+/usr/bin/readelf
+/usr/bin/readlink
+/usr/bin/rename
+/usr/bin/rpm2cpio
+/usr/bin/rpmdb
+/usr/bin/rpmdumpheader
+/usr/bin/rpmquery
+/usr/bin/rpmsign
+/usr/bin/rpmverify
+/usr/bin/rsync
+/usr/bin/scp
+/usr/bin/script
+/usr/bin/scriptreplay
+/usr/bin/seq
+/usr/bin/sha1sum
+/usr/bin/sha224sum
+/usr/bin/sha256sum
+/usr/bin/sha384sum
+/usr/bin/sha512sum
+/usr/bin/showkey
+/usr/bin/shred
+/usr/bin/shuf
+/usr/bin/size
+/usr/bin/split
+/usr/bin/sqlite3
+/usr/bin/ssh-keygen
+/usr/bin/stat
+/usr/bin/sum
+/usr/bin/tac
+/usr/bin/tail
+/usr/bin/tailf
+/usr/bin/tee
+/usr/bin/test
+/usr/bin/tr
+/usr/bin/tree
+/usr/bin/truncate
+/usr/bin/tsort
+/usr/bin/tty
+/usr/bin/ul
+/usr/bin/unexpand
+/usr/bin/uniq
+/usr/bin/unlzma
+/usr/bin/unzip
+/usr/bin/unzipsfx
+/usr/bin/updatedb
+/usr/bin/uptime
+/usr/bin/users
+/usr/bin/uuidgen
+/usr/bin/vmstat
+/usr/bin/w
+/usr/bin/wc
+/usr/bin/whatis
+/usr/bin/whereis
+/usr/bin/which
+/usr/bin/who
+/usr/bin/whoami
+/usr/bin/wnck-urgency-monitor
+/usr/bin/zip