-
-
Notifications
You must be signed in to change notification settings - Fork 4
Cleanroom Commands
Please Note: This page is a work in progress
****** Command List:
_export_directory compression= compression_level=<5> repository=<REPOSITORY_PATH> Export a directory from cleanroom.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_export_directory.py
_pacman_write_package_data Write pacman package data into the filesystem.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_pacman_write_package_data.py
_restore [pretty=] Set the hostname of the system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_restore.py
_setup Implicitly run before any other command of a system is run.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_setup.py
_store Store a system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_store.py
_strip_documentation_hook Strip away documentation files (hook).
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_strip_documentation_hook.py
_teardown Implicitly run after any other command of a system is run.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_teardown.py
_test Implicitly run to test images.
Note: Will run all executable files in the "test" subdirectory of the systems directory and will pass the system name as first argument.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/_test.py
add_hook <HOOK_NAME> * [message=] [] Add a hook running command with arguments.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/add_hook.py
append Append contents to file.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/append.py
based_on <SYSTEM_NAME>) Use <SYSTEM_NAME> as a base for this system. Use "scratch" to start from a blank slate.
Note: This command needs to be the first in the system definition file!
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/based_on.py
chmod + Chmod a file or files.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/chmod.py
chown + [user=] [group=] [recursive=False] Chmod a file or files.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/chown.py
copy
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/copy.py
create [force=True] [mode=0o644] [user=UID/name] [group=GID/name] Create a file with contents.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/create.py
create_efi_kernel <EFI_KERNEL> kernel= initrd_directory=<INITRD_PARTS_DIRECTORY> commandline=<KERNEL_COMMANDLINE> Create a efi kernel with built-in initrd.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/create_efi_kernel.py
create_initrd <INITRD_FILE> Create an initrd.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/create_initrd.py
create_os_release Create os release file.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/create_os_release.py
crypto_uuid Set the UUID of the crypto partition and the NAME to bind to it.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/crypto_uuid.py
debootstrap suite= mirror= [variant=] [include=] [exclude=] Run debootstrap to install a in from . Include and exclude packages.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/debootstrap.py
ensure_hwdb Make sure hwdb is installed.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ensure_hwdb.py
ensure_ldconfig Ensure that ldconfig is run.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ensure_ldconfig.py
ensure_no_kernel_install Set up system for a read-only /usr partition.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ensure_no_kernel_install.py
ensure_no_sysusers Set up system for a read-only /usr partition.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ensure_no_sysusers.py
ensure_no_unused_shell_files Clean out files for shells that are not installed.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ensure_no_unused_shell_files.py
ensure_no_update_service Set up system for a read-only /usr partition.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ensure_no_update_service.py
export REPOSITORY [efi_key=] [efi_cert=] [efi_size=0M] [swap_size=0M] [extra_partitions=p1,p2,...] [image_format=(raw|qcow2)] [repository_compression=zstd] [repository_compression_level=5] [skip_validation=False] [usr_only=True] Export a filesystem image.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/export.py
firejail_apps + Firejail applications.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/firejail_apps.py
groupadd [force=False] [system=False] [gid=] Add a group.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/groupadd.py
groupmod [gid=] [rename=<NEW_NAME>] [password=<CRYPTED_PASSWORD>] [root_directory=] Modify an existing user.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/groupmod.py
install_certificate <CA_CERT>+ Install CA certificates.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/install_certificate.py
k8s_node cluster_name= cluster_id= node_id= [outside_match=<MACAddress=52:54:00:12::>] [cluster_match=<MACAddress=52:54:00:13::>] [gateway=<10.0.2.2>] [dns=<10.0.2.3>] [ntp=<10.42.0.1>] Set up cluster node network.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/k8s_node.py
mkdir + [user=uid] [group=gid] [mode=0o755] [force=False] Create a new directory.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/mkdir.py
move
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/move.py
net_firewall_configure Set up basic firewall.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/net_firewall_configure.py
net_firewall_enable Enable previously configured firewall.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/net_firewall_enable.py
net_firewall_open_port [protocol=(tcp|udp)] [comment=] Open a port in the firewall.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/net_firewall_open_port.py
normalize_kernel_install Handle different kernel flavors in Arch.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/normalize_kernel_install.py
pacman [remove=False] [overwrite=GLOB] [assume_installed=PKG] Run pacman to install .
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pacman.py
pacstrap config= Run pacstrap to install . Hooks: Will runs _setup hooks after pacstrapping.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pacstrap.py
pkg_amd_cpu Install everything for amd CPU.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_amd_cpu.py
pkg_avahi Setup MDNS using avahi.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_avahi.py
pkg_gnome Install the Gnome desktop environment
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_desktop.py
pkg_fonts Set up some extra fonts.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_fonts.py
pkg_glusterfs Setup glusterfs.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_glusterfs.py
pkg_intel_cpu Install everything for intel CPU.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_intel_cpu.py
pkg_intel_gpu Set up Intel GPU.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_intel_gpu.py
pkg_intel_kms Set up Kernel Mode Setting for Intel GPU.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_intel_kms.py
pkg_nginx http=False https=True Setup nginx web server.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_nginx.py
pkg_postgresql Setup postgresql.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_postgresql.py
pkg_quasselcore Setup quasselcore.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_quasselcore.py
pkg_systemd_homed <PRIVATE_KEY_DATA> <PUBLIC_KEY_DATA> Setup systemd-homed.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_systemd_homed.py
pkg_tmux Setup tmux.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_tmux.py
pkg_usbguard Install usbguard
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_usbguard.py
pkg_xorg Set up Xorg.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/pkg_xorg.py
register_container description= timeout=3m after=(,)* requires=(,)*enable=False Register a container with a system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/register_container.py
remove <FILE_LIST> [force=True] [recursive=True] [outside=False] remove files within the system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/remove.py
run [] [inside=False] [shell=False] [returncode=0] [stdout=None] [stderr=None] Run a command inside/outside of the current system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/run.py
sed Run sed on a file.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/sed.py
set [local=True] Set up a substitution.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/set.py
set_hostname [pretty=] Set the hostname of the system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/set_hostname.py
set_locales [<MORE_LOCALES>] [charmap=UTF-8] Set the system locales.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/set_locales.py
set_machine_id Set the machine id of the system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/set_machine_id.py
set_root_device Set the device of the root partition.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/set_root_device.py
set_timezone Set up the timezone for a system.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/set_timezone.py
sign_efi_binary [key=] [cert=] [outside=False] [keep_unsigned=False] Sign using and .
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/sign_efi_binary.py
ssh_allow_login <PUBLIC_KEYFILE> options= Authorize <PUBLIC_KEYFILE> to log in as .
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ssh_allow_login.py
ssh_install_private_key Install as private key for .
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/ssh_install_private_key.py
sshd_set_hostkeys <HOSTKEY_DIR>) Install all the ssh_host_*_key files found in <HOSTKEY_DIR> for SSHD.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/sshd_set_hostkeys.py
strip_development_files Strip away development files.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/strip_development_files.py
strip_documentation Strip away documentation files.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/strip_documentation.py
strip_license_files Strip away license files.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/strip_license_files.py
symlink
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/symlink.py
systemd_cleanup Make sure /etc/systemd/system is empty by moving files and links to the appropriate /usr directory.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/systemd_cleanup.py
systemd_enable [<MORE_UNITS>] [user=False] Enable systemd units.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/systemd_enable.py
systemd_harden_unit [] [CapabilityBoundingSet="IGNORE"][NoNewPrivileges=True] [PrivateDevices=True] [PrivateTmp=True] [PrivateUsers=True] [ProtectControlGroups=True] [ProtectHome="true"] [ProtectKernelModules=True] [ProtectKernelTunables=True] [ProtectKernelLogs=True] [ProtectSystem="full"] [RemoveIPC=True] [RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"] [RestrictRealtime=True] [SystemCallArchitecture="native"] [SystemCallFilter="@system-service"] Apply hardening override to a systemd unit.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/systemd_harden_unit.py
systemd_set_default Set the systemd target to boot into.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/systemd_set_default.py
tar
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/tar.py
useradd [comment=] [home=] [gid=] [uid=] [groups=,] [lock=False] [password=<CRYPTED_PASSWORD>] [shell=] [expire=<EXPIRE_DATE>] Modify an existing user.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/useradd.py
usermod [comment=] [home=] [gid=] [uid=] [rename=<NEW_NAME>] [groups=,] [lock=False] [password=<CRYPTED_PASSWORD>] [shell=] [expire=<EXPIRE_DATE>], [append=False] Modify an existing user.
Definition in: /cleanroom-team/cleanroom/tree/master/cleanroom/commands/usermod.py