engineering: Port osmodifier from Go binary to native Rust crate

[bfjelds]

Port the Go osmodifier from azure-linux-image-tools to a native Rust library crate (crates/osmodifier). Trident now calls osmodifier functions directly instead of serializing config to YAML, writing a temp file, and exec'ing the Go binary.

See crates/osmodifier/README.md for full documentation including file mapping, function mapping, intentional divergences, and sync guide.

Architecture

Three public entry points replace the single Go binary:

Rust function	Replaces
modify_os(&ctx, &config)	OS config: users, hostname, services, modules, SELinux config file, extra kernel cmdline
modify_boot(&ctx, &boot_config)	Boot config: SELinux grub args, overlays, verity, root device
update_default_grub(&ctx)	osmodifier --update-grub: sync grub.cfg values back to /etc/default/grub

Key design decisions:

1. Library, not binary — eliminates YAML serialization, temp files, process spawning. Errors propagate as Result.
2. No chroot codepath — trident already chroots into newroot before calling osmodifier, so root is always /.
3. No BootCustomizer / bootConfigType dispatch — Go dispatches across grub-mkconfig, grub-legacy, and UKI boot types. Rust only implements grub-mkconfig because trident exclusively targets Azure Linux. UKI images return early in boot/mod.rs before modify_boot() is called.
4. Simplified grub.cfg parsing — string-based keyword matching instead of Go's full grub tokenizer. Sufficient for read-only extraction from grub2-mkconfig output.
5. Split API — modify_os() vs modify_boot() for pipeline stage separation.

What changed

New crate: crates/osmodifier

Rust library implementing all Go osmodifier functionality:

• Users — useradd, password hashing (chpasswd -e via stdin, not cmdline), SSH authorized_keys (preserving existing keys for existing users), groups, startup command, password expiry (shadow field 7 with absolute date matching Go's Chage())
• Hostname — /etc/hostname write (no trailing newline, matching Go)
• Services — systemctl enable/disable with Go-faithful error handling (distinguishes "disabled" from "not found")
• Kernel modules — modules-load.d, modprobe.d with option merging, bare-flag preservation, duplicate-line consolidation
• SELinux — /etc/selinux/config update, kernel cmdline args (security=selinux, selinux=, enforcing=), first-match-only replacement
• GRUB default — /etc/default/grub parsing/writing, targets GRUB_CMDLINE_LINUX_DEFAULT, append-only cmdline args
• GRUB cfg — grub.cfg boot-arg extraction with string-based parsing (no regex), case-sensitive recovery detection scoped to quoted title token

Security

• Password hashes passed via stdin to chpasswd -e (not process cmdline)
• Startup command validation rejects :, \n, and \r to prevent /etc/passwd corruption
• Hashed password values validated against : and newlines before writing to /etc/shadow
• Atomic file writes for /etc/shadow and /etc/passwd with uid/gid ownership preservation via fchown
• PasswordType::Locked writes ! marker for existing users

Integration

• All system tool calls use osutils::Dependency enum (systemctl, grub2-mkconfig, id, useradd, usermod, chown, openssl, chpasswd)
• Removed osutils::osmodifier re-export shim to break cyclic dependency

Build and packaging

• Removed: download-osmodifier.yml template, Makefile osmodifier targets, Dockerfile osmodifier stages, functional test binary upload steps
• RPM spec: added Requires: openssl, shadow-utils; added Suggests: grub2-tools
• Removed OS_MODIFIER_BINARY_PATH and OS_MODIFIER_NEWROOT_PATH constants

Tests

• Unit tests for all modules (grub_cfg, default_grub, services, modules, selinux, hostname, users, config)
• Functional tests running in test VM: hostname, modules, selinux, services, and integration scenarios

Documentation

• crates/osmodifier/README.md: Go-to-Rust file mapping, function-by-function mapping (17 functions), intentional divergences, not-ported table with rationale, sync guide with git commands and change-type-to-file mapping

Fidelity

Two rounds of systematic Go-vs-Rust comparison, plus a 9-agent adversarial deep review (3 roles × 3 model families). All behavioral divergences found were fixed:

• grub_cfg.rs — string-based parsing (no regex), case-sensitive recovery detection scoped to quoted title token only, error on multiple non-recovery linux lines
• services.rs — distinguish "disabled" (exit 1 + stdout "disabled") from "error" (service not found), matching Go's systemd.IsServiceEnabled
• modules.rs — error on Inherit+options for disabled modules, preserve existing options during updates, preserve bare options without =, merge duplicate options <module> lines
• selinux.rs — first-match-only replacement, security=selinux kernel arg for Enforcing/Permissive, Enforcing matches Go's EMU path (no enforcing=1)
• default_grub.rs — target GRUB_CMDLINE_LINUX_DEFAULT (not GRUB_CMDLINE_LINUX), append-only (no key dedup)
• users.rs — password expiry writes shadow field 7 (account expiration) with absolute date matching Go's Chage(), preserve existing authorized_keys for existing users, error on unparseable shadow lastChange

Source mapping

Ported from azure-linux-image-tools (toolkit/tools/):

Rust file	Go source(s)	Go commit
lib.rs	osmodifierlib/osmodifier.go, modifierutils.go	f4de1a0
config.rs	osmodifierapi/os.go, overlay.go, verity.go, identifiedpartition.go	8bd4ef3
users.rs	imagecustomizerlib/customizeusers.go	8bd4ef3
hostname.rs	imagecustomizerlib/customizehostname.go	8bd4ef3
modules.rs	imagecustomizerlib/kernelmoduleutils.go	8bd4ef3
services.rs	imagecustomizerlib/customizeservices.go	dc90945
selinux.rs	modifierutils.go (SELinux functions)	f4de1a0
default_grub.rs	modifydefaultgrub.go	f4de1a0
grub_cfg.rs	modifydefaultgrub.go, modifierutils.go	f4de1a0

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command.

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command.

[Copilot]

Pull request overview

Copilot reviewed 37 out of 38 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 37 out of 38 changed files in this pull request and generated 3 comments.

[Copilot]

Pull request overview

Copilot reviewed 37 out of 38 changed files in this pull request and generated 6 comments.

[Copilot]

Pull request overview

Copilot reviewed 38 out of 39 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 38 out of 39 changed files in this pull request and generated 5 comments.

[bfjelds]

/azp run [GITHUB]-trident-pr-e2e

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).