container: use new netlink implementation

This is adapted from the container netlink implementation and is much more reusable.

Signed-off-by: Ophestra <cat@gensokyo.uk>

container/dispatcher.go

@@ -3,6 +3,7 @@ package container
 import (
 	"io"
 	"io/fs"
+	"net"
 	"os"
 	"os/exec"
 	"os/signal"
@@ -12,6 +13,7 @@ import (
 
 	"hakurei.app/container/seccomp"
 	"hakurei.app/container/std"
+	"hakurei.app/internal/netlink"
 	"hakurei.app/message"
 )
 
@@ -167,7 +169,47 @@ func (k direct) mountTmpfs(fsname, target string, flags uintptr, size int, perm
 func (direct) ensureFile(name string, perm, pperm os.FileMode) error {
 	return ensureFile(name, perm, pperm)
 }
-func (direct) mustLoopback(msg message.Msg) { mustLoopback(msg) }
+func (direct) mustLoopback(msg message.Msg) {
+	var lo int
+	if ifi, err := net.InterfaceByName("lo"); err != nil {
+		msg.GetLogger().Fatalln(err)
+	} else {
+		lo = ifi.Index
+	}
+
+	c, err := netlink.DialRoute()
+	if err != nil {
+		msg.GetLogger().Fatalln(err)
+	}
+
+	must := func(err error) {
+		if err == nil {
+			return
+		}
+		if closeErr := c.Close(); closeErr != nil {
+			msg.Verbosef("cannot close RTNETLINK: %v", closeErr)
+		}
+
+		switch err.(type) {
+		case *os.SyscallError:
+			msg.GetLogger().Fatalf("cannot %v", err)
+
+		case syscall.Errno:
+			msg.GetLogger().Fatalf("RTNETLINK answers: %v", err)
+
+		default:
+			msg.GetLogger().Fatalf("RTNETLINK answers with malformed message")
+		}
+	}
+	must(c.SendNewaddrLo(uint32(lo)))
+	must(c.SendIfInfomsg(syscall.RTM_NEWLINK, 0, &syscall.IfInfomsg{
+		Family: syscall.AF_UNSPEC,
+		Index:  int32(lo),
+		Flags:  syscall.IFF_UP,
+		Change: syscall.IFF_UP,
+	}))
+	must(c.Close())
+}
 
 func (direct) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error {
 	return seccomp.Load(rules, flags)

container/netlink.go

@@ -1,269 +0,0 @@
-package container
-
-import (
-	"encoding/binary"
-	"errors"
-	"net"
-	"os"
-	. "syscall"
-	"unsafe"
-
-	"hakurei.app/container/std"
-	"hakurei.app/message"
-)
-
-// rtnetlink represents a NETLINK_ROUTE socket.
-type rtnetlink struct {
-	// Sent as part of rtnetlink messages.
-	pid uint32
-	// AF_NETLINK socket.
-	fd int
-	// Whether the socket is open.
-	ok bool
-	// Message sequence number.
-	seq uint32
-}
-
-// open creates the underlying NETLINK_ROUTE socket.
-func (s *rtnetlink) open() (err error) {
-	if s.ok || s.fd < 0 {
-		return os.ErrInvalid
-	}
-
-	s.pid = uint32(Getpid())
-	if s.fd, err = Socket(
-		AF_NETLINK,
-		SOCK_RAW|SOCK_CLOEXEC,
-		NETLINK_ROUTE,
-	); err != nil {
-		return os.NewSyscallError("socket", err)
-	} else if err = Bind(s.fd, &SockaddrNetlink{
-		Family: AF_NETLINK,
-		Pid:    s.pid,
-	}); err != nil {
-		_ = s.close()
-		return os.NewSyscallError("bind", err)
-	} else {
-		s.ok = true
-		return nil
-	}
-}
-
-// close closes the underlying NETLINK_ROUTE socket.
-func (s *rtnetlink) close() error {
-	if !s.ok {
-		return os.ErrInvalid
-	}
-
-	s.ok = false
-	err := Close(s.fd)
-	s.fd = -1
-	return err
-}
-
-// roundtrip sends a netlink message and handles the reply.
-func (s *rtnetlink) roundtrip(data []byte) error {
-	if !s.ok {
-		return os.ErrInvalid
-	}
-
-	defer func() { s.seq++ }()
-
-	if err := Sendto(s.fd, data, 0, &SockaddrNetlink{
-		Family: AF_NETLINK,
-	}); err != nil {
-		return os.NewSyscallError("sendto", err)
-	}
-	buf := make([]byte, Getpagesize())
-
-done:
-	for {
-		p := buf
-		if n, _, err := Recvfrom(s.fd, p, 0); err != nil {
-			return os.NewSyscallError("recvfrom", err)
-		} else if n < NLMSG_HDRLEN {
-			return errors.ErrUnsupported
-		} else {
-			p = p[:n]
-		}
-
-		if msgs, err := ParseNetlinkMessage(p); err != nil {
-			return err
-		} else {
-			for _, m := range msgs {
-				if m.Header.Seq != s.seq || m.Header.Pid != s.pid {
-					return errors.ErrUnsupported
-				}
-				if m.Header.Type == NLMSG_DONE {
-					break done
-				}
-				if m.Header.Type == NLMSG_ERROR {
-					if len(m.Data) >= 4 {
-						errno := Errno(-std.Int(binary.NativeEndian.Uint32(m.Data)))
-						if errno == 0 {
-							return nil
-						}
-						return errno
-					}
-					return errors.ErrUnsupported
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-// mustRoundtrip calls roundtrip and terminates via msg for a non-nil error.
-func (s *rtnetlink) mustRoundtrip(msg message.Msg, data []byte) {
-	err := s.roundtrip(data)
-	if err == nil {
-		return
-	}
-	if closeErr := Close(s.fd); closeErr != nil {
-		msg.Verbosef("cannot close: %v", err)
-	}
-
-	switch err.(type) {
-	case *os.SyscallError:
-		msg.GetLogger().Fatalf("cannot %v", err)
-
-	case Errno:
-		msg.GetLogger().Fatalf("RTNETLINK answers: %v", err)
-
-	default:
-		msg.GetLogger().Fatalln("RTNETLINK answers with unexpected message")
-	}
-}
-
-// newaddrLo represents a RTM_NEWADDR message with two addresses.
-type newaddrLo struct {
-	header NlMsghdr
-	data   IfAddrmsg
-
-	r0 RtAttr
-	a0 [4]byte // in_addr
-	r1 RtAttr
-	a1 [4]byte // in_addr
-}
-
-// sizeofNewaddrLo is the expected size of newaddrLo.
-const sizeofNewaddrLo = NLMSG_HDRLEN + SizeofIfAddrmsg + (SizeofRtAttr+4)*2
-
-// newaddrLo returns the address of a populated newaddrLo.
-func (s *rtnetlink) newaddrLo(lo int) *newaddrLo {
-	return &newaddrLo{NlMsghdr{
-		Len:   sizeofNewaddrLo,
-		Type:  RTM_NEWADDR,
-		Flags: NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_EXCL,
-		Seq:   s.seq,
-		Pid:   s.pid,
-	}, IfAddrmsg{
-		Family:    AF_INET,
-		Prefixlen: 8,
-		Flags:     IFA_F_PERMANENT,
-		Scope:     RT_SCOPE_HOST,
-		Index:     uint32(lo),
-	}, RtAttr{
-		Len:  uint16(SizeofRtAttr + len(newaddrLo{}.a0)),
-		Type: IFA_LOCAL,
-	}, [4]byte{127, 0, 0, 1}, RtAttr{
-		Len:  uint16(SizeofRtAttr + len(newaddrLo{}.a1)),
-		Type: IFA_ADDRESS,
-	}, [4]byte{127, 0, 0, 1}}
-}
-
-func (msg *newaddrLo) toWireFormat() []byte {
-	var buf [sizeofNewaddrLo]byte
-
-	*(*uint32)(unsafe.Pointer(&buf[0:4][0])) = msg.header.Len
-	*(*uint16)(unsafe.Pointer(&buf[4:6][0])) = msg.header.Type
-	*(*uint16)(unsafe.Pointer(&buf[6:8][0])) = msg.header.Flags
-	*(*uint32)(unsafe.Pointer(&buf[8:12][0])) = msg.header.Seq
-	*(*uint32)(unsafe.Pointer(&buf[12:16][0])) = msg.header.Pid
-
-	buf[16] = msg.data.Family
-	buf[17] = msg.data.Prefixlen
-	buf[18] = msg.data.Flags
-	buf[19] = msg.data.Scope
-	*(*uint32)(unsafe.Pointer(&buf[20:24][0])) = msg.data.Index
-
-	*(*uint16)(unsafe.Pointer(&buf[24:26][0])) = msg.r0.Len
-	*(*uint16)(unsafe.Pointer(&buf[26:28][0])) = msg.r0.Type
-	copy(buf[28:32], msg.a0[:])
-	*(*uint16)(unsafe.Pointer(&buf[32:34][0])) = msg.r1.Len
-	*(*uint16)(unsafe.Pointer(&buf[34:36][0])) = msg.r1.Type
-	copy(buf[36:40], msg.a1[:])
-
-	return buf[:]
-}
-
-// newlinkLo represents a RTM_NEWLINK message.
-type newlinkLo struct {
-	header NlMsghdr
-	data   IfInfomsg
-}
-
-// sizeofNewlinkLo is the expected size of newlinkLo.
-const sizeofNewlinkLo = NLMSG_HDRLEN + SizeofIfInfomsg
-
-// newlinkLo returns the address of a populated newlinkLo.
-func (s *rtnetlink) newlinkLo(lo int) *newlinkLo {
-	return &newlinkLo{NlMsghdr{
-		Len:   sizeofNewlinkLo,
-		Type:  RTM_NEWLINK,
-		Flags: NLM_F_REQUEST | NLM_F_ACK,
-		Seq:   s.seq,
-		Pid:   s.pid,
-	}, IfInfomsg{
-		Family: AF_UNSPEC,
-		Index:  int32(lo),
-		Flags:  IFF_UP,
-		Change: IFF_UP,
-	}}
-}
-
-func (msg *newlinkLo) toWireFormat() []byte {
-	var buf [sizeofNewlinkLo]byte
-
-	*(*uint32)(unsafe.Pointer(&buf[0:4][0])) = msg.header.Len
-	*(*uint16)(unsafe.Pointer(&buf[4:6][0])) = msg.header.Type
-	*(*uint16)(unsafe.Pointer(&buf[6:8][0])) = msg.header.Flags
-	*(*uint32)(unsafe.Pointer(&buf[8:12][0])) = msg.header.Seq
-	*(*uint32)(unsafe.Pointer(&buf[12:16][0])) = msg.header.Pid
-
-	buf[16] = msg.data.Family
-	*(*uint16)(unsafe.Pointer(&buf[18:20][0])) = msg.data.Type
-	*(*int32)(unsafe.Pointer(&buf[20:24][0])) = msg.data.Index
-	*(*uint32)(unsafe.Pointer(&buf[24:28][0])) = msg.data.Flags
-	*(*uint32)(unsafe.Pointer(&buf[28:32][0])) = msg.data.Change
-
-	return buf[:]
-}
-
-// mustLoopback creates the loopback address and brings the lo interface up.
-// mustLoopback calls a fatal method of the underlying [log.Logger] of m with a
-// user-facing error message if RTNETLINK behaves unexpectedly.
-func mustLoopback(msg message.Msg) {
-	log := msg.GetLogger()
-
-	var lo int
-	if ifi, err := net.InterfaceByName("lo"); err != nil {
-		log.Fatalln(err)
-	} else {
-		lo = ifi.Index
-	}
-
-	var s rtnetlink
-	if err := s.open(); err != nil {
-		log.Fatalln(err)
-	}
-	defer func() {
-		if err := s.close(); err != nil {
-			msg.Verbosef("cannot close netlink: %v", err)
-		}
-	}()
-
-	s.mustRoundtrip(msg, s.newaddrLo(lo).toWireFormat())
-	s.mustRoundtrip(msg, s.newlinkLo(lo).toWireFormat())
-}

container/netlink_test.go

@@ -1,72 +0,0 @@
-package container
-
-import (
-	"testing"
-	"unsafe"
-)
-
-func TestSizeof(t *testing.T) {
-	if got := unsafe.Sizeof(newaddrLo{}); got != sizeofNewaddrLo {
-		t.Fatalf("newaddrLo: sizeof = %#x, want %#x", got, sizeofNewaddrLo)
-	}
-
-	if got := unsafe.Sizeof(newlinkLo{}); got != sizeofNewlinkLo {
-		t.Fatalf("newlinkLo: sizeof = %#x, want %#x", got, sizeofNewlinkLo)
-	}
-}
-
-func TestRtnetlinkMessage(t *testing.T) {
-	t.Parallel()
-
-	testCases := []struct {
-		name string
-		msg  interface{ toWireFormat() []byte }
-		want []byte
-	}{
-		{"newaddrLo", (&rtnetlink{pid: 1, seq: 0}).newaddrLo(1), []byte{
-			/* Len   */ 0x28, 0, 0, 0,
-			/* Type  */ 0x14, 0,
-			/* Flags */ 5, 6,
-			/* Seq   */ 0, 0, 0, 0,
-			/* Pid   */ 1, 0, 0, 0,
-
-			/* Family    */ 2,
-			/* Prefixlen */ 8,
-			/* Flags     */ 0x80,
-			/* Scope     */ 0xfe,
-			/* Index     */ 1, 0, 0, 0,
-
-			/* Len     */ 8, 0,
-			/* Type    */ 2, 0,
-			/* in_addr */ 127, 0, 0, 1,
-
-			/* Len     */ 8, 0,
-			/* Type    */ 1, 0,
-			/* in_addr */ 127, 0, 0, 1,
-		}},
-
-		{"newlinkLo", (&rtnetlink{pid: 1, seq: 1}).newlinkLo(1), []byte{
-			/* Len   */ 0x20, 0, 0, 0,
-			/* Type  */ 0x10, 0,
-			/* Flags */ 5, 0,
-			/* Seq   */ 1, 0, 0, 0,
-			/* Pid   */ 1, 0, 0, 0,
-
-			/* Family */ 0,
-			/* pad    */ 0,
-			/* Type   */ 0, 0,
-			/* Index  */ 1, 0, 0, 0,
-			/* Flags  */ 1, 0, 0, 0,
-			/* Change */ 1, 0, 0, 0,
-		}},
-	}
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			if got := tc.msg.toWireFormat(); string(got) != string(tc.want) {
-				t.Fatalf("toWireFormat: %#v, want %#v", got, tc.want)
-			}
-		})
-	}
-}

internal/netlink/netlink.go

@@ -0,0 +1,186 @@
+// Package netlink is a partial implementation of the netlink protocol.
+package netlink
+
+import (
+	"fmt"
+	"os"
+	"sync"
+	"syscall"
+	"unsafe"
+)
+
+// AF_NETLINK socket is never shared
+var (
+	nlPid     uint32
+	nlPidOnce sync.Once
+)
+
+// getpid returns a cached pid value.
+func getpid() uint32 {
+	nlPidOnce.Do(func() { nlPid = uint32(os.Getpid()) })
+	return nlPid
+}
+
+// A conn represents resources associated to a netlink socket.
+type conn struct {
+	// AF_NETLINK socket.
+	fd int
+	// Kernel module or netlink group to communicate with.
+	family int
+	// Message sequence number.
+	seq uint32
+	// For pending outgoing message.
+	typ, flags uint16
+	// Outgoing position in buf.
+	pos int
+	// A page holding incoming and outgoing messages.
+	buf []byte
+}
+
+// dial returns the address of a newly connected conn of specified family.
+func dial(family int) (*conn, error) {
+	var c conn
+	if fd, err := syscall.Socket(
+		syscall.AF_NETLINK,
+		syscall.SOCK_RAW|syscall.SOCK_CLOEXEC,
+		family,
+	); err != nil {
+		return nil, os.NewSyscallError("socket", err)
+	} else if err = syscall.Bind(fd, &syscall.SockaddrNetlink{
+		Family: syscall.AF_NETLINK,
+		Pid:    getpid(),
+	}); err != nil {
+		_ = syscall.Close(fd)
+		return nil, os.NewSyscallError("bind", err)
+	} else {
+		c.fd, c.family = fd, family
+	}
+	c.pos = syscall.NLMSG_HDRLEN
+	c.buf = make([]byte, os.Getpagesize())
+	return &c, nil
+}
+
+// Close closes the underlying socket.
+func (c *conn) Close() error {
+	if c.buf == nil {
+		return syscall.EINVAL
+	}
+	c.buf = nil
+	return syscall.Close(c.fd)
+}
+
+// Msg is type constraint for types sent over the wire via netlink.
+//
+// No pointer types or compound types containing pointers may appear here.
+type Msg interface {
+	syscall.NlMsghdr | syscall.NlMsgerr |
+		syscall.IfAddrmsg | RtAttrMsg[InAddr] |
+		syscall.IfInfomsg
+}
+
+// As returns data as the specified netlink message type.
+func As[M Msg](data []byte) *M {
+	var v M
+	if unsafe.Sizeof(v) != uintptr(len(data)) {
+		return nil
+	}
+	return (*M)(unsafe.Pointer(unsafe.SliceData(data)))
+}
+
+// add queues a value to be sent by conn.
+func add[M Msg](c *conn, p *M) bool {
+	pos := c.pos
+	c.pos += int(unsafe.Sizeof(*p))
+	if c.pos > len(c.buf) {
+		c.pos = pos
+		return false
+	}
+	*(*M)(unsafe.Pointer(&c.buf[pos])) = *p
+	return true
+}
+
+// InconsistentError describes a reply from the kernel that is not consistent
+// with the internal state tracked by this package.
+type InconsistentError struct {
+	// Offending header.
+	syscall.NlMsghdr
+	// Expected message sequence.
+	Seq uint32
+	// Expected pid.
+	Pid uint32
+}
+
+func (*InconsistentError) Unwrap() error { return os.ErrInvalid }
+func (e *InconsistentError) Error() string {
+	s := "netlink socket has inconsistent state"
+	switch {
+	case e.Seq != e.NlMsghdr.Seq:
+		s += fmt.Sprintf(": seq %d != %d", e.Seq, e.NlMsghdr.Seq)
+	case e.Pid != e.NlMsghdr.Pid:
+		s += fmt.Sprintf(": pid %d != %d", e.Pid, e.NlMsghdr.Pid)
+	}
+	return s
+}
+
+// pending returns the valid slice of buf and initialises pos.
+func (c *conn) pending() []byte {
+	buf := c.buf[:c.pos]
+	c.pos = syscall.NLMSG_HDRLEN
+
+	*(*syscall.NlMsghdr)(unsafe.Pointer(unsafe.SliceData(buf))) = syscall.NlMsghdr{
+		Len:   uint32(len(buf)),
+		Type:  c.typ,
+		Flags: c.flags,
+		Seq:   c.seq,
+		Pid:   getpid(),
+	}
+	return buf
+}
+
+// Complete indicates the completion of a roundtrip.
+type Complete struct{}
+
+// Error returns a hardcoded string that should never be displayed to the user.
+func (Complete) Error() string { return "returning from roundtrip" }
+
+// Roundtrip sends the pending message and handles the reply.
+func (c *conn) Roundtrip(f func(msg *syscall.NetlinkMessage) error) error {
+	if c.buf == nil {
+		return syscall.EINVAL
+	}
+	defer func() { c.seq++ }()
+
+	if err := syscall.Sendto(c.fd, c.pending(), 0, &syscall.SockaddrNetlink{
+		Family: syscall.AF_NETLINK,
+	}); err != nil {
+		return os.NewSyscallError("sendto", err)
+	}
+
+	for {
+		buf := c.buf
+		if n, _, err := syscall.Recvfrom(c.fd, buf, 0); err != nil {
+			return os.NewSyscallError("recvfrom", err)
+		} else if n < syscall.NLMSG_HDRLEN {
+			return syscall.EBADE
+		} else {
+			buf = buf[:n]
+		}
+
+		msgs, err := syscall.ParseNetlinkMessage(buf)
+		if err != nil {
+			return err
+		}
+
+		for _, msg := range msgs {
+			if msg.Header.Seq != c.seq || msg.Header.Pid != getpid() {
+				return &InconsistentError{msg.Header, c.seq, getpid()}
+			}
+			if err = f(&msg); err != nil {
+				if err == (Complete{}) {
+					return nil
+				}
+				return err
+			}
+		}
+	}
+}

internal/netlink/netlink_test.go

@@ -0,0 +1,36 @@
+package netlink
+
+import (
+	"os"
+	"syscall"
+	"testing"
+)
+
+func init() { nlPidOnce.Do(func() {}); nlPid = 1 }
+
+type payloadTestCase struct {
+	name string
+	f    func(c *conn)
+	want []byte
+}
+
+// checkPayload runs multiple payloadTestCase against a stub conn and checks
+// the outgoing message written to its buffer page.
+func checkPayload(t *testing.T, testCases []payloadTestCase) {
+	t.Helper()
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			c := conn{
+				pos: syscall.NLMSG_HDRLEN,
+				buf: make([]byte, os.Getpagesize()),
+			}
+			tc.f(&c)
+			if got := c.pending(); string(got) != string(tc.want) {
+				t.Errorf("pending: %#v, want %#v", got, tc.want)
+			}
+		})
+	}
+}

internal/netlink/rtnl.go

@@ -0,0 +1,132 @@
+package netlink
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// RouteConn represents a NETLINK_ROUTE socket.
+type RouteConn struct{ *conn }
+
+// DialRoute returns the address of a newly connected [RouteConn].
+func DialRoute() (*RouteConn, error) {
+	c, err := dial(syscall.NETLINK_ROUTE)
+	if err != nil {
+		return nil, err
+	}
+	return &RouteConn{c}, nil
+}
+
+// rtnlConsume consumes a message from rtnetlink.
+func rtnlConsume(msg *syscall.NetlinkMessage) error {
+	switch msg.Header.Type {
+	case syscall.NLMSG_DONE:
+		return Complete{}
+
+	case syscall.NLMSG_ERROR:
+		if e := As[syscall.NlMsgerr](msg.Data); e != nil {
+			if e.Error == 0 {
+				return Complete{}
+			}
+			return syscall.Errno(-e.Error)
+		}
+		return syscall.EBADE
+
+	default:
+		return nil
+	}
+}
+
+// InAddr is equivalent to struct in_addr.
+type InAddr [4]byte
+
+// RtAttrMsg holds syscall.RtAttr alongside its payload.
+type RtAttrMsg[D any] struct {
+	syscall.RtAttr
+	Data D
+}
+
+// populate populates the Len field of the embedded syscall.RtAttr.
+func (attr *RtAttrMsg[M]) populate() {
+	attr.Len = syscall.SizeofRtAttr + uint16(unsafe.Sizeof(attr.Data))
+}
+
+// writeIfAddrmsg writes an ifaddrmsg structure to conn.
+func (c *RouteConn) writeIfAddrmsg(
+	typ, flags uint16,
+	msg *syscall.IfAddrmsg,
+	attrs ...RtAttrMsg[InAddr],
+) bool {
+	c.typ, c.flags = typ, syscall.NLM_F_REQUEST|syscall.NLM_F_ACK|flags
+	if !add(c.conn, msg) {
+		return false
+	}
+	for _, attr := range attrs {
+		attr.populate()
+		if !add(c.conn, &attr) {
+			return false
+		}
+	}
+	return true
+}
+
+// SendIfAddrmsg sends an ifaddrmsg structure to rtnetlink.
+func (c *RouteConn) SendIfAddrmsg(
+	typ, flags uint16,
+	msg *syscall.IfAddrmsg,
+	attrs ...RtAttrMsg[InAddr],
+) error {
+	if !c.writeIfAddrmsg(typ, flags, msg, attrs...) {
+		return syscall.ENOMEM
+	}
+	return c.Roundtrip(rtnlConsume)
+}
+
+// writeNewaddrLo writes a RTM_NEWADDR message for the loopback address.
+func (c *RouteConn) writeNewaddrLo(lo uint32) bool {
+	return c.writeIfAddrmsg(
+		syscall.RTM_NEWADDR,
+		syscall.NLM_F_CREATE|syscall.NLM_F_EXCL,
+		&syscall.IfAddrmsg{
+			Family:    syscall.AF_INET,
+			Prefixlen: 8,
+			Flags:     syscall.IFA_F_PERMANENT,
+			Scope:     syscall.RT_SCOPE_HOST,
+			Index:     lo,
+		},
+		RtAttrMsg[InAddr]{syscall.RtAttr{
+			Type: syscall.IFA_LOCAL,
+		}, InAddr{127, 0, 0, 1}},
+		RtAttrMsg[InAddr]{syscall.RtAttr{
+			Type: syscall.IFA_ADDRESS,
+		}, InAddr{127, 0, 0, 1}},
+	)
+}
+
+// SendNewaddrLo sends a RTM_NEWADDR message for the loopback address to the kernel.
+func (c *RouteConn) SendNewaddrLo(lo uint32) error {
+	if !c.writeNewaddrLo(lo) {
+		return syscall.ENOMEM
+	}
+	return c.Roundtrip(rtnlConsume)
+}
+
+// writeIfInfomsg writes an ifinfomsg structure to conn.
+func (c *RouteConn) writeIfInfomsg(
+	typ, flags uint16,
+	msg *syscall.IfInfomsg,
+) bool {
+	c.typ, c.flags = typ, syscall.NLM_F_REQUEST|syscall.NLM_F_ACK|flags
+	return add(c.conn, msg)
+}
+
+// SendIfInfomsg sends an ifinfomsg structure to rtnetlink.
+func (c *RouteConn) SendIfInfomsg(
+	typ, flags uint16,
+	msg *syscall.IfInfomsg,
+) error {
+	if !c.writeIfInfomsg(typ, flags, msg) {
+		return syscall.ENOMEM
+	}
+	return c.Roundtrip(rtnlConsume)
+}

internal/netlink/rtnl_test.go

@@ -0,0 +1,62 @@
+package netlink
+
+import (
+	"syscall"
+	"testing"
+)
+
+func TestPayloadRTNETLINK(t *testing.T) {
+	t.Parallel()
+
+	checkPayload(t, []payloadTestCase{
+		{"RTM_NEWADDR lo", func(c *conn) {
+			(&RouteConn{c}).writeNewaddrLo(1)
+		}, []byte{
+			/* Len   */ 0x28, 0, 0, 0,
+			/* Type  */ 0x14, 0,
+			/* Flags */ 5, 6,
+			/* Seq   */ 0, 0, 0, 0,
+			/* Pid   */ 1, 0, 0, 0,
+
+			/* Family    */ 2,
+			/* Prefixlen */ 8,
+			/* Flags     */ 0x80,
+			/* Scope     */ 0xfe,
+			/* Index     */ 1, 0, 0, 0,
+
+			/* Len     */ 8, 0,
+			/* Type    */ 2, 0,
+			/* in_addr */ 127, 0, 0, 1,
+
+			/* Len     */ 8, 0,
+			/* Type    */ 1, 0,
+			/* in_addr */ 127, 0, 0, 1,
+		}},
+
+		{"RTM_NEWLINK", func(c *conn) {
+			c.seq++
+			(&RouteConn{c}).writeIfInfomsg(
+				syscall.RTM_NEWLINK, 0,
+				&syscall.IfInfomsg{
+					Family: syscall.AF_UNSPEC,
+					Index:  1,
+					Flags:  syscall.IFF_UP,
+					Change: syscall.IFF_UP,
+				},
+			)
+		}, []byte{
+			/* Len   */ 0x20, 0, 0, 0,
+			/* Type  */ 0x10, 0,
+			/* Flags */ 5, 0,
+			/* Seq   */ 1, 0, 0, 0,
+			/* Pid   */ 1, 0, 0, 0,
+
+			/* Family */ 0,
+			/* pad    */ 0,
+			/* Type   */ 0, 0,
+			/* Index  */ 1, 0, 0, 0,
+			/* Flags  */ 1, 0, 0, 0,
+			/* Change */ 1, 0, 0, 0,
+		}},
+	})
+}

internal/rosa/all.go

@@ -112,21 +112,11 @@ const (
 	PkgConfig
 	Procps
 	Python
-	PythonCfgv
-	PythonDiscovery
-	PythonDistlib
-	PythonFilelock
-	PythonIdentify
 	PythonIniConfig
-	PythonNodeenv
 	PythonPackaging
-	PythonPlatformdirs
 	PythonPluggy
-	PythonPreCommit
 	PythonPyTest
-	PythonPyYAML
 	PythonPygments
-	PythonVirtualenv
 	QEMU
 	Rdfind
 	Rsync

internal/rosa/curl.go

@@ -12,24 +12,11 @@ func (t Toolchain) newCurl() (pkg.Artifact, string) {
 		mustDecode(checksum),
 		pkg.TarBzip2,
 	), &PackageAttr{
-		Patches: [][2]string{
-			{"test459-misplaced-line-break", `diff --git a/tests/data/test459 b/tests/data/test459
-index 7a2e1db7b3..cc716aa65a 100644
---- a/tests/data/test459
-+++ b/tests/data/test459
-@@ -54,8 +54,8 @@ Content-Type: application/x-www-form-urlencoded
- arg
- </protocol>
- <stderr mode="text">
--Warning: %LOGDIR/config:1 Option 'data' uses argument with unquoted whitespace.%SP
--Warning: This may cause side-effects. Consider double quotes.
-+Warning: %LOGDIR/config:1 Option 'data' uses argument with unquoted%SP
-+Warning: whitespace. This may cause side-effects. Consider double quotes.
- </stderr>
- </verify>
- </testcase>
-`},
-		},
+		// remove broken test
+		Writable: true,
+		ScriptEarly: `
+chmod +w tests/data && rm tests/data/test459
+`,
 	}, &MakeHelper{
 		Configure: [][2]string{
 			{"with-openssl"},

internal/rosa/hakurei_release.go

@@ -4,13 +4,13 @@ package rosa
 
 import "hakurei.app/internal/pkg"
 
-const hakureiVersion = "0.3.6"
+const hakureiVersion = "0.3.7"
 
 // hakureiSource is the source code of a hakurei release.
 var hakureiSource = pkg.NewHTTPGetTar(
-	nil, "https://git.gensokyo.uk/security/hakurei/archive/"+
+	nil, "https://git.gensokyo.uk/rosa/hakurei/archive/"+
 		"v"+hakureiVersion+".tar.gz",
-	mustDecode("Yul9J2yV0x453lQP9KUnG_wEJo_DbKMNM7xHJGt4rITCSeX9VRK2J4kzAxcv_0-b"),
+	mustDecode("Xh_sdITOATEAQN5_UuaOyrWsgboxorqRO9bml3dGm8GAxF8NFpB7MqhSZgjJxAl2"),
 	pkg.TarGzip,
 )
 

internal/rosa/kernel.go

@@ -2,12 +2,12 @@ package rosa
 
 import "hakurei.app/internal/pkg"
 
-const kernelVersion = "6.12.76"
+const kernelVersion = "6.12.77"
 
 var kernelSource = pkg.NewHTTPGetTar(
 	nil, "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/"+
 		"snapshot/linux-"+kernelVersion+".tar.gz",
-	mustDecode("h0UATNznQbzplvthAqNLjVF-DJQHzGyhiy4za-9Ig9tOIpnoH9mWHbEjASV6lOl2"),
+	mustDecode("_MyFL0MqqNwAJx4fP8L9FkUayXIqEJto5trAPr_9UJvaT5TK1tvlU8leS82Hw2uw"),
 	pkg.TarGzip,
 )
 

internal/rosa/meson.go

@@ -9,8 +9,8 @@ import (
 
 func (t Toolchain) newMeson() (pkg.Artifact, string) {
 	const (
-		version  = "1.10.1"
-		checksum = "w895BXF_icncnXatT_OLCFe2PYEtg4KrKooMgUYdN-nQVvbFX3PvYWHGEpogsHtd"
+		version  = "1.10.2"
+		checksum = "18VmKUVKuXCwtawkYCeYHseC3cKpi86OhnIPaV878wjY0rkXH8XnQwUyymnxFgcl"
 	)
 	return t.New("meson-"+version, 0, []pkg.Artifact{
 		t.Load(Zlib),

internal/rosa/python.go

@@ -195,103 +195,4 @@ func init() {
 		PythonPluggy,
 		PythonPygments,
 	)
-
-	artifactsM[PythonCfgv] = newViaPip(
-		"cfgv",
-		"validate configuration and produce human readable error messages",
-		"3.5.0", "py2.py3", "none", "any",
-		"yFKTyVRlmnLKAxvvge15kAd_GOP1Xh3fZ0NFImO5pBdD5e0zj3GRmA6Q1HdtLTYO",
-		"https://files.pythonhosted.org/packages/"+
-			"db/3c/33bac158f8ab7f89b2e59426d5fe2e4f63f7ed25df84c036890172b412b5/",
-	)
-
-	artifactsM[PythonIdentify] = newViaPip(
-		"identify",
-		"file identification library for Python",
-		"2.6.17", "py2.py3", "none", "any",
-		"9RxK3igO-Pxxof5AuCAGiF_L1SWi4SpuSF1fWNXCzE2D4oTRSob-9VpFMLlybrSv",
-		"https://files.pythonhosted.org/packages/"+
-			"40/66/71c1227dff78aaeb942fed29dd5651f2aec166cc7c9aeea3e8b26a539b7d/",
-	)
-
-	artifactsM[PythonNodeenv] = newViaPip(
-		"nodeenv",
-		"a tool to create isolated node.js environments",
-		"1.10.0", "py2.py3", "none", "any",
-		"ihUb4-WQXYIhYOOKSsXlKIzjzQieOYl6ojro9H-0DFzGheaRTtuyZgsCmriq58sq",
-		"https://files.pythonhosted.org/packages/"+
-			"88/b2/d0896bdcdc8d28a7fc5717c305f1a861c26e18c05047949fb371034d98bd/",
-	)
-
-	artifactsM[PythonPyYAML] = newViaPip(
-		"pyyaml",
-		"a complete YAML 1.1 parser",
-		"6.0.3", "cp314", "cp314", "musllinux_1_2_x86_64",
-		"4_jhCFpUNtyrFp2HOMqUisR005u90MHId53eS7rkUbcGXkoaJ7JRsY21dREHEfGN",
-		"https://files.pythonhosted.org/packages/"+
-			"d7/ce/af88a49043cd2e265be63d083fc75b27b6ed062f5f9fd6cdc223ad62f03e/",
-	)
-
-	artifactsM[PythonDistlib] = newViaPip(
-		"distlib",
-		"used as the basis for third-party packaging tools",
-		"0.4.0", "py2.py3", "none", "any",
-		"lGLLfYVhUhXOTw_84zULaH2K8n6pk1OOVXmJfGavev7N42msbtHoq-XY5D_xULI_",
-		"https://files.pythonhosted.org/packages/"+
-			"33/6b/e0547afaf41bf2c42e52430072fa5658766e3d65bd4b03a563d1b6336f57/",
-	)
-
-	artifactsM[PythonFilelock] = newViaPip(
-		"filelock",
-		"a platform-independent file locking library for Python",
-		"3.25.0", "py3", "none", "any",
-		"0gSQIYNUEjOs1JBxXjGwfLnwFPFINwqyU_Zqgj7fT_EGafv_HaD5h3Xv2Rq_qQ44",
-		"https://files.pythonhosted.org/packages/"+
-			"f9/0b/de6f54d4a8bedfe8645c41497f3c18d749f0bd3218170c667bf4b81d0cdd/",
-	)
-
-	artifactsM[PythonPlatformdirs] = newViaPip(
-		"platformdirs",
-		"a Python package for determining platform-specific directories",
-		"4.9.4", "py3", "none", "any",
-		"JGNpMCX2JMn-7c9bk3QzOSNDgJRR_5lH-jIqfy0zXMZppRCdLsTNbdp4V7QFwxOI",
-		"https://files.pythonhosted.org/packages/"+
-			"63/d7/97f7e3a6abb67d8080dd406fd4df842c2be0efaf712d1c899c32a075027c/",
-	)
-
-	artifactsM[PythonDiscovery] = newViaPip(
-		"python_discovery",
-		"looks for a python installation",
-		"1.1.1", "py3", "none", "any",
-		"Jk_qGMfZYm0fdNOSvMdVQZuQbJlqu3NWRm7T2fRtiBXmHLQyOdJE3ypI_it1OJR0",
-		"https://files.pythonhosted.org/packages/"+
-			"75/0f/2bf7e3b5a4a65f623cb820feb5793e243fad58ae561015ee15a6152f67a2/",
-		PythonFilelock,
-		PythonPlatformdirs,
-	)
-
-	artifactsM[PythonVirtualenv] = newViaPip(
-		"virtualenv",
-		"a tool for creating isolated virtual python environments",
-		"21.1.0", "py3", "none", "any",
-		"SLvdr3gJZ7GTS-kiRyq2RvJdrQ8SZYC1pglbViWCMLCuAIcbLNjVEUJZ4hDtKUxm",
-		"https://files.pythonhosted.org/packages/"+
-			"78/55/896b06bf93a49bec0f4ae2a6f1ed12bd05c8860744ac3a70eda041064e4d/",
-		PythonDistlib,
-		PythonDiscovery,
-	)
-
-	artifactsM[PythonPreCommit] = newViaPip(
-		"pre_commit",
-		"a framework for managing and maintaining multi-language pre-commit hooks",
-		"4.5.1", "py2.py3", "none", "any",
-		"9G2Hv5JpvXFZVfw4pv_KAsmHD6bvot9Z0YBDmW6JeJizqTA4xEQCKel-pCERqQFK",
-		"https://files.pythonhosted.org/packages/"+
-			"5d/19/fd3ef348460c80af7bb4669ea7926651d1f95c23ff2df18b9d24bab4f3fa/",
-		PythonCfgv,
-		PythonIdentify,
-		PythonNodeenv,
-		PythonPyYAML,
-		PythonVirtualenv,
-	)
 }

internal/rosa/tamago.go

@@ -17,6 +17,7 @@ func (t Toolchain) newTamaGo() (pkg.Artifact, string) {
 	), nil, []string{
 		"CC=cc",
 		"GOCACHE=/tmp/gocache",
+		"CGO_ENABLED=0",
 	}, `
 mkdir /work/system # "${TMPDIR}"
 cp -r /usr/src/tamago /work/system