cmd/app: optional insecure options

These are useful for very specific cases by the maintainer. No app should ever require this. Signed-off-by: Ophestra <cat@gensokyo.uk>
2026-06-26 21:56:07 +09:00
parent 39f023d0e5
commit 6863bcafd1
3 changed files with 24 additions and 4 deletions
@@ -207,6 +207,17 @@ func parse(
 			c.SchedPriority = ext.Int(v)
 			continue
 		case "insecure":
 			switch value {
 			case "pipewire":
 				*c.Enablements |= hst.EPipeWire
 				c.DirectPipeWire = true
 				continue
 			default:
 				return nil, fmt.Errorf("invalid insecure flag %q", value)
 			}
 		case "env":
 			if key, value, ok = strings.Cut(value, "="); !ok {
 				return nil, fmt.Errorf("invalid environment %q", key)
@@ -33,8 +33,9 @@ func main() {
 	defer stop()
 	var (
-		flagVerbose bool
+		flagVerbose  bool
-		flagBase    string
+		flagBase     string
 		flagInsecure bool
 		base, template, initial *check.Absolute
 	)
@@ -61,6 +62,10 @@ func main() {
 		&flagBase,
 		"d", command.StringFlag("$ROSA_APP_PATH"),
 		"Configuration and state directory",
 	).Flag(
 		&flagInsecure,
 		"insecure", command.BoolFlag(false),
 		"Allow use of insecure compatibility options",
 	)
 	{
@@ -132,7 +137,7 @@ func main() {
 				if err != nil {
 					return err
 				}
-				err = run(ctx, msg, &config)
+				err = run(ctx, msg, false, &config)
 				return errors.Join(err, remove())
 			},
 		).Flag(
@@ -206,7 +211,7 @@ func main() {
 				if err = enterTemplate(base, name); err != nil {
 					return err
 				}
-				return run(ctx, msg, config, args[1:]...)
+				return run(ctx, msg, flagInsecure, config, args[1:]...)
 			},
 		).
 			Flag(
@@ -15,6 +15,7 @@ import (
 func run(
 	ctx context.Context,
 	msg message.Msg,
 	insecure bool,
 	config *hst.Config,
 	args ...string,
 ) error {
@@ -29,6 +30,9 @@ func run(
 	if msg.IsVerbose() {
 		cmd.Args = append(cmd.Args, "-v")
 	}
 	if insecure {
 		cmd.Args = append(cmd.Args, "--insecure")
 	}
 	cmd.Args = append(cmd.Args, "run", "3")
 	cmd.Args = append(cmd.Args, args...)