proc: remove duplicate compile-time fortify reference

This is no longer needed since shim and init are now part of the main program. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:59:33 +09:00 · 2025-01-18 11:59:33 +09:00 · 7baca66a56
commit 7baca66a56
parent 27d2914286
7 changed files with 36 additions and 15 deletions
--- a/cmd/fpkg/proc.go
+++ b/cmd/fpkg/proc.go
@ -12,12 +12,18 @@ import (
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )
 const compPoison = "INVALIDINVALIDINVALIDINVALIDINVALID"
 var (
 	Fmain = compPoison
 )
 func fortifyApp(config *fst.Config, beforeFail func()) {
 	var (
 		cmd *exec.Cmd
 		st  io.WriteCloser
 	)
-	if p, ok := internal.Check(internal.Fortify); !ok {
+	if p, ok := internal.Path(Fmain); !ok {
 		beforeFail()
 		fmsg.Fatal("invalid fortify path, this copy of fpkg is not compiled correctly")
 		panic("unreachable")
--- a/dist/release.sh
+++ b/dist/release.sh
@ -11,7 +11,6 @@ cp -rv "comp" "${out}"
 go generate ./...
 go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static'
  -X git.gensokyo.uk/security/fortify/internal.Version=${VERSION}
  -X git.gensokyo.uk/security/fortify/internal.Fortify=/usr/bin/fortify
  -X git.gensokyo.uk/security/fortify/internal.Fsu=/usr/bin/fsu
  -X main.Fmain=/usr/bin/fortify" ./...
--- a/internal/path.go
+++ b/internal/path.go
@ -3,7 +3,6 @@ package internal
 import "path"
 var (
 	Fortify = compPoison
 	Fsu = compPoison
 )
--- a/internal/proc/priv/shim/main.go
+++ b/internal/proc/priv/shim/main.go
@ -37,14 +37,6 @@ func Main() {
 		}
 	}
 	// check path to fortify
 	var fortifyPath string
 	if p, ok := internal.Path(internal.Fortify); !ok {
 		fmsg.Fatal("invalid fortify path, this copy of fortify is not compiled correctly")
 	} else {
 		fortifyPath = p
 	}
 	// receive setup payload
 	var (
 		payload    Payload
@ -135,7 +127,7 @@ func Main() {
 	// bind fortify inside sandbox
 	innerSbin := path.Join(fst.Tmp, "sbin")
 	fortifyInnerPath := path.Join(innerSbin, "fortify")
-	conf.Bind(fortifyPath, fortifyInnerPath)
+	conf.Bind(proc.MustExecutable(), fortifyInnerPath)
 	conf.Symlink(fortifyInnerPath, path.Join(innerSbin, "init"))
 	helper.BubblewrapName = payload.Exec[0] // resolved bwrap path by parent
--- a/internal/proc/priv/shim/manager.go
+++ b/internal/proc/priv/shim/manager.go
@ -56,7 +56,7 @@ func (s *Shim) WaitFallback() chan error {
 func (s *Shim) Start() (*time.Time, error) {
 	// prepare user switcher invocation
 	var fsu string
-	if p, ok := internal.Check(internal.Fsu); !ok {
+	if p, ok := internal.Path(internal.Fsu); !ok {
 		fmsg.Fatal("invalid fsu path, this copy of fortify is not compiled correctly")
 		panic("unreachable")
 	} else {
--- a/internal/proc/self.go
+++ b/internal/proc/self.go
@ -0,0 +1,26 @@
 package proc
 import (
 	"os"
 	"sync"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )
 var (
 	executable     string
 	executableOnce sync.Once
 )
 func copyExecutable() {
 	if name, err := os.Executable(); err != nil {
 		fmsg.Fatalf("cannot read executable path: %v", err)
 	} else {
 		executable = name
 	}
 }
 func MustExecutable() string {
 	executableOnce.Do(copyExecutable)
 	return executable
 }
--- a/package.nix
+++ b/package.nix
@ -37,7 +37,6 @@ buildGoModule rec {
      {
        Version = "v${version}";
        Fsu = "/run/wrappers/bin/fsu";
        Fortify = "${placeholder "out"}/bin/fortify";
      };
  # nix build environment does not allow acls