linux: wrap fsu lookup error

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/seal.go

@@ -149,8 +149,7 @@ func (a *app) Seal(config *fst.Config) error {
 
 	// invoke fsu for full uid
 	if u, err := a.os.Uid(seal.sys.user.aid); err != nil {
-		return fmsg.WrapErrorSuffix(err,
-			"cannot obtain uid from fsu:")
+		return err
 	} else {
 		seal.sys.user.uid = u
 		seal.sys.user.us = strconv.Itoa(u)

internal/linux/interface.go

@@ -37,6 +37,7 @@ type System interface {
 	// Paths returns a populated [Paths] struct.
 	Paths() Paths
 	// Uid invokes fsu and returns target uid.
+	// Any errors returned by Uid is already wrapped [fmsg.BaseError].
 	Uid(aid int) (int, error)
 }
 

internal/linux/std.go

@@ -2,6 +2,7 @@ package linux
 
 import (
 	"errors"
+	"fmt"
 	"io/fs"
 	"log"
 	"os"
@@ -56,13 +57,15 @@ func (s *Std) Uid(aid int) (int, error) {
 		})
 	})
 
-	s.uidMu.RLock()
-	if u, ok := s.uidCopy[aid]; ok {
+	{
+		s.uidMu.RLock()
+		u, ok := s.uidCopy[aid]
 		s.uidMu.RUnlock()
-		return u.uid, u.err
+		if ok {
+			return u.uid, u.err
+		}
 	}
 
-	s.uidMu.RUnlock()
 	s.uidMu.Lock()
 	defer s.uidMu.Unlock()
 
@@ -91,8 +94,13 @@ func (s *Std) Uid(aid int) (int, error) {
 
 		if p, u.err = cmd.Output(); u.err == nil {
 			u.uid, u.err = strconv.Atoi(string(p))
+			if u.err != nil {
+				u.err = fmsg.WrapErrorSuffix(u.err, "cannot parse uid from fsu:")
+			}
 		} else if errors.As(u.err, &exitError) && exitError != nil && exitError.ExitCode() == 1 {
-			u.err = syscall.EACCES
+			u.err = fmsg.WrapError(syscall.EACCES, "") // fsu prints to stderr in this case
+		} else if os.IsNotExist(u.err) {
+			u.err = fmsg.WrapError(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", fsu))
 		}
 		return u.uid, u.err
 	}