treewide: rename to hakurei
All checks were successful
Test / Create distribution (push) Successful in 43s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m10s
Test / Sandbox (race detector) (push) Successful in 3m30s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Fpkg (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m12s
All checks were successful
Test / Create distribution (push) Successful in 43s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m10s
Test / Sandbox (race detector) (push) Successful in 3m30s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Fpkg (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m12s
Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -6,8 +6,8 @@ import (
|
||||
"path"
|
||||
"strconv"
|
||||
|
||||
"git.gensokyo.uk/security/fortify/internal/app"
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
"git.gensokyo.uk/security/hakurei/internal/app"
|
||||
"git.gensokyo.uk/security/hakurei/internal/hlog"
|
||||
)
|
||||
|
||||
// State provides safe interaction with operating system state.
|
||||
@@ -42,25 +42,25 @@ type State interface {
|
||||
|
||||
// Paths returns a populated [Paths] struct.
|
||||
Paths() app.Paths
|
||||
// Uid invokes fsu and returns target uid.
|
||||
// Uid invokes hsu and returns target uid.
|
||||
// Any errors returned by Uid is already wrapped [fmsg.BaseError].
|
||||
Uid(aid int) (int, error)
|
||||
}
|
||||
|
||||
// CopyPaths is a generic implementation of [fst.Paths].
|
||||
// CopyPaths is a generic implementation of [hst.Paths].
|
||||
func CopyPaths(os State, v *app.Paths) {
|
||||
v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Getuid()))
|
||||
v.SharePath = path.Join(os.TempDir(), "hakurei."+strconv.Itoa(os.Getuid()))
|
||||
|
||||
fmsg.Verbosef("process share directory at %q", v.SharePath)
|
||||
hlog.Verbosef("process share directory at %q", v.SharePath)
|
||||
|
||||
if r, ok := os.LookupEnv(xdgRuntimeDir); !ok || r == "" || !path.IsAbs(r) {
|
||||
// fall back to path in share since fortify has no hard XDG dependency
|
||||
// fall back to path in share since hakurei has no hard XDG dependency
|
||||
v.RunDirPath = path.Join(v.SharePath, "run")
|
||||
v.RuntimePath = path.Join(v.RunDirPath, "compat")
|
||||
} else {
|
||||
v.RuntimePath = r
|
||||
v.RunDirPath = path.Join(v.RuntimePath, "fortify")
|
||||
v.RunDirPath = path.Join(v.RuntimePath, "hakurei")
|
||||
}
|
||||
|
||||
fmsg.Verbosef("runtime directory at %q", v.RunDirPath)
|
||||
hlog.Verbosef("runtime directory at %q", v.RunDirPath)
|
||||
}
|
||||
|
||||
@@ -12,10 +12,10 @@ import (
|
||||
"sync"
|
||||
"syscall"
|
||||
|
||||
"git.gensokyo.uk/security/fortify/internal"
|
||||
"git.gensokyo.uk/security/fortify/internal/app"
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
"git.gensokyo.uk/security/fortify/sandbox"
|
||||
"git.gensokyo.uk/security/hakurei/internal"
|
||||
"git.gensokyo.uk/security/hakurei/internal/app"
|
||||
"git.gensokyo.uk/security/hakurei/internal/hlog"
|
||||
"git.gensokyo.uk/security/hakurei/sandbox"
|
||||
)
|
||||
|
||||
// Std implements System using the standard library.
|
||||
@@ -43,8 +43,8 @@ func (s *Std) Stat(name string) (fs.FileInfo, error) { return os.Stat(nam
|
||||
func (s *Std) Open(name string) (fs.File, error) { return os.Open(name) }
|
||||
func (s *Std) EvalSymlinks(path string) (string, error) { return filepath.EvalSymlinks(path) }
|
||||
func (s *Std) Exit(code int) { internal.Exit(code) }
|
||||
func (s *Std) Println(v ...any) { fmsg.Verbose(v...) }
|
||||
func (s *Std) Printf(format string, v ...any) { fmsg.Verbosef(format, v...) }
|
||||
func (s *Std) Println(v ...any) { hlog.Verbose(v...) }
|
||||
func (s *Std) Printf(format string, v ...any) { hlog.Verbosef(format, v...) }
|
||||
|
||||
const xdgRuntimeDir = "XDG_RUNTIME_DIR"
|
||||
|
||||
@@ -80,12 +80,12 @@ func (s *Std) Uid(aid int) (int, error) {
|
||||
defer func() { s.uidCopy[aid] = u }()
|
||||
|
||||
u.uid = -1
|
||||
fsuPath := internal.MustFsuPath()
|
||||
hsuPath := internal.MustHsuPath()
|
||||
|
||||
cmd := exec.Command(fsuPath)
|
||||
cmd.Path = fsuPath
|
||||
cmd := exec.Command(hsuPath)
|
||||
cmd.Path = hsuPath
|
||||
cmd.Stderr = os.Stderr // pass through fatal messages
|
||||
cmd.Env = []string{"FORTIFY_APP_ID=" + strconv.Itoa(aid)}
|
||||
cmd.Env = []string{"HAKUREI_APP_ID=" + strconv.Itoa(aid)}
|
||||
cmd.Dir = "/"
|
||||
var (
|
||||
p []byte
|
||||
@@ -95,12 +95,12 @@ func (s *Std) Uid(aid int) (int, error) {
|
||||
if p, u.err = cmd.Output(); u.err == nil {
|
||||
u.uid, u.err = strconv.Atoi(string(p))
|
||||
if u.err != nil {
|
||||
u.err = fmsg.WrapErrorSuffix(u.err, "cannot parse uid from fsu:")
|
||||
u.err = hlog.WrapErrSuffix(u.err, "cannot parse uid from hsu:")
|
||||
}
|
||||
} else if errors.As(u.err, &exitError) && exitError != nil && exitError.ExitCode() == 1 {
|
||||
u.err = fmsg.WrapError(syscall.EACCES, "") // fsu prints to stderr in this case
|
||||
u.err = hlog.WrapErr(syscall.EACCES, "") // hsu prints to stderr in this case
|
||||
} else if os.IsNotExist(u.err) {
|
||||
u.err = fmsg.WrapError(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", fsuPath))
|
||||
u.err = hlog.WrapErr(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", hsuPath))
|
||||
}
|
||||
return u.uid, u.err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user