From aa454b158f3713b2ee47162837dcea1efdce0ee6 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Wed, 25 Jun 2025 20:44:49 +0900 Subject: [PATCH] cmd/planterette: remove hsu special case Remove special case and invoke hakurei out of process. Signed-off-by: Ophestra --- .gitea/workflows/test.yml | 10 ++-- cmd/fpkg/proc.go | 29 --------- cmd/hsu/main.go | 2 +- cmd/hsu/package.nix | 15 ++--- cmd/hsu/path.go | 1 - cmd/{fpkg => planterette}/app.go | 0 cmd/{fpkg => planterette}/build.nix | 0 cmd/{fpkg => planterette}/main.go | 26 ++------ cmd/{fpkg => planterette}/paths.go | 0 cmd/planterette/proc.go | 60 +++++++++++++++++++ .../test/configuration.nix | 0 cmd/{fpkg => planterette}/test/default.nix | 2 +- cmd/{fpkg => planterette}/test/foot.nix | 0 cmd/{fpkg => planterette}/test/test.py | 10 ++-- cmd/{fpkg => planterette}/with.go | 0 dist/install.sh | 2 +- dist/release.sh | 4 +- flake.nix | 6 +- internal/path.go | 14 ++++- package.nix | 5 +- 20 files changed, 101 insertions(+), 85 deletions(-) delete mode 100644 cmd/fpkg/proc.go rename cmd/{fpkg => planterette}/app.go (100%) rename cmd/{fpkg => planterette}/build.nix (100%) rename cmd/{fpkg => planterette}/main.go (90%) rename cmd/{fpkg => planterette}/paths.go (100%) create mode 100644 cmd/planterette/proc.go rename cmd/{fpkg => planterette}/test/configuration.nix (100%) rename cmd/{fpkg => planterette}/test/default.nix (96%) rename cmd/{fpkg => planterette}/test/foot.nix (100%) rename cmd/{fpkg => planterette}/test/test.py (92%) rename cmd/{fpkg => planterette}/with.go (100%) diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index 7009643..cb1ce8c 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -73,20 +73,20 @@ jobs: path: result/* retention-days: 1 - fpkg: - name: Fpkg + planterette: + name: Planterette runs-on: nix steps: - name: Checkout uses: actions/checkout@v4 - name: Run NixOS test - run: nix build --out-link "result" --print-out-paths --print-build-logs .#checks.x86_64-linux.fpkg + run: nix build --out-link "result" --print-out-paths --print-build-logs .#checks.x86_64-linux.planterette - name: Upload test output uses: actions/upload-artifact@v3 with: - name: "fpkg-vm-output" + name: "planterette-vm-output" path: result/* retention-days: 1 @@ -97,7 +97,7 @@ jobs: - race - sandbox - sandbox-race - - fpkg + - planterette runs-on: nix steps: - name: Checkout diff --git a/cmd/fpkg/proc.go b/cmd/fpkg/proc.go deleted file mode 100644 index 7862e47..0000000 --- a/cmd/fpkg/proc.go +++ /dev/null @@ -1,29 +0,0 @@ -package main - -import ( - "context" - "os" - - "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/instance" - "git.gensokyo.uk/security/hakurei/internal/hlog" -) - -func mustRunApp(ctx context.Context, config *hst.Config, beforeFail func()) { - rs := new(app.RunState) - a := instance.MustNew(instance.ISetuid, ctx, std) - - var code int - if sa, err := a.Seal(config); err != nil { - hlog.PrintBaseError(err, "cannot seal app:") - code = 1 - } else { - code = instance.PrintRunStateErr(instance.ISetuid, rs, sa.Run(rs)) - } - - if code != 0 { - beforeFail() - os.Exit(code) - } -} diff --git a/cmd/hsu/main.go b/cmd/hsu/main.go index cefcad4..28571b9 100644 --- a/cmd/hsu/main.go +++ b/cmd/hsu/main.go @@ -41,7 +41,7 @@ func main() { log.Fatalf("cannot read parent executable path: %v", err) } else if strings.HasSuffix(p, " (deleted)") { log.Fatal("hakurei executable has been deleted") - } else if p != mustCheckPath(hmain) && p != mustCheckPath(fpkg) { + } else if p != mustCheckPath(hmain) { log.Fatal("this program must be started by hakurei") } else { toolPath = p diff --git a/cmd/hsu/package.nix b/cmd/hsu/package.nix index 96ec563..5fce566 100644 --- a/cmd/hsu/package.nix +++ b/cmd/hsu/package.nix @@ -16,15 +16,8 @@ buildGoModule { go mod init hsu >& /dev/null ''; - ldflags = - lib.attrsets.foldlAttrs - ( - ldflags: name: value: - ldflags ++ [ "-X main.${name}=${value}" ] - ) - [ "-s -w" ] - { - hmain = "${hakurei}/libexec/hakurei"; - fpkg = "${hakurei}/libexec/fpkg"; - }; + ldflags = lib.attrsets.foldlAttrs ( + ldflags: name: value: + ldflags ++ [ "-X main.${name}=${value}" ] + ) [ "-s -w" ] { hmain = "${hakurei}/libexec/hakurei"; }; } diff --git a/cmd/hsu/path.go b/cmd/hsu/path.go index b4a7756..53aa9d1 100644 --- a/cmd/hsu/path.go +++ b/cmd/hsu/path.go @@ -9,7 +9,6 @@ const compPoison = "INVALIDINVALIDINVALIDINVALIDINVALID" var ( hmain = compPoison - fpkg = compPoison ) func mustCheckPath(p string) string { diff --git a/cmd/fpkg/app.go b/cmd/planterette/app.go similarity index 100% rename from cmd/fpkg/app.go rename to cmd/planterette/app.go diff --git a/cmd/fpkg/build.nix b/cmd/planterette/build.nix similarity index 100% rename from cmd/fpkg/build.nix rename to cmd/planterette/build.nix diff --git a/cmd/fpkg/main.go b/cmd/planterette/main.go similarity index 90% rename from cmd/fpkg/main.go rename to cmd/planterette/main.go index 7d44d41..8988d27 100644 --- a/cmd/fpkg/main.go +++ b/cmd/planterette/main.go @@ -13,36 +13,23 @@ import ( "git.gensokyo.uk/security/hakurei/command" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - "git.gensokyo.uk/security/hakurei/internal/app/instance" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/sys" - "git.gensokyo.uk/security/hakurei/sandbox" ) const shellPath = "/run/current-system/sw/bin/bash" var ( errSuccess = errors.New("success") - - std sys.State = new(sys.Std) ) func init() { - hlog.Prepare("fpkg") + hlog.Prepare("planterette") if err := os.Setenv("SHELL", shellPath); err != nil { log.Fatalf("cannot set $SHELL: %v", err) } } func main() { - // early init path, skips root check and duplicate PR_SET_DUMPABLE - sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) - - if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { - log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) - // not fatal: this program runs as the privileged user - } - if os.Geteuid() == 0 { log.Fatal("this program must not run as root") } @@ -55,15 +42,10 @@ func main() { flagVerbose bool flagDropShell bool ) - c := command.New(os.Stderr, log.Printf, "fpkg", func([]string) error { - internal.InstallFmsg(flagVerbose) - return nil - }). + c := command.New(os.Stderr, log.Printf, "planterette", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next hakurei action") - c.Command("shim", command.UsageInternal, func([]string) error { instance.ShimMain(); return errSuccess }) - { var ( flagDropShellActivate bool @@ -84,7 +66,7 @@ func main() { } /* - Look up paths to programs started by fpkg. + Look up paths to programs started by planterette. This is done here to ease error handling as cleanup is not yet required. */ @@ -100,7 +82,7 @@ func main() { */ var workDir string - if p, err := os.MkdirTemp("", "fpkg.*"); err != nil { + if p, err := os.MkdirTemp("", "planterette.*"); err != nil { log.Printf("cannot create temporary directory: %v", err) return err } else { diff --git a/cmd/fpkg/paths.go b/cmd/planterette/paths.go similarity index 100% rename from cmd/fpkg/paths.go rename to cmd/planterette/paths.go diff --git a/cmd/planterette/proc.go b/cmd/planterette/proc.go new file mode 100644 index 0000000..78677fa --- /dev/null +++ b/cmd/planterette/proc.go @@ -0,0 +1,60 @@ +package main + +import ( + "context" + "encoding/json" + "errors" + "io" + "log" + "os" + "os/exec" + + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/hlog" +) + +var hakureiPath = internal.MustHakureiPath() + +func mustRunApp(ctx context.Context, config *hst.Config, beforeFail func()) { + var ( + cmd *exec.Cmd + st io.WriteCloser + ) + + if r, w, err := os.Pipe(); err != nil { + beforeFail() + log.Fatalf("cannot pipe: %v", err) + } else { + if hlog.Load() { + cmd = exec.CommandContext(ctx, hakureiPath, "-v", "app", "3") + } else { + cmd = exec.CommandContext(ctx, hakureiPath, "app", "3") + } + cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr + cmd.ExtraFiles = []*os.File{r} + st = w + } + + go func() { + if err := json.NewEncoder(st).Encode(config); err != nil { + beforeFail() + log.Fatalf("cannot send configuration: %v", err) + } + }() + + if err := cmd.Start(); err != nil { + beforeFail() + log.Fatalf("cannot start hakurei: %v", err) + } + if err := cmd.Wait(); err != nil { + var exitError *exec.ExitError + if errors.As(err, &exitError) { + beforeFail() + internal.Exit(exitError.ExitCode()) + } else { + beforeFail() + log.Fatalf("cannot wait: %v", err) + } + } +} diff --git a/cmd/fpkg/test/configuration.nix b/cmd/planterette/test/configuration.nix similarity index 100% rename from cmd/fpkg/test/configuration.nix rename to cmd/planterette/test/configuration.nix diff --git a/cmd/fpkg/test/default.nix b/cmd/planterette/test/default.nix similarity index 96% rename from cmd/fpkg/test/default.nix rename to cmd/planterette/test/default.nix index dcd2cc6..3ff76fc 100644 --- a/cmd/fpkg/test/default.nix +++ b/cmd/planterette/test/default.nix @@ -9,7 +9,7 @@ let buildPackage = self.buildPackage.${system}; in nixosTest { - name = "fpkg"; + name = "planterette"; nodes.machine = { environment.etc = { "foot.pkg".source = callPackage ./foot.nix { inherit buildPackage; }; diff --git a/cmd/fpkg/test/foot.nix b/cmd/planterette/test/foot.nix similarity index 100% rename from cmd/fpkg/test/foot.nix rename to cmd/planterette/test/foot.nix diff --git a/cmd/fpkg/test/test.py b/cmd/planterette/test/test.py similarity index 92% rename from cmd/fpkg/test/test.py rename to cmd/planterette/test/test.py index 9b9dfc1..b551dc7 100644 --- a/cmd/fpkg/test/test.py +++ b/cmd/planterette/test/test.py @@ -79,15 +79,15 @@ print(machine.succeed("sudo -u alice -i hakurei version")) machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/tmp/sway-ipc.sock") -# Prepare fpkg directory: +# Prepare planterette directory: machine.succeed("install -dm 0700 -o alice -g users /var/lib/hakurei/1000") -# Install fpkg app: -swaymsg("exec fpkg -v install /etc/foot.pkg && touch /tmp/fpkg-install-done") -machine.wait_for_file("/tmp/fpkg-install-done") +# Install planterette app: +swaymsg("exec planterette -v install /etc/foot.pkg && touch /tmp/planterette-install-ok") +machine.wait_for_file("/tmp/planterette-install-ok") # Start app (foot) with Wayland enablement: -swaymsg("exec fpkg -v start org.codeberg.dnkl.foot") +swaymsg("exec planterette -v start org.codeberg.dnkl.foot") wait_for_window("hakurei@machine-foot") machine.send_chars("clear; wayland-info && touch /tmp/success-client\n") machine.wait_for_file("/tmp/hakurei.1000/tmpdir/2/success-client") diff --git a/cmd/fpkg/with.go b/cmd/planterette/with.go similarity index 100% rename from cmd/fpkg/with.go rename to cmd/planterette/with.go diff --git a/dist/install.sh b/dist/install.sh index 37f5508..8601b27 100755 --- a/dist/install.sh +++ b/dist/install.sh @@ -2,7 +2,7 @@ cd "$(dirname -- "$0")" || exit 1 install -vDm0755 "bin/hakurei" "${HAKUREI_INSTALL_PREFIX}/usr/bin/hakurei" -install -vDm0755 "bin/fpkg" "${HAKUREI_INSTALL_PREFIX}/usr/bin/fpkg" +install -vDm0755 "bin/planterette" "${HAKUREI_INSTALL_PREFIX}/usr/bin/planterette" install -vDm6511 "bin/hsu" "${HAKUREI_INSTALL_PREFIX}/usr/bin/hsu" if [ ! -f "${HAKUREI_INSTALL_PREFIX}/etc/hsurc" ]; then diff --git a/dist/release.sh b/dist/release.sh index 90f44c0..004b686 100755 --- a/dist/release.sh +++ b/dist/release.sh @@ -11,9 +11,9 @@ cp -rv "dist/comp" "${out}" go generate ./... go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static' -X git.gensokyo.uk/security/hakurei/internal.version=${VERSION} + -X git.gensokyo.uk/security/hakurei/internal.hakurei=/usr/bin/hakurei -X git.gensokyo.uk/security/hakurei/internal.hsu=/usr/bin/hsu - -X main.hmain=/usr/bin/hakurei - -X main.fpkg=/usr/bin/fpkg" ./... + -X main.hmain=/usr/bin/hakurei" ./... rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}" rm -rf "./${out}" diff --git a/flake.nix b/flake.nix index 683f6b3..3da6136 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,7 @@ buildPackage = forAllSystems ( system: nixpkgsFor.${system}.callPackage ( - import ./cmd/fpkg/build.nix { + import ./cmd/planterette/build.nix { inherit nixpkgsFor system @@ -69,7 +69,7 @@ withRace = true; }; - fpkg = callPackage ./cmd/fpkg/test { inherit system self; }; + planterette = callPackage ./cmd/planterette/test { inherit system self; }; formatting = runCommandLocal "check-formatting" { nativeBuildInputs = [ nixfmt-rfc-style ]; } '' cd ${./.} @@ -125,7 +125,7 @@ glibc xdg-dbus-proxy - # fpkg + # planterette zstd gnutar coreutils diff --git a/internal/path.go b/internal/path.go index 9a59ac5..6b7b220 100644 --- a/internal/path.go +++ b/internal/path.go @@ -8,16 +8,26 @@ import ( ) var ( - hsu = compPoison + hakurei = compPoison + hsu = compPoison ) +func MustHakureiPath() string { + if name, ok := checkPath(hakurei); ok { + return name + } + hlog.BeforeExit() + log.Fatal("invalid hakurei path, this program is compiled incorrectly") + return compPoison // unreachable +} + func MustHsuPath() string { if name, ok := checkPath(hsu); ok { return name } hlog.BeforeExit() log.Fatal("invalid hsu path, this program is compiled incorrectly") - return compPoison + return compPoison // unreachable } func checkPath(p string) (string, bool) { return p, p != compPoison && p != "" && path.IsAbs(p) } diff --git a/package.nix b/package.nix index 64ab6cd..c22ad22 100644 --- a/package.nix +++ b/package.nix @@ -13,7 +13,7 @@ wayland-scanner, xorg, - # for fpkg + # for planterette zstd, gnutar, coreutils, @@ -76,6 +76,7 @@ buildGoModule rec { ) { version = "v${version}"; + hakurei = "${placeholder "out"}/libexec/hakurei"; hsu = "/run/wrappers/bin/hsu"; }; @@ -116,7 +117,7 @@ buildGoModule rec { makeBinaryWrapper "$out/libexec/hakurei" "$out/bin/hakurei" \ --inherit-argv0 --prefix PATH : ${lib.makeBinPath appPackages} - makeBinaryWrapper "$out/libexec/fpkg" "$out/bin/fpkg" \ + makeBinaryWrapper "$out/libexec/planterette" "$out/bin/planterette" \ --inherit-argv0 --prefix PATH : ${ lib.makeBinPath ( appPackages