cmd/planterette: remove hsu special case

Remove special case and invoke hakurei out of process. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-25 20:44:49 +09:00
parent 7007bd6a1c
commit aa454b158f
20 changed files with 101 additions and 85 deletions
--- a/cmd/fpkg/proc.go
+++ b/cmd/fpkg/proc.go
@@ -1,29 +0,0 @@
-package main
-
-import (
-	"context"
-	"os"
-
-	"git.gensokyo.uk/security/hakurei/hst"
-	"git.gensokyo.uk/security/hakurei/internal/app"
-	"git.gensokyo.uk/security/hakurei/internal/app/instance"
-	"git.gensokyo.uk/security/hakurei/internal/hlog"
-)
-
-func mustRunApp(ctx context.Context, config *hst.Config, beforeFail func()) {
-	rs := new(app.RunState)
-	a := instance.MustNew(instance.ISetuid, ctx, std)
-
-	var code int
-	if sa, err := a.Seal(config); err != nil {
-		hlog.PrintBaseError(err, "cannot seal app:")
-		code = 1
-	} else {
-		code = instance.PrintRunStateErr(instance.ISetuid, rs, sa.Run(rs))
-	}
-
-	if code != 0 {
-		beforeFail()
-		os.Exit(code)
-	}
-}
--- a/cmd/hsu/main.go
+++ b/cmd/hsu/main.go
@@ -41,7 +41,7 @@ func main() {
 		log.Fatalf("cannot read parent executable path: %v", err)
 	} else if strings.HasSuffix(p, " (deleted)") {
 		log.Fatal("hakurei executable has been deleted")
-	} else if p != mustCheckPath(hmain) && p != mustCheckPath(fpkg) {
+	} else if p != mustCheckPath(hmain) {
 		log.Fatal("this program must be started by hakurei")
 	} else {
 		toolPath = p
--- a/cmd/hsu/package.nix
+++ b/cmd/hsu/package.nix
@@ -16,15 +16,8 @@ buildGoModule {
    go mod init hsu >& /dev/null
  '';

-  ldflags =
-    lib.attrsets.foldlAttrs
-      (
-        ldflags: name: value:
-        ldflags ++ [ "-X main.${name}=${value}" ]
-      )
-      [ "-s -w" ]
-      {
-        hmain = "${hakurei}/libexec/hakurei";
-        fpkg = "${hakurei}/libexec/fpkg";
-      };
+  ldflags = lib.attrsets.foldlAttrs (
+    ldflags: name: value:
+    ldflags ++ [ "-X main.${name}=${value}" ]
+  ) [ "-s -w" ] { hmain = "${hakurei}/libexec/hakurei"; };
 }
--- a/cmd/hsu/path.go
+++ b/cmd/hsu/path.go
@@ -9,7 +9,6 @@ const compPoison = "INVALIDINVALIDINVALIDINVALIDINVALID"

 var (
 	hmain = compPoison
-	fpkg  = compPoison
 )

 func mustCheckPath(p string) string {
--- a/cmd/planterette/app.go
+++ b/cmd/planterette/app.go
--- a/cmd/planterette/build.nix
+++ b/cmd/planterette/build.nix
--- a/cmd/planterette/main.go
+++ b/cmd/planterette/main.go
@@ -13,36 +13,23 @@ import (
 	"git.gensokyo.uk/security/hakurei/command"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal"
-	"git.gensokyo.uk/security/hakurei/internal/app/instance"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
-	"git.gensokyo.uk/security/hakurei/internal/sys"
-	"git.gensokyo.uk/security/hakurei/sandbox"
 )

 const shellPath = "/run/current-system/sw/bin/bash"

 var (
 	errSuccess = errors.New("success")
-
-	std sys.State = new(sys.Std)
 )

 func init() {
-	hlog.Prepare("fpkg")
+	hlog.Prepare("planterette")
 	if err := os.Setenv("SHELL", shellPath); err != nil {
 		log.Fatalf("cannot set $SHELL: %v", err)
 	}
 }

 func main() {
-	// early init path, skips root check and duplicate PR_SET_DUMPABLE
-	sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg)
-
-	if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil {
-		log.Printf("cannot set SUID_DUMP_DISABLE: %s", err)
-		// not fatal: this program runs as the privileged user
-	}
-
 	if os.Geteuid() == 0 {
 		log.Fatal("this program must not run as root")
 	}
@@ -55,15 +42,10 @@ func main() {
 		flagVerbose   bool
 		flagDropShell bool
 	)
-	c := command.New(os.Stderr, log.Printf, "fpkg", func([]string) error {
-		internal.InstallFmsg(flagVerbose)
-		return nil
-	}).
+	c := command.New(os.Stderr, log.Printf, "planterette", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }).
 		Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console").
 		Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next hakurei action")

-	c.Command("shim", command.UsageInternal, func([]string) error { instance.ShimMain(); return errSuccess })
-
 	{
 		var (
 			flagDropShellActivate bool
@@ -84,7 +66,7 @@ func main() {
 			}

 			/*
-				Look up paths to programs started by fpkg.
+				Look up paths to programs started by planterette.
 				This is done here to ease error handling as cleanup is not yet required.
 			*/

@@ -100,7 +82,7 @@ func main() {
 			*/

 			var workDir string
-			if p, err := os.MkdirTemp("", "fpkg.*"); err != nil {
+			if p, err := os.MkdirTemp("", "planterette.*"); err != nil {
 				log.Printf("cannot create temporary directory: %v", err)
 				return err
 			} else {
--- a/cmd/planterette/paths.go
+++ b/cmd/planterette/paths.go
--- a/cmd/planterette/proc.go
+++ b/cmd/planterette/proc.go
@@ -0,0 +1,60 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"io"
+	"log"
+	"os"
+	"os/exec"
+
+	"git.gensokyo.uk/security/hakurei/hst"
+	"git.gensokyo.uk/security/hakurei/internal"
+	"git.gensokyo.uk/security/hakurei/internal/hlog"
+)
+
+var hakureiPath = internal.MustHakureiPath()
+
+func mustRunApp(ctx context.Context, config *hst.Config, beforeFail func()) {
+	var (
+		cmd *exec.Cmd
+		st  io.WriteCloser
+	)
+
+	if r, w, err := os.Pipe(); err != nil {
+		beforeFail()
+		log.Fatalf("cannot pipe: %v", err)
+	} else {
+		if hlog.Load() {
+			cmd = exec.CommandContext(ctx, hakureiPath, "-v", "app", "3")
+		} else {
+			cmd = exec.CommandContext(ctx, hakureiPath, "app", "3")
+		}
+		cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
+		cmd.ExtraFiles = []*os.File{r}
+		st = w
+	}
+
+	go func() {
+		if err := json.NewEncoder(st).Encode(config); err != nil {
+			beforeFail()
+			log.Fatalf("cannot send configuration: %v", err)
+		}
+	}()
+
+	if err := cmd.Start(); err != nil {
+		beforeFail()
+		log.Fatalf("cannot start hakurei: %v", err)
+	}
+	if err := cmd.Wait(); err != nil {
+		var exitError *exec.ExitError
+		if errors.As(err, &exitError) {
+			beforeFail()
+			internal.Exit(exitError.ExitCode())
+		} else {
+			beforeFail()
+			log.Fatalf("cannot wait: %v", err)
+		}
+	}
+}
--- a/cmd/planterette/test/configuration.nix
+++ b/cmd/planterette/test/configuration.nix
--- a/cmd/planterette/test/default.nix
+++ b/cmd/planterette/test/default.nix
@@ -9,7 +9,7 @@ let
  buildPackage = self.buildPackage.${system};
 in
 nixosTest {
-  name = "fpkg";
+  name = "planterette";
  nodes.machine = {
    environment.etc = {
      "foot.pkg".source = callPackage ./foot.nix { inherit buildPackage; };
--- a/cmd/planterette/test/foot.nix
+++ b/cmd/planterette/test/foot.nix
--- a/cmd/planterette/test/test.py
+++ b/cmd/planterette/test/test.py
@@ -79,15 +79,15 @@ print(machine.succeed("sudo -u alice -i hakurei version"))
 machine.wait_for_file("/run/user/1000/wayland-1")
 machine.wait_for_file("/tmp/sway-ipc.sock")

-# Prepare fpkg directory:
+# Prepare planterette directory:
 machine.succeed("install -dm 0700 -o alice -g users /var/lib/hakurei/1000")

-# Install fpkg app:
-swaymsg("exec fpkg -v install /etc/foot.pkg && touch /tmp/fpkg-install-done")
-machine.wait_for_file("/tmp/fpkg-install-done")
+# Install planterette app:
+swaymsg("exec planterette -v install /etc/foot.pkg && touch /tmp/planterette-install-ok")
+machine.wait_for_file("/tmp/planterette-install-ok")

 # Start app (foot) with Wayland enablement:
-swaymsg("exec fpkg -v start org.codeberg.dnkl.foot")
+swaymsg("exec planterette -v start org.codeberg.dnkl.foot")
 wait_for_window("hakurei@machine-foot")
 machine.send_chars("clear; wayland-info && touch /tmp/success-client\n")
 machine.wait_for_file("/tmp/hakurei.1000/tmpdir/2/success-client")
--- a/cmd/planterette/with.go
+++ b/cmd/planterette/with.go