cmd/fpkg: app bundle helper

This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 13:21:49 +09:00
parent bf8094c6ca
commit e0e2f40e84
7 changed files with 596 additions and 0 deletions
--- a/cmd/fpkg/proc.go
+++ b/cmd/fpkg/proc.go
@@ -0,0 +1,64 @@
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"os"
+	"os/exec"
+
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/internal"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+)
+
+func fortifyApp(config *fst.Config, beforeFail func()) {
+	var (
+		cmd *exec.Cmd
+		st  io.WriteCloser
+	)
+	if p, ok := internal.Check(internal.Fortify); !ok {
+		beforeFail()
+		fmsg.Fatal("invalid fortify path, this copy of fpkg is not compiled correctly")
+		panic("unreachable")
+	} else if r, w, err := os.Pipe(); err != nil {
+		beforeFail()
+		fmsg.Fatalf("cannot pipe: %v", err)
+		panic("unreachable")
+	} else {
+		if fmsg.Verbose() {
+			cmd = exec.Command(p, "-v", "app", "3")
+		} else {
+			cmd = exec.Command(p, "app", "3")
+		}
+		cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
+		cmd.ExtraFiles = []*os.File{r}
+		st = w
+	}
+
+	go func() {
+		if err := json.NewEncoder(st).Encode(config); err != nil {
+			beforeFail()
+			fmsg.Fatalf("cannot send configuration: %v", err)
+			panic("unreachable")
+		}
+	}()
+
+	if err := cmd.Start(); err != nil {
+		beforeFail()
+		fmsg.Fatalf("cannot start fortify: %v", err)
+		panic("unreachable")
+	}
+	if err := cmd.Wait(); err != nil {
+		var exitError *exec.ExitError
+		if errors.As(err, &exitError) {
+			beforeFail()
+			fmsg.Exit(exitError.ExitCode())
+			panic("unreachable")
+		} else {
+			beforeFail()
+			fmsg.Fatalf("cannot wait: %v", err)
+			panic("unreachable")
+		}
+	}
+}