helper/proc: move package out of internal

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/app.go

@@ -6,7 +6,7 @@ import (
 
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/internal/linux"
-	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
+	"git.gensokyo.uk/security/fortify/internal/priv/shim"
 )
 
 type App interface {

internal/app/start.go

@@ -11,7 +11,7 @@ import (
 
 	"git.gensokyo.uk/security/fortify/helper"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
-	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
+	"git.gensokyo.uk/security/fortify/internal/priv/shim"
 	"git.gensokyo.uk/security/fortify/internal/state"
 	"git.gensokyo.uk/security/fortify/internal/system"
 )

internal/priv/init/main.go

@@ -8,9 +8,9 @@ import (
 	"syscall"
 	"time"
 
+	"git.gensokyo.uk/security/fortify/helper/proc"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
-	"git.gensokyo.uk/security/fortify/internal/proc"
 )
 
 const (

internal/priv/shim/main.go

@@ -8,11 +8,11 @@ import (
 
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper/proc"
 	"git.gensokyo.uk/security/fortify/helper/seccomp"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
-	"git.gensokyo.uk/security/fortify/internal/proc"
-	init0 "git.gensokyo.uk/security/fortify/internal/proc/priv/init"
+	init0 "git.gensokyo.uk/security/fortify/internal/priv/init"
 )
 
 // everything beyond this point runs as unconstrained target user

internal/priv/shim/manager.go

@@ -10,9 +10,9 @@ import (
 	"strings"
 	"time"
 
+	"git.gensokyo.uk/security/fortify/helper/proc"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
-	"git.gensokyo.uk/security/fortify/internal/proc"
 )
 
 // used by the parent process

internal/proc/fd.go

@@ -1,45 +0,0 @@
-package proc
-
-import (
-	"encoding/gob"
-	"errors"
-	"os"
-	"strconv"
-)
-
-var (
-	ErrNotSet  = errors.New("environment variable not set")
-	ErrInvalid = errors.New("bad file descriptor")
-)
-
-// Setup appends the read end of a pipe for payload transmission and returns its fd.
-func Setup(extraFiles *[]*os.File) (int, *gob.Encoder, error) {
-	if r, w, err := os.Pipe(); err != nil {
-		return -1, nil, err
-	} else {
-		fd := 3 + len(*extraFiles)
-		*extraFiles = append(*extraFiles, r)
-		return fd, gob.NewEncoder(w), nil
-	}
-}
-
-// Receive retrieves payload pipe fd from the environment,
-// receives its payload and returns the Close method of the pipe.
-func Receive(key string, e any) (func() error, error) {
-	var setup *os.File
-
-	if s, ok := os.LookupEnv(key); !ok {
-		return nil, ErrNotSet
-	} else {
-		if fd, err := strconv.Atoi(s); err != nil {
-			return nil, err
-		} else {
-			setup = os.NewFile(uintptr(fd), "setup")
-			if setup == nil {
-				return nil, ErrInvalid
-			}
-		}
-	}
-
-	return func() error { return setup.Close() }, gob.NewDecoder(setup).Decode(e)
-}

internal/proc/files.go

@@ -1,17 +0,0 @@
-package proc
-
-import (
-	"os"
-	"os/exec"
-)
-
-func ExtraFile(cmd *exec.Cmd, f *os.File) (fd uintptr) {
-	return ExtraFileSlice(&cmd.ExtraFiles, f)
-}
-
-func ExtraFileSlice(extraFiles *[]*os.File, f *os.File) (fd uintptr) {
-	// ExtraFiles: If non-nil, entry i becomes file descriptor 3+i.
-	fd = uintptr(3 + len(*extraFiles))
-	*extraFiles = append(*extraFiles, f)
-	return
-}

internal/proc/self.go

@@ -1,26 +0,0 @@
-package proc
-
-import (
-	"os"
-	"sync"
-
-	"git.gensokyo.uk/security/fortify/internal/fmsg"
-)
-
-var (
-	executable     string
-	executableOnce sync.Once
-)
-
-func copyExecutable() {
-	if name, err := os.Executable(); err != nil {
-		fmsg.Fatalf("cannot read executable path: %v", err)
-	} else {
-		executable = name
-	}
-}
-
-func MustExecutable() string {
-	executableOnce.Do(copyExecutable)
-	return executable
-}