wip

pkg/build/main_build.go

@@ -17,10 +17,6 @@
 package build
 
 import (
-	"log/slog"
-	"sync"
-
-	"gitea.plemya-x.ru/Plemya-x/ALR/internal/utils"
 	"gitea.plemya-x.ru/Plemya-x/ALR/pkg/manager"
 )
 
@@ -28,48 +24,11 @@ func NewMainBuilder(
 	cfg Config,
 	mgr manager.Manager,
 	repos PackageFinder,
-) (*Builder, func(), error) {
-	var err error
-
-	var safeInstallerClose, safeScriptExecutorClose func()
-
-	var cleanupOnce sync.Once
-	cleanup := func() {
-		cleanupOnce.Do(func() {
-			if safeScriptExecutorClose != nil {
-				safeScriptExecutorClose()
-			}
-			if safeInstallerClose != nil {
-				safeInstallerClose()
-			}
-		})
-	}
-
-	defer func() {
-		if err != nil {
-			slog.Debug("close executors")
-			cleanup()
-		}
-	}()
-
-	installerExecutor, safeInstallerClose, err := GetSafeInstaller()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	// It is very important!
-	// See https://stackoverflow.com/questions/47296408/cannot-open-uid-map-for-writing-from-an-app-with-cap-setuid-capability-set
-	if err = utils.NoNewPrivs(); err != nil {
-		return nil, nil, err
-	}
-
-	s, safeScriptExecutorClose, err := GetSafeScriptExecutor()
-	if err != nil {
-		return nil, nil, err
-	}
-
+	scriptExecutor ScriptExecutor,
+	installerExecutor InstallerExecutor,
+) (*Builder, error) {
 	builder := &Builder{
-		scriptExecutor: s,
+		scriptExecutor: scriptExecutor,
 		cacheExecutor: &Cache{
 			cfg,
 		},
@@ -89,5 +48,5 @@ func NewMainBuilder(
 		repos: repos,
 	}
 
-	return builder, cleanup, nil
+	return builder, nil
 }

pkg/build/safe_installer.go

@@ -28,7 +28,6 @@ import (
 	"github.com/hashicorp/go-plugin"
 
 	"gitea.plemya-x.ru/Plemya-x/ALR/internal/logger"
-	"gitea.plemya-x.ru/Plemya-x/ALR/internal/utils"
 )
 
 type InstallerPlugin struct {
@@ -99,17 +98,20 @@ func GetSafeInstaller() (InstallerExecutor, func(), error) {
 		"ALR_LOG_LEVEL=DEBUG",
 	}
 
-	uid, gid, err := utils.GetUidGidAlrUser()
-	if err != nil {
-		return nil, nil, err
-	}
+	/*
+		uid, gid, err := utils.GetUidGidAlrUser()
+		if err != nil {
+			return nil, nil, err
+		}
 
-	cmd.SysProcAttr = &syscall.SysProcAttr{
-		Credential: &syscall.Credential{
-			Uid: uint32(uid),
-			Gid: uint32(gid),
-		},
-	}
+
+			cmd.SysProcAttr = &syscall.SysProcAttr{
+				Credential: &syscall.Credential{
+					Uid: uint32(uid),
+					Gid: uint32(gid),
+				},
+			}
+	*/
 
 	slog.Debug("safe installer setup", "uid", syscall.Getuid(), "gid", syscall.Getgid())
 

pkg/build/safe_script_executor.go

@@ -24,13 +24,11 @@ import (
 	"os"
 	"os/exec"
 	"sync"
-	"syscall"
 
 	"github.com/hashicorp/go-plugin"
 
 	"gitea.plemya-x.ru/Plemya-x/ALR/internal/logger"
 	"gitea.plemya-x.ru/Plemya-x/ALR/internal/types"
-	"gitea.plemya-x.ru/Plemya-x/ALR/internal/utils"
 )
 
 var HandshakeConfig = plugin.HandshakeConfig{
@@ -235,16 +233,19 @@ func GetSafeScriptExecutor() (ScriptExecutor, func(), error) {
 		"PATH=/usr/bin:/bin:/usr/local/bin",
 		"ALR_LOG_LEVEL=DEBUG",
 	}
-	uid, gid, err := utils.GetUidGidAlrUser()
-	if err != nil {
-		return nil, nil, err
-	}
-	cmd.SysProcAttr = &syscall.SysProcAttr{
-		Credential: &syscall.Credential{
-			Uid: uint32(uid),
-			Gid: uint32(gid),
-		},
-	}
+	/*
+		uid, gid, err := utils.GetUidGidAlrUser()
+		if err != nil {
+			return nil, nil, err
+		}
+
+			cmd.SysProcAttr = &syscall.SysProcAttr{
+				Credential: &syscall.Credential{
+					Uid: uint32(uid),
+					Gid: uint32(gid),
+				},
+			}
+	*/
 
 	client := plugin.NewClient(&plugin.ClientConfig{
 		HandshakeConfig: HandshakeConfig,