wip

pkg/build/build.go

@@ -352,16 +352,17 @@ func (b *Builder) BuildPackage(
 ) (*BuildResult, error) {
 	scriptPath := input.script
 
+	slog.Debug("ReadScript")
 	sf, err := b.scriptExecutor.ReadScript(ctx, scriptPath)
 	if err != nil {
 		return nil, err
 	}
 
+	slog.Debug("ExecuteFirstPass")
 	basePkg, varsOfPackages, err := b.scriptExecutor.ExecuteFirstPass(ctx, input, sf)
 	if err != nil {
 		return nil, err
 	}
-	slog.Debug("ExecuteFirstPass", "basePkg", basePkg, "varsOfPackages", varsOfPackages)
 
 	builtPaths := make([]string, 0)
 
@@ -384,6 +385,7 @@ func (b *Builder) BuildPackage(
 		}
 	}
 
+	slog.Debug("ViewScript")
 	err = b.scriptViewerExecutor.ViewScript(ctx, input, sf, basePkg)
 	if err != nil {
 		return nil, err
@@ -423,21 +425,25 @@ func (b *Builder) BuildPackage(
 	}
 	sources, checksums = removeDuplicatesSources(sources, checksums)
 
+	slog.Debug("installBuildDeps")
 	err = b.installBuildDeps(ctx, input, buildDepends)
 	if err != nil {
 		return nil, err
 	}
 
+	slog.Debug("installOptDeps")
 	err = b.installOptDeps(ctx, input, optDepends)
 	if err != nil {
 		return nil, err
 	}
 
+	slog.Debug("BuildALRDeps")
 	_, builtNames, repoDeps, err := b.BuildALRDeps(ctx, input, depends)
 	if err != nil {
 		return nil, err
 	}
 
+	slog.Debug("PrepareDirs")
 	err = b.scriptExecutor.PrepareDirs(ctx, input, basePkg)
 	if err != nil {
 		return nil, err
@@ -446,6 +452,7 @@ func (b *Builder) BuildPackage(
 	// builtPaths = append(builtPaths, newBuildPaths...)
 
 	slog.Info(gotext.Get("Downloading sources"))
+	slog.Debug("DownloadSources")
 	err = b.sourceExecutor.DownloadSources(
 		ctx,
 		input,
@@ -459,6 +466,7 @@ func (b *Builder) BuildPackage(
 		return nil, err
 	}
 
+	slog.Debug("ExecuteSecondPass")
 	res, err := b.scriptExecutor.ExecuteSecondPass(
 		ctx,
 		input,

pkg/build/main_build.go

@@ -19,27 +19,34 @@ package build
 import (
 	"log/slog"
 
+	"gitea.plemya-x.ru/Plemya-x/ALR/internal/utils"
 	"gitea.plemya-x.ru/Plemya-x/ALR/pkg/manager"
 )
 
 func NewMainBuilder(
 	cfg Config,
 	repos PackageFinder,
-) *Builder {
+) (*Builder, error) {
+	installerExecutor, err := GetSafeInstaller()
+	if err != nil {
+		slog.Error("i will panic GetSafeInstaller", "err", err)
+		return nil, err
+	}
+
+	// It is very important!
+	// See https://stackoverflow.com/questions/47296408/cannot-open-uid-map-for-writing-from-an-app-with-cap-setuid-capability-set
+	if err := utils.NoNewPrivs(); err != nil {
+		return nil, err
+	}
+
 	s, err := GetSafeScriptExecutor()
 	if err != nil {
-		slog.Info("i will panic")
-		panic(err)
+		slog.Error("i will panic GetSafeScriptExecutor", "err", err)
+		return nil, err
 	}
 
 	mgr := manager.Detect()
 
-	installerExecutor, err := GetSafeInstaller()
-	if err != nil {
-		slog.Info("i will panic")
-		panic(err)
-	}
-
 	builder := &Builder{
 		scriptExecutor: s,
 		cacheExecutor: &Cache{
@@ -61,5 +68,5 @@ func NewMainBuilder(
 		repos: repos,
 	}
 
-	return builder
+	return builder, nil
 }

pkg/build/safe.go

@@ -229,6 +229,7 @@ func GetSafeScriptExecutor() (ScriptExecutor, error) {
 		"LOGNAME=alr",
 		"USER=alr",
 		"PATH=/usr/bin:/bin:/usr/local/bin",
+		"ALR_LOG_LEVEL=DEBUG",
 	}
 	uid, gid, err := utils.GetUidGidAlrUser()
 	if err != nil {
@@ -247,6 +248,9 @@ func GetSafeScriptExecutor() (ScriptExecutor, error) {
 		Cmd:             cmd,
 		Logger:          logger.GetHCLoggerAdapter(),
 		SkipHostEnv:     true,
+		UnixSocketConfig: &plugin.UnixSocketConfig{
+			Group: "alr",
+		},
 	})
 	rpcClient, err := client.Client()
 	if err != nil {

pkg/build/safe_installer.go

@@ -26,7 +26,6 @@ import (
 	"github.com/hashicorp/go-plugin"
 
 	"gitea.plemya-x.ru/Plemya-x/ALR/internal/logger"
-	"gitea.plemya-x.ru/Plemya-x/ALR/internal/utils"
 )
 
 type InstallerPlugin struct {
@@ -46,7 +45,6 @@ func (r *InstallerRPC) InstallLocal(paths []string) error {
 }
 
 func (s *InstallerRPCServer) InstallLocal(paths []string, reply *struct{}) error {
-	slog.Warn("install", "paths", paths)
 	return s.Impl.InstallLocal(paths)
 }
 
@@ -60,8 +58,9 @@ func (s *InstallerRPCServer) Install(pkgs []string, reply *struct{}) error {
 }
 
 func (r *InstallerRPC) RemoveAlreadyInstalled(paths []string) ([]string, error) {
-	err := r.client.Call("Plugin.RemoveAlreadyInstalled", paths, nil)
-	return nil, err
+	var val []string
+	err := r.client.Call("Plugin.RemoveAlreadyInstalled", paths, &val)
+	return val, err
 }
 
 func (s *InstallerRPCServer) RemoveAlreadyInstalled(pkgs []string, res *[]string) error {
@@ -95,16 +94,8 @@ func GetSafeInstaller() (InstallerExecutor, error) {
 		"ALR_LOG_LEVEL=DEBUG",
 		"XDG_SESSION_CLASS=user",
 	)
-	uid, gid, err := utils.GetUidGidAlrUser()
-	if err != nil {
-		return nil, err
-	}
-	cmd.SysProcAttr = &syscall.SysProcAttr{
-		Credential: &syscall.Credential{
-			Uid: uint32(uid),
-			Gid: uint32(gid),
-		},
-	}
+
+	slog.Debug("safe installer setup", "uid", syscall.Getuid(), "gid", syscall.Getgid())
 
 	client := plugin.NewClient(&plugin.ClientConfig{
 		HandshakeConfig: HandshakeConfig,
@@ -119,7 +110,6 @@ func GetSafeInstaller() (InstallerExecutor, error) {
 	})
 	rpcClient, err := client.Client()
 	if err != nil {
-		slog.Info("1")
 		return nil, err
 	}
 

pkg/manager/apt_rpm.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"os/exec"
 	"strings"
+	"syscall"
 )
 
 // APTRpm represents the APT-RPM package manager
@@ -110,7 +111,11 @@ func (a *APTRpm) UpgradeAll(opts *Opts) error {
 func (a *APTRpm) getCmd(opts *Opts, mgrCmd string, args ...string) *exec.Cmd {
 	var cmd *exec.Cmd
 	if opts.AsRoot {
-		cmd = exec.Command(getRootCmd(a.rootCmd), mgrCmd)
+		if syscall.Geteuid() != 0 {
+			cmd = exec.Command(getRootCmd(a.rootCmd), mgrCmd)
+		} else {
+			cmd = exec.Command(mgrCmd)
+		}
 		cmd.Args = append(cmd.Args, opts.Args...)
 		cmd.Args = append(cmd.Args, args...)
 	} else {

pkg/manager/managers.go

@@ -115,7 +115,7 @@ func getRootCmd(rootCmd string) string {
 func setCmdEnv(cmd *exec.Cmd) {
 	cmd.Env = os.Environ()
 	cmd.Stdin = os.Stdin
-	cmd.Stdout = os.Stdout
+	cmd.Stdout = os.Stderr
 	cmd.Stderr = os.Stderr
 }