From a51a8ab963bed3b2d5c9100a77d3fe0e19127f54 Mon Sep 17 00:00:00 2001 From: Maxim Slipenko Date: Sun, 13 Apr 2025 16:58:15 +0300 Subject: [PATCH] wip --- assets/coverage-badge.svg | 4 +- build.go | 181 ++++++++++++++++--------- internal.go | 141 ++++++++++++++++++- internal/translations/default.pot | 102 ++++++++------ internal/translations/po/ru/default.po | 88 ++++++------ internal/utils/cmd.go | 15 +- main.go | 4 +- pkg/build/build.go | 32 ++++- pkg/build/main_build.go | 3 - pkg/build/script_executor.go | 1 + pkg/distro/osrelease.go | 1 + upgrade.g_o => upgrade.go | 43 ++++-- 12 files changed, 442 insertions(+), 173 deletions(-) rename upgrade.g_o => upgrade.go (85%) diff --git a/assets/coverage-badge.svg b/assets/coverage-badge.svg index ce89bb7..5a9d2fc 100644 --- a/assets/coverage-badge.svg +++ b/assets/coverage-badge.svg @@ -11,7 +11,7 @@ coverage coverage - 16.7% - 16.7% + 15.8% + 15.8% diff --git a/build.go b/build.go index dd92584..1c284a8 100644 --- a/build.go +++ b/build.go @@ -20,8 +20,10 @@ package main import ( + "bytes" "log/slog" "os" + "os/exec" "path/filepath" "strings" @@ -32,6 +34,7 @@ import ( database "gitea.plemya-x.ru/Plemya-x/ALR/internal/db" "gitea.plemya-x.ru/Plemya-x/ALR/internal/osutils" "gitea.plemya-x.ru/Plemya-x/ALR/internal/types" + "gitea.plemya-x.ru/Plemya-x/ALR/internal/utils" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/build" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/distro" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/manager" @@ -66,9 +69,56 @@ func BuildCmd() *cli.Command { }, }, Action: func(c *cli.Context) error { + wd, err := os.Getwd() + if err != nil { + slog.Error(gotext.Get("Error getting working directory"), "err", err) + os.Exit(1) + } + executable, err := os.Executable() + if err != nil { + slog.Error(gotext.Get("Error getting working directory"), "err", err) + os.Exit(1) + } + + cmd := exec.Command(executable, "_internal-mount", wd) + var stdout bytes.Buffer + cmd.Stdout = &stdout + cmd.Stderr = os.Stderr + err = cmd.Run() + if err != nil { + slog.Error(gotext.Get("Error getting working directory"), "err", err) + os.Exit(1) + } + + wd = stdout.String() + + defer func() { + slog.Warn("unmounting...") + cmd := exec.Command(executable, "_internal-umount", wd) + var stdout bytes.Buffer + cmd.Stdout = &stdout + cmd.Stderr = os.Stderr + err = cmd.Run() + if err != nil { + slog.Error(gotext.Get("Error getting working directory"), "err", err) + os.Exit(1) + } + }() + + err = utils.DropCapsToAlrUser() + if err != nil { + slog.Error(gotext.Get("Error dropping capabilities"), "err", err) + os.Exit(1) + } + _, err = os.Stat(wd) + if err != nil { + slog.Error(gotext.Get("Error dropping capabilities"), "err", err) + os.Exit(1) + } + ctx := c.Context cfg := config.New() - err := cfg.Load() + err = cfg.Load() if err != nil { slog.Error(gotext.Get("Error loading config"), "err", err) os.Exit(1) @@ -84,42 +134,6 @@ func BuildCmd() *cli.Command { var script string var packages []string - // repository := "default" - - // repoDir := cfg.GetPaths().RepoDir - - switch { - case c.IsSet("script"): - script = c.String("script") - packages = append(packages, c.String("script-package")) - case c.IsSet("package"): - // TODO: handle multiple packages - packageInput := c.String("package") - - arr := strings.Split(packageInput, "/") - var packageSearch string - if len(arr) == 2 { - packageSearch = arr[1] - } else { - packageSearch = arr[0] - } - - pkgs, _, _ := rs.FindPkgs(ctx, []string{packageSearch}) - pkg, ok := pkgs[packageSearch] - if len(pkg) < 1 || !ok { - slog.Error(gotext.Get("Package not found")) - os.Exit(1) - } - - // repository = pkg[0].Repository - - if pkg[0].BasePkgName != "" { - // script = filepath.Join(repoDir, repository, pkg[0].BasePkgName, "alr.sh") - packages = append(packages, pkg[0].Name) - } - default: - // script = filepath.Join(repoDir, "alr.sh") - } // Обнаружение менеджера пакетов mgr := manager.Detect() @@ -139,31 +153,76 @@ func BuildCmd() *cli.Command { rs, ) - // Сборка пакета - res, err := builder.BuildPackageFromScript( - ctx, - &build.BuildPackageFromScriptArgs{ - Script: script, - Packages: packages, - BuildArgs: build.BuildArgs{ - Opts: &types.BuildOpts{ - Clean: c.Bool("clean"), - Interactive: c.Bool("interactive"), - }, - PkgFormat_: build.GetPkgFormat(mgr), - Info: info, - }, - }, - ) - if err != nil { - slog.Error(gotext.Get("Error building package"), "err", err) - os.Exit(1) - } + var res *build.BuildResult - // Получение текущей рабочей директории - wd, err := os.Getwd() - if err != nil { - slog.Error(gotext.Get("Error getting working directory"), "err", err) + switch { + case c.IsSet("script"): + script = c.String("script") + packages = append(packages, c.String("script-package")) + + res, err = builder.BuildPackageFromScript( + ctx, + &build.BuildPackageFromScriptArgs{ + Script: script, + Packages: packages, + BuildArgs: build.BuildArgs{ + Opts: &types.BuildOpts{ + Clean: c.Bool("clean"), + Interactive: c.Bool("interactive"), + }, + PkgFormat_: build.GetPkgFormat(mgr), + Info: info, + }, + }, + ) + if err != nil { + slog.Error(gotext.Get("Error building package"), "err", err) + os.Exit(1) + } + case c.IsSet("package"): + // TODO: handle multiple packages + packageInput := c.String("package") + + arr := strings.Split(packageInput, "/") + var packageSearch string + if len(arr) == 2 { + packageSearch = arr[1] + } else { + packageSearch = arr[0] + } + + pkgs, _, _ := rs.FindPkgs(ctx, []string{packageSearch}) + pkg, ok := pkgs[packageSearch] + if len(pkg) < 1 || !ok { + slog.Error(gotext.Get("Package not found")) + os.Exit(1) + } + + if pkg[0].BasePkgName != "" { + packages = append(packages, pkg[0].Name) + } + + res, err = builder.BuildPackageFromDb( + ctx, + &build.BuildPackageFromDbArgs{ + Package: &pkg[0], + Packages: packages, + BuildArgs: build.BuildArgs{ + Opts: &types.BuildOpts{ + Clean: c.Bool("clean"), + Interactive: c.Bool("interactive"), + }, + PkgFormat_: build.GetPkgFormat(mgr), + Info: info, + }, + }, + ) + if err != nil { + slog.Error(gotext.Get("Error building package"), "err", err) + os.Exit(1) + } + default: + slog.Error(gotext.Get("Nothing to build")) os.Exit(1) } diff --git a/internal.go b/internal.go index 2702e5d..4adecdf 100644 --- a/internal.go +++ b/internal.go @@ -17,8 +17,13 @@ package main import ( + "fmt" "log/slog" "os" + "os/exec" + "os/user" + "path/filepath" + "strings" "syscall" "github.com/hashicorp/go-hclog" @@ -47,10 +52,6 @@ func InternalBuildCmd() *cli.Command { slog.Error("aa", "err", err) os.Exit(1) } - slog.Info("", - "uid", os.Getuid(), - "gid", os.Getgid(), - ) cfg := config.New() err = cfg.Load() if err != nil { @@ -131,3 +132,135 @@ func InternalInstallCmd() *cli.Command { }, } } + +func InternalMountCmd() *cli.Command { + return &cli.Command{ + Name: "_internal-mount", + HideHelp: true, + Hidden: true, + Action: func(c *cli.Context) error { + sourceDir := c.Args().First() + + u, _ := user.Current() + + logger.SetupForGoPlugin() + err := syscall.Setuid(0) + if err != nil { + slog.Error("Failed to setuid(0)", "err", err) + os.Exit(1) + } + + alrRunDir := "/var/run/alr" + err = os.MkdirAll(alrRunDir, 0o750) + if err != nil { + slog.Error("Error creating /var/run/alr directory", "err", err) + os.Exit(1) + } + + _, gid, _ := utils.GetUidGidAlrUser() + + // Меняем группу на alr и права + err = os.Chown(alrRunDir, 0, gid) // root:alr + if err != nil { + slog.Error("Failed to chown /var/run/alr", "err", err) + os.Exit(1) + } + + // Создаем поддиректорию для bindfs + targetDir := filepath.Join(alrRunDir, fmt.Sprintf("bindfs-%d", os.Getpid())) + err = os.MkdirAll(targetDir, 0o750) // 0750: владелец (root) и группа (alr) имеют доступ + if err != nil { + slog.Error("Error creating bindfs target directory", "err", err) + os.Exit(1) + } + + // Устанавливаем владельца и группу (root:alr) + err = os.Chown(targetDir, 0, gid) + if err != nil { + slog.Error("Failed to chown bindfs directory", "err", err) + os.Exit(1) + } + + bindfsCmd := exec.Command( + "bindfs", + fmt.Sprintf("--map=%s/alr:@%s/@alr", u.Uid, u.Gid), + sourceDir, + targetDir, + ) + + bindfsCmd.Stderr = os.Stderr + + if err := bindfsCmd.Start(); err != nil { + slog.Error("Error starting bindfs", "err", err) + os.Exit(1) + } + + fmt.Print(targetDir) + + return nil + }, + } +} + +func InternalUnmountCmd() *cli.Command { + return &cli.Command{ + Name: "_internal-umount", + HideHelp: true, + Hidden: true, + Action: func(c *cli.Context) error { + currentUser, err := user.Current() + if err != nil { + slog.Error("Failed to get current user", "err", err) + os.Exit(1) + } + + uid, gid, err := utils.GetUidGidAlrUserString() + if err != nil { + slog.Error("Failed to get alr user info", "err", err) + os.Exit(1) + } + + if currentUser.Uid != uid && currentUser.Gid != gid { + slog.Error("Only alr user can unmount these directories") + os.Exit(1) + } + + targetDir := c.Args().First() + if targetDir == "" { + slog.Error("No target directory specified") + os.Exit(1) + } + + if !strings.HasPrefix(targetDir, "/var/run/alr/") { + slog.Error("Can only unmount directories under /var/run/alr") + os.Exit(1) + } + + if _, err := os.Stat(targetDir); os.IsNotExist(err) { + slog.Error("Target directory does not exist", "dir", targetDir) + os.Exit(1) + } + + err = syscall.Setuid(0) + if err != nil { + slog.Error("Failed to setuid(0)", "err", err) + os.Exit(1) + } + + umountCmd := exec.Command("umount", targetDir) + umountCmd.Stderr = os.Stderr + + if err := umountCmd.Run(); err != nil { + slog.Error("Error unmounting directory", "dir", targetDir, "err", err) + os.Exit(1) + } + + if err := os.Remove(targetDir); err != nil { + slog.Error("Error removing directory", "dir", targetDir, "err", err) + os.Exit(1) + } + + return nil + }, + } +} diff --git a/internal/translations/default.pot b/internal/translations/default.pot index e17ac27..7322f70 100644 --- a/internal/translations/default.pot +++ b/internal/translations/default.pot @@ -9,56 +9,64 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: build.go:44 +#: build.go:47 msgid "Build a local package" msgstr "" -#: build.go:50 +#: build.go:53 msgid "Path to the build script" msgstr "" -#: build.go:55 +#: build.go:58 msgid "Specify subpackage in script (for multi package script only)" msgstr "" -#: build.go:60 +#: build.go:63 msgid "Name of the package to build and its repo (example: default/go-bin)" msgstr "" -#: build.go:65 +#: build.go:68 msgid "" "Build package from scratch even if there's an already built package available" msgstr "" -#: build.go:73 -msgid "Error loading config" -msgstr "" - -#: build.go:81 -msgid "Error initialization database" -msgstr "" - -#: build.go:110 -msgid "Package not found" -msgstr "" - -#: build.go:127 -msgid "Unable to detect a supported package manager on the system" -msgstr "" - -#: build.go:133 -msgid "Error parsing os release" -msgstr "" - -#: build.go:159 -msgid "Error building package" -msgstr "" - -#: build.go:166 +#: build.go:74 build.go:79 build.go:89 build.go:103 msgid "Error getting working directory" msgstr "" -#: build.go:175 +#: build.go:110 build.go:115 +msgid "Error dropping capabilities" +msgstr "" + +#: build.go:123 +msgid "Error loading config" +msgstr "" + +#: build.go:131 +msgid "Error initialization database" +msgstr "" + +#: build.go:141 +msgid "Unable to detect a supported package manager on the system" +msgstr "" + +#: build.go:147 +msgid "Error parsing os release" +msgstr "" + +#: build.go:179 build.go:221 +msgid "Error building package" +msgstr "" + +#: build.go:197 +msgid "Package not found" +msgstr "" + +#: build.go:225 +msgid "Nothing to build" +msgstr "" + +#: build.go:234 msgid "Error moving the package" msgstr "" @@ -170,10 +178,6 @@ msgstr "" msgid "Command install expected at least 1 argument, got %d" msgstr "" -#: install.go:84 -msgid "Error dropping capabilities" -msgstr "" - #: install.go:96 msgid "Error pulling repositories" msgstr "" @@ -311,7 +315,7 @@ msgstr "" msgid "ERROR" msgstr "" -#: internal/utils/cmd.go:65 +#: internal/utils/cmd.go:74 msgid "You need to be root" msgstr "" @@ -331,11 +335,11 @@ msgstr "" msgid "Enable interactive questions and prompts" msgstr "" -#: main.go:183 +#: main.go:185 msgid "Show help" msgstr "" -#: main.go:187 +#: main.go:189 msgid "Error while running app" msgstr "" @@ -351,7 +355,7 @@ msgstr "" msgid "Downloading sources" msgstr "" -#: pkg/build/build.go:507 +#: pkg/build/build.go:535 msgid "Installing dependencies" msgstr "" @@ -385,19 +389,19 @@ msgstr "" msgid "AutoReq is not implemented for this package format, so it's skipped" msgstr "" -#: pkg/build/script_executor.go:236 +#: pkg/build/script_executor.go:237 msgid "Building package metadata" msgstr "" -#: pkg/build/script_executor.go:355 +#: pkg/build/script_executor.go:356 msgid "Executing prepare()" msgstr "" -#: pkg/build/script_executor.go:364 +#: pkg/build/script_executor.go:365 msgid "Executing build()" msgstr "" -#: pkg/build/script_executor.go:393 pkg/build/script_executor.go:413 +#: pkg/build/script_executor.go:394 pkg/build/script_executor.go:414 msgid "Executing %s()" msgstr "" @@ -490,3 +494,15 @@ msgstr "" #: search.go:119 msgid "Error executing template" msgstr "" + +#: upgrade.go:48 +msgid "Upgrade all installed packages" +msgstr "" + +#: upgrade.go:111 upgrade.go:129 +msgid "Error checking for updates" +msgstr "" + +#: upgrade.go:133 +msgid "There is nothing to do." +msgstr "" diff --git a/internal/translations/po/ru/default.po b/internal/translations/po/ru/default.po index eb18a05..05978bc 100644 --- a/internal/translations/po/ru/default.po +++ b/internal/translations/po/ru/default.po @@ -16,57 +16,67 @@ msgstr "" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Gtranslator 47.1\n" -#: build.go:44 +#: build.go:47 msgid "Build a local package" msgstr "Сборка локального пакета" -#: build.go:50 +#: build.go:53 msgid "Path to the build script" msgstr "Путь к скрипту сборки" -#: build.go:55 +#: build.go:58 msgid "Specify subpackage in script (for multi package script only)" msgstr "Укажите подпакет в скрипте (только для многопакетного скрипта)" -#: build.go:60 +#: build.go:63 msgid "Name of the package to build and its repo (example: default/go-bin)" msgstr "Имя пакета для сборки и его репозиторий (пример: default/go-bin)" -#: build.go:65 +#: build.go:68 msgid "" "Build package from scratch even if there's an already built package available" msgstr "Создайте пакет с нуля, даже если уже имеется готовый пакет" -#: build.go:73 +#: build.go:74 build.go:79 build.go:89 build.go:103 +msgid "Error getting working directory" +msgstr "Ошибка при получении рабочего каталога" + +#: build.go:110 build.go:115 +#, fuzzy +msgid "Error dropping capabilities" +msgstr "Ошибка при открытии базы данных" + +#: build.go:123 #, fuzzy msgid "Error loading config" msgstr "Ошибка при кодировании конфигурации" -#: build.go:81 +#: build.go:131 msgid "Error initialization database" msgstr "Ошибка инициализации базы данных" -#: build.go:110 -msgid "Package not found" -msgstr "Пакет не найден" - -#: build.go:127 +#: build.go:141 msgid "Unable to detect a supported package manager on the system" msgstr "Не удалось обнаружить поддерживаемый менеджер пакетов в системе" -#: build.go:133 +#: build.go:147 msgid "Error parsing os release" msgstr "Ошибка при разборе файла выпуска операционной системы" -#: build.go:159 +#: build.go:179 build.go:221 msgid "Error building package" msgstr "Ошибка при сборке пакета" -#: build.go:166 -msgid "Error getting working directory" -msgstr "Ошибка при получении рабочего каталога" +#: build.go:197 +msgid "Package not found" +msgstr "Пакет не найден" -#: build.go:175 +#: build.go:225 +#, fuzzy +msgid "Nothing to build" +msgstr "Исполнение build()" + +#: build.go:234 msgid "Error moving the package" msgstr "Ошибка при перемещении пакета" @@ -181,11 +191,6 @@ msgstr "Установить новый пакет" msgid "Command install expected at least 1 argument, got %d" msgstr "Для команды install ожидался хотя бы 1 аргумент, получено %d" -#: install.go:84 -#, fuzzy -msgid "Error dropping capabilities" -msgstr "Ошибка при открытии базы данных" - #: install.go:96 msgid "Error pulling repositories" msgstr "Ошибка при извлечении репозиториев" @@ -324,7 +329,7 @@ msgstr "%s %s загружается — %s/с\n" msgid "ERROR" msgstr "ОШИБКА" -#: internal/utils/cmd.go:65 +#: internal/utils/cmd.go:74 msgid "You need to be root" msgstr "" @@ -344,11 +349,11 @@ msgstr "Аргументы, которые будут переданы мене msgid "Enable interactive questions and prompts" msgstr "Включение интерактивных вопросов и запросов" -#: main.go:183 +#: main.go:185 msgid "Show help" msgstr "Показать справку" -#: main.go:187 +#: main.go:189 msgid "Error while running app" msgstr "Ошибка при запуске приложения" @@ -364,7 +369,7 @@ msgstr "Массив контрольных сумм должен быть то msgid "Downloading sources" msgstr "Скачивание источников" -#: pkg/build/build.go:507 +#: pkg/build/build.go:535 msgid "Installing dependencies" msgstr "Установка зависимостей" @@ -402,19 +407,19 @@ msgid "AutoReq is not implemented for this package format, so it's skipped" msgstr "" "AutoReq не реализовано для этого формата пакета, поэтому будет пропущено" -#: pkg/build/script_executor.go:236 +#: pkg/build/script_executor.go:237 msgid "Building package metadata" msgstr "Сборка метаданных пакета" -#: pkg/build/script_executor.go:355 +#: pkg/build/script_executor.go:356 msgid "Executing prepare()" msgstr "Исполнение prepare()" -#: pkg/build/script_executor.go:364 +#: pkg/build/script_executor.go:365 msgid "Executing build()" msgstr "Исполнение build()" -#: pkg/build/script_executor.go:393 pkg/build/script_executor.go:413 +#: pkg/build/script_executor.go:394 pkg/build/script_executor.go:414 msgid "Executing %s()" msgstr "Исполнение %s()" @@ -511,6 +516,18 @@ msgstr "Ошибка при разборе шаблона" msgid "Error executing template" msgstr "Ошибка при выполнении шаблона" +#: upgrade.go:48 +msgid "Upgrade all installed packages" +msgstr "Обновить все установленные пакеты" + +#: upgrade.go:111 upgrade.go:129 +msgid "Error checking for updates" +msgstr "Ошибка при проверке обновлений" + +#: upgrade.go:133 +msgid "There is nothing to do." +msgstr "Здесь нечего делать." + #, fuzzy #~ msgid "Unable to create config directory" #~ msgstr "Не удалось создать каталог конфигурации ALR" @@ -546,15 +563,6 @@ msgstr "Ошибка при выполнении шаблона" #~ msgid "Error installing package" #~ msgstr "Ошибка при установке пакета" -#~ msgid "Upgrade all installed packages" -#~ msgstr "Обновить все установленные пакеты" - -#~ msgid "Error checking for updates" -#~ msgstr "Ошибка при проверке обновлений" - -#~ msgid "There is nothing to do." -#~ msgstr "Здесь нечего делать." - #~ msgid "Error opening config file, using defaults" #~ msgstr "" #~ "Ошибка при открытии конфигурационного файла, используются значения по " diff --git a/internal/utils/cmd.go b/internal/utils/cmd.go index f5a6a4d..b851f91 100644 --- a/internal/utils/cmd.go +++ b/internal/utils/cmd.go @@ -26,17 +26,26 @@ import ( "github.com/leonelquinteros/gotext" ) -func GetUidGidAlrUser() (int, int, error) { +func GetUidGidAlrUserString() (string, string, error) { u, err := user.Lookup("alr") + if err != nil { + return "", "", err + } + + return u.Uid, u.Gid, nil +} + +func GetUidGidAlrUser() (int, int, error) { + strUid, strGid, err := GetUidGidAlrUserString() if err != nil { return 0, 0, err } - uid, err := strconv.Atoi(u.Uid) + uid, err := strconv.Atoi(strUid) if err != nil { return 0, 0, err } - gid, err := strconv.Atoi(u.Gid) + gid, err := strconv.Atoi(strGid) if err != nil { return 0, 0, err } diff --git a/main.go b/main.go index 9453191..acffacb 100644 --- a/main.go +++ b/main.go @@ -88,7 +88,7 @@ func GetApp() *cli.App { Commands: []*cli.Command{ InstallCmd(), RemoveCmd(), - // UpgradeCmd(), + UpgradeCmd(), InfoCmd(), ListCmd(), BuildCmd(), @@ -103,6 +103,8 @@ func GetApp() *cli.App { // TEST InternalBuildCmd(), InternalInstallCmd(), + InternalMountCmd(), + InternalUnmountCmd(), // InternalBuild2Cmd(), }, Before: func(c *cli.Context) error { diff --git a/pkg/build/build.go b/pkg/build/build.go index c9f179c..2cfae77 100644 --- a/pkg/build/build.go +++ b/pkg/build/build.go @@ -489,9 +489,37 @@ type InstallPkgsArgs struct { func (b *Builder) InstallALRPackages( ctx context.Context, + input interface { + OsInfoProvider + BuildOptsProvider + PkgFormatProvider + }, alrPkgs []db.Package, - opts types.BuildOpts, -) { +) error { + for _, pkg := range alrPkgs { + res, err := b.BuildPackageFromDb( + ctx, + &BuildPackageFromDbArgs{ + Package: &pkg, + Packages: []string{}, + BuildArgs: BuildArgs{ + Opts: input.BuildOpts(), + Info: input.OSRelease(), + PkgFormat_: input.PkgFormat(), + }, + }, + ) + if err != nil { + return err + } + + err = b.installerExecutor.InstallLocal(res.PackagePaths) + if err != nil { + return err + } + } + + return nil } func (b *Builder) BuildALRDeps( diff --git a/pkg/build/main_build.go b/pkg/build/main_build.go index 038f2ef..e91ec35 100644 --- a/pkg/build/main_build.go +++ b/pkg/build/main_build.go @@ -18,7 +18,6 @@ package build import ( "log/slog" - "os" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/manager" ) @@ -27,8 +26,6 @@ func NewMainBuilder( cfg Config, repos PackageFinder, ) *Builder { - slog.Info("", "uid", os.Geteuid(), "gid", os.Getegid()) - s, err := GetSafeScriptExecutor() if err != nil { slog.Info("i will panic") diff --git a/pkg/build/script_executor.go b/pkg/build/script_executor.go index 1f9489d..cb4b1e5 100644 --- a/pkg/build/script_executor.go +++ b/pkg/build/script_executor.go @@ -78,6 +78,7 @@ func (e *LocalScriptExecutor) ExecuteFirstPass(ctx context.Context, input *Build interp.ReadDirHandler2(handlers.RestrictedReadDir(scriptDir)), // Ограничиваем чтение директорий interp.StatHandler(handlers.RestrictedStat(scriptDir)), // Ограничиваем доступ к статистике файлов interp.OpenHandler(handlers.RestrictedOpen(scriptDir)), // Ограничиваем открытие файлов + interp.Dir(scriptDir), ) if err != nil { return "", nil, err diff --git a/pkg/distro/osrelease.go b/pkg/distro/osrelease.go index 8320f94..fc94a39 100644 --- a/pkg/distro/osrelease.go +++ b/pkg/distro/osrelease.go @@ -82,6 +82,7 @@ func ParseOSRelease(ctx context.Context) (*OSRelease, error) { interp.ReadDirHandler2(handlers.NopReadDir), interp.StatHandler(handlers.NopStat), interp.Env(expand.ListEnviron()), + interp.Dir("/"), ) if err != nil { return nil, err diff --git a/upgrade.g_o b/upgrade.go similarity index 85% rename from upgrade.g_o rename to upgrade.go index 17cfea6..57009ef 100644 --- a/upgrade.g_o +++ b/upgrade.go @@ -34,6 +34,7 @@ import ( database "gitea.plemya-x.ru/Plemya-x/ALR/internal/db" "gitea.plemya-x.ru/Plemya-x/ALR/internal/overrides" "gitea.plemya-x.ru/Plemya-x/ALR/internal/types" + "gitea.plemya-x.ru/Plemya-x/ALR/internal/utils" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/build" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/distro" "gitea.plemya-x.ru/Plemya-x/ALR/pkg/manager" @@ -54,10 +55,16 @@ func UpgradeCmd() *cli.Command { }, }, Action: func(c *cli.Context) error { + err := utils.DropCapsToAlrUser() + if err != nil { + slog.Error(gotext.Get("Error dropping capabilities"), "err", err) + os.Exit(1) + } + ctx := c.Context cfg := config.New() - err := cfg.Load() + err = cfg.Load() if err != nil { slog.Error(gotext.Get("Error loading config"), "err", err) os.Exit(1) @@ -71,7 +78,14 @@ func UpgradeCmd() *cli.Command { os.Exit(1) } + slog.Debug("builder setup") + builder := build.NewMainBuilder( + cfg, + rs, + ) + info, err := distro.ParseOSRelease(ctx) + slog.Debug("ParseOSRelease", "err", err) if err != nil { slog.Error(gotext.Get("Error parsing os-release file"), "err", err) os.Exit(1) @@ -84,6 +98,7 @@ func UpgradeCmd() *cli.Command { } if cfg.AutoPull() { + slog.Debug("autopull") err = rs.Pull(ctx, cfg.Repos()) if err != nil { slog.Error(gotext.Get("Error pulling repos"), "err", err) @@ -98,22 +113,22 @@ func UpgradeCmd() *cli.Command { } if len(updates) > 0 { - builder := build.NewBuilder( + err = builder.InstallALRPackages( ctx, - types.BuildOpts{ - Manager: mgr, - Clean: c.Bool("clean"), - Interactive: c.Bool("interactive"), + &build.BuildArgs{ + Opts: &types.BuildOpts{ + Clean: c.Bool("clean"), + Interactive: c.Bool("interactive"), + }, + Info: info, + PkgFormat_: build.GetPkgFormat(mgr), }, - rs, - info, - cfg, + updates, ) - builder.InstallPkgs(ctx, updates, nil, types.BuildOpts{ - Manager: mgr, - Clean: c.Bool("clean"), - Interactive: c.Bool("interactive"), - }) + if err != nil { + slog.Error(gotext.Get("Error checking for updates"), "err", err) + os.Exit(1) + } } else { slog.Info(gotext.Get("There is nothing to do.")) }