feat: migrate to system cache with changing core logic

2025-04-15 21:41:21 +03:00
parent 5ca34a572a
commit efa4f59403
62 changed files with 4002 additions and 1889 deletions
--- a/internal/utils/cmd.go
+++ b/internal/utils/cmd.go
@@ -0,0 +1,186 @@
+// ALR - Any Linux Repository
+// Copyright (C) 2025 Евгений Храмов
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+	"errors"
+	"os"
+	"os/user"
+	"strconv"
+	"syscall"
+
+	"github.com/leonelquinteros/gotext"
+	"github.com/urfave/cli/v2"
+
+	"gitea.plemya-x.ru/Plemya-x/ALR/internal/cliutils"
+	"gitea.plemya-x.ru/Plemya-x/ALR/internal/constants"
+)
+
+func GetUidGidAlrUserString() (string, string, error) {
+	u, err := user.Lookup("alr")
+	if err != nil {
+		return "", "", err
+	}
+
+	return u.Uid, u.Gid, nil
+}
+
+func GetUidGidAlrUser() (int, int, error) {
+	strUid, strGid, err := GetUidGidAlrUserString()
+	if err != nil {
+		return 0, 0, err
+	}
+
+	uid, err := strconv.Atoi(strUid)
+	if err != nil {
+		return 0, 0, err
+	}
+	gid, err := strconv.Atoi(strGid)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	return uid, gid, nil
+}
+
+func DropCapsToAlrUser() error {
+	uid, gid, err := GetUidGidAlrUser()
+	if err != nil {
+		return err
+	}
+	err = syscall.Setgid(gid)
+	if err != nil {
+		return err
+	}
+	err = syscall.Setuid(uid)
+	if err != nil {
+		return err
+	}
+	return EnsureIsAlrUser()
+}
+
+func ExitIfCantDropGidToAlr() cli.ExitCoder {
+	_, gid, err := GetUidGidAlrUser()
+	if err != nil {
+		return cliutils.FormatCliExit("cannot get gid alr", err)
+	}
+	err = syscall.Setgid(gid)
+	if err != nil {
+		return cliutils.FormatCliExit("cannot get setgid alr", err)
+	}
+	return nil
+}
+
+// ExitIfCantDropCapsToAlrUser attempts to drop capabilities to the already
+// running user. Returns a cli.ExitCoder with an error if the operation fails.
+// See also [ExitIfCantDropCapsToAlrUserNoPrivs] for a version that also applies
+// no-new-privs.
+func ExitIfCantDropCapsToAlrUser() cli.ExitCoder {
+	err := DropCapsToAlrUser()
+	if err != nil {
+		return cliutils.FormatCliExit(gotext.Get("Error dropping capabilities"), err)
+	}
+	return nil
+}
+
+func ExitIfCantSetNoNewPrivs() cli.ExitCoder {
+	if err := NoNewPrivs(); err != nil {
+		return cliutils.FormatCliExit("error no new privs", err)
+	}
+
+	return nil
+}
+
+// ExitIfCantDropCapsToAlrUserNoPrivs combines [ExitIfCantDropCapsToAlrUser] with [ExitIfCantSetNoNewPrivs]
+func ExitIfCantDropCapsToAlrUserNoPrivs() cli.ExitCoder {
+	if err := ExitIfCantDropCapsToAlrUser(); err != nil {
+		return err
+	}
+
+	if err := ExitIfCantSetNoNewPrivs(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func ExitIfNotRoot() error {
+	if os.Getuid() != 0 {
+		return cli.Exit(gotext.Get("You need to be root to perform this action"), 1)
+	}
+	return nil
+}
+
+func EnsureIsAlrUser() error {
+	uid, gid, err := GetUidGidAlrUser()
+	if err != nil {
+		return err
+	}
+	newUid := syscall.Getuid()
+	if newUid != uid {
+		return errors.New("new uid don't matches requested")
+	}
+	newGid := syscall.Getgid()
+	if newGid != gid {
+		return errors.New("new gid don't matches requested")
+	}
+	return nil
+}
+
+func EnuseIsPrivilegedGroupMember() error {
+	currentUser, err := user.Current()
+	if err != nil {
+		return err
+	}
+
+	group, err := user.LookupGroup(constants.PrivilegedGroup)
+	if err != nil {
+		return err
+	}
+
+	groups, err := currentUser.GroupIds()
+	if err != nil {
+		return err
+	}
+
+	for _, gid := range groups {
+		if gid == group.Gid {
+			return nil
+		}
+	}
+	return cliutils.FormatCliExit(gotext.Get("You need to be a %s member to perform this action", constants.PrivilegedGroup), nil)
+}
+
+func EscalateToRootGid() error {
+	return syscall.Setgid(0)
+}
+
+func EscalateToRootUid() error {
+	return syscall.Setuid(0)
+}
+
+func EscalateToRoot() error {
+	err := EscalateToRootUid()
+	if err != nil {
+		return err
+	}
+	err = EscalateToRootGid()
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -0,0 +1,23 @@
+// ALR - Any Linux Repository
+// Copyright (C) 2025 Евгений Храмов
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package utils
+
+import "golang.org/x/sys/unix"
+
+func NoNewPrivs() error {
+	return unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)
+}