From 3bb9e5e4f3394aacbd82176c6a36a4b9d8b7c312 Mon Sep 17 00:00:00 2001 From: Robin Malley Date: Sun, 12 Mar 2023 16:24:22 +0000 Subject: [PATCH] Have the processes start in their own chroots --- Makefile | 88 ++++++++++++++++++++++++++----- conf/build.conf | 2 +- conf/smr.conf.in | 13 ++--- packaging/systemd/smr.service | 16 ++++++ src/lua/config.lua.in | 7 ++- src/lua/endpoints/archive_get.lua | 4 +- src/lua/pages.lua | 3 +- src/lua/parser_search.lua | 3 +- src/lua/queries.lua | 3 +- src/pages/edit_bio.etlua | 48 +++++++++++++++++ src/smr.c | 17 ++++++ src/smr.h | 4 +- 12 files changed, 180 insertions(+), 28 deletions(-) create mode 100644 packaging/systemd/smr.service create mode 100644 src/pages/edit_bio.etlua diff --git a/Makefile b/Makefile index b2dd833..8255327 100644 --- a/Makefile +++ b/Makefile @@ -11,20 +11,57 @@ GREP=grep SORT=sort # Config -chroot_dir=kore_chroot/ +worker_chroot = /var/lib/smr/kore_worker +kmgr_chroot = /var/lib/smr/kore_kmgr +parent_chroot = /var/lib/smr/kore_parent +conf_path = /etc/smr + +host_config = /etc/smr + +ifeq ($(DEV),"true") + approot=/ + chroot_dir=./kore_chroot$(approot) +else + approot=/var/smr/ + chroot_dir=$(worker_chroot)$(approot) +endif mirror=http://dl-cdn.alpinelinux.org/alpine/ arch=aarch64 -version=2.10.5-r0 +version=2.12.9 certbot_email=--register-unsafely-without-email #certbot_email=-m you@cock.li user=robin port=8888 domain=test.monster:$(port) +server_cert=cert/server.pem +server_key=cert/key.pem -SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain) +SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain) -D bin_path="$(bin_path)" -D server_cert="$(server_cert)" -D server_key="$(server_key)" -D worker_chroot="$(worker_chroot)" -D kmgr_chroot="$(kmgr_chroot)" -D approot="$(approot)" # squelch prints, flip to print verbose information -Q=@ -#Q= +#Q=@ +Q= +LUAROCKS_FLAGS=--tree $(chroot_dir)/usr/lib/luarocks --lua-version 5.1 +chroot_packages=\ + -p luarocks5.1 \ + -p "build-base" \ + -p "ca-certificates" \ + -p ssl_client \ + -p luajit \ + -p "lua5.1-dev" \ + -p "luajit-dev" \ + -p "lua5.1-lpeg" \ + -p sqlite \ + -p "sqlite-dev" \ + -p certbot \ + -p zlib \ + -p "zlib-dev" \ + -p git + +lua_packages = \ + lsqlite3 \ + etlua \ + lpeg \ + zlib # Probably don't change stuff past here if you're just using smr lua_in_files=$(shell find src/lua/*.in -type f) @@ -43,9 +80,12 @@ built_sql=$(sql_files:src/sql/%.sql=$(chroot_dir)sql/%.sql) built=$(built_files) $(built_sql) $(built_pages) $(built_tests) asset_in_files=$(wildcard assets/*.in -type f) asset_files=$(asset_in_files:%.in=%) +initscript=/lib/systemd/system/smr.service +config=$(conf_path)/smr.conf +bin_path=$(shell pwd) help: ## Print this help - $(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-30s %s\n", $$1, $$2}' + $(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-10s %s\n", $$1, $$2}' all: $(chroot_dir) smr.so $(built_files) $(built_pages) $(built_sql) ## Build and run smr in a chroot $(Q)$(ECHO) "[running] $@" @@ -56,7 +96,7 @@ conf/smr.conf : conf/smr.conf.in Makefile $(Q)$(SPP) -o $@ $(SPPFLAGS) $< apk-tools-static-$(version).apk: - # wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk + wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk clean: ## clean up all the files generated by this makefile $(Q)$(ECHO) "[clean] $@" @@ -67,10 +107,19 @@ clean: ## clean up all the files generated by this makefile $(Q)$(RM) src/lua/config.lua $(Q)$(RM) $(asset_files) +install: $(worker_chroot) $(kmgr_chroot) $(parent_chroot) $(initscript) $(config) smr.so $(built_files) $(built_pages) $(built_sql) ## Install smr into a new host system + +$(config) : conf/smr.conf + $(Q)$(MKDIR) $(host_config) + $(Q)$(COPY) $< $@ + +$(initscript) : packaging/systemd/smr.service + $(Q)$(COPY) $< $@ + cloc: ## calculate source lines of code in smr cloc --force-lang="HTML",etlua.in src assets -$(chroot_dir): apk-tools-static-$(version).apk +$(chroot_dir): $(Q)$(MKDIR) $(chroot_dir) $(Q)$(MKDIR) $(chroot_dir)/pages $(Q)$(MKDIR) $(chroot_dir)/sql @@ -78,11 +127,22 @@ $(chroot_dir): apk-tools-static-$(version).apk $(Q)$(MKDIR) $(chroot_dir)/data/archive $(Q)$(MKDIR) $(chroot_dir)/endpoints +alpine-chroot-install: + $(Q)wget https://raw.githubusercontent.com/alpinelinux/alpine-chroot-install/v0.14.0/alpine-chroot-install \ + && echo 'ccbf65f85cdc351851f8ad025bb3e65bae4d5b06 alpine-chroot-install' | sha1sum -c \ + || exit 1 + $(Q)chmod +x alpine-chroot-install + +$(worker_chroot) $(kmgr_chroot) $(parent_chroot): alpine-chroot-install + $(Q)export APK_TOOLS_URI="https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v2.12.9/aarch64/apk.static"; \ + export APK_TOOLS_SHA256="0164d47954c8a52e8ed10db1633174974a3b1e4182a1993a5a8343e394ee1bbc"; \ + ./alpine-chroot-install -d $@ -a $(arch) -$(chroot_packages) + code : $(built_files) -$(built_files): $(chroot_dir)%.lua : src/lua/%.lua +$(built_files): $(chroot_dir)%.lua : src/lua/%.lua $(chroot_dir) $(Q)$(ECHO) "[copy] $@" - $(Q)$(COPY) $^ $@ + $(Q)$(COPY) $< $@ $(built_pages): $(chroot_dir)pages/%.etlua : src/pages/%.etlua $(Q)$(ECHO) "[copy] $@" @@ -112,7 +172,7 @@ $(asset_files) : % : %.in $(Q)$(ECHO) "[preprocess] $@" $(Q)$(SPP) $(SPPFLAGS) -o $@ $< -smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files) +smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files) .flavor $(Q)$(ECHO) "[build] $@" $(Q)$(KODEV) build @@ -120,7 +180,7 @@ test : $(built) ## run the unit tests $(Q)$(CD) kore_chroot && busted -v --no-keep-going #--exclude-tags slow cov : $(built) ## code coverage (based on unit tests) - $(Q)$(RM) kore_chroot/luacov.stats.out - $(Q)$(CD) kore_chroot && busted -v -c --no-keep-going #--exclude-tags slow - $(Q)$(CD) kore_chroot && luacov endpoints/ + $(Q)$(RM) $(kore_chroot)/luacov.stats.out + $(Q)$(CD) $(kore_chroot) && busted -v -c --no-keep-going #--exclude-tags slow + $(Q)$(CD) $(kore_chroot) && luacov endpoints/ $(Q)$(ECHO) "open kore_chroot/luacov.report.out to view coverage results." diff --git a/conf/build.conf b/conf/build.conf index 1ff1e5f..139086d 100644 --- a/conf/build.conf +++ b/conf/build.conf @@ -32,7 +32,7 @@ dev { } prod { - cflags=-D BUILD_PROD + cflags=-D BUILD_PROD cflags=-I/usr/include/luajit-2.1 cflags=-lluajit-5.1 ldflags=-lluajit-5.1 diff --git a/conf/smr.conf.in b/conf/smr.conf.in index c799c71..05a6a1a 100644 --- a/conf/smr.conf.in +++ b/conf/smr.conf.in @@ -8,24 +8,25 @@ server tls { seccomp_tracing yes privsep worker { - runas <{get chuser }> + runas root - root <{get kore_chroot }> + root <{get worker_chroot }> } privsep keymgr { - runas <{get chuser }> + runas root + + root <{get kmgr_chroot }> - root . } -load ./smr.so +load <{get bin_path}>/smr.so workers 1 http_body_max 8388608 -tls_dhparam dh2048.pem +tls_dhparam <{get bin_path}>/dh2048.pem validator v_any regex [\s\S]* validator v_storyid regex [a-zA-Z0-9$+!*'(),-]+ diff --git a/packaging/systemd/smr.service b/packaging/systemd/smr.service new file mode 100644 index 0000000..9d3778b --- /dev/null +++ b/packaging/systemd/smr.service @@ -0,0 +1,16 @@ +# Service file for systemd based systems + +[Unit] +Description=smr server daemon +Documentation=https://git.fuwafuwa.moe/rmalley/smr +After=network.target syslog.target + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/kore -c /etc/smr/smr.conf +RemainAfterExit=true +ExecStop=/usr/bin/pkill -9 kore +StandardOutput=journal + +[Install] +WantedBy=multi-user.target diff --git a/src/lua/config.lua.in b/src/lua/config.lua.in index 1a69c8d..17fe0ea 100644 --- a/src/lua/config.lua.in +++ b/src/lua/config.lua.in @@ -2,9 +2,12 @@ Holds configuration. A one-stop-shop for runtime configuration ]] -return { +local config = { domain = "<{get domain}>", production = false, legacy_url_cutoff = 144, - db = "data/posts.db" + approot = "<{get approot}>" } +config.db = config.approot .. "data/posts.db" + +return config diff --git a/src/lua/endpoints/archive_get.lua b/src/lua/endpoints/archive_get.lua index 41a374f..ab2896c 100644 --- a/src/lua/endpoints/archive_get.lua +++ b/src/lua/endpoints/archive_get.lua @@ -1,5 +1,7 @@ +local config = require("config") + local function archive(req) - local archive = assert(io.open("data/archive.zip","rb")) + local archive = assert(io.open(config.approot .. "data/archive.zip","rb")) --[=[ local archive_size = archive:seek("end") archive:seek("set") diff --git a/src/lua/pages.lua b/src/lua/pages.lua index 8817644..1abcb55 100644 --- a/src/lua/pages.lua +++ b/src/lua/pages.lua @@ -3,6 +3,7 @@ Compiles all the pages under src/pages/ with etlua. See the etlua documentation for more info (https://github.com/leafo/etlua) ]] local et = require("etlua") +local config = require("config") require("global") local pagenames = { "index", @@ -23,7 +24,7 @@ local pagenames = { } local pages = {} for k,v in pairs(pagenames) do - local path = string.format("pages/%s.etlua",v) + local path = string.format(config.approot .. "pages/%s.etlua",v) local parser = et.Parser() local f = assert(io.open(path,"r")) local fdata = assert(f:read("*a")) diff --git a/src/lua/parser_search.lua b/src/lua/parser_search.lua index 2f950ad..12001c2 100644 --- a/src/lua/parser_search.lua +++ b/src/lua/parser_search.lua @@ -1,5 +1,6 @@ local lpeg = require('lpeg') local etlua = require('etlua') +local config = require("config") local args = {...} lpeg.locale(lpeg) local V,P,C,S,B,Cs = lpeg.V,lpeg.P,lpeg.C,lpeg.S,lpeg.B,lpeg.Cs @@ -59,7 +60,7 @@ local grammar = P{ } --Grammar --Transpile a sting with + and - into an sql query that searches tags -local fname = "pages/search_sql.etlua" +local fname = config.approot .. "pages/search_sql.etlua" local sqltmpl = assert(io.open(fname)) local c = etlua.compile(sqltmpl:read("*a"),fname) sqltmpl:close() diff --git a/src/lua/queries.lua b/src/lua/queries.lua index 3d4e500..2f58103 100644 --- a/src/lua/queries.lua +++ b/src/lua/queries.lua @@ -1,9 +1,10 @@ local queries = {} +local config = require("config") setmetatable(queries,{ __index = function(self,key) - local f = assert(io.open("sql/" .. key .. ".sql","r")) + local f = assert(io.open(config.approot .. "sql/" .. key .. ".sql","r")) local ret = f:read("*a") f:close() return ret diff --git a/src/pages/edit_bio.etlua b/src/pages/edit_bio.etlua new file mode 100644 index 0000000..ad57e0f --- /dev/null +++ b/src/pages/edit_bio.etlua @@ -0,0 +1,48 @@ + + + + + + + <% if author then %> + + <% end %> + <% if title then %> + <%- title %> + <% else %> + 🍑 + <% end %> + + + <% if extra_load then %> + <% for _,load in ipairs(extra_load) do %> + <%- load %> + <% end %> + <% end %> + + +
+ +

+ Edit Biography for <%= user %> +

+<% if err then %><%= err %><% end %> +
+
+ +
+
+
+
+ +
+
+
+ +
+ + + + diff --git a/src/smr.c b/src/smr.c index 7bb32c5..d239e45 100644 --- a/src/smr.c +++ b/src/smr.c @@ -215,9 +215,26 @@ kore_worker_configure(void){ /*closedir(dp);*/ /*}*/ L = luaL_newstate(); + + + // Open libraries luaL_openlibs(L); load_kore_libs(L); load_crypto_libs(L); + + // Set package.path + lua_getglobal(L,"package"); // {package} + lua_getfield(L,-1,"path"); // {package}, "package.path" + lua_pushstring(L,";/var/smr/?.lua;/usr/local/share/lua/5.1/?.lua"); // {package}, "package.path", "/var/smr/?.lua" + lua_concat(L,2); //{package}, "package.path;/var/app_name/?.lua" + lua_setfield(L,-2,"path"); //{package} + lua_getfield(L,-1,"cpath"); + lua_pushstring(L,";/usr/local/lib/lua/5.1/?.so"); + lua_concat(L,2); + lua_setfield(L,-2,"cpath"); + lua_pop(L,1); + + // Run init lua_pushcfunction(L,errhandeler); printf("About to run loadfile...\n"); luaL_loadfile(L,SM_INIT); diff --git a/src/smr.h b/src/smr.h index fbe93e3..e78c07a 100644 --- a/src/smr.h +++ b/src/smr.h @@ -1,3 +1,5 @@ -#define SM_INIT "init.lua" +#ifndef SM_INIT +#define SM_INIT "/var/smr/init.lua" +#endif int errhandeler(lua_State *);