Have the processes start in their own chroots

2023-03-12 16:24:22 +00:00 · 2023-03-12 16:24:22 +00:00 · 3bb9e5e4f3
parent 4da25d600c
commit 3bb9e5e4f3
12 changed files with 180 additions and 28 deletions
--- a/88
+++ b/88
@ -11,20 +11,57 @@ GREP=grep
 SORT=sort
 # Config
-chroot_dir=kore_chroot/
+worker_chroot = /var/lib/smr/kore_worker
 kmgr_chroot = /var/lib/smr/kore_kmgr
 parent_chroot = /var/lib/smr/kore_parent
 conf_path = /etc/smr
 host_config = /etc/smr
 ifeq ($(DEV),"true")
 	approot=/
 	chroot_dir=./kore_chroot$(approot)
 else
 	approot=/var/smr/
 	chroot_dir=$(worker_chroot)$(approot)
 endif
 mirror=http://dl-cdn.alpinelinux.org/alpine/
 arch=aarch64
-version=2.10.5-r0
+version=2.12.9
 certbot_email=--register-unsafely-without-email
 #certbot_email=-m you@cock.li
 user=robin
 port=8888
 domain=test.monster:$(port)
 server_cert=cert/server.pem
 server_key=cert/key.pem
-SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain)
+SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain) -D bin_path="$(bin_path)" -D server_cert="$(server_cert)" -D server_key="$(server_key)" -D worker_chroot="$(worker_chroot)" -D kmgr_chroot="$(kmgr_chroot)" -D approot="$(approot)"
 # squelch prints, flip to print verbose information
-Q=@
+#Q=@
-#Q= 
+Q= 
 LUAROCKS_FLAGS=--tree $(chroot_dir)/usr/lib/luarocks --lua-version 5.1
 chroot_packages=\
 	-p luarocks5.1 \
 	-p "build-base" \
 	-p "ca-certificates" \
 	-p ssl_client \
 	-p luajit \
 	-p "lua5.1-dev" \
 	-p "luajit-dev" \
 	-p "lua5.1-lpeg" \
 	-p sqlite \
 	-p "sqlite-dev" \
 	-p certbot \
 	-p zlib \
 	-p "zlib-dev" \
 	-p git
 lua_packages = \
 	lsqlite3 \
 	etlua \
 	lpeg \
 	zlib
 # Probably don't change stuff past here if you're just using smr
 lua_in_files=$(shell find src/lua/*.in -type f)
@ -43,9 +80,12 @@ built_sql=$(sql_files:src/sql/%.sql=$(chroot_dir)sql/%.sql)
 built=$(built_files) $(built_sql) $(built_pages) $(built_tests)
 asset_in_files=$(wildcard assets/*.in -type f)
 asset_files=$(asset_in_files:%.in=%)
 initscript=/lib/systemd/system/smr.service
 config=$(conf_path)/smr.conf
 bin_path=$(shell pwd)
 help: ## Print this help
-	$(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-30s %s\n", $$1, $$2}'
+	$(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-10s %s\n", $$1, $$2}'
 all: $(chroot_dir) smr.so $(built_files) $(built_pages) $(built_sql) ## Build and run smr in a chroot
 	$(Q)$(ECHO) "[running] $@"
@ -56,7 +96,7 @@ conf/smr.conf : conf/smr.conf.in Makefile
 	$(Q)$(SPP) -o $@ $(SPPFLAGS) $<
 apk-tools-static-$(version).apk:
-	# wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk
+	wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk
 clean: ## clean up all the files generated by this makefile
 	$(Q)$(ECHO) "[clean] $@"
@ -67,10 +107,19 @@ clean: ## clean up all the files generated by this makefile
 	$(Q)$(RM) src/lua/config.lua
 	$(Q)$(RM) $(asset_files)
 install: $(worker_chroot) $(kmgr_chroot) $(parent_chroot) $(initscript) $(config) smr.so $(built_files) $(built_pages) $(built_sql) ## Install smr into a new host system
 $(config) : conf/smr.conf
 	$(Q)$(MKDIR) $(host_config)
 	$(Q)$(COPY) $< $@
 $(initscript) : packaging/systemd/smr.service
 	$(Q)$(COPY) $< $@
 cloc: ## calculate source lines of code in smr
 	cloc --force-lang="HTML",etlua.in src assets
-$(chroot_dir): apk-tools-static-$(version).apk
+$(chroot_dir):
 	$(Q)$(MKDIR) $(chroot_dir)
 	$(Q)$(MKDIR) $(chroot_dir)/pages
 	$(Q)$(MKDIR) $(chroot_dir)/sql
@ -78,11 +127,22 @@ $(chroot_dir): apk-tools-static-$(version).apk
 	$(Q)$(MKDIR) $(chroot_dir)/data/archive
 	$(Q)$(MKDIR) $(chroot_dir)/endpoints
 alpine-chroot-install:
 	$(Q)wget https://raw.githubusercontent.com/alpinelinux/alpine-chroot-install/v0.14.0/alpine-chroot-install \
 		&& echo 'ccbf65f85cdc351851f8ad025bb3e65bae4d5b06  alpine-chroot-install' | sha1sum -c \
 		|| exit 1
 	$(Q)chmod +x alpine-chroot-install
 $(worker_chroot) $(kmgr_chroot) $(parent_chroot): alpine-chroot-install
 	$(Q)export APK_TOOLS_URI="https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v2.12.9/aarch64/apk.static"; \
 	export APK_TOOLS_SHA256="0164d47954c8a52e8ed10db1633174974a3b1e4182a1993a5a8343e394ee1bbc"; \
 	./alpine-chroot-install -d $@ -a $(arch) -$(chroot_packages)
 code : $(built_files)
-$(built_files): $(chroot_dir)%.lua : src/lua/%.lua
+$(built_files): $(chroot_dir)%.lua : src/lua/%.lua $(chroot_dir)
 	$(Q)$(ECHO) "[copy] $@"
-	$(Q)$(COPY) $^ $@
+	$(Q)$(COPY) $< $@
 $(built_pages): $(chroot_dir)pages/%.etlua : src/pages/%.etlua
 	$(Q)$(ECHO) "[copy] $@"
@ -112,7 +172,7 @@ $(asset_files) : % : %.in
 	$(Q)$(ECHO) "[preprocess] $@"
 	$(Q)$(SPP) $(SPPFLAGS) -o $@ $<
-smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files)
+smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files) .flavor
 	$(Q)$(ECHO) "[build] $@"
 	$(Q)$(KODEV) build
@ -120,7 +180,7 @@ test : $(built) ## run the unit tests
 	$(Q)$(CD) kore_chroot && busted -v --no-keep-going #--exclude-tags slow
 cov : $(built) ## code coverage (based on unit tests)
-	$(Q)$(RM) kore_chroot/luacov.stats.out
+	$(Q)$(RM) $(kore_chroot)/luacov.stats.out
-	$(Q)$(CD) kore_chroot && busted -v -c --no-keep-going #--exclude-tags slow
+	$(Q)$(CD) $(kore_chroot) && busted -v -c --no-keep-going #--exclude-tags slow
-	$(Q)$(CD) kore_chroot && luacov endpoints/
+	$(Q)$(CD) $(kore_chroot) && luacov endpoints/
 	$(Q)$(ECHO) "open kore_chroot/luacov.report.out to view coverage results."
--- a/conf/build.conf
+++ b/conf/build.conf
@ -32,7 +32,7 @@ dev {
 }
 prod {
-	cflags=-D BUILD_PROD
+	cflags=-D BUILD_PROD 
 	cflags=-I/usr/include/luajit-2.1
 	cflags=-lluajit-5.1
 	ldflags=-lluajit-5.1
--- a/conf/smr.conf.in
+++ b/conf/smr.conf.in
@ -8,24 +8,25 @@ server tls {
 seccomp_tracing yes
 privsep worker {
-	runas <{get chuser }>
+	runas root
-	root  <{get kore_chroot }>
+	root  <{get worker_chroot }>
 }
 privsep keymgr {
-	runas <{get chuser }>
+	runas root
 	root <{get kmgr_chroot }>
 	root .
 }
-load		./smr.so
+load		<{get bin_path}>/smr.so
 workers         1
 http_body_max 8388608
-tls_dhparam	dh2048.pem
+tls_dhparam	<{get bin_path}>/dh2048.pem
 validator v_any regex [\s\S]*
 validator v_storyid regex [a-zA-Z0-9$+!*'(),-]+
--- a/packaging/systemd/smr.service
+++ b/packaging/systemd/smr.service
@ -0,0 +1,16 @@
 # Service file for systemd based systems
 [Unit]
 Description=smr server daemon
 Documentation=https://git.fuwafuwa.moe/rmalley/smr
 After=network.target syslog.target
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/kore -c /etc/smr/smr.conf
 RemainAfterExit=true
 ExecStop=/usr/bin/pkill -9 kore
 StandardOutput=journal
 [Install]
 WantedBy=multi-user.target
--- a/src/lua/config.lua.in
+++ b/src/lua/config.lua.in
@ -2,9 +2,12 @@
 Holds configuration.
 A one-stop-shop for runtime configuration
 ]]
-return {
+local config = {
 	domain = "<{get domain}>",
 	production = false,
 	legacy_url_cutoff = 144,
-	db = "data/posts.db"
+	approot = "<{get approot}>"
 }
 config.db = config.approot .. "data/posts.db"
 return config
--- a/src/lua/endpoints/archive_get.lua
+++ b/src/lua/endpoints/archive_get.lua
@ -1,5 +1,7 @@
 local config = require("config")
 local function archive(req)
-	local archive = assert(io.open("data/archive.zip","rb"))
+	local archive = assert(io.open(config.approot .. "data/archive.zip","rb"))
 	--[=[
 	local archive_size = archive:seek("end")
 	archive:seek("set")
--- a/src/lua/pages.lua
+++ b/src/lua/pages.lua
@ -3,6 +3,7 @@ Compiles all the pages under src/pages/ with etlua. See the etlua documentation
 for more info (https://github.com/leafo/etlua)
 ]]
 local et = require("etlua")
 local config = require("config")
 require("global")
 local pagenames = {
 	"index",
@ -23,7 +24,7 @@ local pagenames = {
 }
 local pages = {}
 for k,v in pairs(pagenames) do
-	local path = string.format("pages/%s.etlua",v)
+	local path = string.format(config.approot .. "pages/%s.etlua",v)
 	local parser = et.Parser()
 	local f = assert(io.open(path,"r"))
 	local fdata = assert(f:read("*a"))
--- a/src/lua/parser_search.lua
+++ b/src/lua/parser_search.lua
@ -1,5 +1,6 @@
 local lpeg = require('lpeg')
 local etlua = require('etlua')
 local config = require("config")
 local args = {...}
 lpeg.locale(lpeg)
 local V,P,C,S,B,Cs = lpeg.V,lpeg.P,lpeg.C,lpeg.S,lpeg.B,lpeg.Cs
@ -59,7 +60,7 @@ local grammar = P{
 }
 --Grammar
 --Transpile a sting with + and - into an sql query that searches tags
-local fname = "pages/search_sql.etlua"
+local fname = config.approot .. "pages/search_sql.etlua"
 local sqltmpl = assert(io.open(fname))
 local c = etlua.compile(sqltmpl:read("*a"),fname)
 sqltmpl:close()
--- a/src/lua/queries.lua
+++ b/src/lua/queries.lua
@ -1,9 +1,10 @@
 local queries = {}
 local config = require("config")
 setmetatable(queries,{
 	__index = function(self,key)
-		local f = assert(io.open("sql/" .. key .. ".sql","r"))
+		local f = assert(io.open(config.approot .. "sql/" .. key .. ".sql","r"))
 		local ret = f:read("*a")
 		f:close()
 		return ret
--- a/src/pages/edit_bio.etlua
+++ b/src/pages/edit_bio.etlua
@ -0,0 +1,48 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
 		<% if author then %>
 			<meta name="author" content="<%= author %>">
 		<% end %>
 		<% if title then %>
 			<title><%- title %></title>
 		<% else %>
 			<title>&#x1f351;</title>
 		<% end %>
 		<link href="/_css/milligram.css" rel="stylesheet">
 		<link href="/_css/style.css" rel="stylesheet">
 		<% if extra_load then %>
 			<% for _,load in ipairs(extra_load) do %>
 				<%- load %>
 			<% end %>
 		<% end %>
 	</head>
 	<body class="container">
 		<main class="wrapper">
 <h1 class="title">
 	Edit Biography for <%= user %>
 </h1>
 <% if err then %><em class="error"><%= err %></em><% end %>
 <form action="https://<%= user %>.<%= domain %>/_bio" method="post" class="container">
 	<fieldset>
 		<input type="hidden" name="author" value="<%= user %>">
 		<div class="row">
 			<textarea name="text" cols=80 rows=24 class="column"><%= text %></textarea><br/>
 		</div>
 		<div class="row">
 			<input type="submit">
 		</div>
 	</fieldset>
 </form>
 			<footer class="footer">
 			</footer>
 		</main>
 	</body>
 <body>
--- a/src/smr.c
+++ b/src/smr.c
@ -215,9 +215,26 @@ kore_worker_configure(void){
 		/*closedir(dp);*/
 	/*}*/
 	L = luaL_newstate();
 	// Open libraries
 	luaL_openlibs(L);
 	load_kore_libs(L);
 	load_crypto_libs(L);
 	// Set package.path
        lua_getglobal(L,"package"); // {package}
        lua_getfield(L,-1,"path"); // {package}, "package.path"
        lua_pushstring(L,";/var/smr/?.lua;/usr/local/share/lua/5.1/?.lua"); // {package}, "package.path", "/var/smr/?.lua"
        lua_concat(L,2); //{package}, "package.path;/var/app_name/?.lua"
        lua_setfield(L,-2,"path"); //{package}
 	lua_getfield(L,-1,"cpath");
 	lua_pushstring(L,";/usr/local/lib/lua/5.1/?.so");
 	lua_concat(L,2);
 	lua_setfield(L,-2,"cpath");
        lua_pop(L,1);
 	// Run init
 	lua_pushcfunction(L,errhandeler);
 	printf("About to run loadfile...\n");
 	luaL_loadfile(L,SM_INIT);
--- a/src/smr.h
+++ b/src/smr.h
@ -1,3 +1,5 @@
-#define SM_INIT "init.lua"
+#ifndef SM_INIT
 #define SM_INIT "/var/smr/init.lua"
 #endif
 int             errhandeler(lua_State *);