Have the processes start in their own chroots
This commit is contained in:
parent
4da25d600c
commit
3bb9e5e4f3
88
Makefile
88
Makefile
|
@ -11,20 +11,57 @@ GREP=grep
|
|||
SORT=sort
|
||||
|
||||
# Config
|
||||
chroot_dir=kore_chroot/
|
||||
worker_chroot = /var/lib/smr/kore_worker
|
||||
kmgr_chroot = /var/lib/smr/kore_kmgr
|
||||
parent_chroot = /var/lib/smr/kore_parent
|
||||
conf_path = /etc/smr
|
||||
|
||||
host_config = /etc/smr
|
||||
|
||||
ifeq ($(DEV),"true")
|
||||
approot=/
|
||||
chroot_dir=./kore_chroot$(approot)
|
||||
else
|
||||
approot=/var/smr/
|
||||
chroot_dir=$(worker_chroot)$(approot)
|
||||
endif
|
||||
mirror=http://dl-cdn.alpinelinux.org/alpine/
|
||||
arch=aarch64
|
||||
version=2.10.5-r0
|
||||
version=2.12.9
|
||||
certbot_email=--register-unsafely-without-email
|
||||
#certbot_email=-m you@cock.li
|
||||
user=robin
|
||||
port=8888
|
||||
domain=test.monster:$(port)
|
||||
server_cert=cert/server.pem
|
||||
server_key=cert/key.pem
|
||||
|
||||
SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain)
|
||||
SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain) -D bin_path="$(bin_path)" -D server_cert="$(server_cert)" -D server_key="$(server_key)" -D worker_chroot="$(worker_chroot)" -D kmgr_chroot="$(kmgr_chroot)" -D approot="$(approot)"
|
||||
# squelch prints, flip to print verbose information
|
||||
Q=@
|
||||
#Q=
|
||||
#Q=@
|
||||
Q=
|
||||
LUAROCKS_FLAGS=--tree $(chroot_dir)/usr/lib/luarocks --lua-version 5.1
|
||||
chroot_packages=\
|
||||
-p luarocks5.1 \
|
||||
-p "build-base" \
|
||||
-p "ca-certificates" \
|
||||
-p ssl_client \
|
||||
-p luajit \
|
||||
-p "lua5.1-dev" \
|
||||
-p "luajit-dev" \
|
||||
-p "lua5.1-lpeg" \
|
||||
-p sqlite \
|
||||
-p "sqlite-dev" \
|
||||
-p certbot \
|
||||
-p zlib \
|
||||
-p "zlib-dev" \
|
||||
-p git
|
||||
|
||||
lua_packages = \
|
||||
lsqlite3 \
|
||||
etlua \
|
||||
lpeg \
|
||||
zlib
|
||||
|
||||
# Probably don't change stuff past here if you're just using smr
|
||||
lua_in_files=$(shell find src/lua/*.in -type f)
|
||||
|
@ -43,9 +80,12 @@ built_sql=$(sql_files:src/sql/%.sql=$(chroot_dir)sql/%.sql)
|
|||
built=$(built_files) $(built_sql) $(built_pages) $(built_tests)
|
||||
asset_in_files=$(wildcard assets/*.in -type f)
|
||||
asset_files=$(asset_in_files:%.in=%)
|
||||
initscript=/lib/systemd/system/smr.service
|
||||
config=$(conf_path)/smr.conf
|
||||
bin_path=$(shell pwd)
|
||||
|
||||
help: ## Print this help
|
||||
$(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-30s %s\n", $$1, $$2}'
|
||||
$(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-10s %s\n", $$1, $$2}'
|
||||
|
||||
all: $(chroot_dir) smr.so $(built_files) $(built_pages) $(built_sql) ## Build and run smr in a chroot
|
||||
$(Q)$(ECHO) "[running] $@"
|
||||
|
@ -56,7 +96,7 @@ conf/smr.conf : conf/smr.conf.in Makefile
|
|||
$(Q)$(SPP) -o $@ $(SPPFLAGS) $<
|
||||
|
||||
apk-tools-static-$(version).apk:
|
||||
# wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk
|
||||
wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk
|
||||
|
||||
clean: ## clean up all the files generated by this makefile
|
||||
$(Q)$(ECHO) "[clean] $@"
|
||||
|
@ -67,10 +107,19 @@ clean: ## clean up all the files generated by this makefile
|
|||
$(Q)$(RM) src/lua/config.lua
|
||||
$(Q)$(RM) $(asset_files)
|
||||
|
||||
install: $(worker_chroot) $(kmgr_chroot) $(parent_chroot) $(initscript) $(config) smr.so $(built_files) $(built_pages) $(built_sql) ## Install smr into a new host system
|
||||
|
||||
$(config) : conf/smr.conf
|
||||
$(Q)$(MKDIR) $(host_config)
|
||||
$(Q)$(COPY) $< $@
|
||||
|
||||
$(initscript) : packaging/systemd/smr.service
|
||||
$(Q)$(COPY) $< $@
|
||||
|
||||
cloc: ## calculate source lines of code in smr
|
||||
cloc --force-lang="HTML",etlua.in src assets
|
||||
|
||||
$(chroot_dir): apk-tools-static-$(version).apk
|
||||
$(chroot_dir):
|
||||
$(Q)$(MKDIR) $(chroot_dir)
|
||||
$(Q)$(MKDIR) $(chroot_dir)/pages
|
||||
$(Q)$(MKDIR) $(chroot_dir)/sql
|
||||
|
@ -78,11 +127,22 @@ $(chroot_dir): apk-tools-static-$(version).apk
|
|||
$(Q)$(MKDIR) $(chroot_dir)/data/archive
|
||||
$(Q)$(MKDIR) $(chroot_dir)/endpoints
|
||||
|
||||
alpine-chroot-install:
|
||||
$(Q)wget https://raw.githubusercontent.com/alpinelinux/alpine-chroot-install/v0.14.0/alpine-chroot-install \
|
||||
&& echo 'ccbf65f85cdc351851f8ad025bb3e65bae4d5b06 alpine-chroot-install' | sha1sum -c \
|
||||
|| exit 1
|
||||
$(Q)chmod +x alpine-chroot-install
|
||||
|
||||
$(worker_chroot) $(kmgr_chroot) $(parent_chroot): alpine-chroot-install
|
||||
$(Q)export APK_TOOLS_URI="https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v2.12.9/aarch64/apk.static"; \
|
||||
export APK_TOOLS_SHA256="0164d47954c8a52e8ed10db1633174974a3b1e4182a1993a5a8343e394ee1bbc"; \
|
||||
./alpine-chroot-install -d $@ -a $(arch) -$(chroot_packages)
|
||||
|
||||
code : $(built_files)
|
||||
|
||||
$(built_files): $(chroot_dir)%.lua : src/lua/%.lua
|
||||
$(built_files): $(chroot_dir)%.lua : src/lua/%.lua $(chroot_dir)
|
||||
$(Q)$(ECHO) "[copy] $@"
|
||||
$(Q)$(COPY) $^ $@
|
||||
$(Q)$(COPY) $< $@
|
||||
|
||||
$(built_pages): $(chroot_dir)pages/%.etlua : src/pages/%.etlua
|
||||
$(Q)$(ECHO) "[copy] $@"
|
||||
|
@ -112,7 +172,7 @@ $(asset_files) : % : %.in
|
|||
$(Q)$(ECHO) "[preprocess] $@"
|
||||
$(Q)$(SPP) $(SPPFLAGS) -o $@ $<
|
||||
|
||||
smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files)
|
||||
smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files) .flavor
|
||||
$(Q)$(ECHO) "[build] $@"
|
||||
$(Q)$(KODEV) build
|
||||
|
||||
|
@ -120,7 +180,7 @@ test : $(built) ## run the unit tests
|
|||
$(Q)$(CD) kore_chroot && busted -v --no-keep-going #--exclude-tags slow
|
||||
|
||||
cov : $(built) ## code coverage (based on unit tests)
|
||||
$(Q)$(RM) kore_chroot/luacov.stats.out
|
||||
$(Q)$(CD) kore_chroot && busted -v -c --no-keep-going #--exclude-tags slow
|
||||
$(Q)$(CD) kore_chroot && luacov endpoints/
|
||||
$(Q)$(RM) $(kore_chroot)/luacov.stats.out
|
||||
$(Q)$(CD) $(kore_chroot) && busted -v -c --no-keep-going #--exclude-tags slow
|
||||
$(Q)$(CD) $(kore_chroot) && luacov endpoints/
|
||||
$(Q)$(ECHO) "open kore_chroot/luacov.report.out to view coverage results."
|
||||
|
|
|
@ -8,24 +8,25 @@ server tls {
|
|||
seccomp_tracing yes
|
||||
|
||||
privsep worker {
|
||||
runas <{get chuser }>
|
||||
runas root
|
||||
|
||||
root <{get kore_chroot }>
|
||||
root <{get worker_chroot }>
|
||||
|
||||
}
|
||||
privsep keymgr {
|
||||
runas <{get chuser }>
|
||||
runas root
|
||||
|
||||
root <{get kmgr_chroot }>
|
||||
|
||||
root .
|
||||
}
|
||||
|
||||
load ./smr.so
|
||||
load <{get bin_path}>/smr.so
|
||||
|
||||
workers 1
|
||||
|
||||
http_body_max 8388608
|
||||
|
||||
tls_dhparam dh2048.pem
|
||||
tls_dhparam <{get bin_path}>/dh2048.pem
|
||||
|
||||
validator v_any regex [\s\S]*
|
||||
validator v_storyid regex [a-zA-Z0-9$+!*'(),-]+
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
# Service file for systemd based systems
|
||||
|
||||
[Unit]
|
||||
Description=smr server daemon
|
||||
Documentation=https://git.fuwafuwa.moe/rmalley/smr
|
||||
After=network.target syslog.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/kore -c /etc/smr/smr.conf
|
||||
RemainAfterExit=true
|
||||
ExecStop=/usr/bin/pkill -9 kore
|
||||
StandardOutput=journal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -2,9 +2,12 @@
|
|||
Holds configuration.
|
||||
A one-stop-shop for runtime configuration
|
||||
]]
|
||||
return {
|
||||
local config = {
|
||||
domain = "<{get domain}>",
|
||||
production = false,
|
||||
legacy_url_cutoff = 144,
|
||||
db = "data/posts.db"
|
||||
approot = "<{get approot}>"
|
||||
}
|
||||
config.db = config.approot .. "data/posts.db"
|
||||
|
||||
return config
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
local config = require("config")
|
||||
|
||||
local function archive(req)
|
||||
local archive = assert(io.open("data/archive.zip","rb"))
|
||||
local archive = assert(io.open(config.approot .. "data/archive.zip","rb"))
|
||||
--[=[
|
||||
local archive_size = archive:seek("end")
|
||||
archive:seek("set")
|
||||
|
|
|
@ -3,6 +3,7 @@ Compiles all the pages under src/pages/ with etlua. See the etlua documentation
|
|||
for more info (https://github.com/leafo/etlua)
|
||||
]]
|
||||
local et = require("etlua")
|
||||
local config = require("config")
|
||||
require("global")
|
||||
local pagenames = {
|
||||
"index",
|
||||
|
@ -23,7 +24,7 @@ local pagenames = {
|
|||
}
|
||||
local pages = {}
|
||||
for k,v in pairs(pagenames) do
|
||||
local path = string.format("pages/%s.etlua",v)
|
||||
local path = string.format(config.approot .. "pages/%s.etlua",v)
|
||||
local parser = et.Parser()
|
||||
local f = assert(io.open(path,"r"))
|
||||
local fdata = assert(f:read("*a"))
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
local lpeg = require('lpeg')
|
||||
local etlua = require('etlua')
|
||||
local config = require("config")
|
||||
local args = {...}
|
||||
lpeg.locale(lpeg)
|
||||
local V,P,C,S,B,Cs = lpeg.V,lpeg.P,lpeg.C,lpeg.S,lpeg.B,lpeg.Cs
|
||||
|
@ -59,7 +60,7 @@ local grammar = P{
|
|||
}
|
||||
--Grammar
|
||||
--Transpile a sting with + and - into an sql query that searches tags
|
||||
local fname = "pages/search_sql.etlua"
|
||||
local fname = config.approot .. "pages/search_sql.etlua"
|
||||
local sqltmpl = assert(io.open(fname))
|
||||
local c = etlua.compile(sqltmpl:read("*a"),fname)
|
||||
sqltmpl:close()
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
|
||||
local queries = {}
|
||||
local config = require("config")
|
||||
|
||||
setmetatable(queries,{
|
||||
__index = function(self,key)
|
||||
local f = assert(io.open("sql/" .. key .. ".sql","r"))
|
||||
local f = assert(io.open(config.approot .. "sql/" .. key .. ".sql","r"))
|
||||
local ret = f:read("*a")
|
||||
f:close()
|
||||
return ret
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<% if author then %>
|
||||
<meta name="author" content="<%= author %>">
|
||||
<% end %>
|
||||
<% if title then %>
|
||||
<title><%- title %></title>
|
||||
<% else %>
|
||||
<title>🍑</title>
|
||||
<% end %>
|
||||
<link href="/_css/milligram.css" rel="stylesheet">
|
||||
<link href="/_css/style.css" rel="stylesheet">
|
||||
<% if extra_load then %>
|
||||
<% for _,load in ipairs(extra_load) do %>
|
||||
<%- load %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
</head>
|
||||
<body class="container">
|
||||
<main class="wrapper">
|
||||
|
||||
<h1 class="title">
|
||||
Edit Biography for <%= user %>
|
||||
</h1>
|
||||
<% if err then %><em class="error"><%= err %></em><% end %>
|
||||
<form action="https://<%= user %>.<%= domain %>/_bio" method="post" class="container">
|
||||
<fieldset>
|
||||
<input type="hidden" name="author" value="<%= user %>">
|
||||
<div class="row">
|
||||
<textarea name="text" cols=80 rows=24 class="column"><%= text %></textarea><br/>
|
||||
</div>
|
||||
<div class="row">
|
||||
<input type="submit">
|
||||
</div>
|
||||
</fieldset>
|
||||
</form>
|
||||
<footer class="footer">
|
||||
|
||||
</footer>
|
||||
</main>
|
||||
</body>
|
||||
<body>
|
||||
|
||||
|
17
src/smr.c
17
src/smr.c
|
@ -215,9 +215,26 @@ kore_worker_configure(void){
|
|||
/*closedir(dp);*/
|
||||
/*}*/
|
||||
L = luaL_newstate();
|
||||
|
||||
|
||||
// Open libraries
|
||||
luaL_openlibs(L);
|
||||
load_kore_libs(L);
|
||||
load_crypto_libs(L);
|
||||
|
||||
// Set package.path
|
||||
lua_getglobal(L,"package"); // {package}
|
||||
lua_getfield(L,-1,"path"); // {package}, "package.path"
|
||||
lua_pushstring(L,";/var/smr/?.lua;/usr/local/share/lua/5.1/?.lua"); // {package}, "package.path", "/var/smr/?.lua"
|
||||
lua_concat(L,2); //{package}, "package.path;/var/app_name/?.lua"
|
||||
lua_setfield(L,-2,"path"); //{package}
|
||||
lua_getfield(L,-1,"cpath");
|
||||
lua_pushstring(L,";/usr/local/lib/lua/5.1/?.so");
|
||||
lua_concat(L,2);
|
||||
lua_setfield(L,-2,"cpath");
|
||||
lua_pop(L,1);
|
||||
|
||||
// Run init
|
||||
lua_pushcfunction(L,errhandeler);
|
||||
printf("About to run loadfile...\n");
|
||||
luaL_loadfile(L,SM_INIT);
|
||||
|
|
Loading…
Reference in New Issue