Have the processes start in their own chroots

This commit is contained in:
Robin Malley 2023-03-12 16:24:22 +00:00
parent 4da25d600c
commit 3bb9e5e4f3
12 changed files with 180 additions and 28 deletions

View File

@ -11,20 +11,57 @@ GREP=grep
SORT=sort
# Config
chroot_dir=kore_chroot/
worker_chroot = /var/lib/smr/kore_worker
kmgr_chroot = /var/lib/smr/kore_kmgr
parent_chroot = /var/lib/smr/kore_parent
conf_path = /etc/smr
host_config = /etc/smr
ifeq ($(DEV),"true")
approot=/
chroot_dir=./kore_chroot$(approot)
else
approot=/var/smr/
chroot_dir=$(worker_chroot)$(approot)
endif
mirror=http://dl-cdn.alpinelinux.org/alpine/
arch=aarch64
version=2.10.5-r0
version=2.12.9
certbot_email=--register-unsafely-without-email
#certbot_email=-m you@cock.li
user=robin
port=8888
domain=test.monster:$(port)
server_cert=cert/server.pem
server_key=cert/key.pem
SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain)
SPPFLAGS=-D port=$(port) -D kore_chroot=$(chroot_dir) -D chuser=$(user) -D domain=$(domain) -D bin_path="$(bin_path)" -D server_cert="$(server_cert)" -D server_key="$(server_key)" -D worker_chroot="$(worker_chroot)" -D kmgr_chroot="$(kmgr_chroot)" -D approot="$(approot)"
# squelch prints, flip to print verbose information
Q=@
#Q=
#Q=@
Q=
LUAROCKS_FLAGS=--tree $(chroot_dir)/usr/lib/luarocks --lua-version 5.1
chroot_packages=\
-p luarocks5.1 \
-p "build-base" \
-p "ca-certificates" \
-p ssl_client \
-p luajit \
-p "lua5.1-dev" \
-p "luajit-dev" \
-p "lua5.1-lpeg" \
-p sqlite \
-p "sqlite-dev" \
-p certbot \
-p zlib \
-p "zlib-dev" \
-p git
lua_packages = \
lsqlite3 \
etlua \
lpeg \
zlib
# Probably don't change stuff past here if you're just using smr
lua_in_files=$(shell find src/lua/*.in -type f)
@ -43,9 +80,12 @@ built_sql=$(sql_files:src/sql/%.sql=$(chroot_dir)sql/%.sql)
built=$(built_files) $(built_sql) $(built_pages) $(built_tests)
asset_in_files=$(wildcard assets/*.in -type f)
asset_files=$(asset_in_files:%.in=%)
initscript=/lib/systemd/system/smr.service
config=$(conf_path)/smr.conf
bin_path=$(shell pwd)
help: ## Print this help
$(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-30s %s\n", $$1, $$2}'
$(Q)$(GREP) -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | $(SORT) | $(AWK) 'BEGIN {FS = ":.*?## "}; {printf "%-10s %s\n", $$1, $$2}'
all: $(chroot_dir) smr.so $(built_files) $(built_pages) $(built_sql) ## Build and run smr in a chroot
$(Q)$(ECHO) "[running] $@"
@ -56,7 +96,7 @@ conf/smr.conf : conf/smr.conf.in Makefile
$(Q)$(SPP) -o $@ $(SPPFLAGS) $<
apk-tools-static-$(version).apk:
# wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk
wget -q $(mirror)latest-stable/main/$(arch)/apk-tools-static-$(version).apk
clean: ## clean up all the files generated by this makefile
$(Q)$(ECHO) "[clean] $@"
@ -67,10 +107,19 @@ clean: ## clean up all the files generated by this makefile
$(Q)$(RM) src/lua/config.lua
$(Q)$(RM) $(asset_files)
install: $(worker_chroot) $(kmgr_chroot) $(parent_chroot) $(initscript) $(config) smr.so $(built_files) $(built_pages) $(built_sql) ## Install smr into a new host system
$(config) : conf/smr.conf
$(Q)$(MKDIR) $(host_config)
$(Q)$(COPY) $< $@
$(initscript) : packaging/systemd/smr.service
$(Q)$(COPY) $< $@
cloc: ## calculate source lines of code in smr
cloc --force-lang="HTML",etlua.in src assets
$(chroot_dir): apk-tools-static-$(version).apk
$(chroot_dir):
$(Q)$(MKDIR) $(chroot_dir)
$(Q)$(MKDIR) $(chroot_dir)/pages
$(Q)$(MKDIR) $(chroot_dir)/sql
@ -78,11 +127,22 @@ $(chroot_dir): apk-tools-static-$(version).apk
$(Q)$(MKDIR) $(chroot_dir)/data/archive
$(Q)$(MKDIR) $(chroot_dir)/endpoints
alpine-chroot-install:
$(Q)wget https://raw.githubusercontent.com/alpinelinux/alpine-chroot-install/v0.14.0/alpine-chroot-install \
&& echo 'ccbf65f85cdc351851f8ad025bb3e65bae4d5b06 alpine-chroot-install' | sha1sum -c \
|| exit 1
$(Q)chmod +x alpine-chroot-install
$(worker_chroot) $(kmgr_chroot) $(parent_chroot): alpine-chroot-install
$(Q)export APK_TOOLS_URI="https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v2.12.9/aarch64/apk.static"; \
export APK_TOOLS_SHA256="0164d47954c8a52e8ed10db1633174974a3b1e4182a1993a5a8343e394ee1bbc"; \
./alpine-chroot-install -d $@ -a $(arch) -$(chroot_packages)
code : $(built_files)
$(built_files): $(chroot_dir)%.lua : src/lua/%.lua
$(built_files): $(chroot_dir)%.lua : src/lua/%.lua $(chroot_dir)
$(Q)$(ECHO) "[copy] $@"
$(Q)$(COPY) $^ $@
$(Q)$(COPY) $< $@
$(built_pages): $(chroot_dir)pages/%.etlua : src/pages/%.etlua
$(Q)$(ECHO) "[copy] $@"
@ -112,7 +172,7 @@ $(asset_files) : % : %.in
$(Q)$(ECHO) "[preprocess] $@"
$(Q)$(SPP) $(SPPFLAGS) -o $@ $<
smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files)
smr.so : $(src_files) conf/smr.conf conf/build.conf $(asset_files) .flavor
$(Q)$(ECHO) "[build] $@"
$(Q)$(KODEV) build
@ -120,7 +180,7 @@ test : $(built) ## run the unit tests
$(Q)$(CD) kore_chroot && busted -v --no-keep-going #--exclude-tags slow
cov : $(built) ## code coverage (based on unit tests)
$(Q)$(RM) kore_chroot/luacov.stats.out
$(Q)$(CD) kore_chroot && busted -v -c --no-keep-going #--exclude-tags slow
$(Q)$(CD) kore_chroot && luacov endpoints/
$(Q)$(RM) $(kore_chroot)/luacov.stats.out
$(Q)$(CD) $(kore_chroot) && busted -v -c --no-keep-going #--exclude-tags slow
$(Q)$(CD) $(kore_chroot) && luacov endpoints/
$(Q)$(ECHO) "open kore_chroot/luacov.report.out to view coverage results."

View File

@ -8,24 +8,25 @@ server tls {
seccomp_tracing yes
privsep worker {
runas <{get chuser }>
runas root
root <{get kore_chroot }>
root <{get worker_chroot }>
}
privsep keymgr {
runas <{get chuser }>
runas root
root <{get kmgr_chroot }>
root .
}
load ./smr.so
load <{get bin_path}>/smr.so
workers 1
http_body_max 8388608
tls_dhparam dh2048.pem
tls_dhparam <{get bin_path}>/dh2048.pem
validator v_any regex [\s\S]*
validator v_storyid regex [a-zA-Z0-9$+!*'(),-]+

View File

@ -0,0 +1,16 @@
# Service file for systemd based systems
[Unit]
Description=smr server daemon
Documentation=https://git.fuwafuwa.moe/rmalley/smr
After=network.target syslog.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/kore -c /etc/smr/smr.conf
RemainAfterExit=true
ExecStop=/usr/bin/pkill -9 kore
StandardOutput=journal
[Install]
WantedBy=multi-user.target

View File

@ -2,9 +2,12 @@
Holds configuration.
A one-stop-shop for runtime configuration
]]
return {
local config = {
domain = "<{get domain}>",
production = false,
legacy_url_cutoff = 144,
db = "data/posts.db"
approot = "<{get approot}>"
}
config.db = config.approot .. "data/posts.db"
return config

View File

@ -1,5 +1,7 @@
local config = require("config")
local function archive(req)
local archive = assert(io.open("data/archive.zip","rb"))
local archive = assert(io.open(config.approot .. "data/archive.zip","rb"))
--[=[
local archive_size = archive:seek("end")
archive:seek("set")

View File

@ -3,6 +3,7 @@ Compiles all the pages under src/pages/ with etlua. See the etlua documentation
for more info (https://github.com/leafo/etlua)
]]
local et = require("etlua")
local config = require("config")
require("global")
local pagenames = {
"index",
@ -23,7 +24,7 @@ local pagenames = {
}
local pages = {}
for k,v in pairs(pagenames) do
local path = string.format("pages/%s.etlua",v)
local path = string.format(config.approot .. "pages/%s.etlua",v)
local parser = et.Parser()
local f = assert(io.open(path,"r"))
local fdata = assert(f:read("*a"))

View File

@ -1,5 +1,6 @@
local lpeg = require('lpeg')
local etlua = require('etlua')
local config = require("config")
local args = {...}
lpeg.locale(lpeg)
local V,P,C,S,B,Cs = lpeg.V,lpeg.P,lpeg.C,lpeg.S,lpeg.B,lpeg.Cs
@ -59,7 +60,7 @@ local grammar = P{
}
--Grammar
--Transpile a sting with + and - into an sql query that searches tags
local fname = "pages/search_sql.etlua"
local fname = config.approot .. "pages/search_sql.etlua"
local sqltmpl = assert(io.open(fname))
local c = etlua.compile(sqltmpl:read("*a"),fname)
sqltmpl:close()

View File

@ -1,9 +1,10 @@
local queries = {}
local config = require("config")
setmetatable(queries,{
__index = function(self,key)
local f = assert(io.open("sql/" .. key .. ".sql","r"))
local f = assert(io.open(config.approot .. "sql/" .. key .. ".sql","r"))
local ret = f:read("*a")
f:close()
return ret

48
src/pages/edit_bio.etlua Normal file
View File

@ -0,0 +1,48 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<% if author then %>
<meta name="author" content="<%= author %>">
<% end %>
<% if title then %>
<title><%- title %></title>
<% else %>
<title>&#x1f351;</title>
<% end %>
<link href="/_css/milligram.css" rel="stylesheet">
<link href="/_css/style.css" rel="stylesheet">
<% if extra_load then %>
<% for _,load in ipairs(extra_load) do %>
<%- load %>
<% end %>
<% end %>
</head>
<body class="container">
<main class="wrapper">
<h1 class="title">
Edit Biography for <%= user %>
</h1>
<% if err then %><em class="error"><%= err %></em><% end %>
<form action="https://<%= user %>.<%= domain %>/_bio" method="post" class="container">
<fieldset>
<input type="hidden" name="author" value="<%= user %>">
<div class="row">
<textarea name="text" cols=80 rows=24 class="column"><%= text %></textarea><br/>
</div>
<div class="row">
<input type="submit">
</div>
</fieldset>
</form>
<footer class="footer">
</footer>
</main>
</body>
<body>

View File

@ -215,9 +215,26 @@ kore_worker_configure(void){
/*closedir(dp);*/
/*}*/
L = luaL_newstate();
// Open libraries
luaL_openlibs(L);
load_kore_libs(L);
load_crypto_libs(L);
// Set package.path
lua_getglobal(L,"package"); // {package}
lua_getfield(L,-1,"path"); // {package}, "package.path"
lua_pushstring(L,";/var/smr/?.lua;/usr/local/share/lua/5.1/?.lua"); // {package}, "package.path", "/var/smr/?.lua"
lua_concat(L,2); //{package}, "package.path;/var/app_name/?.lua"
lua_setfield(L,-2,"path"); //{package}
lua_getfield(L,-1,"cpath");
lua_pushstring(L,";/usr/local/lib/lua/5.1/?.so");
lua_concat(L,2);
lua_setfield(L,-2,"cpath");
lua_pop(L,1);
// Run init
lua_pushcfunction(L,errhandeler);
printf("About to run loadfile...\n");
luaL_loadfile(L,SM_INIT);

View File

@ -1,3 +1,5 @@
#define SM_INIT "init.lua"
#ifndef SM_INIT
#define SM_INIT "/var/smr/init.lua"
#endif
int errhandeler(lua_State *);