diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-02-27 14:52:25 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-02-27 14:53:12 -0700 |
commit | 61e5e3b024664d2b2549562efd915cf8b165b8e1 (patch) | |
tree | 5f597672205c7a3eb30e856f08d5e75569824057 | |
parent | 63cc03e228e0fe40aa3b7a7f973b18b734fcd338 (diff) | |
download | consfigurator-61e5e3b024664d2b2549562efd915cf8b165b8e1.tar.gz |
add :CHROOT and :CHROOT.SHELL connection types
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r-- | doc/ideas.rst | 9 | ||||
-rw-r--r-- | src/connection/chroot.lisp | 42 | ||||
-rw-r--r-- | src/connection/chroot/shell.lisp | 36 | ||||
-rw-r--r-- | src/package.lisp | 8 |
4 files changed, 86 insertions, 9 deletions
diff --git a/doc/ideas.rst b/doc/ideas.rst index 4d6944d..383249e 100644 --- a/doc/ideas.rst +++ b/doc/ideas.rst @@ -12,15 +12,6 @@ Properties Connections ----------- -- POSIX-CONNECTION which runs commands in a chroot, and a corresponding - LISP-CONNECTION which forks into the chroot. The latter will make a system - call so it will be an implementation of ESTABLISH-CONNECTION which does not - behave like a :POSIX property. So I think we actually want a generic for - each connection type keyword symbol, which returns whether establishing a - connection of that type requires the most recent hop to be POSIX- or LISP-. - Then DEPLOY* can call that and error out if establishing the next hop - requires LISP- but we only have POSIX-. - - :DEBIAN-SBCL could (fork and) SAVE-LISP-AND-DIE. That way, we have something that a cronjob can call to re-run the deployment to ensure that all properties remain applied. Need to think about how the property which diff --git a/src/connection/chroot.lisp b/src/connection/chroot.lisp new file mode 100644 index 0000000..b597333 --- /dev/null +++ b/src/connection/chroot.lisp @@ -0,0 +1,42 @@ +;;; Consfigurator -- Lisp declarative configuration management system + +;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> + +;;; This file is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3, or (at your option) +;;; any later version. + +;;; This file is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. + +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see <http://www.gnu.org/licenses/>. + +(in-package :consfigurator.connection.chroot) + +;; currently we only check whether we're root, but, for example, on Linux, we +;; might have a CAP_* which lets us chroot as non-root +(defun can-chroot () + (zerop (foreign-funcall "geteuid" :int))) + +(defun can-probably-fork () + "Return nil if we can detect other running threads, and the Lisp +implementation is known not to support forking when there are other threads. +A return value other than nil indicates only that we couldn't detect +circumstances in which it is known that we cannot fork, not that we are sure +we can fork -- a thread might be only partly initialised at the time we check, +for example, such that we don't see it." + (and + #+sbcl (not (sb-thread:list-all-threads)))) + +(defmethod establish-connection ((type (eql :chroot)) remaining &key into) + (establish-connection (if (and (lisp-connection-p) + (can-chroot) + (can-probably-fork)) + :chroot.fork + :chroot.shell) + remaining + :into into)) diff --git a/src/connection/chroot/shell.lisp b/src/connection/chroot/shell.lisp new file mode 100644 index 0000000..77fbdbd --- /dev/null +++ b/src/connection/chroot/shell.lisp @@ -0,0 +1,36 @@ +;;; Consfigurator -- Lisp declarative configuration management system + +;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> + +;;; This file is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3, or (at your option) +;;; any later version. + +;;; This file is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. + +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see <http://www.gnu.org/licenses/>. + +(in-package :consfigurator.connection.chroot.shell) + +(defmethod establish-connection ((type (eql :chroot.shell)) remaining &key into) + (declare (ignore remaining)) + (format t "Shelling into chroot at ~A~%" into) + (make-instance 'shell-chroot-connection :root into)) + +(defclass shell-chroot-connection (shell-wrap-connection) + ((root + :initarg :root))) + +(defmethod connection-shell-wrap ((connection shell-chroot-connection) cmd) + (format nil "chroot ~A sh -c ~A" + (escape-sh-token (slot-value connection 'root)) + (escape-sh-token cmd))) + +(defmethod connection-upload ((connection shell-chroot-connection) from to) + (mrun "cp" from (merge-pathnames to (ensure-directory-pathname + (slot-value connection 'root))))) diff --git a/src/package.lisp b/src/package.lisp index f4fcbce..e01b052 100644 --- a/src/package.lisp +++ b/src/package.lisp @@ -152,9 +152,17 @@ (defpackage :consfigurator.connection.debian-sbcl (:use #:cl #:consfigurator)) +(defpackage :consfigurator.connection.chroot + (:use #:cl #:consfigurator #:cffi)) + (defpackage :consfigurator.connection.chroot.fork (:use #:cl #:consfigurator #:cffi)) +(defpackage :consfigurator.connection.chroot.shell + (:use #:cl + #:consfigurator + #:consfigurator.connection.shell-wrap)) + (defpackage :consfigurator.property.cmd (:use #:cl #:consfigurator) (:export #:single)) |