add :CHROOT and :CHROOT.SHELL connection types

Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>

4 files changed, 86 insertions, 9 deletions

diff --git a/doc/ideas.rst b/doc/ideas.rst
index 4d6944d..383249e 100644
--- a/doc/ideas.rst
+++ b/doc/ideas.rst
@@ -12,15 +12,6 @@ Properties
 Connections
 -----------
 
-- POSIX-CONNECTION which runs commands in a chroot, and a corresponding
-  LISP-CONNECTION which forks into the chroot.  The latter will make a system
-  call so it will be an implementation of ESTABLISH-CONNECTION which does not
-  behave like a :POSIX property.  So I think we actually want a generic for
-  each connection type keyword symbol, which returns whether establishing a
-  connection of that type requires the most recent hop to be POSIX- or LISP-.
-  Then DEPLOY* can call that and error out if establishing the next hop
-  requires LISP- but we only have POSIX-.
-
 - :DEBIAN-SBCL could (fork and) SAVE-LISP-AND-DIE.  That way, we have
   something that a cronjob can call to re-run the deployment to ensure that
   all properties remain applied.  Need to think about how the property which
diff --git a/src/connection/chroot.lisp b/src/connection/chroot.lisp
new file mode 100644
index 0000000..b597333
--- /dev/null
+++ b/src/connection/chroot.lisp
@@ -0,0 +1,42 @@
+;;; Consfigurator -- Lisp declarative configuration management system
+
+;;; Copyright (C) 2021  Sean Whitton <spwhitton@spwhitton.name>
+
+;;; This file is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3, or (at your option)
+;;; any later version.
+
+;;; This file is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+
+;;; You should have received a copy of the GNU General Public License
+;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+(in-package :consfigurator.connection.chroot)
+
+;; currently we only check whether we're root, but, for example, on Linux, we
+;; might have a CAP_* which lets us chroot as non-root
+(defun can-chroot ()
+  (zerop (foreign-funcall "geteuid" :int)))
+
+(defun can-probably-fork ()
+  "Return nil if we can detect other running threads, and the Lisp
+implementation is known not to support forking when there are other threads.
+A return value other than nil indicates only that we couldn't detect
+circumstances in which it is known that we cannot fork, not that we are sure
+we can fork -- a thread might be only partly initialised at the time we check,
+for example, such that we don't see it."
+  (and
+   #+sbcl (not (sb-thread:list-all-threads))))
+
+(defmethod establish-connection ((type (eql :chroot)) remaining &key into)
+  (establish-connection (if (and (lisp-connection-p)
+				 (can-chroot)
+				 (can-probably-fork))
+			    :chroot.fork
+			    :chroot.shell)
+			remaining
+			:into into))
diff --git a/src/connection/chroot/shell.lisp b/src/connection/chroot/shell.lisp
new file mode 100644
index 0000000..77fbdbd
--- /dev/null
+++ b/src/connection/chroot/shell.lisp
@@ -0,0 +1,36 @@
+;;; Consfigurator -- Lisp declarative configuration management system
+
+;;; Copyright (C) 2021  Sean Whitton <spwhitton@spwhitton.name>
+
+;;; This file is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3, or (at your option)
+;;; any later version.
+
+;;; This file is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+
+;;; You should have received a copy of the GNU General Public License
+;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+(in-package :consfigurator.connection.chroot.shell)
+
+(defmethod establish-connection ((type (eql :chroot.shell)) remaining &key into)
+  (declare (ignore remaining))
+  (format t "Shelling into chroot at ~A~%" into)
+  (make-instance 'shell-chroot-connection :root into))
+
+(defclass shell-chroot-connection (shell-wrap-connection)
+  ((root
+    :initarg :root)))
+
+(defmethod connection-shell-wrap ((connection shell-chroot-connection) cmd)
+  (format nil "chroot ~A sh -c ~A"
+	  (escape-sh-token (slot-value connection 'root))
+	  (escape-sh-token cmd)))
+
+(defmethod connection-upload ((connection shell-chroot-connection) from to)
+  (mrun "cp" from (merge-pathnames to (ensure-directory-pathname
+				       (slot-value connection 'root)))))
diff --git a/src/package.lisp b/src/package.lisp
index f4fcbce..e01b052 100644
--- a/src/package.lisp
+++ b/src/package.lisp
@@ -152,9 +152,17 @@
 (defpackage :consfigurator.connection.debian-sbcl
   (:use #:cl #:consfigurator))
 
+(defpackage :consfigurator.connection.chroot
+  (:use #:cl #:consfigurator #:cffi))
+
 (defpackage :consfigurator.connection.chroot.fork
   (:use #:cl #:consfigurator #:cffi))
 
+(defpackage :consfigurator.connection.chroot.shell
+  (:use #:cl
+	#:consfigurator
+	#:consfigurator.connection.shell-wrap))
+
 (defpackage :consfigurator.property.cmd
   (:use #:cl #:consfigurator)
   (:export #:single))