chore: move all common sources + first packaging commit

Common sources are now in a separate crate. This has the advantage to avoid many "unused" warnings. Indeed as chsr uses some calls that sr don't use, it raise this warning. And as the same with sr. So many unused warnings were wrongly reported. I started to make deployment work, as sr and chsr seems to be well-tested and made some security checks. For now, deployment is WIP.
LeChatP · Aug 29, 2024 · 84f1095 · 84f1095
1 parent f8800a2
commit 84f1095
Show file tree

Hide file tree

Showing 42 changed files with 822 additions and 406 deletions.
diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml
@@ -0,0 +1,37 @@
+name: Deploy pkg to GitHub Packages
+
+## only triger manual
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          components: clippy
+          override: true
+
+      - name: Install Dependencies
+        run: ./dependencies.sh -yd
+
+      - name: Configure
+        run: sudo ./configure.sh -yd
+
+      - name: Install cargo deb
+        run: cargo install cargo-deb
+
+      - name: Build
+        run: cargo deb
+
+      - name: Upload to GitHub 
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace]
-members = ["xtask", "capable", "capable-common"]
+members = ["xtask", "capable", "capable-common", "rar-common"]
 
 [package]
 name = "RootAsRole"
@@ -9,11 +9,13 @@ rust-version = "1.74.1"
 authors = ["Eddie Billoir <[email protected]>"]
 edition = "2021"
 default-run = "sr"
-description = "RootAsRole is an alternative to sudo that uses Linux capabilities and RBAC for scalability."
-license-file = "LICENSE"
+description = "An alternative to sudo that uses Linux capabilities and Role based access control."
+license = "GPL-3.0-or-later"
 repository = "https://github.com/LeChatP/RootAsRole"
+homepage = "https://lechatp.github.io/RootAsRole/"
 keywords = ["sudo", "capabilities", "rbac", "linux", "security"]
 categories = ["command-line-utilities", "os::linux-apis", "config"]
+exclude = ["sudoers-reader/*", "book/*"]
 
 [badges]
 maintainance ={ status = "actively-maintained", badge = "https://img.shields.io/badge/maintenance-actively%20maintained-brightgreen.svg" }
@@ -46,12 +48,13 @@ serde_json = "1.0.116"
 toml = "0.8.13"
 
 [dependencies]
+rar-common = { path = "rar-common" }
 tracing = "0.1.40"
 tracing-subscriber = "0.3.18"
 libc = "0.2.155"
-strum = { version = "0.26.2", features = ["derive"] }
+strum = { version = "0.26.3", features = ["derive"] }
 semver = { version = "1.0.23", features = ["serde"] }
-nix = { version = "0.28.0", features = ["user","process", "signal", "fs"] } 
+nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] } 
 #sudoers-reader = { path = "sudoers-reader" }
 capctl = "0.2.4"
 pcre2 = "0.2.7"
@@ -86,3 +89,44 @@ tracing-subscriber = { version = "0.3.16", default-features = false, features =
 pest-test-gen = "0.1.7"
 pest-test = "0.1.6"
 lazy_static = "1.4.0"
+
+
+[package.metadata.deb]
+maintainer = "Eddie Billoir <[email protected]>"
+license-file = "LICENSE"
+depends = "libpam0g, e2fsprogs, libcap2-bin, libpam-modules, libpcre2-8-0"
+section = "admin"
+priority = "optional"
+assets =    [ 
+    ["target/release/sr", "usr/bin/sr", "0555"],
+    ["target/release/chsr", "usr/bin/chsr", "0555"],
+    ["resources/rootasrole.json", "usr/share/rootasrole/default.json", "0640"],
+    ["resources/debian/deb_sr_pam.conf", "usr/share/rootasrole/pam_sr.conf", "0644"]
+]
+conf-files = ["/etc/pam.d/sr"]
+maintainer-scripts = "resources/debian/"
+extended-description = "RootAsRole is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to multiple co-administrators through RBAC model and Linux Capabilities features."
+
+[package.metadata.generate-rpm]
+assets = [
+    { source = "target/release/sr", target = "/usr/bin/sr", mode = "0555" },
+    { source = "target/release/chsr", target = "/usr/bin/chsr", mode = "0555" },
+    { source = "resources/rootasrole.json", target = "/etc/security/rootasrole.json", mode = "0640" }
+]
+
+[package.metadata.generate-rpm.requires]
+libcap = "*"
+e2fsprogs = "*"
+coreutils = "*"
+gawk = "*"
+sed = "*"
+
+[package.metadata.aur]
+depends = ["libcap", "e2fsprogs", "pcre2", "pam"]
+files = [ ["target/release/sr", "/usr/bin/sr"],
+          ["target/release/chsr", "/usr/bin/chsr"],
+          ["resources/arch_sr_pam.conf", "/usr/share/rootasrole/pam_sr.conf"],
+          ["resources/rootasrole.json", "/usr/share/rootasrole/default.json"],
+          ["resources/debian/postinst", "/usr/share/rootasrole/postinst" ] ]
+custom = [ "$pkgdir/usr/share/rootasrole/postinst" ]
+
diff --git a/build.rs b/build.rs
@@ -38,6 +38,22 @@ fn set_cargo_version(package_version: &str, file: &str) -> Result<(), Box<dyn Er
     Ok(())
 }
 
+fn set_pkgbuild_version(package_version: &str, file: &str) -> Result<(), Box<dyn Error>> {
+    let pkgbuild = File::open(std::path::Path::new(file)).expect("PKGBUILD not found");
+    let reader = BufReader::new(pkgbuild);
+    let lines = reader.lines().map(|l| l.unwrap()).collect::<Vec<String>>();
+    let mut pkgbuild = File::create(std::path::Path::new(file)).expect("PKGBUILD not found");
+    for line in lines {
+        if line.starts_with("pkgver") {
+            writeln!(pkgbuild, "pkgver={}", package_version)?;
+        } else {
+            writeln!(pkgbuild, "{}", line)?;
+        }
+    }
+    pkgbuild.sync_all()?;
+    Ok(())
+}
+
 fn write_doc(f: &mut File) -> Result<(), Box<dyn Error>> {
     let docresp = reqwest::blocking::get(
         "https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/plain/man7/capabilities.7",
@@ -171,4 +187,6 @@ fn main() {
     // }
 
     f.flush().unwrap();
+
+
 }
diff --git a/makepkg.sh b/makepkg.sh
@@ -0,0 +1,26 @@
+#/bin/sh
+
+# This script build every package for Arch Linux, Debian, Fedora.
+
+cargo build --release --bin sr --bin chsr || exit 1
+
+# Arch Linux
+if [ -z "$ARCH" ]; then
+    ARCH=$(uname -m)
+fi
+PKGEXT=.pkg.tar.zst
+
+
+mkdir -p target/arch/usr/bin
+mkdir -p target/arch/etc/pam.d
+mkdir -p target/arch/usr/share/rootasrole
+cp target/release/sr target/release/chsr target/arch/usr/bin
+cp resources/rootasrole.json target/arch/usr/share/rootasrole/default.json
+cp resources/arch/arch_sr_pam.conf target/arch/etc/pam.d/sr
+cp resources/arch/PKGBUILD resources/arch/rootasrole.install target/arch
+
+sed -i "s/%ARCH%/$ARCH/g" target/arch/PKGBUILD
+
+cd target/arch
+
+makepkg -f -p PKGBUILD
diff --git a/rar-common/Cargo.toml b/rar-common/Cargo.toml
@@ -0,0 +1,46 @@
+[package]
+name = "rar-common"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+tracing = "0.1.40"
+tracing-subscriber = "0.3.18"
+libc = "0.2.155"
+strum = { version = "0.26.3", features = ["derive"] }
+semver = { version = "1.0.23", features = ["serde"] }
+nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] } 
+#sudoers-reader = { path = "sudoers-reader" }
+capctl = "0.2.4"
+pcre2 = "0.2.7"
+serde = { version = "1.0.202", features=["rc"] }
+serde_json = "1.0.117"
+ciborium = "0.2.2"
+glob = "0.3.1"
+pam-client = { version = "0.5.0", git = "https://gitlab.com/LeChatP/rust-pam-client.git" }
+pam-sys = "1.0.0-alpha5"
+bitflags = { version = "2.5.0" }
+shell-words = "1.1.0"
+syslog-tracing = "0.3.0"
+linked_hash_set = { version = "0.1.4" }
+derivative = "2.2.0"
+sha2 = "0.10.8"
+sha1 = "0.10.6"
+md5 = "0.7.0"
+chrono = "0.4.37"
+pty-process = "0.4.0"
+once_cell = "1.19.0"
+pest = "2.7.8"
+pest_derive = "2.7.8"
+phf = { version = "0.11.2", features = ["macros"] }
+const_format = "0.2.32"
+hex = "0.4.3"
+
+[dev-dependencies]
+env_logger = "*"
+test-log = { version = "0.2.12", features = ["trace"] }
+tracing = "0.1.37"
+tracing-subscriber = { version = "0.3.16", default-features = false, features = ["env-filter", "fmt"] }
+pest-test-gen = "0.1.7"
+pest-test = "0.1.6"
+lazy_static = "1.4.0"
diff --git a/src/api.rs → rar-common/src/api.rs b/src/api.rs → rar-common/src/api.rs
@@ -6,9 +6,9 @@ use serde_json::Value;
 use strum::EnumIs;
 use tracing::debug;
 
-use crate::common::database::finder::{Cred, ExecSettings, TaskMatch, UserMin};
+use crate::database::finder::{Cred, ExecSettings, TaskMatch, UserMin};
 
-use super::database::{
+use crate::database::{
     finder::FilterMatcher,
     structs::{SActor, SConfig, SRole, STask},
 };

diff --git a/rar-common/src/config.rs b/rar-common/src/config.rs
diff --git a/src/database/finder.rs → rar-common/src/database/finder.rs b/src/database/finder.rs → rar-common/src/database/finder.rs
@@ -17,20 +17,15 @@ use pcre2::bytes::RegexBuilder;
 use strum::EnumIs;
 use tracing::{debug, warn};
 
-use crate::{
-    as_borrow,
-    common::{
-        api::{PluginManager, PluginResultAction},
-        database::{
-            options::{Opt, OptStack},
-            structs::{
-                SActor, SActorType, SCommand, SCommands, SConfig, SGroups, SRole, STask,
-                SetBehavior,
-            },
+use crate::{api::{PluginManager, PluginResultAction}, as_borrow};
+use crate::database::{
+        options::{Opt, OptStack},
+        structs::{
+            SActor, SActorType, SCommand, SCommands, SConfig, SGroups, SRole, STask,
+            SetBehavior,
         },
-        util::capabilities_are_exploitable,
-    },
-};
+    };
+use crate::util::capabilities_are_exploitable;
 use bitflags::bitflags;
 
 #[derive(Debug, PartialEq, Eq, Clone, Copy)]
@@ -1000,11 +995,11 @@ mod tests {
     use test_log::test;
 
     use crate::{
-        common::database::{
+        database::{
             make_weak_config,
             options::{EnvBehavior, PathBehavior, SAuthentication, SBounding, SPrivileged},
             structs::IdTask,
-            version::Versioning,
+            versionning::Versioning,
         },
         rc_refcell,
     };

diff --git a/src/database/migration.rs → rar-common/src/database/migration.rs b/src/database/migration.rs → rar-common/src/database/migration.rs
@@ -3,7 +3,7 @@ use std::error::Error;
 use semver::Version;
 use tracing::debug;
 
-use crate::common::version::PACKAGE_VERSION;
+use crate::version::PACKAGE_VERSION;
 
 pub struct Migration<T> {
     pub from: fn() -> Version,

diff --git a/src/database/mod.rs → rar-common/src/database/mod.rs b/src/database/mod.rs → rar-common/src/database/mod.rs
@@ -1,30 +1,29 @@
 use std::{cell::RefCell, error::Error, rc::Rc};
 
-use crate::common::config::save_settings;
-use crate::common::util::{toggle_lock_config, ImmutableLock};
-use crate::common::version::PACKAGE_VERSION;
+use crate::save_settings;
+use crate::util::{toggle_lock_config, ImmutableLock};
+use crate::version::PACKAGE_VERSION;
 
 use chrono::Duration;
 use linked_hash_set::LinkedHashSet;
 use serde::{de, Deserialize, Serialize};
 use tracing::debug;
 
-use self::{migration::Migration, options::EnvKey, structs::SConfig, version::Versioning};
+use self::{migration::Migration, options::EnvKey, structs::SConfig, versionning::Versioning};
 
-use super::config::SettingsFile;
-use super::util::warn_if_mutable;
-use super::{
-    config::{RemoteStorageSettings, ROOTASROLE},
-    immutable_effective,
-    util::parse_capset_iter,
+use crate::SettingsFile;
+use crate::util::warn_if_mutable;
+use crate::{
+    RemoteStorageSettings, ROOTASROLE,
+    util::{parse_capset_iter, immutable_effective},
 };
-use super::{open_with_privileges, write_json_config};
+use crate::{open_with_privileges, write_json_config};
 
 pub mod finder;
 pub mod migration;
 pub mod options;
 pub mod structs;
-pub mod version;
+pub mod versionning;
 pub mod wrapper;
 
 pub fn make_weak_config(config: &Rc<RefCell<SConfig>>) {
@@ -72,7 +71,7 @@ pub fn read_json_config(
         if Migration::migrate(
             &versionned_config.version,
             &mut *config.as_ref().borrow_mut(),
-            version::JSON_MIGRATIONS,
+            versionning::JSON_MIGRATIONS,
         )? {
             save_json(settings.clone(), config.clone())?;
         }

diff --git a/src/database/options.rs → rar-common/src/database/options.rs b/src/database/options.rs → rar-common/src/database/options.rs
@@ -1181,9 +1181,9 @@ mod tests {
     use nix::unistd::User;
 
     use crate::as_borrow_mut;
-    use crate::common::database::wrapper::SConfigWrapper;
-    use crate::common::database::wrapper::SRoleWrapper;
-    use crate::common::database::wrapper::STaskWrapper;
+    use crate::database::wrapper::SConfigWrapper;
+    use crate::database::wrapper::SRoleWrapper;
+    use crate::database::wrapper::STaskWrapper;
     use crate::rc_refcell;
 
     use super::super::options::*;

diff --git a/src/database/structs.rs → rar-common/src/database/structs.rs b/src/database/structs.rs → rar-common/src/database/structs.rs
@@ -20,9 +20,8 @@ use std::{
     rc::{Rc, Weak},
 };
 
-use crate::common::database::is_default;
-
 use super::{
+    is_default,
     options::Opt,
     wrapper::{OptWrapper, STaskWrapper},
 };
@@ -684,7 +683,7 @@ mod tests {
 
     use crate::{
         as_borrow,
-        common::database::options::{EnvBehavior, PathBehavior, SAuthentication, TimestampType},
+        database::options::{EnvBehavior, PathBehavior, SAuthentication, TimestampType},
     };
 
     use super::*;

diff --git a/src/database/version.rs → rar-common/src/database/versionning.rs b/src/database/version.rs → rar-common/src/database/versionning.rs
@@ -3,8 +3,8 @@ use serde::{Deserialize, Serialize};
 use std::fmt::Debug;
 
 use super::migration::Migration;
-use crate::common::config::SettingsFile;
-use crate::common::version;
+use crate::SettingsFile;
+use crate::version;
 
 use super::structs::*;
 

diff --git a/src/database/wrapper.rs → rar-common/src/database/wrapper.rs b/src/database/wrapper.rs → rar-common/src/database/wrapper.rs