sops-nix/pkgs/sops-install-secrets/linux.go

//go:build linux
// +build linux

package main

import (
	"fmt"
	"os"

	"golang.org/x/sys/unix"
)

func RuntimeDir() (string, error) {
	rundir, ok := os.LookupEnv("XDG_RUNTIME_DIR")
	if !ok {
		return "", fmt.Errorf("$XDG_RUNTIME_DIR is not set")
	}
	return rundir, nil
}

func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int) error {
	// fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC|unix.O_PATH|unix.O_NOFOLLOW, 0)
	fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC|unix.O_PATH|unix.O_NOFOLLOW, 0)
	if err != nil {
		return fmt.Errorf("failed to open %s: %w", symlinkToCheck, err)
	}
	defer unix.Close(fd)

	buf := make([]byte, len(expectedTarget)+1) // oversize by one to detect trunc
	n, err := unix.Readlinkat(fd, "", buf)
	if err != nil {
		return fmt.Errorf("couldn't readlinkat %s", symlinkToCheck)
	}
	if n > len(expectedTarget) || string(buf[:n]) != expectedTarget {
		return fmt.Errorf("symlink %s does not point to %s", symlinkToCheck, expectedTarget)
	}
	stat := unix.Stat_t{}
	err = unix.Fstat(fd, &stat)
	if err != nil {
		return fmt.Errorf("cannot stat '%s': %w", symlinkToCheck, err)
	}
	if stat.Uid == uint32(owner) && stat.Gid == uint32(group) {
		return nil // already correct
	}

	err = unix.Fchownat(fd, "", owner, group, unix.AT_EMPTY_PATH)
	if err != nil {
		return fmt.Errorf("cannot change owner of '%s' to %d/%d: %w", symlinkToCheck, owner, group, err)
	}
	return nil
}

func MountSecretFs(mountpoint string, keysGID int, useTmpfs bool, userMode bool) error {
	if err := os.MkdirAll(mountpoint, 0o751); err != nil {
		return fmt.Errorf("cannot create directory '%s': %w", mountpoint, err)
	}

	// We can't create a ramfs as user
	if userMode {
		return nil
	}

	var fstype = "ramfs"
	var fsmagic = RamfsMagic
	if useTmpfs {
		fstype = "tmpfs"
		fsmagic = TmpfsMagic
	}

	buf := unix.Statfs_t{}
	if err := unix.Statfs(mountpoint, &buf); err != nil {
		return fmt.Errorf("cannot get statfs for directory '%s': %w", mountpoint, err)
	}
	if int32(buf.Type) != fsmagic {
		if err := unix.Mount("none", mountpoint, fstype, unix.MS_NODEV|unix.MS_NOSUID, "mode=0751"); err != nil {
			return fmt.Errorf("cannot mount: %w", err)
		}
	}

	if err := os.Chown(mountpoint, 0, int(keysGID)); err != nil {
		return fmt.Errorf("cannot change owner/group of '%s' to 0/%d: %w", mountpoint, keysGID, err)
	}

	return nil
}
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`//go:build linux`
			`// +build linux`

			`package main`

			`import (`
reformat with gofumpt 2023-11-03 14:31:26 +01:00			`"fmt"`
			`"os"`
go files for darwin fixup 2022-07-10 13:12:14 +02:00
			`"golang.org/x/sys/unix"`
			`)`

			`func RuntimeDir() (string, error) {`
reformat with gofumpt 2023-11-03 14:31:26 +01:00			`rundir, ok := os.LookupEnv("XDG_RUNTIME_DIR")`
			`if !ok {`
Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`return "", fmt.Errorf("$XDG_RUNTIME_DIR is not set")`
reformat with gofumpt 2023-11-03 14:31:26 +01:00			`}`
			`return rundir, nil`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`}`

			`func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int) error {`
			`// fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC\|unix.O_PATH\|unix.O_NOFOLLOW, 0)`
			`fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC\|unix.O_PATH\|unix.O_NOFOLLOW, 0)`
			`if err != nil {`
Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`return fmt.Errorf("failed to open %s: %w", symlinkToCheck, err)`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`}`
			`defer unix.Close(fd)`

			`buf := make([]byte, len(expectedTarget)+1) // oversize by one to detect trunc`
			`n, err := unix.Readlinkat(fd, "", buf)`
			`if err != nil {`
			`return fmt.Errorf("couldn't readlinkat %s", symlinkToCheck)`
			`}`
			`if n > len(expectedTarget) \|\| string(buf[:n]) != expectedTarget {`
			`return fmt.Errorf("symlink %s does not point to %s", symlinkToCheck, expectedTarget)`
			`}`
don't chown mountpoint if already correct This avoids issues where directory might be bind mounted. 2023-11-03 14:30:24 +01:00			`stat := unix.Stat_t{}`
			`err = unix.Fstat(fd, &stat)`
			`if err != nil {`
			`return fmt.Errorf("cannot stat '%s': %w", symlinkToCheck, err)`
			`}`
sops-install-secrets: check that both uid & gid are correct on mountpoints 2023-11-03 15:15:06 +01:00			`if stat.Uid == uint32(owner) && stat.Gid == uint32(group) {`
don't chown mountpoint if already correct This avoids issues where directory might be bind mounted. 2023-11-03 14:30:24 +01:00			`return nil // already correct`
			`}`

go files for darwin fixup 2022-07-10 13:12:14 +02:00			`err = unix.Fchownat(fd, "", owner, group, unix.AT_EMPTY_PATH)`
			`if err != nil {`
			`return fmt.Errorf("cannot change owner of '%s' to %d/%d: %w", symlinkToCheck, owner, group, err)`
			`}`
			`return nil`
			`}`

Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`func MountSecretFs(mountpoint string, keysGID int, useTmpfs bool, userMode bool) error {`
reformat with gofumpt 2023-11-03 14:31:26 +01:00			`if err := os.MkdirAll(mountpoint, 0o751); err != nil {`
Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`return fmt.Errorf("cannot create directory '%s': %w", mountpoint, err)`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`}`

reformat with gofumpt 2023-11-03 14:31:26 +01:00			`// We can't create a ramfs as user`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`if userMode {`
			`return nil`
			`}`

Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`var fstype = "ramfs"`
			`var fsmagic = RamfsMagic`
Add configuration option to use tmpfs in place of ramfs (#355) allow use of tmpfs via option configuration * Tabs vs Spaces * Update modules/sops/default.nix * Update modules/sops/default.nix 2023-07-24 11:15:10 +00:00			`if useTmpfs {`
			`fstype = "tmpfs"`
Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`fsmagic = TmpfsMagic`
Add configuration option to use tmpfs in place of ramfs (#355) allow use of tmpfs via option configuration * Tabs vs Spaces * Update modules/sops/default.nix * Update modules/sops/default.nix 2023-07-24 11:15:10 +00:00			`}`

go files for darwin fixup 2022-07-10 13:12:14 +02:00			`buf := unix.Statfs_t{}`
			`if err := unix.Statfs(mountpoint, &buf); err != nil {`
Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`return fmt.Errorf("cannot get statfs for directory '%s': %w", mountpoint, err)`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`}`
Add configuration option to use tmpfs in place of ramfs (#355) allow use of tmpfs via option configuration * Tabs vs Spaces * Update modules/sops/default.nix * Update modules/sops/default.nix 2023-07-24 11:15:10 +00:00			`if int32(buf.Type) != fsmagic {`
			`if err := unix.Mount("none", mountpoint, fstype, unix.MS_NODEV\|unix.MS_NOSUID, "mode=0751"); err != nil {`
Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`return fmt.Errorf("cannot mount: %w", err)`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`}`
			`}`

Lint fixes (#539) * fix various additional linter errors * extend golangci checks 2024-04-18 16:19:26 +02:00			`if err := os.Chown(mountpoint, 0, int(keysGID)); err != nil {`
			`return fmt.Errorf("cannot change owner/group of '%s' to 0/%d: %w", mountpoint, keysGID, err)`
go files for darwin fixup 2022-07-10 13:12:14 +02:00			`}`

			`return nil`
			`}`