podman
148 строк · 3.4 Кб
1//go:build darwin
2
3package main
4
5import (
6"errors"
7"fmt"
8"io"
9"os"
10"os/exec"
11"regexp"
12"strconv"
13"strings"
14
15"github.com/spf13/cobra"
16)
17
18const (
19defaultPrefix = "/usr/local"
20dockerSock = "/var/run/docker.sock"
21)
22
23var installPrefix string
24
25var rootCmd = &cobra.Command{
26Use: "podman-mac-helper",
27Short: "A system helper to manage docker.sock",
28Long: `podman-mac-helper is a system helper service and tool for managing docker.sock `,
29CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
30SilenceErrors: true,
31}
32
33// Note, this code is security sensitive since it runs under privilege.
34// Limit actions to what is strictly necessary, and take appropriate
35// safeguards
36//
37// After installation the service call is ran under launchd in a nowait
38// inetd style fashion, so stdin, stdout, and stderr are all pointing to
39// an accepted connection
40//
41// This service is installed once per user and will redirect
42// /var/run/docker to the fixed user-assigned unix socket location.
43//
44// Control communication is restricted to each user specific service via
45// unix file permissions
46
47func main() {
48if os.Geteuid() != 0 {
49fmt.Printf("This command must be ran as root via sudo or osascript\n")
50os.Exit(1)
51}
52
53if err := rootCmd.Execute(); err != nil {
54fmt.Fprintf(os.Stderr, "Error: %s\n", err.Error())
55os.Exit(1)
56}
57}
58
59func getUserInfo(name string) (string, string, string, error) {
60// We exec id instead of using user.Lookup to remain compat
61// with CGO disabled.
62cmd := exec.Command("/usr/bin/id", "-P", name)
63output, err := cmd.StdoutPipe()
64if err != nil {
65return "", "", "", err
66}
67
68if err := cmd.Start(); err != nil {
69return "", "", "", err
70}
71
72entry := readCapped(output)
73elements := strings.Split(entry, ":")
74if len(elements) < 9 || elements[0] != name {
75return "", "", "", errors.New("could not look up user")
76}
77
78return elements[0], elements[2], elements[8], nil
79}
80
81func getUser() (string, string, string, error) {
82name, found := os.LookupEnv("SUDO_USER")
83if !found {
84name, found = os.LookupEnv("USER")
85if !found {
86return "", "", "", errors.New("could not determine user")
87}
88}
89
90_, uid, home, err := getUserInfo(name)
91if err != nil {
92return "", "", "", fmt.Errorf("could not look up user: %s", name)
93}
94id, err := strconv.Atoi(uid)
95if err != nil {
96return "", "", "", fmt.Errorf("invalid uid for user: %s", name)
97}
98if id == 0 {
99return "", "", "", errors.New("unexpected root user")
100}
101
102return name, uid, home, nil
103}
104
105// Used for commands that don't return a proper exit code
106func runDetectErr(name string, args ...string) error {
107cmd := exec.Command(name, args...)
108errReader, err := cmd.StderrPipe()
109if err != nil {
110return err
111}
112
113err = cmd.Start()
114if err == nil {
115errString := readCapped(errReader)
116if len(errString) > 0 {
117re := regexp.MustCompile(`\r?\n`)
118err = errors.New(re.ReplaceAllString(errString, ": "))
119}
120}
121
122if werr := cmd.Wait(); werr != nil {
123err = werr
124}
125
126return err
127}
128
129func readCapped(reader io.Reader) string {
130// Cap output
131buffer := make([]byte, 2048)
132n, _ := io.ReadFull(reader, buffer)
133_, _ = io.Copy(io.Discard, reader)
134if n > 0 {
135return string(buffer[:n])
136}
137
138return ""
139}
140
141func addPrefixFlag(cmd *cobra.Command) {
142cmd.Flags().StringVar(&installPrefix, "prefix", defaultPrefix, "Sets the install location prefix")
143}
144
145func silentUsage(cmd *cobra.Command, args []string) {
146cmd.SilenceUsage = true
147cmd.SilenceErrors = true
148}
149