podman

1
//go:build darwin
2

3
package main
4

5
import (
6
	"errors"
7
	"fmt"
8
	"io"
9
	"os"
10
	"os/exec"
11
	"regexp"
12
	"strconv"
13
	"strings"
14

15
	"github.com/spf13/cobra"
16
)
17

18
const (
19
	defaultPrefix = "/usr/local"
20
	dockerSock    = "/var/run/docker.sock"
21
)
22

23
var installPrefix string
24

25
var rootCmd = &cobra.Command{
26
	Use:               "podman-mac-helper",
27
	Short:             "A system helper to manage docker.sock",
28
	Long:              `podman-mac-helper is a system helper service and tool for managing docker.sock `,
29
	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
30
	SilenceErrors:     true,
31
}
32

33
// Note, this code is security sensitive since it runs under privilege.
34
// Limit actions to what is strictly necessary, and take appropriate
35
// safeguards
36
//
37
// After installation the service call is ran under launchd in a nowait
38
// inetd style fashion, so stdin, stdout, and stderr are all pointing to
39
// an accepted connection
40
//
41
// This service is installed once per user and will redirect
42
// /var/run/docker to the fixed user-assigned unix socket location.
43
//
44
// Control communication is restricted to each user specific service via
45
// unix file permissions
46

47
func main() {
48
	if os.Geteuid() != 0 {
49
		fmt.Printf("This command must be ran as root via sudo or osascript\n")
50
		os.Exit(1)
51
	}
52

53
	if err := rootCmd.Execute(); err != nil {
54
		fmt.Fprintf(os.Stderr, "Error: %s\n", err.Error())
55
		os.Exit(1)
56
	}
57
}
58

59
func getUserInfo(name string) (string, string, string, error) {
60
	// We exec id instead of using user.Lookup to remain compat
61
	// with CGO disabled.
62
	cmd := exec.Command("/usr/bin/id", "-P", name)
63
	output, err := cmd.StdoutPipe()
64
	if err != nil {
65
		return "", "", "", err
66
	}
67

68
	if err := cmd.Start(); err != nil {
69
		return "", "", "", err
70
	}
71

72
	entry := readCapped(output)
73
	elements := strings.Split(entry, ":")
74
	if len(elements) < 9 || elements[0] != name {
75
		return "", "", "", errors.New("could not look up user")
76
	}
77

78
	return elements[0], elements[2], elements[8], nil
79
}
80

81
func getUser() (string, string, string, error) {
82
	name, found := os.LookupEnv("SUDO_USER")
83
	if !found {
84
		name, found = os.LookupEnv("USER")
85
		if !found {
86
			return "", "", "", errors.New("could not determine user")
87
		}
88
	}
89

90
	_, uid, home, err := getUserInfo(name)
91
	if err != nil {
92
		return "", "", "", fmt.Errorf("could not look up user: %s", name)
93
	}
94
	id, err := strconv.Atoi(uid)
95
	if err != nil {
96
		return "", "", "", fmt.Errorf("invalid uid for user: %s", name)
97
	}
98
	if id == 0 {
99
		return "", "", "", errors.New("unexpected root user")
100
	}
101

102
	return name, uid, home, nil
103
}
104

105
// Used for commands that don't return a proper exit code
106
func runDetectErr(name string, args ...string) error {
107
	cmd := exec.Command(name, args...)
108
	errReader, err := cmd.StderrPipe()
109
	if err != nil {
110
		return err
111
	}
112

113
	err = cmd.Start()
114
	if err == nil {
115
		errString := readCapped(errReader)
116
		if len(errString) > 0 {
117
			re := regexp.MustCompile(`\r?\n`)
118
			err = errors.New(re.ReplaceAllString(errString, ": "))
119
		}
120
	}
121

122
	if werr := cmd.Wait(); werr != nil {
123
		err = werr
124
	}
125

126
	return err
127
}
128

129
func readCapped(reader io.Reader) string {
130
	// Cap output
131
	buffer := make([]byte, 2048)
132
	n, _ := io.ReadFull(reader, buffer)
133
	_, _ = io.Copy(io.Discard, reader)
134
	if n > 0 {
135
		return string(buffer[:n])
136
	}
137

138
	return ""
139
}
140

141
func addPrefixFlag(cmd *cobra.Command) {
142
	cmd.Flags().StringVar(&installPrefix, "prefix", defaultPrefix, "Sets the install location prefix")
143
}
144

145
func silentUsage(cmd *cobra.Command, args []string) {
146
	cmd.SilenceUsage = true
147
	cmd.SilenceErrors = true
148
}
149