it runs a hare build
This commit is contained in:
parent
7b8bca33e6
commit
01327e2335
|
|
@ -3,23 +3,18 @@ use std::io::Write;
|
||||||
use std::os::fd::AsRawFd;
|
use std::os::fd::AsRawFd;
|
||||||
use std::process::Command;
|
use std::process::Command;
|
||||||
|
|
||||||
use tempfile::TempDir;
|
use tempfile::{TempDir, NamedTempFile};
|
||||||
|
|
||||||
#[rustfmt::skip]
|
#[rustfmt::skip]
|
||||||
const STATIC_ARGS: &[&str] = &[
|
const STATIC_ARGS: &[&str] = &[
|
||||||
"--ro-bind", "/usr", "/usr",
|
"--ro-bind", "/usr", "/usr",
|
||||||
"--dir", "/tmp",
|
"--dir", "/tmp",
|
||||||
"--dir", "/var",
|
"--dir", "/var",
|
||||||
"--symlink", "../tmp", "var/tmp",
|
"--symlink", "../tmp", "/var/tmp",
|
||||||
"--proc", "/proc",
|
"--proc", "/proc",
|
||||||
"--dev", "/dev",
|
"--dev", "/dev",
|
||||||
"--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf",
|
"--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf",
|
||||||
"--ro-bind", "/nix", "/nix",
|
"--ro-bind", "/nix", "/nix",
|
||||||
"--symlink", "usr/lib", "/lib",
|
|
||||||
"--symlink", "usr/lib64 /lib64",
|
|
||||||
"--symlink", "usr/bin", "/bin",
|
|
||||||
"--symlink", "usr/sbin", "/sbin",
|
|
||||||
"--chdir", "/app",
|
|
||||||
"--unshare-all",
|
"--unshare-all",
|
||||||
"--die-with-parent",
|
"--die-with-parent",
|
||||||
"--clearenv",
|
"--clearenv",
|
||||||
|
|
@ -30,7 +25,7 @@ const HARE_COMMAND: &str = "/nix/store/cnysps4xzry4g26zyz7mmxfjj6wagpa6-hare-0.2
|
||||||
/// Default command timeout in seconds.
|
/// Default command timeout in seconds.
|
||||||
const DEFAULT_TIMEOUT: u32 = 10;
|
const DEFAULT_TIMEOUT: u32 = 10;
|
||||||
|
|
||||||
fn passwd_files(uid: u32, gid: u32) -> (File, File, Vec<String>) {
|
fn passwd_files(uid: u32, gid: u32) -> (NamedTempFile, NamedTempFile, Vec<String>) {
|
||||||
let uid = uid.to_string();
|
let uid = uid.to_string();
|
||||||
let passwd = Command::new("getent")
|
let passwd = Command::new("getent")
|
||||||
.args(["passwd", &uid, "65534"])
|
.args(["passwd", &uid, "65534"])
|
||||||
|
|
@ -43,20 +38,20 @@ fn passwd_files(uid: u32, gid: u32) -> (File, File, Vec<String>) {
|
||||||
.output()
|
.output()
|
||||||
.expect("failed to run getent passwd");
|
.expect("failed to run getent passwd");
|
||||||
|
|
||||||
let mut passwd_file = tempfile::tempfile().unwrap();
|
let mut passwd_file = tempfile::NamedTempFile::new().unwrap();
|
||||||
passwd_file.write_all(&passwd.stdout).unwrap();
|
passwd_file.write_all(&passwd.stdout).unwrap();
|
||||||
passwd_file.flush().unwrap();
|
passwd_file.flush().unwrap();
|
||||||
|
|
||||||
let mut group_file = tempfile::tempfile().unwrap();
|
let mut group_file = tempfile::NamedTempFile::new().unwrap();
|
||||||
group_file.write_all(&group.stdout).unwrap();
|
group_file.write_all(&group.stdout).unwrap();
|
||||||
group_file.flush().unwrap();
|
group_file.flush().unwrap();
|
||||||
|
|
||||||
let args = vec![
|
let args = vec![
|
||||||
"--file".to_string(),
|
"--ro-bind".to_string(),
|
||||||
passwd_file.as_raw_fd().to_string(),
|
passwd_file.path().display().to_string(),
|
||||||
"/etc/passwd".to_string(),
|
"/etc/passwd".to_string(),
|
||||||
"--file".to_string(),
|
"--ro-bind".to_string(),
|
||||||
group_file.as_raw_fd().to_string(),
|
group_file.path().display().to_string(),
|
||||||
"/etc/group".to_string(),
|
"/etc/group".to_string(),
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -85,14 +80,18 @@ fn shared_app_dir() -> (TempDir, Vec<String>) {
|
||||||
|
|
||||||
(
|
(
|
||||||
tmp_app_dir,
|
tmp_app_dir,
|
||||||
vec!["--bind".to_string(), app_dir_path, "/app".to_string()],
|
vec![
|
||||||
|
"--bind".to_string(),
|
||||||
|
app_dir_path,
|
||||||
|
"/app".to_string(),
|
||||||
|
"--chdir".to_string(),
|
||||||
|
"/app".to_string(),
|
||||||
|
],
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn command(app_file: &str) -> Vec<String> {
|
fn command(app_file: &str) -> Vec<String> {
|
||||||
vec![
|
vec![
|
||||||
"/usr/bin/timeout".to_string(),
|
|
||||||
DEFAULT_TIMEOUT.to_string(),
|
|
||||||
HARE_COMMAND.to_string(),
|
HARE_COMMAND.to_string(),
|
||||||
"run".to_string(),
|
"run".to_string(),
|
||||||
app_file.to_string(),
|
app_file.to_string(),
|
||||||
|
|
@ -100,9 +99,7 @@ fn command(app_file: &str) -> Vec<String> {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn getids() -> (u32, u32) {
|
fn getids() -> (u32, u32) {
|
||||||
unsafe {
|
unsafe { (libc::getuid(), libc::getgid()) }
|
||||||
(libc::getuid(), libc::getgid())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn run_code(code: &str) {
|
pub fn run_code(code: &str) {
|
||||||
|
|
@ -121,7 +118,7 @@ pub fn run_code(code: &str) {
|
||||||
bwrap_cmd.args(file_args);
|
bwrap_cmd.args(file_args);
|
||||||
|
|
||||||
{
|
{
|
||||||
let code_path = app_dir.path().with_file_name("main.ha");
|
let code_path = app_dir.path().join("main.ha");
|
||||||
let mut code_file = File::create(code_path).unwrap();
|
let mut code_file = File::create(code_path).unwrap();
|
||||||
code_file.write_all(code.as_bytes()).unwrap();
|
code_file.write_all(code.as_bytes()).unwrap();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue