This commit is contained in:
Jacob Hrbek 2020-07-22 20:06:09 +02:00
parent 608d8a9ffb
commit f13a22b745
8 changed files with 292 additions and 5 deletions

@ -1,3 +1,5 @@
# Zeres-0 (Bash) # Zeres-0 (Bash)
This directory contains logic for zeres-0 to process standardized bash/shell downstream This directory contains logic for zeres-0 to process standardized bash/shell downstream
The `UNLEASH` file is the first thing invoked by zernit

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# All rights reserved by Jacob Hrbek <kreyren@rixotstudio.cz> in 04/2020 # All rights reserved by Jacob Hrbek <kreyren@rixotstudio.cz> in 04/2020 (Prepared for four freedom respecting license)
# Peer-reviewed by: <YOUR_NAME> <YOUR_EMAIL> in <DATE+TIME+TIMEZONE> # Peer-reviewed by: <YOUR_NAME> <YOUR_EMAIL> in <DATE+TIME+TIMEZONE>
# shellcheck shell=sh # shellcheck shell=sh
@ -291,6 +291,18 @@ else
die 255 "Identifying system" die 255 "Identifying system"
fi fi
# Define hostname
# NOTICE: Variable 'HOSTNAME' is not defined on POSIX sh
if command -v hostname 1>/dev/null; then
HOSTNAME="$(hostname)"
elif [ -s /etc/hostname ]; then
HOSTNAME="$(cat /etc/hostname)"
elif ! command -v hostname 1>/dev/null && [ ! -s /etc/hostname ]; then
die false "Unable to determine the hostname from command 'hostname' (which doesn't exists) and from file /etc/hostname (that doesn't exists or is blank)"
else
die unexpected "processing hostname"
fi
# Argument management # Argument management
while [ "$#" -gt 0 ]; do case "$1" in while [ "$#" -gt 0 ]; do case "$1" in
install-deps) install-deps)

@ -0,0 +1,5 @@
# Wrappers
Directory dedicated to various wrapper functions
Wrapper meaning that they wrap another function to handle it's functionality

@ -0,0 +1,57 @@
#!/bin/false
# - Used only for sourcing
# Created by Jacob Hrbek <kreyren@rixotstudio.cz> as All Rights Reserved in 08.07.2020 03:32:02 CET
# Peer-reviewed by <NAME> <EMAIL> in <DATE> <TIME> <TIMEZONE>
# shellcheck shell=sh # Written to be posix-compatible
# DNM: Specify somewhere
# shellcheck source=somewhere
###! Sanitized wrapper to check if command is executable in it's environment
###! Example usage:
###!
###! if cmd_check bash; then
###! printf '%s\n' "Command 'bash' is executable! ^o^"
###! elif ! cmd_check bash; then
###! printf '%s\n' "Command 'bash' is not executable! :("
###! else
###! die bug "Function 'cmd_check' returned unexpected exit code"
###! fi
# Check executability of a program
cmd_check() { funcname="cmd_check"
# FIXME-STUB: This is a stub implementation
if command; then
true
elif ! command; then
die fixme "Command 'command' is not executable on this system when runtime requested function '$funcname', we are unable to continue"
else
die unexpected "Unexpected happend while checking command 'command' in $funcname"
fi
if command -v "$1" 1>/dev/null; then
edebug cmd_check "Command '$1' has been confirmed to be executable on this system"
case "$KERNEL" in
"linux")
unset funcname
return 0 ;;
"windows")
unset funcname
return 1 ;;
*) die fixme "Kernel '$KERNEL' is not implemented in function '$funcname'"
esac
elif ! command -v "$1" 1>/dev/null; then
edebug cmd_check "Command '$1' is not executable on this system"
case "$KERNEL" in
"linux")
unset funcname
return 1 ;;
"windows")
unset funcname
return 0 ;;
*) die fixme "Kernel '$KERNEL' is not implemented in function '$funcname'"
esac
else
die unexpected "Command 'command' returned an unexpected result in function '$funcname'"
fi
}

@ -0,0 +1,37 @@
#!/bin/false
# - Used only for sourcing
# Created by Jacob Hrbek <kreyren@rixotstudio.cz> as All Rights Reserved in 08.07.2020 03:32:02 CET
# Peer-reviewed by <NAME> <EMAIL> in <DATE> <TIME> <TIMEZONE>
# shellcheck shell=sh # Written to be posix-compatible
# DNM: Specify somewhere
# shellcheck source=somewhere
###! Sanitized wrapper to create a directory
emkdir() { funcname="emkdir"
edebug "$funcname" "Instructed to create directory at path '$1'"
case "$KERNEL" in
"linux")
if [ -d "$1" ]; then
edebug "$funcname" "Directory '$1' already exists, no need to create it"
elif [ ! -d "$1" ]; then
einfo "Creating a new directory in '$1' as requested"
# Create the directory
if cmd_check "$MKDIR"; then
mkdir "$1" || die 1 "Function '$funcname' called from '$myName' is unable to create a new directory in '$1'"
return 0
elif ! cmd_check "$MKDIR"; then
die false "Unable to create a new directory, because neither neither of supported command(s) are available on this system: mkdir"
else
die bug "checking for command used to create directories in $funcname"
fi
fi
;;
*) die fixme "Function '$funcname' is not implemented for kernel '$KERNEL'"
esac
die security "Function '$funcname' escaped sanitization"
}

@ -0,0 +1,156 @@
#!/bin/false
# - Used only for sourcing
# Created by Jacob Hrbek <kreyren@rixotstudio.cz> as All Rights Reserved in 08.07.2020 03:32:02 CET
# Peer-reviewed by <NAME> <EMAIL> in <DATE> <TIME> <TIMEZONE>
# shellcheck shell=sh # Written to be posix-compatible
# DNM: Specify somewhere
# shellcheck source=src/downstream-classes/zeres-0/bash/UNLEASH.sh
###! Sanitized wrapper to create a directory
# Root elevation on-demand
# SYNOPSIS: rootme [reason for privileged access] [command]
# FIXME-QA: Needs better implementation
invoke_privileged() { funcname="invoke_privileged"
if [ "$privileged" = "false" ]; then
die fixme "Implement $funcname to execute '$2' as privileged user, invoke this script as root as a workaround"
edebug "Script '$myName' has been executed from an unprivileged user, deducing possible elevation"
# Ask for permission to execute the command
"$PRINTF" "$INVOKE_PRIVILEGED_FORMAT_STRING_QUESTION" "$1"
while true; do
"$PRINTF" '%s\n' "Requesting permission to invoke '$2' as privileged user (y/n)"
read -r privilege_granted
case "$privilege_granted" in
"Y"|"y"|"YES"|"yes")
edebug "User granted permission to invoke '$2' as privileged user"
unset privilege_granted
break
;;
"N"|"n"|"NO"|"no")
die 3 "Unable to execute '$2' as privileged user"
;;
*) "$PRINTF" '%s\n' "Input '$privilege_granted' is not recognized, try again.."
esac
done
# Check what we can use for executing command as privileged user
unset privilege_commands
# FIXME-QA: Fix duplicate code
## Check for sudo
if command -v "$SUDO" 1>/dev/null; then
privilege_commands="$privilege_commands sudo"
elif ! command -v "$SUDO" 1>/dev/null; then
edebug "Command '$SUDO' is not executable in $funcname, unable to use it"
else
die bug "checking wether command sudo is executable in $funcname"
fi
## Check for su
if command -v "$SU" 1>/dev/null; then
privilege_commands="$privilege_commands su"
elif ! command -v "$SU" 1>/dev/null; then
edebug "Command '$SU' is not executable in $funcname, unable to use it"
else
die bug "checking wether command su is executable in $funcname"
fi
case "$("$PRINTF" '%s\n' "$privilege_commands" | tr ' ' '\n' | wc -l)" in
0) die 3 "Neither of supported commands used to invoke command as privileged user '$privilege_commands' are available on this system, unable to invoke '$2'" ;;
1)
cmd_count="$("$PRINTF" '%s\n' "$privilege_commands" | sed "s/ //gm")"
case "$cmd_count" in
"sudo")
while true; do
printf '%s\n' "Requesting permission to use '${SUDO:-sudo}' for invokation of '$2' (y/n)"
read -r allowed_to_use_sudo
case "$allowed_to_use_sudo" in
"Y"|"y"|"YES"|"yes")
sudo "$2" | die 3 "Unable to execute '$2' with privileged permission"
break
;;
"N"|"n"|"NO"|"no")
die 3 "Unable to execute '$2' with privileged permission using sudo, because we were not allowed to proceed"
;;
*)
"$PRINTF" '%s\n' "Input '$allowed_to_use_sudo' is not recognized, retrying.."
unset allowed_to_use_sudo
esac
done
;;
"su")
while true; do
printf '%s\n' "Requesting permission to use '${SUDO:-sudo}' for invokation of '$2' (y/n)"
read -r allowed_to_use_sudo
case "$allowed_to_use_sudo" in
"Y"|"y"|"YES"|"yes")
su root -c "$2" | die 3 "Unable to execute '$2' with privileged permission"
break
;;
"N"|"n"|"NO"|"no")
die 3 "Unable to execute '$2' with privileged permission using sudo, because we were not allowed to proceed"
;;
*)
"$PRINTF" '%s\n' "Input '$allowed_to_use_sudo' is not recognized, retrying.."
unset allowed_to_use_sudo
esac
done
;;
esac ;;
2)
# NOTICE: This is adapted to allow more commands in the future
while true; do
printf '%s\n\n' \
"We found following commands that we can use to execute the command as privileged user:"
# FIXME: seq might not be available on the system
# - yes | head -n 3| nl | cut -f1 | while read i; do echo $i; done
# - awk 'BEGIN{for(i=0;i<10;i++)print i}
for num in $(seq 1 "$cmd_count" | tr '\n' ' '); do
for cmd in $privilege_commands; do
printf "%s\n" "$num. $cmd"
done
printf '%s\n' ""
printf '%s\n' "Which command do you want to use?"
done
read -r privilege_choice
case "$privilege_choice" in
[1-2])
die fixme "Choose the appropriate choice, invoke this script as privileged user as a workaround"
break
;;
*)
printf '%s\n' "Invalid choice '$privilege_choice', retrying.."
unset privilege_choice
esac
done
# DNM: Implement proper logic
efixme "Implement better logic here, invoking 'sudo' for testing.."
sudo "$2" || die 3 "unable to use privileged permission" ;;
*)
# FIXME-QA: Implement better output
die bug "Unexpected value has been returned for variable 'privilege_commands'"
esac
elif [ "$privileged" = "true" ]; then
edebug "Executing '$1' as privileged user"
unset funcname
return 0
fi
}

@ -1,3 +1,8 @@
# Use https://github.com/maciejhirsz/json-rust to process?
# FIXME: Comments and new lines have to be removed for zernit to process this file
# - We should do this on runtime instead of enforcing comment-less json
{ {
"package": { "package": {
"name": "Some Name", "name": "Some Name",
@ -9,11 +14,26 @@
"128x128": "https://url.to/thumbnail", "128x128": "https://url.to/thumbnail",
}, },
"license": "some license", "license": "some license",
"shell-compat": {
"1.1.0": {
# FIXME: Allow end-users to use packages approved by specified people
"confirmed by": "Some Name <email> at 30/12/2020 15:00:00 CEST"
}
}
"options": { "options": {
"X": { "X": {
"description": "Enables support for X.org", "description": "Enables support for X.org",
"conflicts": "" "conflicts": {
} "option": "wayland" {
"reasoning": "some reason for conflict"
}
}
},
"dependencies": {
# FIXME: Decide if this is the appropriate implementation
"category/package": {
"reasoning": "something"
}
}
} }
} }

@ -18,8 +18,6 @@ DEPENDENCIES:
descrip descrip
# Trigger zernit backend to resolve metadata and dependencies # Trigger zernit backend to resolve metadata and dependencies
## - Without this zernit will just run this as a script with option to use it's backend on demandtion: Requi ## - Without this zernit will just run this as a script with option to use it's backend on demandtion: Requi
zernit_init
red for something
either-of-these either-of-these
some/dependency:0::origin[=1.0.0] some/dependency:0::origin[=1.0.0]
some/other-dependency:0::origin[=1.0.0] some/other-dependency:0::origin[=1.0.0]