Maint: set PUID and PGID in openvpn configurator
This commit is contained in:
Quentin McGaw (desktop)
@@ -136,13 +136,15 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
puid, pgid := allSettings.System.PUID, allSettings.System.PGID
|
||||||
|
|
||||||
const clientTimeout = 15 * time.Second
|
const clientTimeout = 15 * time.Second
|
||||||
httpClient := &http.Client{Timeout: clientTimeout}
|
httpClient := &http.Client{Timeout: clientTimeout}
|
||||||
// Create configurators
|
// Create configurators
|
||||||
alpineConf := alpine.New()
|
alpineConf := alpine.New()
|
||||||
ovpnConf := openvpn.NewConfigurator(
|
ovpnConf := openvpn.NewConfigurator(
|
||||||
logger.NewChild(logging.Settings{Prefix: "openvpn configurator: "}),
|
logger.NewChild(logging.Settings{Prefix: "openvpn configurator: "}),
|
||||||
cmder)
|
cmder, puid, pgid)
|
||||||
dnsCrypto := dnscrypto.New(httpClient, "", "")
|
dnsCrypto := dnscrypto.New(httpClient, "", "")
|
||||||
const cacertsPath = "/etc/ssl/certs/ca-certificates.crt"
|
const cacertsPath = "/etc/ssl/certs/ca-certificates.crt"
|
||||||
dnsConf := unbound.NewConfigurator(nil, cmder, dnsCrypto,
|
dnsConf := unbound.NewConfigurator(nil, cmder, dnsCrypto,
|
||||||
@@ -200,9 +202,6 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Should never change
|
|
||||||
puid, pgid := allSettings.System.PUID, allSettings.System.PGID
|
|
||||||
|
|
||||||
const defaultUsername = "nonrootuser"
|
const defaultUsername = "nonrootuser"
|
||||||
nonRootUsername, err := alpineConf.CreateUser(defaultUsername, puid)
|
nonRootUsername, err := alpineConf.CreateUser(defaultUsername, puid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -354,7 +353,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
|
|||||||
|
|
||||||
openvpnLogger := logger.NewChild(logging.Settings{Prefix: "openvpn: "})
|
openvpnLogger := logger.NewChild(logging.Settings{Prefix: "openvpn: "})
|
||||||
openvpnLooper := openvpn.NewLoop(allSettings.VPN.OpenVPN,
|
openvpnLooper := openvpn.NewLoop(allSettings.VPN.OpenVPN,
|
||||||
allSettings.VPN.Provider, nonRootUsername, puid, pgid, allServers,
|
allSettings.VPN.Provider, nonRootUsername, allServers,
|
||||||
ovpnConf, firewallConf, routingConf, portForwardLooper, publicIPLooper, unboundLooper,
|
ovpnConf, firewallConf, routingConf, portForwardLooper, publicIPLooper, unboundLooper,
|
||||||
openvpnLogger, httpClient, buildInfo, allSettings.VersionInformation)
|
openvpnLogger, httpClient, buildInfo, allSettings.VersionInformation)
|
||||||
openvpnHandler, openvpnCtx, openvpnDone := goshutdown.NewGoRoutineHandler(
|
openvpnHandler, openvpnCtx, openvpnDone := goshutdown.NewGoRoutineHandler(
|
||||||
|
|||||||
@@ -7,11 +7,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type AuthWriter interface {
|
type AuthWriter interface {
|
||||||
WriteAuthFile(user, password string, puid, pgid int) error
|
WriteAuthFile(user, password string) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// WriteAuthFile writes the OpenVPN auth file to disk with the right permissions.
|
// WriteAuthFile writes the OpenVPN auth file to disk with the right permissions.
|
||||||
func (c *configurator) WriteAuthFile(user, password string, puid, pgid int) error {
|
func (c *configurator) WriteAuthFile(user, password string) error {
|
||||||
file, err := os.Open(c.authFilePath)
|
file, err := os.Open(c.authFilePath)
|
||||||
|
|
||||||
if err != nil && !os.IsNotExist(err) {
|
if err != nil && !os.IsNotExist(err) {
|
||||||
@@ -28,7 +28,7 @@ func (c *configurator) WriteAuthFile(user, password string, puid, pgid int) erro
|
|||||||
_ = file.Close()
|
_ = file.Close()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
err = file.Chown(puid, pgid)
|
err = file.Chown(c.puid, c.pgid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = file.Close()
|
_ = file.Close()
|
||||||
return err
|
return err
|
||||||
@@ -60,7 +60,7 @@ func (c *configurator) WriteAuthFile(user, password string, puid, pgid int) erro
|
|||||||
_ = file.Close()
|
_ = file.Close()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
err = file.Chown(puid, pgid)
|
err = file.Chown(c.puid, c.pgid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = file.Close()
|
_ = file.Close()
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -32,8 +32,6 @@ type Loop struct {
|
|||||||
state state.Manager
|
state state.Manager
|
||||||
// Fixed parameters
|
// Fixed parameters
|
||||||
username string
|
username string
|
||||||
puid int
|
|
||||||
pgid int
|
|
||||||
buildInfo models.BuildInformation
|
buildInfo models.BuildInformation
|
||||||
versionInfo bool
|
versionInfo bool
|
||||||
// Configurators
|
// Configurators
|
||||||
@@ -67,8 +65,7 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func NewLoop(openVPNSettings configuration.OpenVPN,
|
func NewLoop(openVPNSettings configuration.OpenVPN,
|
||||||
providerSettings configuration.Provider,
|
providerSettings configuration.Provider, username string,
|
||||||
username string, puid, pgid int,
|
|
||||||
allServers models.AllServers, conf Configurator,
|
allServers models.AllServers, conf Configurator,
|
||||||
fw firewallConfigurer, routing routing.VPNGetter,
|
fw firewallConfigurer, routing routing.VPNGetter,
|
||||||
portForward portforward.StartStopper,
|
portForward portforward.StartStopper,
|
||||||
@@ -87,8 +84,6 @@ func NewLoop(openVPNSettings configuration.OpenVPN,
|
|||||||
statusManager: statusManager,
|
statusManager: statusManager,
|
||||||
state: state,
|
state: state,
|
||||||
username: username,
|
username: username,
|
||||||
puid: puid,
|
|
||||||
pgid: pgid,
|
|
||||||
buildInfo: buildInfo,
|
buildInfo: buildInfo,
|
||||||
versionInfo: versionInfo,
|
versionInfo: versionInfo,
|
||||||
conf: conf,
|
conf: conf,
|
||||||
|
|||||||
@@ -20,14 +20,17 @@ type configurator struct {
|
|||||||
cmder command.RunStarter
|
cmder command.RunStarter
|
||||||
configPath string
|
configPath string
|
||||||
authFilePath string
|
authFilePath string
|
||||||
|
puid, pgid int
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewConfigurator(logger logging.Logger,
|
func NewConfigurator(logger logging.Logger,
|
||||||
cmder command.RunStarter) Configurator {
|
cmder command.RunStarter, puid, pgid int) Configurator {
|
||||||
return &configurator{
|
return &configurator{
|
||||||
logger: logger,
|
logger: logger,
|
||||||
cmder: cmder,
|
cmder: cmder,
|
||||||
configPath: constants.OpenVPNConf,
|
configPath: constants.OpenVPNConf,
|
||||||
authFilePath: constants.OpenVPNAuthConf,
|
authFilePath: constants.OpenVPNAuthConf,
|
||||||
|
puid: puid,
|
||||||
|
pgid: pgid,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -55,7 +55,7 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
|
|||||||
|
|
||||||
if openVPNSettings.User != "" {
|
if openVPNSettings.User != "" {
|
||||||
err := l.conf.WriteAuthFile(
|
err := l.conf.WriteAuthFile(
|
||||||
openVPNSettings.User, openVPNSettings.Password, l.puid, l.pgid)
|
openVPNSettings.User, openVPNSettings.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.signalOrSetStatus(constants.Crashed)
|
l.signalOrSetStatus(constants.Crashed)
|
||||||
l.logAndWait(ctx, err)
|
l.logAndWait(ctx, err)
|
||||||
|
|||||||
Reference in New Issue
Block a user