introduce minifakeroot that also works on macos

2024-06-27 18:20:16 +02:00 · 2024-06-27 18:20:16 +02:00 · 2e2358d850
commit 2e2358d850
parent bae0a888c9
5 changed files with 55 additions and 11 deletions
--- a/nixosModules/clanCore/zerotier/default.nix
+++ b/nixosModules/clanCore/zerotier/default.nix
@ -182,15 +182,33 @@ in
        secret.zerotier-identity-secret = { };
        generator.path = [
          config.services.zerotierone.package
-          pkgs.fakeroot
          pkgs.python3
        ];
-        generator.script = ''
-          python3 ${./generate.py} --mode network \
-            --ip "$facts/zerotier-ip" \
-            --identity-secret "$secrets/zerotier-identity-secret" \
-            --network-id "$facts/zerotier-network-id"
-        '';
+        generator.script =
+          let
+            library = "libfakeroot${pkgs.stdenv.hostPlatform.extensions.sharedLibrary}";
+            minifakeroot = pkgs.stdenv.mkDerivation {
+              name = "minifakeroot";
+              dontUnpack = true;
+              installPhase = ''
+                mkdir -p $out/lib
+                ${
+                  if pkgs.stdenv.isDarwin then
+                    "$CC -dynamiclib -o $out/lib/libfakeroot.dylib ${./fake_root.c}"
+                  else
+                    "$CC -shared -o $out/lib/libfakeroot.so ${./fake_root.c}"
+                }
+              '';
+            };
+            varName = if pkgs.stdenv.isDarwin then "DYLD_INSERT_LIBRARIES" else "LD_PRELOAD";
+          in
+          ''
+            export ${varName}=${minifakeroot}/lib/${library}
+            python3 ${./generate.py} --mode network \
+              --ip "$facts/zerotier-ip" \
+              --identity-secret "$secrets/zerotier-identity-secret" \
+              --network-id "$facts/zerotier-network-id"
+          '';
      };
      clan.core.state.zerotier.folders = [ "/var/lib/zerotier-one" ];

--- a/nixosModules/clanCore/zerotier/fake_root.c
+++ b/nixosModules/clanCore/zerotier/fake_root.c
@ -0,0 +1,28 @@
+#include <stdint.h>
+typedef uint32_t uid_t;
+
+#ifdef __APPLE__
+  struct dyld_interpose {
+    const void * replacement;
+    const void * replacee;
+  };
+  #define WRAPPER(ret, name) static ret _fakeroot_wrapper_##name
+  #define WRAPPER_DEF(name) \
+    __attribute__((used)) static struct dyld_interpose _fakeroot_interpose_##name \
+      __attribute__((section("__DATA,__interpose"))) = { &_fakeroot_wrapper_##name, &name };
+#else
+  #define WRAPPER(ret, name) ret name
+  #define WRAPPER_DEF(name)
+#endif
+
+WRAPPER(uid_t, geteuid)(const char * path, int flags, ...)
+{
+    return 0; // Fake root
+}
+WRAPPER_DEF(geteuid)
+
+WRAPPER(uid_t, getuid)(const char * path, int flags, ...)
+{
+    return 0; // Fake root
+}
+WRAPPER_DEF(getuid)
--- a/nixosModules/clanCore/zerotier/generate.py
+++ b/nixosModules/clanCore/zerotier/generate.py
@ -111,12 +111,11 @@ def zerotier_controller() -> Iterator[ZerotierController]:
        home = tempdir / "zerotier-one"
        home.mkdir()
        cmd = [
-            "fakeroot",
-            "--",
            "zerotier-one",
            f"-p{controller_port}",
            str(home),
        ]
+
        with subprocess.Popen(
            cmd,
            preexec_fn=os.setsid,
--- a/pkgs/clan-cli/clan_cli/facts/generate.py
+++ b/pkgs/clan-cli/clan_cli/facts/generate.py
@ -3,6 +3,7 @@ import importlib
 import logging
 import os
 import subprocess
+import sys
 from collections.abc import Callable
 from pathlib import Path
 from tempfile import TemporaryDirectory
--- a/pkgs/clan-cli/default.nix
+++ b/pkgs/clan-cli/default.nix
@ -15,7 +15,6 @@
  setuptools,
  sops,
  stdenv,
-  fakeroot,
  rsync,
  bash,
  sshpass,
@ -38,7 +37,6 @@ let
  runtimeDependencies = [
    bash
    nix
-    fakeroot
    openssh
    sshpass
    zbar