introduce minifakeroot that also works on macos

2024-06-27 18:20:16 +02:00 · 2024-06-27 18:20:16 +02:00 · 99454be760
commit 99454be760
parent bae0a888c9
5 changed files with 54 additions and 11 deletions
--- a/nixosModules/clanCore/zerotier/default.nix
+++ b/nixosModules/clanCore/zerotier/default.nix
@ -182,15 +182,33 @@ in
        secret.zerotier-identity-secret = { };
        generator.path = [
          config.services.zerotierone.package
          pkgs.fakeroot
          pkgs.python3
        ];
-        generator.script = ''
+        generator.script =
-          python3 ${./generate.py} --mode network \
+          let
-            --ip "$facts/zerotier-ip" \
+            library = "libfakeroot${pkgs.stdenv.hostPlatform.extensions.sharedLibrary}";
-            --identity-secret "$secrets/zerotier-identity-secret" \
+            minifakeroot = pkgs.stdenv.mkDerivation {
-            --network-id "$facts/zerotier-network-id"
+              name = "minifakeroot";
-        '';
+              dontUnpack = true;
              installPhase = ''
                mkdir -p $out/lib
                ${
                  if pkgs.stdenv.isDarwin then
                    "$CC -dynamiclib -o $out/lib/libfakeroot.dylib ${./fake_root.c}"
                  else
                    "$CC -shared -o $out/lib/libfakeroot.so ${./fake_root.c}"
                }
              '';
            };
            varName = if pkgs.stdenv.isDarwin then "DYLD_INSERT_LIBRARIES" else "LD_PRELOAD";
          in
          ''
            export ${varName}=${minifakeroot}/lib/${library}
            python3 ${./generate.py} --mode network \
              --ip "$facts/zerotier-ip" \
              --identity-secret "$secrets/zerotier-identity-secret" \
              --network-id "$facts/zerotier-network-id"
          '';
      };
      clan.core.state.zerotier.folders = [ "/var/lib/zerotier-one" ];
--- a/nixosModules/clanCore/zerotier/fake_root.c
+++ b/nixosModules/clanCore/zerotier/fake_root.c
@ -0,0 +1,27 @@
 #include <unistd.h>
 #ifdef __APPLE__
  struct dyld_interpose {
    const void * replacement;
    const void * replacee;
  };
  #define WRAPPER(ret, name) static ret _libredirect_wrapper_##name
  #define WRAPPER_DEF(name) \
    __attribute__((used)) static struct dyld_interpose _libredirect_interpose_##name \
      __attribute__((section("__DATA,__interpose"))) = { &_libredirect_wrapper_##name, &name };
 #else
  #define WRAPPER(ret, name) ret name
  #define WRAPPER_DEF(name)
 #endif
 WRAPPER(uid_t, geteuid)(const char * path, int flags, ...)
 {
    return 0; // Fake root
 }
 WRAPPER_DEF(geteuid)
 WRAPPER(uid_t, getuid)(const char * path, int flags, ...)
 {
    return 0; // Fake root
 }
 WRAPPER_DEF(getuid)
--- a/nixosModules/clanCore/zerotier/generate.py
+++ b/nixosModules/clanCore/zerotier/generate.py
@ -111,12 +111,11 @@ def zerotier_controller() -> Iterator[ZerotierController]:
        home = tempdir / "zerotier-one"
        home.mkdir()
        cmd = [
            "fakeroot",
            "--",
            "zerotier-one",
            f"-p{controller_port}",
            str(home),
        ]
        with subprocess.Popen(
            cmd,
            preexec_fn=os.setsid,
--- a/pkgs/clan-cli/clan_cli/facts/generate.py
+++ b/pkgs/clan-cli/clan_cli/facts/generate.py
@ -3,6 +3,7 @@ import importlib
 import logging
 import os
 import subprocess
 import sys
 from collections.abc import Callable
 from pathlib import Path
 from tempfile import TemporaryDirectory
--- a/pkgs/clan-cli/default.nix
+++ b/pkgs/clan-cli/default.nix
@ -15,7 +15,6 @@
  setuptools,
  sops,
  stdenv,
  fakeroot,
  rsync,
  bash,
  sshpass,
@ -38,7 +37,6 @@ let
  runtimeDependencies = [
    bash
    nix
    fakeroot
    openssh
    sshpass
    zbar