MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Misc cleanup

This commit is contained in:
Radon Rosborough 2023-08-19 17:32:50 -07:00
parent 2342f02dff
commit e513aa609b
7 changed files with 17 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
backend/sandbox.js
View File

@ -1,72 +0,0 @@
import { spawn } from "child_process";
import { promises as fs } from "fs";
import process from "process";
import { readLangConfig } from "../lib/yaml.js";
import {
bash,
getUUID,
privilegedPty,
privilegedSession,
quote,
} from "./util.js";
function die(msg) {
console.error(msg);
process.exit(1);
}
async function main() {
const sandboxScript = await fs.readFile("backend/sandbox.bash", "utf-8");
const lang = process.env.L;
if (!lang) {
die("environment variable unset: $L");
}
const langConfig = await readLangConfig(lang);
const uuid = getUUID();
console.log(`Starting session with UUID ${uuid}`);
const sessionArgs = privilegedSession({ uuid, lang });
const session = spawn(sessionArgs[0], sessionArgs.slice(1), {
stdio: ["ignore", "pipe", "inherit"],
});
let buffer = "";
await new Promise((resolve) => {
session.stdout.on("data", (data) => {
buffer += data.toString();
let idx;
while ((idx = buffer.indexOf("\n")) !== -1) {
const line = buffer.slice(0, idx);
buffer = buffer.slice(idx + 1);
if (line === "riju: container ready") {
resolve();
} else {
console.error(line);
}
}
});
});
const args = [].concat.apply(
["riju-pty", "-f"],
privilegedPty(
{ uuid },
bash(
`env L='${lang}' LANG_CONFIG=${quote(
JSON.stringify(langConfig)
)} bash --rcfile <(cat <<< ${quote(sandboxScript)})`
)
)
);
const proc = spawn(args[0], args.slice(1), {
stdio: "inherit",
});
try {
await new Promise((resolve, reject) => {
proc.on("error", reject);
proc.on("close", resolve);
});
} finally {
session.kill();
}
}
main().catch(die);

7
backend/server.js
View File

@ -9,8 +9,7 @@ import * as promClient from "prom-client";
import * as api from "./api.js";
import { aliases, langsPromise } from "./langs.js";
import * as util from "./util.js";
import { log, privilegedTeardown } from "./util.js";
import { log } from "./util.js";
const host = process.env.HOST || "localhost";
const port = parseInt(process.env.PORT || "") || 6119;
@ -114,10 +113,6 @@ function addWebsocket(baseApp, httpsServer) {
return app;
}
util.run(privilegedTeardown(), console.error).catch((err) => {
console.error(err);
});
if (useTLS) {
const httpsServer = https.createServer(
{

57
backend/util.js
View File

@ -25,33 +25,10 @@ export function logError(err) {
}
}
function computeImageHashes() {
let deployConfig = process.env.RIJU_DEPLOY_CONFIG;
if (!deployConfig) return {};
deployConfig = JSON.parse(deployConfig);
const imageHashes = {};
for (const [lang, tag] of Object.entries(deployConfig.langImageTags)) {
const prefix = `lang-${lang}-`;
if (!tag.startsWith(prefix)) {
throw new Error(`malformed tag ${tag}`);
}
const imageHash = tag.slice(prefix.length);
if (imageHash.length !== 40) {
throw new Error(`malformed tag ${tag}`);
}
imageHashes[lang] = imageHash;
}
return imageHashes;
}
const imageHashes = computeImageHashes();
export function quote(str) {
return "'" + str.replace(/'/g, `'"'"'`) + "'";
}
export const rijuSystemPrivileged = "system/out/riju-system-privileged";
export function getUUID() {
return getUUIDOrig().replace(/-/g, "");
}
@ -90,40 +67,6 @@ export async function run(args, log, options) {
});
}
export function privilegedList() {
return [rijuSystemPrivileged, "list"];
}
export function privilegedPull({ repo, tag }) {
return [rijuSystemPrivileged, "pull", repo, tag];
}
export function privilegedSession({ uuid, lang }) {
const cmdline = [rijuSystemPrivileged, "session", uuid, lang];
if (imageHashes[lang]) {
cmdline.push(imageHashes[lang]);
}
return cmdline;
}
export function privilegedExec({ uuid }, args) {
return [rijuSystemPrivileged, "exec", uuid].concat(args);
}
export function privilegedPty({ uuid }, args) {
return [rijuSystemPrivileged, "pty", uuid].concat(args);
}
export function privilegedTeardown(options) {
options = options || {};
const { uuid } = options;
const cmdline = [rijuSystemPrivileged, "teardown"];
if (uuid) {
cmdline.push(uuid);
}
return cmdline;
}
export function bash(cmdline, opts) {
const stty = opts && opts.stty;
if (!cmdline.match(/[;|&(){}=\n]/)) {

7
docker/app/Dockerfile
View File

@ -1,3 +1,5 @@
ARG REGISTRY_PREFIX
# EOL: April 2027
FROM ubuntu:22.04 AS build
@ -15,7 +17,7 @@ COPY frontend/src ./frontend/src/
RUN make frontend
COPY system ./system/
RUN make system UNPRIVILEGED=1
RUN make system
COPY frontend/pages ./frontend/pages/
COPY frontend/styles ./frontend/styles/
@ -23,12 +25,11 @@ COPY lib ./lib/
COPY backend ./backend/
COPY langs ./langs/
FROM riju:runtime
FROM ${REGISTRY_PREFIX}runtime:latest
ENTRYPOINT ["/usr/local/sbin/my_init", "--quiet", "--skip-runit","--"]
RUN useradd -p '!' -m -l -s /usr/bin/bash riju
COPY --chown=riju:riju --from=build /src ./
RUN chown root:riju system/out/*-privileged && chmod a=,g=rx,u=rwxs system/out/*-privileged
USER riju
CMD make server 2>&1 | ts

6
k8s/00-namespaces/00-namespaces.yaml
View File

@ -1,3 +1,9 @@
---
kind: Namespace
apiVersion: v1
metadata:
name: docker-build
---
kind: Namespace
apiVersion: v1

5
k8s/06-riju-server/00-deployment.yaml
View File

@ -15,10 +15,11 @@ spec:
app: riju-server
spec:
imagePullSecrets:
- name: docker-registry-login
- name: docker-registry-auth
containers:
- name: server
image: "localhost:30999/riju:app"
image: "localhost:30999/app:latest"
imagePullPolicy: Always
resources: {}
readinessProbe:
httpGet:

6
k8s/06-riju-server/02-ingress.yaml → k8s/06-riju-server/02-ingress.in.yaml
View File

@ -2,8 +2,8 @@
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
namespace: riju-proxy
name: riju-proxy
namespace: riju-server
name: riju-server
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
@ -22,4 +22,4 @@ spec:
tls:
- hosts:
- "{{ .networking.domain }}"
secretName: riju-proxy-tls
secretName: riju-server-tls