Merge pull request #53 from LeChatP/reorganisation

Reorganisation

.cargo/config.toml

@@ -1,2 +1,2 @@
 [alias]
-xtask = "run --package xtask --"
+xtask = "run --package xtask --release --bin xtask --"

.github/workflows/build.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - 'main'
+      - 'reorganisation'
   pull_request:
     branches:
       - 'main'
@@ -12,14 +13,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - name: Update version
-      run: sudo apt-get update
-    - name: Install Dependencies
-      run: |
-        . ./dependencies.sh -yd
-        sudo ./configure.sh -yd
-        sudo sed -i 's/"immutable": true/"immutable": false/g' /etc/security/rootasrole.json
-        echo "/home/runner/.cargo/bin" >> $GITHUB_PATH
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
     - name: Configure PAM
       run: |
         sudo bash -c 'echo "#%PAM-1.0
@@ -32,16 +28,12 @@ jobs:
         session [success=1 default=ignore]  pam_permit.so
         session requisite                   pam_permit.so
         session required                    pam_permit.so" | tee /etc/pam.d/sr'
-    - name: Add read access on config on rootasrole... Because Github Actions...
-      run: sudo chmod a+r /etc/security/rootasrole.json
+    - name: Install RootAsRole
+      run: cargo xtask install -bip sudo
     - name: print config
-      run: cat /etc/security/rootasrole.json
+      run: sr cat /etc/security/rootasrole.json
     - name: getenv
       run: env
-    - name: Install Project
-      env:
-        PROFILE: debug
-      run: make -e install
     - name: Run Sr
       env:
         RUST_LOG: debug

.github/workflows/pkg.yml

@@ -0,0 +1,41 @@
+name: Deploy pkg to GitHub Packages
+
+## never trigger this workflow automatically
+on:
+  push: 
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Rust x86_64
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          components: clippy
+          override: true
+
+      - name: Install Dependencies
+        run: cargo xtask dependencies -dip sudo
+
+      - name: Build deb and rpm packages
+        run: cargo xtask deploy -p sudo debian redhat
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: RootAsRole
+          path: | 
+            target/debian/*.deb
+            target/generate-rpm/*.rpm
+        if: startsWith(github.ref, 'refs/tags/')
+

.github/workflows/quality.yml

@@ -17,6 +17,7 @@ on:
   push:
     branches:
       - 'main'
+      - 'reorganisation'
   pull_request:
     branches:
       - 'main'
@@ -37,13 +38,10 @@ jobs:
           profile: minimal
           toolchain: stable
           components: clippy
-          override: true
+          override: false
 
-      - name: Install Dependencies
-        run: ./dependencies.sh -yd
-
-      - name: Configure
-        run: sudo ./configure.sh -yd
+      - name: Install RootAsRole
+        run: cargo xtask dependencies -dip sudo
 
       # if pull request review only
       - uses: mbrobbel/rustfmt-check@master

.github/workflows/tests.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - 'main'
+      - 'reorganisation'
   pull_request:
     branches:
       - 'main'
@@ -23,15 +24,12 @@ jobs:
 
     - name: Install sudo
       run: apt install sudo -y
-    
+
     - name: Install Dependencies
-      run: ./dependencies.sh -yd
-
-    - name: Install file configuration
-      run: sudo bash ./configure.sh -yd
+      run: cargo xtask dependencies -dip sudo
 
     - name: run tests with coverage
-      run: cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --bin chsr --bin sr --exclude-files capable* capable-ebpf/src/vmlinux.rs capable/src/main.rs build.rs --out Xml
+      run: cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --exclude-files build.rs xtask/src/* -e xtask --out Xml
 
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@v3
@@ -42,7 +40,7 @@ jobs:
         flags: unittests
 
     - name: run tests with coverage as Admin
-      run: sudo -E /usr/local/cargo/bin/cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --bin chsr --bin sr --exclude-files capable* capable-ebpf/src/vmlinux.rs capable/src/main.rs build.rs --out Xml
+      run: sudo -E /usr/local/cargo/bin/cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --exclude-files build.rs xtask/src/* -e xtask --out Xml
 
     - name: Upload coverage reports to Codecov as Admin
       uses: codecov/codecov-action@v3

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "capable"]
+	path = capable
+	url = https://github.com/LeChatP/RootAsRole-capable

Cargo.toml

@@ -1,19 +1,21 @@
 [workspace]
-members = ["xtask", "capable", "capable-common"]
+members = ["xtask", "rar-common"]
 
 [package]
 name = "RootAsRole"
 # The project version is managed on json file in resources/rootasrole.json
-version = "3.0.0-alpha.5"
-rust-version = "1.74.1"
+version = "3.0.0"
+rust-version = "1.76.0"
 authors = ["Eddie Billoir <[email protected]>"]
 edition = "2021"
 default-run = "sr"
-description = "RootAsRole is an alternative to sudo that uses Linux capabilities and RBAC for scalability."
-license-file = "LICENSE"
+description = "An alternative to sudo that uses Linux capabilities and Role based access control."
+license = "GPL-3.0-or-later"
 repository = "https://github.com/LeChatP/RootAsRole"
+homepage = "https://lechatp.github.io/RootAsRole/"
 keywords = ["sudo", "capabilities", "rbac", "linux", "security"]
 categories = ["command-line-utilities", "os::linux-apis", "config"]
+exclude = ["sudoers-reader/*", "book/*"]
 
 [badges]
 maintainance ={ status = "actively-maintained", badge = "https://img.shields.io/badge/maintenance-actively%20maintained-brightgreen.svg" }
@@ -23,6 +25,7 @@ maintainance ={ status = "actively-maintained", badge = "https://img.shields.io/
 strip = "symbols"
 lto = true
 opt-level = "s"
+codegen-units = 1
 
 #[features]
 #cursive_lib = [ "cursive" ]
@@ -31,12 +34,21 @@ opt-level = "s"
 [[bin]]
 name = "sr"
 path = "src/sr/main.rs"
+required-features = ["finder"]
 
 
 [[bin]]
 name = "chsr"
 path = "src/chsr/main.rs"
 
+[features]
+default = ["finder"]
+finder = ["dep:pcre2", "rar-common/pcre2", "rar-common/finder"]
+
+[lints.rust]
+unexpected_cfgs = { level = "allow", check-cfg = ['cfg(tarpaulin_include)'] }
+
+
 [build-dependencies]
 reqwest = { version = "0.12.4", features = ["blocking", "json"] }
 pcre2 = "0.2.4"
@@ -46,15 +58,16 @@ serde_json = "1.0.116"
 toml = "0.8.13"
 
 [dependencies]
+rar-common = { path = "rar-common" }
 tracing = "0.1.40"
 tracing-subscriber = "0.3.18"
 libc = "0.2.155"
-strum = { version = "0.26.2", features = ["derive"] }
+strum = { version = "0.26.3", features = ["derive"] }
 semver = { version = "1.0.23", features = ["serde"] }
-nix = { version = "0.28.0", features = ["user","process", "signal", "fs"] } 
+nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] } 
 #sudoers-reader = { path = "sudoers-reader" }
 capctl = "0.2.4"
-pcre2 = "0.2.7"
+pcre2 = { version = "0.2.7", optional = true }
 serde = { version = "1.0.202", features=["rc"] }
 serde_json = "1.0.117"
 ciborium = "0.2.2"
@@ -68,13 +81,13 @@ linked_hash_set = { version = "0.1.4" }
 derivative = "2.2.0"
 sha2 = "0.10.8"
 sha1 = "0.10.6"
-md5 = "0.7.0"
-chrono = "0.4.37"
+#md5 = "0.7.0"
+chrono = "0.4.38"
 pty-process = "0.4.0"
 once_cell = "1.19.0"
 pest = "2.7.8"
 pest_derive = "2.7.8"
-phf = { version = "0.11.2", features = ["macros"] }
+#phf = { version = "0.11.2", features = ["macros"] }
 const_format = "0.2.32"
 hex = "0.4.3"
 
@@ -86,3 +99,36 @@ tracing-subscriber = { version = "0.3.16", default-features = false, features =
 pest-test-gen = "0.1.7"
 pest-test = "0.1.6"
 lazy_static = "1.4.0"
+
+
+[package.metadata.deb]
+maintainer = "Eddie Billoir <[email protected]>"
+license-file = "LICENSE"
+depends = "libpam0g, libpam-modules, libpcre2-8-0"
+section = "admin"
+priority = "optional"
+assets =    [
+    ["target/release/sr", "usr/bin/sr", "0555"],
+    ["target/release/chsr", "usr/bin/chsr", "0555"]
+]
+conf-files = ["/etc/pam.d/sr", "/etc/security/rootasrole.json"]
+maintainer-scripts = "target/release/"
+extended-description = "RootAsRole is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to multiple co-administrators through RBAC model and Linux Capabilities features."
+
+[package.metadata.generate-rpm]
+assets = [
+    { source = "target/release/sr", dest = "/usr/bin/sr", user = "root", group = "root", mode = "0555", caps = "=p" },
+    { source = "target/release/chsr", dest = "/usr/bin/chsr", user = "root", group = "root", mode = "0555" },
+    { source = "resources/rh/rh_sr_pam.conf", dest = "/etc/pam.d/sr", user = "root", group = "root", mode = "0644", config = true },
+    { source = "resources/rootasrole.json", dest = "/etc/security/rootasrole.json", user = "root", group = "root", mode = "0644", config = true },
+]
+post_install_script = "resources/rh/postinst.sh"
+post_install_script_prog = [ "/bin/sh", "-c" ]
+
+pre_uninstall_script = "resources/rh/prerm.sh"
+pre_uninstall_script_prog = [ "/bin/sh", "-c" ]
+
+[package.metadata.generate-rpm.requires]
+pam = "*"
+pcre2 = "*"
+