Merge pull request #744 from memorysafety/release-pre

Add su doc, add machinery for releasing
trifectatechfoundation · Aug 29, 2023 · 81aff9a · 81aff9a
2 parents db1930c + c4b1f51
commit 81aff9a
Show file tree

Hide file tree

Showing 8 changed files with 223 additions and 10 deletions.
diff --git a/docs/man/su.1.md b/docs/man/su.1.md
@@ -0,0 +1,49 @@
+<!-- ---
+title: SU(1) sudo-rs 0.2.0-dev.20230711 | sudo-rs
+--- -->
+
+# NAME
+
+`su` - run a shell or command as another user
+
+# SYNOPSIS
+
+`su` [options] [-] [<*user*> [<*argument*>...]]
+
+# OPTIONS
+
+`-c` *command*, `--command`=*command*
+:   Pass a single command to the shell with `-c`.
+
+`-g` *group*, `--group`=*group*
+:   Specify the primary group
+
+`-G` *group*, `--supp-group`=*group*
+:   Specify a supplemental group
+
+`-h`, `--help`
+:   Show a help message.
+
+`-`, `-l`, `--login`
+:   Make the shell a login shell
+
+`-m`, `-p`, `--preserve-environment`
+:   Do not reset environment variables
+
+`-P`, `--pty`
+:   Create a new pseudo-terminal when running the shell.
+
+`-w` *list*, `--whitelist-environment`=*list*
+:   Do not reset the environment variables specified by the *list*. Multiple
+    variables can be separated by commas.
+
+`-s` *shell*, `--shell`=*shell*
+:   Run *shell* if `/etc/shells` allows running as that shell instead of the
+    default shell for the user.
+
+`-V`, `--version`
+:   Show the program version.
+
+# SEE ALSO
+
+[sudo(8)](sudo.8.md)
diff --git a/docs/man/sudo.8.md b/docs/man/sudo.8.md
@@ -1,14 +1,14 @@
-% SUDO(8) sudo-rs 0.2.0-dev.20230711
-%
-% July 10, 2023
+<!-- ---
+title: SUDO(8) sudo-rs 0.2.0-dev.20230711 | sudo-rs
+--- -->
 
 # NAME
 
 `sudo` - execute a command as another user
 
 # SYNOPSIS
 
-`sudo` [`-u` *user*] [`-g` *group*] [`-D` *directory*] [`-knS`] [`-i` | `-s`] [*command*] \
+`sudo` [`-u` *user*] [`-g` *group*] [`-D` *directory*] [`-knS`] [`-i` | `-s`] [<*command*>] \
 `sudo` `-h` | `-K` | `-k` | `-V`
 
 # DESCRIPTION
@@ -39,7 +39,7 @@ even if that process runs in its own pseudo terminal.
     specified in the password database for the target user.
 
 `-h`, `--help`
-:   Show this help message.
+:   Show a help message.
 
 `-i`, `--login`
 :   Run the shell specified by the target user's password database entry as a
@@ -91,4 +91,5 @@ even if that process runs in its own pseudo terminal.
 :   Indicates the end of the sudo-rs options and start of the *command*.
 
 # SEE ALSO
-su(1), sudoers(5), visudo(8)
+
+[su(1)](su.1.md), sudoers(5), [visudo(8)](visudo.8.md)
diff --git a/docs/man/visudo.8.md b/docs/man/visudo.8.md
@@ -0,0 +1,43 @@
+<!-- ---
+title: VISUDO(8) sudo-rs 0.2.0-dev.20230711 | sudo-rs
+--- -->
+
+# NAME
+
+`visudo` - safely edit the sudoers file
+
+# SYNOPSIS
+
+`visudo` [`-chqsV`] [[`-f`] *sudoers*]
+
+# DESCRIPTION
+
+`visudo` edits the *sudoers* file in a safe manner, similar to vipw(8).
+
+# OPTIONS
+
+`-c`, `--check`
+:   Only check if there are errors in the existing sudoers file.
+
+`-f` *sudoers*, `--file`=*sudoers*
+:   Instead of editing the default `/etc/sudoers`, edit the file specified as
+    *sudoers* instead.
+
+`-h`, `--help`
+:   Show a help message.
+
+`-I`, `--no-includes`
+:   Do not edit included files.
+
+`-q`, `--quiet`
+:   Less verbose syntax error messages.
+
+`-s`, `--strict`
+:   Strict syntax checking.
+
+`-V`, `--version`
+:   Display version information and exit.
+
+# SEE ALSO
+
+[sudo(8)](sudo.8.md), sudoers(5)
diff --git a/util/Dockerfile-release b/util/Dockerfile-release
@@ -0,0 +1,2 @@
+FROM rust:1-slim-bullseye
+RUN apt-get update -y && apt-get install -y clang libclang-dev libpam0g-dev
diff --git a/util/build-release.sh b/util/build-release.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+DATE="2023-08-29"
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
+PROJECT_DIR=$(dirname "$SCRIPT_DIR")
+SUDO_RS_VERSION="$(cargo metadata --format-version 1 --manifest-path "$PROJECT_DIR/Cargo.toml" | jq '.packages[] | select(.name=="sudo-rs") | .version' -r)"
+BUILDER_IMAGE_TAG="sudo-rs-release-builder:latest"
+TARGET_DIR_BASE="$PROJECT_DIR/target/pkg"
+
+set -eo pipefail
+
+# Build binaries
+docker build --pull --tag "$BUILDER_IMAGE_TAG" --file "$SCRIPT_DIR/Dockerfile-release" "$SCRIPT_DIR"
+docker run --rm --user "$(id -u):$(id -g)" -v "$PROJECT_DIR:/build" -w "/build" "$BUILDER_IMAGE_TAG" cargo clean
+docker run --rm --user "$(id -u):$(id -g)" -v "$PROJECT_DIR:/build" -w "/build" "$BUILDER_IMAGE_TAG" cargo build --release
+
+# Generate man pages
+"$PROJECT_DIR/util/generate-docs.sh"
+
+# Set target directories and clear any previous builds
+target_dir_sudo="$TARGET_DIR_BASE/sudo"
+target_dir_su="$TARGET_DIR_BASE/su"
+target_sudo="$TARGET_DIR_BASE/sudo-$SUDO_RS_VERSION.tar.gz"
+target_su="$TARGET_DIR_BASE/su-$SUDO_RS_VERSION.tar.gz"
+
+rm -rf "$target_dir_sudo"
+rm -rf "$target_dir_su"
+rm -rf "$target_su"
+rm -rf "$target_sudo"
+
+# Show what is happening
+set -x
+
+# Build sudo
+mkdir -p "$target_dir_sudo/bin"
+mkdir -p "$target_dir_sudo/share/man/man8"
+cp "$PROJECT_DIR/target/release/sudo" "$target_dir_sudo/bin/sudo"
+cp "$PROJECT_DIR/target/release/visudo" "$target_dir_sudo/bin/visudo"
+cp "$PROJECT_DIR/target/docs/man/sudo.8" "$target_dir_sudo/share/man/man8/sudo.8"
+cp "$PROJECT_DIR/target/docs/man/visudo.8" "$target_dir_sudo/share/man/man8/visudo.8"
+mkdir -p "$target_dir_sudo/share/doc/sudo-rs/sudo"
+cp "$PROJECT_DIR/README.md" "$target_dir_sudo/share/doc/sudo-rs/sudo/README.md"
+cp "$PROJECT_DIR/CHANGELOG.md" "$target_dir_sudo/share/doc/sudo-rs/sudo/CHANGELOG.md"
+cp "$PROJECT_DIR/SECURITY.md" "$target_dir_sudo/share/doc/sudo-rs/sudo/SECURITY.md"
+cp "$PROJECT_DIR/COPYRIGHT" "$target_dir_sudo/share/doc/sudo-rs/sudo/COPYRIGHT"
+cp "$PROJECT_DIR/LICENSE-APACHE" "$target_dir_sudo/share/doc/sudo-rs/sudo/LICENSE-APACHE"
+cp "$PROJECT_DIR/LICENSE-MIT" "$target_dir_sudo/share/doc/sudo-rs/sudo/LICENSE-MIT"
+
+fakeroot -- <<EOF
+set -eo pipefail
+set -x
+chown -R root:root "$target_dir_sudo"
+chmod +xs "$target_dir_sudo/bin/sudo"
+chmod +x "$target_dir_sudo/bin/visudo"
+(cd $target_dir_sudo && tar --mtime="UTC $DATE 00:00:00" --use-compress-program='gzip -9n' -cpvf "$target_sudo" *)
+EOF
+
+# Build su
+mkdir -p "$target_dir_su/bin"
+mkdir -p "$target_dir_su/share/man/man1"
+cp "$PROJECT_DIR/target/release/su" "$target_dir_su/bin/su"
+cp "$PROJECT_DIR/target/docs/man/su.1" "$target_dir_su/share/man/man1/su.1"
+mkdir -p "$target_dir_su/share/doc/sudo-rs/su"
+cp "$PROJECT_DIR/README.md" "$target_dir_su/share/doc/sudo-rs/su/README.md"
+cp "$PROJECT_DIR/CHANGELOG.md" "$target_dir_su/share/doc/sudo-rs/su/CHANGELOG.md"
+cp "$PROJECT_DIR/SECURITY.md" "$target_dir_su/share/doc/sudo-rs/su/SECURITY.md"
+cp "$PROJECT_DIR/COPYRIGHT" "$target_dir_su/share/doc/sudo-rs/su/COPYRIGHT"
+cp "$PROJECT_DIR/LICENSE-APACHE" "$target_dir_su/share/doc/sudo-rs/su/LICENSE-APACHE"
+cp "$PROJECT_DIR/LICENSE-MIT" "$target_dir_su/share/doc/sudo-rs/su/LICENSE-MIT"
+
+fakeroot -- <<EOF
+set -eo pipefail
+set -x
+chown -R root:root "$target_dir_su"
+chmod +xs "$target_dir_su/bin/su"
+(cd $target_dir_su && tar --mtime="UTC $DATE 00:00:00" --use-compress-program='gzip -9n' -cpvf "$target_su" *)
+EOF
+
+(cd $TARGET_DIR_BASE && sha256sum -b *-$SUDO_RS_VERSION.tar.gz > "$TARGET_DIR_BASE/SHA256SUMS")
diff --git a/util/generate-docs.sh b/util/generate-docs.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+docs_dir="docs/man"
+output_dir="target/docs/man"
+files=("sudo.8" "visudo.8" "su.1")
+
+mkdir -p "$output_dir"
+
+for f in "${files[@]}"; do
+    origin_file="$docs_dir/$f.md"
+    tmp_file="$output_dir/$f.md"
+    target_file="$output_dir/$f"
+
+    echo "Generating man page for $f from '$origin_file' to '$target_file'"
+    sed '/<!-- ---/s/<!-- ---/---/' "$origin_file" | sed '/--- -->/s/--- -->/---/' > "$tmp_file"
+    util/pandoc.sh -s -t man "$tmp_file" -o "$target_file"
+    rm "$tmp_file"
+done
diff --git a/util/pandoc.sh b/util/pandoc.sh
@@ -1,5 +1,3 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-docspath=docs/man
-
-exec docker run --rm --volume "`pwd`:/data" --user `id -u`:`id -g` pandoc/core -s -t man "$docspath/sudo.8.md" -o "$docspath/sudo.8"
+exec docker run --rm -it -v "$(pwd):/data" -u "$(id -u):$(id -g)" pandoc/core "$@"
diff --git a/util/update-version.sh b/util/update-version.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+if [ "$#" -lt 1 ]; then
+    echo "Missing new version"
+    exit 1
+fi
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
+PROJECT_DIR=$(dirname "$SCRIPT_DIR")
+NEW_VERSION="$1"
+
+echo "Updating version in Cargo.toml"
+sed -i 's/^version\s*=\s*".*"/version = "'"$NEW_VERSION"'"/' "$PROJECT_DIR/Cargo.toml"
+
+echo "Updating version in man pages"
+sed -i 's/^title: SU(1) sudo-rs .*/title: SU(1) sudo-rs '"$NEW_VERSION"' | sudo-rs/' "$PROJECT_DIR"/docs/man/su.1.md
+sed -i 's/^title: SUDO(8) sudo-rs .*/title: SUDO(8) sudo-rs '"$NEW_VERSION"' | sudo-rs/' "$PROJECT_DIR"/docs/man/sudo.8.md
+sed -i 's/^title: VISUDO(8) sudo-rs .*/title: VISUDO(8) sudo-rs '"$NEW_VERSION"' | sudo-rs/' "$PROJECT_DIR"/docs/man/visudo.8.md
+
+echo "Rebuilding project"
+(cd $PROJECT_DIR && cargo build --release)
+
+echo "Version changes complete, you must still fill in the changelog entries"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		FROM rust:1-slim-bullseye
		RUN apt-get update -y && apt-get install -y clang libclang-dev libpam0g-dev