hack: adapt scripts to new suid-helper based setup

verbit · Aug 3, 2024 · 9b20331 · 9b20331
1 parent 938b24b
commit 9b20331
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 4 deletions.
diff --git a/hack/upgrade b/hack/upgrade
@@ -1,6 +1,9 @@
 #!/bin/bash
 
-read -s -p "sudo password: " SUDO_PASSWORD
+rebar3 tar
+make -C helper
+
+read -s -p "remote sudo password: " SUDO_PASSWORD
 echo
 
 scriptDir=$(dirname -- "$(readlink -f -- "$BASH_SOURCE")")

diff --git a/hack/upgrade.escript b/hack/upgrade.escript
@@ -45,22 +45,23 @@ main(_Args) ->
     io:format("Uploading ~s ...", [TarFilename]),
     {ok, TarData} = file:read_file(TarFilename),
     ok = ssh_sftp:write_file(SftpChan, TarFilename, TarData),
+    {ok, HelperBin} = file:read_file("helper/virtuerl_helper"),
+    ok = ssh_sftp:write_file(SftpChan, "virtuerl_helper", HelperBin),
     io:format(" done~n"),
     % io:format("Deleting old release tar"),
     % {ok, FileNames} = ssh_sftp:list_dir(Chan, "."),
     % io:format("ls: ~p~n", [FileNames]),
 
+    setuid_helper(Conn, SudoPass),
     extract_tar_target(Conn, TarFilename),
 
     io:format("Starting Erlang system ...~n"),
     % io:setopts([{echo, false}, binary]),
     {ok, Chan} = ssh_connection:session_channel(Conn, infinity),
     Term = os:getenv("TERM", "xterm"),
-    CmdLine = ["sudo -k -S -s dtach -n virtuerl_dtach virtuerl/bin/start_erl $PWD/virtuerl $PWD/virtuerl/releases $PWD/virtuerl/releases/start_erl.data -name ", NodeStr, " -proto_dist inet6_tcp -kernel inet_dist_listen_min 4370 inet_dist_listen_max 4400 -setcookie ", Cookie],
+    CmdLine = ["dtach -n virtuerl_dtach virtuerl/bin/start_erl $PWD/virtuerl $PWD/virtuerl/releases $PWD/virtuerl/releases/start_erl.data -name ", NodeStr, " -proto_dist inet6_tcp -kernel inet_dist_listen_min 4370 inet_dist_listen_max 4400 -setcookie ", Cookie],
     io:format("cmd: ~s~n", [CmdLine]),
     ssh_connection:exec(Conn, Chan, ["TERM=", Term, " ", CmdLine], infinity),
-    ssh_connection:send(Conn, Chan, SudoPass),
-    ssh_connection:send_eof(Conn, Chan),
     read_result(),
     io:format("Erlang system started~n").
 
@@ -108,6 +109,24 @@ read_result() ->
     end.
 
 
+setuid_helper(Conn, SudoPass) ->
+    io:format("Setuid  ..."),
+
+    {ok, Chan} = ssh_connection:session_channel(Conn, infinity),
+    ssh_connection:exec(Conn, Chan, ["sudo -S chown root:root virtuerl_helper"], infinity),
+    ssh_connection:send(Conn, Chan, SudoPass),
+    ssh_connection:send_eof(Conn, Chan),
+    {0, _} = read_finished(Conn, Chan),
+
+    {ok, Chan1} = ssh_connection:session_channel(Conn, infinity),
+    ssh_connection:exec(Conn, Chan1, ["sudo -S chmod +xs virtuerl_helper"], infinity),
+    ssh_connection:send(Conn, Chan1, SudoPass),
+    ssh_connection:send_eof(Conn, Chan1),
+    {0, _} = read_finished(Conn, Chan1),
+
+    io:format(" done~n").
+
+
 extract_tar_target(Conn, TarFilename) ->
     io:format("Extracting ~s ...", [TarFilename]),
     {ok, Chan} = ssh_connection:session_channel(Conn, infinity),