2024-07-09 15:39:40 +09:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"flag"
|
2024-09-04 01:20:12 +09:00
|
|
|
|
2024-11-02 17:00:25 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal"
|
2024-10-20 19:50:13 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/app"
|
2024-10-21 20:47:02 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/fmsg"
|
2024-11-02 03:03:44 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/linux"
|
2024-07-09 15:39:40 +09:00
|
|
|
)
|
|
|
|
|
|
2024-09-04 01:20:12 +09:00
|
|
|
var (
|
2024-10-12 01:28:22 +09:00
|
|
|
flagVerbose bool
|
2024-09-04 01:20:12 +09:00
|
|
|
)
|
2024-07-09 15:39:40 +09:00
|
|
|
|
2024-10-12 01:28:22 +09:00
|
|
|
func init() {
|
|
|
|
|
flag.BoolVar(&flagVerbose, "v", false, "Verbose output")
|
2024-07-16 22:07:40 +09:00
|
|
|
}
|
|
|
|
|
|
2024-11-02 03:03:44 +09:00
|
|
|
var os = new(linux.Std)
|
2024-10-23 21:46:21 +09:00
|
|
|
|
2024-07-09 15:39:40 +09:00
|
|
|
func main() {
|
2024-11-02 17:00:25 +09:00
|
|
|
if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil {
|
|
|
|
|
fmsg.Printf("cannot set SUID_DUMP_DISABLE: %s", err)
|
|
|
|
|
// not fatal: this program runs as the privileged user
|
2024-10-13 00:09:14 +09:00
|
|
|
}
|
|
|
|
|
|
2024-10-14 02:48:37 +09:00
|
|
|
flag.Parse()
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.SetVerbose(flagVerbose)
|
2024-10-14 02:48:37 +09:00
|
|
|
|
2024-10-27 12:08:17 +09:00
|
|
|
if os.SdBooted() {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintln("system booted with systemd as init system")
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
|
2024-10-13 20:06:47 +09:00
|
|
|
// root check
|
2024-10-23 21:46:21 +09:00
|
|
|
if os.Geteuid() == 0 {
|
|
|
|
|
fmsg.Fatal("this program must not run as root")
|
|
|
|
|
panic("unreachable")
|
2024-10-13 20:06:47 +09:00
|
|
|
}
|
|
|
|
|
|
2024-10-12 19:46:40 +09:00
|
|
|
// version/license/template command early exit
|
2024-09-04 01:20:12 +09:00
|
|
|
tryVersion()
|
|
|
|
|
tryLicense()
|
2024-10-12 19:46:40 +09:00
|
|
|
tryTemplate()
|
2024-09-04 01:20:12 +09:00
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// state query command early exit
|
|
|
|
|
tryState()
|
|
|
|
|
|
|
|
|
|
// invoke app
|
2024-10-23 21:46:21 +09:00
|
|
|
a, err := app.New(os)
|
2024-10-20 00:07:48 +09:00
|
|
|
if err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Fatalf("cannot create app: %s\n", err)
|
2024-10-20 00:07:48 +09:00
|
|
|
} else if err = a.Seal(loadConfig()); err != nil {
|
2024-10-27 00:46:15 +09:00
|
|
|
logBaseError(err, "cannot seal app:")
|
2024-10-27 23:18:16 +09:00
|
|
|
fmsg.Exit(1)
|
2024-09-22 00:29:36 +09:00
|
|
|
} else if err = a.Start(); err != nil {
|
2024-10-27 00:46:15 +09:00
|
|
|
logBaseError(err, "cannot start app:")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var r int
|
|
|
|
|
// wait must be called regardless of result of start
|
|
|
|
|
if r, err = a.Wait(); err != nil {
|
2024-10-12 02:11:43 +09:00
|
|
|
if r < 1 {
|
|
|
|
|
r = 1
|
2024-09-09 03:16:54 +09:00
|
|
|
}
|
2024-10-12 02:11:43 +09:00
|
|
|
logWaitError(err)
|
2024-09-09 03:16:54 +09:00
|
|
|
}
|
2024-10-20 00:07:48 +09:00
|
|
|
if err = a.WaitErr(); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("inner wait failed:", err)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-10-27 00:46:15 +09:00
|
|
|
fmsg.Exit(r)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
