feat[all] Minimum example reached.

- Added command-line options for help, version, and setting/unsetting a
single option.
- Added test files
- Added error check for empty file.
This commit is contained in:
Judah Sotomayor 2023-12-19 23:58:12 -05:00
parent 034c64a8fd
commit 3c2ad92190
Signed by: judahsotomayor
SSH Key Fingerprint: SHA256:9Dq4ppxhfAjbX+7HLXEt+ROMiIojI6kqQgUyFUJb9lI
9 changed files with 146 additions and 1 deletions

7
build.lisp Normal file
View File

@ -0,0 +1,7 @@
;; Load and build the project
(ql:quickload :sst)
(sb-ext:save-lisp-and-die "sst"
:toplevel 'sst-ui:toplevel
:executable t
:save-runtime-options t)

7
packages.lisp Normal file
View File

@ -0,0 +1,7 @@
(defpackage :sst-ui
(:use :common-lisp)
(:export :toplevel))
(defpackage :sst-edit
(:use :common-lisp)
(:export :add-settings))

6
src/edit.lisp Normal file
View File

@ -0,0 +1,6 @@
(in-package :sst-edit)
(defun add-settings (settings-list settings-table)
(dolist (setting settings-list)
(systemd-parse:split-line setting
(cdr (assoc "Service" settings-table :test #'string=)))))

30
src/flags.lisp Normal file
View File

@ -0,0 +1,30 @@
(in-package :sst-ui)
(defparameter *option-version*
(adopt:make-option 'version
:long "version"
:help "Display version and exit."
:reduce (constantly t)))
(defparameter *option-help*
(adopt:make-option 'help
:long "help"
:short #\h
:help "Display help and exit."
:reduce (constantly t)))
(defparameter *option-secure*
(adopt:make-option 'secure
:long "secure"
:short #\s
:help "Apply basic sandboxing configuration to the given service file."
:reduce (constantly t)))
(defparameter *option-setting*
(adopt:make-option 'setting
:long "setting"
:parameter "SETTING"
:help "Add SETTING to the .system file(s)"
:manual "Add SETTING (an expression in the form Option=value) to the .system file being operated on. Multiple SETTINGs can be set by giving this option multiple times. Use 'Option=nil' to revoke a setting."
:initial-value nil
:reduce (adopt:flip #'cons)))

24
src/main.lisp Normal file
View File

@ -0,0 +1,24 @@
(in-package :sst-ui)
(defun run (file &key direct-settings secure)
;; Apply the settings to the file.
(let ((settings-table (systemd-parse:read-service file)))
(sst-edit:add-settings direct-settings settings-table) ; Inject all the settings options required
(systemd-parse:write-service file settings-table)))
(defun toplevel ()
(handler-case
(multiple-value-bind (arguments options) (adopt:parse-options *ui*)
(when (gethash 'help options)
(adopt:print-help-and-exit *ui*))
(when (gethash 'version options)
(format t "1.0.0~%")
(adopt:exit))
(when (not arguments)
(format t "Enter .service file to operate on!~%")
(adopt:exit))
(run (first arguments)
:direct-settings (gethash 'setting options)
:secure (gethash 'secure options)))
(error (c)
(adopt:print-error-and-exit c))))

20
src/ui.lisp Normal file
View File

@ -0,0 +1,20 @@
(in-package :sst-ui)
(adopt:define-string *help-text*
"Automatically configure each SERVICE according to the ~
OPTIONS given. The SERVICE can be a common name, .service name, ~
or a path to the .service file.")
(defparameter *ui*
(adopt:make-interface
:name "sst"
:summary "Automatically secure systemd files"
:usage "[OPTIONS] [SETTINGS] SERVICE..."
:help *help-text*
:contents (list
*option-help*
*option-secure*
*option-version*
*option-setting*)))

View File

@ -1,9 +1,11 @@
(defsystem :ssd (defsystem :sst
:depends-on (:systemd-parse :adopt) :depends-on (:systemd-parse :adopt)
:components ((:file "packages") :components ((:file "packages")
(:module "src" (:module "src"
:serial t :serial t
:components ((:file "flags") :components ((:file "flags")
(:file "ui")
(:file "edit")
(:file "main") (:file "main")
))) )))
:author "Judah Sotomayor <development@freedomland.xyz>" :author "Judah Sotomayor <development@freedomland.xyz>"

26
test/test.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=D-Bus System Message Bus
Documentation=man:dbus-broker-launch(1)
DefaultDependencies=false
After=dbus.socket
Before=basic.target shutdown.target
Requires=dbus.socket
Conflicts=shutdown.target
[Service]
Type=notify
Sockets=dbus.socket
OOMScoreAdjust=-900
LimitNOFILE=16384
ProtectSystem=full
PrivateTmp=false
PrivateDevices=true
ExecStart=/usr/bin/dbus-broker-launch --scope system --audit
ExecReload=/usr/bin/busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
NewBinding=Yes
[Install]
Alias=dbus.service
ervice

23
test/test2.service Normal file
View File

@ -0,0 +1,23 @@
[Unit]
Description=D-Bus System Message Bus
Documentation=man:dbus-broker-launch(1)
DefaultDependencies=false
After=dbus.socket
Before=basic.target shutdown.target
Requires=dbus.socket
Conflicts=shutdown.target
[Service]
Type=notify
Sockets=dbus.socket
OOMScoreAdjust=-900
LimitNOFILE=16384
ProtectSystem=full
PrivateTmp=true
PrivateDevices=true
ExecStart=/usr/bin/dbus-broker-launch --scope system --audit
ExecReload=/usr/bin/busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
[Install]
Alias=dbus.service