feat[all] Minimum example reached.

- Added command-line options for help, version, and setting/unsetting a single option. - Added test files - Added error check for empty file.
2023-12-19 23:58:12 -05:00 · 2023-12-19 23:58:12 -05:00 · 3c2ad92190
commit 3c2ad92190
parent 034c64a8fd
9 changed files with 146 additions and 1 deletions
--- a/build.lisp
+++ b/build.lisp
@ -0,0 +1,7 @@
+;; Load and build the project
+(ql:quickload :sst)
+
+(sb-ext:save-lisp-and-die "sst"
+                          :toplevel 'sst-ui:toplevel
+                          :executable t
+                          :save-runtime-options t)
--- a/packages.lisp
+++ b/packages.lisp
@ -0,0 +1,7 @@
+(defpackage :sst-ui
+  (:use :common-lisp)
+  (:export :toplevel))
+
+(defpackage :sst-edit
+  (:use :common-lisp)
+  (:export :add-settings))
--- a/src/edit.lisp
+++ b/src/edit.lisp
@ -0,0 +1,6 @@
+(in-package :sst-edit)
+
+(defun add-settings (settings-list settings-table)
+  (dolist (setting settings-list)
+    (systemd-parse:split-line setting
+                              (cdr (assoc "Service" settings-table :test #'string=)))))
--- a/src/flags.lisp
+++ b/src/flags.lisp
@ -0,0 +1,30 @@
+(in-package :sst-ui)
+
+(defparameter *option-version*
+  (adopt:make-option 'version
+                     :long "version"
+                     :help "Display version and exit."
+                     :reduce (constantly t)))
+
+(defparameter *option-help*
+  (adopt:make-option 'help
+                     :long "help"
+                     :short #\h
+                     :help "Display help and exit."
+                     :reduce (constantly t)))
+
+(defparameter *option-secure*
+  (adopt:make-option 'secure
+                     :long "secure"
+                     :short #\s
+                     :help "Apply basic sandboxing configuration to the given service file."
+                     :reduce (constantly t)))
+
+(defparameter *option-setting*
+  (adopt:make-option 'setting
+    :long "setting"
+    :parameter "SETTING"
+    :help "Add SETTING to the .system file(s)"
+    :manual "Add SETTING (an expression in the form Option=value) to the .system file being operated on. Multiple SETTINGs can be set by giving this option multiple times. Use 'Option=nil' to revoke a setting."
+    :initial-value nil
+    :reduce (adopt:flip #'cons)))
--- a/src/main.lisp
+++ b/src/main.lisp
@ -0,0 +1,24 @@
+(in-package :sst-ui)
+
+(defun run (file &key direct-settings secure)
+  ;; Apply the settings to the file.
+  (let ((settings-table (systemd-parse:read-service file)))
+    (sst-edit:add-settings direct-settings settings-table) ; Inject all the settings options required
+    (systemd-parse:write-service file settings-table)))
+
+(defun toplevel ()
+  (handler-case
+      (multiple-value-bind (arguments options) (adopt:parse-options *ui*)
+        (when (gethash 'help options)
+          (adopt:print-help-and-exit *ui*))
+        (when (gethash 'version options)
+          (format t "1.0.0~%")
+          (adopt:exit))
+        (when (not arguments)
+          (format t "Enter .service file to operate on!~%")
+          (adopt:exit))
+        (run (first arguments)
+             :direct-settings (gethash 'setting options)
+             :secure (gethash 'secure options)))
+    (error (c)
+      (adopt:print-error-and-exit c))))
--- a/src/ui.lisp
+++ b/src/ui.lisp
@ -0,0 +1,20 @@
+(in-package :sst-ui)
+
+
+(adopt:define-string *help-text*
+  "Automatically configure each SERVICE according to the ~
+   OPTIONS given. The SERVICE can be a common name, .service name, ~
+   or a path to the .service file.")
+
+
+(defparameter *ui*
+  (adopt:make-interface
+   :name "sst"
+   :summary "Automatically secure systemd files"
+   :usage "[OPTIONS] [SETTINGS] SERVICE..."
+   :help *help-text*
+   :contents (list
+              *option-help*
+              *option-secure*
+              *option-version*
+              *option-setting*)))
--- a/sst.asd
+++ b/sst.asd
@ -1,9 +1,11 @@
-(defsystem :ssd
+(defsystem :sst
  :depends-on (:systemd-parse :adopt)
  :components ((:file "packages")
               (:module "src"
                :serial t
                :components ((:file "flags")
+                             (:file "ui")
+                             (:file "edit")
                             (:file "main")
                             )))
  :author "Judah Sotomayor <development@freedomland.xyz>"
--- a/test/test.service
+++ b/test/test.service
@ -0,0 +1,26 @@
+[Unit]
+Description=D-Bus System Message Bus
+Documentation=man:dbus-broker-launch(1)
+DefaultDependencies=false
+After=dbus.socket
+Before=basic.target shutdown.target
+Requires=dbus.socket
+Conflicts=shutdown.target
+
+[Service]
+Type=notify
+Sockets=dbus.socket
+OOMScoreAdjust=-900
+LimitNOFILE=16384
+ProtectSystem=full
+PrivateTmp=false
+PrivateDevices=true
+ExecStart=/usr/bin/dbus-broker-launch --scope system --audit
+ExecReload=/usr/bin/busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
+NewBinding=Yes
+
+[Install]
+Alias=dbus.service
+
+ervice
+
--- a/test/test2.service
+++ b/test/test2.service
@ -0,0 +1,23 @@
+[Unit]
+Description=D-Bus System Message Bus
+Documentation=man:dbus-broker-launch(1)
+DefaultDependencies=false
+After=dbus.socket
+Before=basic.target shutdown.target
+Requires=dbus.socket
+Conflicts=shutdown.target
+
+[Service]
+Type=notify
+Sockets=dbus.socket
+OOMScoreAdjust=-900
+LimitNOFILE=16384
+ProtectSystem=full
+PrivateTmp=true
+PrivateDevices=true
+ExecStart=/usr/bin/dbus-broker-launch --scope system --audit
+ExecReload=/usr/bin/busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
+
+[Install]
+Alias=dbus.service
+