Skip to content

Commit

Permalink
Merge pull request #54 from LeChatP/develop
Browse files Browse the repository at this point in the history
Reorganisation
  • Loading branch information
LeChatP authored Sep 10, 2024
2 parents 2aab3c9 + 0bb9301 commit 3d6c834
Show file tree
Hide file tree
Showing 86 changed files with 2,979 additions and 51,817 deletions.
2 changes: 1 addition & 1 deletion .cargo/config.toml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
[alias]
xtask = "run --package xtask --"
xtask = "run --package xtask --release --bin xtask --"
22 changes: 7 additions & 15 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- 'main'
- 'reorganisation'
pull_request:
branches:
- 'main'
Expand All @@ -12,14 +13,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Update version
run: sudo apt-get update
- name: Install Dependencies
run: |
. ./dependencies.sh -yd
sudo ./configure.sh -yd
sudo sed -i 's/"immutable": true/"immutable": false/g' /etc/security/rootasrole.json
echo "/home/runner/.cargo/bin" >> $GITHUB_PATH
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Configure PAM
run: |
sudo bash -c 'echo "#%PAM-1.0
Expand All @@ -32,16 +28,12 @@ jobs:
session [success=1 default=ignore] pam_permit.so
session requisite pam_permit.so
session required pam_permit.so" | tee /etc/pam.d/sr'
- name: Add read access on config on rootasrole... Because Github Actions...
run: sudo chmod a+r /etc/security/rootasrole.json
- name: Install RootAsRole
run: cargo xtask install -bip sudo
- name: print config
run: cat /etc/security/rootasrole.json
run: sr cat /etc/security/rootasrole.json
- name: getenv
run: env
- name: Install Project
env:
PROFILE: debug
run: make -e install
- name: Run Sr
env:
RUST_LOG: debug
Expand Down
41 changes: 41 additions & 0 deletions .github/workflows/pkg.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Deploy pkg to GitHub Packages

## never trigger this workflow automatically
on:
push:
tags:
- 'v*.*.*'

jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Rust x86_64
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
components: clippy
override: true

- name: Install Dependencies
run: cargo xtask dependencies -dip sudo

- name: Build deb and rpm packages
run: cargo xtask deploy -p sudo debian redhat

- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: RootAsRole
path: |
target/debian/*.deb
target/generate-rpm/*.rpm
if: startsWith(github.ref, 'refs/tags/')

10 changes: 4 additions & 6 deletions .github/workflows/quality.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ on:
push:
branches:
- 'main'
- 'reorganisation'
pull_request:
branches:
- 'main'
Expand All @@ -37,13 +38,10 @@ jobs:
profile: minimal
toolchain: stable
components: clippy
override: true
override: false

- name: Install Dependencies
run: ./dependencies.sh -yd

- name: Configure
run: sudo ./configure.sh -yd
- name: Install RootAsRole
run: cargo xtask dependencies -dip sudo

# if pull request review only
- uses: mbrobbel/rustfmt-check@master
Expand Down
12 changes: 5 additions & 7 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- 'main'
- 'reorganisation'
pull_request:
branches:
- 'main'
Expand All @@ -23,15 +24,12 @@ jobs:

- name: Install sudo
run: apt install sudo -y

- name: Install Dependencies
run: ./dependencies.sh -yd

- name: Install file configuration
run: sudo bash ./configure.sh -yd
run: cargo xtask dependencies -dip sudo

- name: run tests with coverage
run: cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --bin chsr --bin sr --exclude-files capable* capable-ebpf/src/vmlinux.rs capable/src/main.rs build.rs --out Xml
run: cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --exclude-files build.rs xtask/src/* -e xtask --out Xml

- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
Expand All @@ -42,7 +40,7 @@ jobs:
flags: unittests

- name: run tests with coverage as Admin
run: sudo -E /usr/local/cargo/bin/cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --bin chsr --bin sr --exclude-files capable* capable-ebpf/src/vmlinux.rs capable/src/main.rs build.rs --out Xml
run: sudo -E /usr/local/cargo/bin/cargo +nightly tarpaulin --verbose --all-features --workspace --timeout 120 --exclude-files build.rs xtask/src/* -e xtask --out Xml

- name: Upload coverage reports to Codecov as Admin
uses: codecov/codecov-action@v3
Expand Down
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[submodule "capable"]
path = capable
url = https://github.com/LeChatP/RootAsRole-capable
68 changes: 57 additions & 11 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
[workspace]
members = ["xtask", "capable", "capable-common"]
members = ["xtask", "rar-common"]

[package]
name = "RootAsRole"
# The project version is managed on json file in resources/rootasrole.json
version = "3.0.0-alpha.5"
rust-version = "1.74.1"
version = "3.0.0"
rust-version = "1.76.0"
authors = ["Eddie Billoir <[email protected]>"]
edition = "2021"
default-run = "sr"
description = "RootAsRole is an alternative to sudo that uses Linux capabilities and RBAC for scalability."
license-file = "LICENSE"
description = "An alternative to sudo that uses Linux capabilities and Role based access control."
license = "GPL-3.0-or-later"
repository = "https://github.com/LeChatP/RootAsRole"
homepage = "https://lechatp.github.io/RootAsRole/"
keywords = ["sudo", "capabilities", "rbac", "linux", "security"]
categories = ["command-line-utilities", "os::linux-apis", "config"]
exclude = ["sudoers-reader/*", "book/*"]

[badges]
maintainance ={ status = "actively-maintained", badge = "https://img.shields.io/badge/maintenance-actively%20maintained-brightgreen.svg" }
Expand All @@ -23,6 +25,7 @@ maintainance ={ status = "actively-maintained", badge = "https://img.shields.io/
strip = "symbols"
lto = true
opt-level = "s"
codegen-units = 1

#[features]
#cursive_lib = [ "cursive" ]
Expand All @@ -31,12 +34,21 @@ opt-level = "s"
[[bin]]
name = "sr"
path = "src/sr/main.rs"
required-features = ["finder"]


[[bin]]
name = "chsr"
path = "src/chsr/main.rs"

[features]
default = ["finder"]
finder = ["dep:pcre2", "rar-common/pcre2", "rar-common/finder"]

[lints.rust]
unexpected_cfgs = { level = "allow", check-cfg = ['cfg(tarpaulin_include)'] }


[build-dependencies]
reqwest = { version = "0.12.4", features = ["blocking", "json"] }
pcre2 = "0.2.4"
Expand All @@ -46,15 +58,16 @@ serde_json = "1.0.116"
toml = "0.8.13"

[dependencies]
rar-common = { path = "rar-common" }
tracing = "0.1.40"
tracing-subscriber = "0.3.18"
libc = "0.2.155"
strum = { version = "0.26.2", features = ["derive"] }
strum = { version = "0.26.3", features = ["derive"] }
semver = { version = "1.0.23", features = ["serde"] }
nix = { version = "0.28.0", features = ["user","process", "signal", "fs"] }
nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] }
#sudoers-reader = { path = "sudoers-reader" }
capctl = "0.2.4"
pcre2 = "0.2.7"
pcre2 = { version = "0.2.7", optional = true }
serde = { version = "1.0.202", features=["rc"] }
serde_json = "1.0.117"
ciborium = "0.2.2"
Expand All @@ -68,13 +81,13 @@ linked_hash_set = { version = "0.1.4" }
derivative = "2.2.0"
sha2 = "0.10.8"
sha1 = "0.10.6"
md5 = "0.7.0"
chrono = "0.4.37"
#md5 = "0.7.0"
chrono = "0.4.38"
pty-process = "0.4.0"
once_cell = "1.19.0"
pest = "2.7.8"
pest_derive = "2.7.8"
phf = { version = "0.11.2", features = ["macros"] }
#phf = { version = "0.11.2", features = ["macros"] }
const_format = "0.2.32"
hex = "0.4.3"

Expand All @@ -86,3 +99,36 @@ tracing-subscriber = { version = "0.3.16", default-features = false, features =
pest-test-gen = "0.1.7"
pest-test = "0.1.6"
lazy_static = "1.4.0"


[package.metadata.deb]
maintainer = "Eddie Billoir <[email protected]>"
license-file = "LICENSE"
depends = "libpam0g, libpam-modules, libpcre2-8-0"
section = "admin"
priority = "optional"
assets = [
["target/release/sr", "usr/bin/sr", "0555"],
["target/release/chsr", "usr/bin/chsr", "0555"]
]
conf-files = ["/etc/pam.d/sr", "/etc/security/rootasrole.json"]
maintainer-scripts = "target/release/"
extended-description = "RootAsRole is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to multiple co-administrators through RBAC model and Linux Capabilities features."

[package.metadata.generate-rpm]
assets = [
{ source = "target/release/sr", dest = "/usr/bin/sr", user = "root", group = "root", mode = "0555", caps = "=p" },
{ source = "target/release/chsr", dest = "/usr/bin/chsr", user = "root", group = "root", mode = "0555" },
{ source = "resources/rh/rh_sr_pam.conf", dest = "/etc/pam.d/sr", user = "root", group = "root", mode = "0644", config = true },
{ source = "resources/rootasrole.json", dest = "/etc/security/rootasrole.json", user = "root", group = "root", mode = "0644", config = true },
]
post_install_script = "resources/rh/postinst.sh"
post_install_script_prog = [ "/bin/sh", "-c" ]

pre_uninstall_script = "resources/rh/prerm.sh"
pre_uninstall_script_prog = [ "/bin/sh", "-c" ]

[package.metadata.generate-rpm.requires]
pam = "*"
pcre2 = "*"

62 changes: 0 additions & 62 deletions Makefile

This file was deleted.

25 changes: 0 additions & 25 deletions Makefile.toml.off

This file was deleted.

Loading

0 comments on commit 3d6c834

Please sign in to comment.