Skip to content

Make userid's for the services configurable at build time #459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
micahl wants to merge 9 commits into from
Closed

Make userid's for the services configurable at build time #459

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
73fda38
Prefix userid's with snap_ when used in a snap.
micahl Sep 12, 2022
a2cf2c3
Fix formatting
micahl Sep 12, 2022
8636fdb
Prefix userid's with snap_ when used in a snap.
micahl Sep 12, 2022
dc751b3
Fix formatting
micahl Sep 12, 2022
421f6ef
Set overridable userid's at build time
micahl Sep 27, 2022
46f5121
Merge branch 'enable-snapping' of https://github.com/micahl/iot-ident…
micahl Sep 27, 2022
5f250ad
Fix merge
micahl Sep 27, 2022
e080d0e
Set users for sockets
micahl Sep 28, 2022
1ffac20
Merge branch 'main' into enable-snapping
micahl Oct 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions aziotctl/src/config/apply.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,24 @@ pub(crate) fn run(options: Options) -> anyhow::Result<()> {
// So when running as root, get the four users appropriately.
// Otherwise, if this is a debug build, fall back to using the current user.
// Otherwise, tell the user to re-run as root.
let aziotks_user = crate::internal::common::get_system_user("aziotks")?;
let aziotcs_user = crate::internal::common::get_system_user("aziotcs")?;
let aziotid_user = crate::internal::common::get_system_user("aziotid")?;
let aziottpm_user = crate::internal::common::get_system_user("aziottpm")?;
// When run in a snap expect the four users to be prefixed with `snap_`.

let (aziotks_user, aziotcs_user, aziotid_user, aziottpm_user) = if std::env::var("SNAP").is_ok()
{
(
crate::internal::common::get_system_user("snap_aziotks")?,
crate::internal::common::get_system_user("snap_aziotcs")?,
crate::internal::common::get_system_user("snap_aziotid")?,
crate::internal::common::get_system_user("snap_aziottpm")?,
)
} else {
(
crate::internal::common::get_system_user("aziotks")?,
crate::internal::common::get_system_user("aziotcs")?,
crate::internal::common::get_system_user("aziotid")?,
crate::internal::common::get_system_user("aziottpm")?,
)
};

let common_config::apply::RunOutput {
keyd_config,
Expand Down
18 changes: 15 additions & 3 deletions aziotctl/src/internal/check/checks/cert_expiry.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,11 @@ impl IdentityCert {
) -> Result<CheckResult> {
use aziot_identityd_config::{DpsAttestationMethod, ManualAuthMethod, ProvisioningType};

let aziotcs_user = crate::internal::common::get_system_user("aziotcs")?;
let aziotcs_user = if std::env::var("SNAP").is_ok() {
crate::internal::common::get_system_user("snap_aziotcs")?
} else {
crate::internal::common::get_system_user("aziotcs")?
};

let provisioning = &unwrap_or_skip!(&cache.cfg.identityd)
.provisioning
Expand Down Expand Up @@ -123,7 +127,11 @@ impl EstIdentityBootstrapCerts {
) -> Result<CheckResult> {
let certd_config = unwrap_or_skip!(&cache.cfg.certd);

let aziotcs_user = crate::internal::common::get_system_user("aziotcs")?;
let aziotcs_user = if std::env::var("SNAP").is_ok() {
crate::internal::common::get_system_user("snap_aziotcs")?
} else {
crate::internal::common::get_system_user("aziotcs")?
};

let certs = certd_config
.cert_issuance
Expand Down Expand Up @@ -226,7 +234,11 @@ impl LocalCaCert {
None => return Ok(CheckResult::Ignored),
};

let aziotcs_user = crate::internal::common::get_system_user("aziotcs")?;
let aziotcs_user = if std::env::var("SNAP").is_ok() {
crate::internal::common::get_system_user("snap_aziotcs")?
} else {
crate::internal::common::get_system_user("aziotcs")?
};

let (res, cert_info) =
validate_cert(certd_config, cert_id, "Local CA", &aziotcs_user).await?;
Expand Down
6 changes: 5 additions & 1 deletion aziotctl/src/internal/check/checks/certs_preloaded.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,11 @@ impl CertsPreloaded {

let mut visited: BTreeMap<_, _> = Default::default();

let aziotcs_user = crate::internal::common::get_system_user("aziotcs")?;
let aziotcs_user = if std::env::var("SNAP").is_ok() {
crate::internal::common::get_system_user("snap_aziotcs")?
} else {
crate::internal::common::get_system_user("aziotcs")?
};

for id in preloaded_certs.keys() {
match walk_preloaded_certs(id, preloaded_certs, &aziotcs_user, &mut visited).await? {
Expand Down
6 changes: 5 additions & 1 deletion aziotctl/src/internal/check/checks/read_key_pairs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,11 @@ impl ReadKeyPairs {
let mut warn_aggregated = vec![];

// Check every preloaded key at a file:// URI is readable by the aziotks user and report errors when they aren't.
let aziotks_user = crate::internal::common::get_system_user("aziotks")?;
let aziotks_user = if std::env::var("SNAP").is_ok() {
crate::internal::common::get_system_user("snap_aziotks")?
} else {
crate::internal::common::get_system_user("aziotks")?
};

for (id, path) in preloaded_keys {
if let Ok(aziot_keys_common::PreloadedKeyLocation::Filesystem { path }) = path.parse() {
Expand Down