From b34fa7db974739a5596b8648bfcf182b2f93e8b6 Mon Sep 17 00:00:00 2001 From: develar Date: Fri, 21 Jun 2019 10:32:35 +0200 Subject: [PATCH] fix: ensure that setgid and setuid flags are cleared (part 3) Close https://github.com/electron-userland/electron-builder/issues/3608 --- .travis.yml | 2 +- Makefile | 3 +-- app-builder-bin/package.json | 2 +- go.mod | 6 ++--- go.sum | 14 +++++------ main.go | 4 ++-- pkg/package-format/snap/snap.go | 35 +++++++++++++++++++++------- pkg/package-format/snap/snap_test.go | 9 ++++--- pkg/util/async.go | 2 +- 9 files changed, 48 insertions(+), 29 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3f8b9e7..dade5c7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,7 @@ cache: - $HOME/gopath/pkg/mod go: - - 1.11.x + - 1.12.x script: - make build diff --git a/Makefile b/Makefile index cffe12d..d4249f4 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,5 @@ publish: build-all ./scripts/publish-npm.sh update-deps: - #GOPROXY=https://proxy.golang.org go get -u - go get -u + GOPROXY=https://proxy.golang.org go get -u go mod tidy \ No newline at end of file diff --git a/app-builder-bin/package.json b/app-builder-bin/package.json index c54733b..9681797 100644 --- a/app-builder-bin/package.json +++ b/app-builder-bin/package.json @@ -1,7 +1,7 @@ { "name": "app-builder-bin", "description": "app-builder precompiled binaries", - "version": "2.7.0", + "version": "2.7.1", "files": [ "*.js", "mac", diff --git a/go.mod b/go.mod index cc85844..b2bd001 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc // indirect github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect github.com/apex/log v1.1.0 - github.com/aws/aws-sdk-go v1.20.4 + github.com/aws/aws-sdk-go v1.20.5 github.com/biessek/golang-ico v0.0.0-20180326222316-d348d9ea4670 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -33,8 +33,8 @@ require ( github.com/segmentio/ksuid v1.0.2 github.com/zieckey/goini v0.0.0-20180118150432-0da17d361d26 golang.org/x/image v0.0.0-20190618124811-92942e4437e2 // indirect - golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b // indirect - golang.org/x/sys v0.0.0-20190620070143-6f217b454f45 // indirect + golang.org/x/net v0.0.0-20190620200207-3b0461eec859 // indirect + golang.org/x/sys v0.0.0-20190621062556-bf70e4678053 // indirect golang.org/x/text v0.3.2 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/yaml.v2 v2.2.2 // indirect diff --git a/go.sum b/go.sum index fac3eec..3b6bbb0 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZq github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/apex/log v1.1.0 h1:J5rld6WVFi6NxA6m8GJ1LJqu3+GiTFIt3mYv27gdQWI= github.com/apex/log v1.1.0/go.mod h1:yA770aXIDQrhVOIGurT/pVdfCpSq1GQV/auzMN5fzvY= -github.com/aws/aws-sdk-go v1.20.4 h1:czX3oqFyqz/AELrK/tneNuyZgNIrWnyqP+iQXsQ32E0= -github.com/aws/aws-sdk-go v1.20.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.20.5 h1:Ytq5AxpA2pr4vRJM9onvgAjjVRZKKO63WStbG/jLHw0= +github.com/aws/aws-sdk-go v1.20.5/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/biessek/golang-ico v0.0.0-20180326222316-d348d9ea4670 h1:FQPKKjDhzG0T4ew6dm6MGrXb4PRAi8ZmTuYuxcF62BM= github.com/biessek/golang-ico v0.0.0-20180326222316-d348d9ea4670/go.mod h1:iRWAFbKXMMkVQyxZ1PfGlkBr1TjATx1zy2MRprV7A3Q= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= @@ -19,8 +19,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/develar/errors v0.9.0 h1:ftXOTwkajtgkUwLTw1iKG+mJwrUTvCp9Zr/Z6Y+rvMY= github.com/develar/errors v0.9.0/go.mod h1:zNbO3fZHcBjapJKbvUnvyaNrKGKkxgaL6C8Z7uNzQMc= -github.com/develar/go-fs-util v0.0.0-20190620142700-070542c9dbf3 h1:StTtJsUf0qF7/Guw5DF6caqll42Dgcn0H8PXPJhKwFk= -github.com/develar/go-fs-util v0.0.0-20190620142700-070542c9dbf3/go.mod h1:zHJzuOnKTkGSx1ffGhGzkhUIGcBKDB5z/ooCxRAzfOE= github.com/develar/go-fs-util v0.0.0-20190620175131-69a2d4542206 h1:+qChA4xPXcSEM0e6ysWUYA0Jl8h+OG+n9scUJWgGtas= github.com/develar/go-fs-util v0.0.0-20190620175131-69a2d4542206/go.mod h1:zHJzuOnKTkGSx1ffGhGzkhUIGcBKDB5z/ooCxRAzfOE= github.com/develar/go-pkcs12 v0.0.0-20181115143544-54baa4f32c6a h1:OJOyvDaaWj7Q6nMh4qDu702JMAQ+CD6bWduhKpkznaw= @@ -90,15 +88,15 @@ golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86h golang.org/x/image v0.0.0-20190618124811-92942e4437e2 h1:fqF3kMQ0tlBEpnfxavzOrjqW5gokBwllwOABYxETOMA= golang.org/x/image v0.0.0-20190618124811-92942e4437e2/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b h1:lkjdUzSyJ5P1+eal9fxXX9Xg2BTfswsonKUse48C0uE= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181021155630-eda9bb28ed51/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45 h1:Dl2hc890lrizvUppGbRWhnIh2f8jOTCQpY5IKWRS0oM= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190621062556-bf70e4678053 h1:T0MJjz97TtCXa3ZNW2Oenb3KQWB91K965zMEbIJ4ThA= +golang.org/x/sys v0.0.0-20190621062556-bf70e4678053/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= diff --git a/main.go b/main.go index 00ea0a2..b05830a 100644 --- a/main.go +++ b/main.go @@ -41,7 +41,7 @@ func main() { return } - var app = kingpin.New("app-builder", "app-builder").Version("2.7.0") + var app = kingpin.New("app-builder", "app-builder").Version("2.7.1") node_modules.ConfigureCommand(app) //codesign.ConfigureCommand(app) @@ -155,7 +155,7 @@ func configurePrefetchToolsCommand(app *kingpin.Application) { return errors.WithStack(err) } - _, err = snap.ResolveTemplateFile("", "electron4", "") + _, err = snap.ResolveTemplateDir("", "electron4", "") if err != nil { return errors.WithStack(err) } diff --git a/pkg/package-format/snap/snap.go b/pkg/package-format/snap/snap.go index b05f1a4..2718717 100644 --- a/pkg/package-format/snap/snap.go +++ b/pkg/package-format/snap/snap.go @@ -74,12 +74,12 @@ func ConfigureCommand(app *kingpin.Application) { isRemoveStage := util.ConfigureIsRemoveStageParam(command) command.Action(func(context *kingpin.ParseContext) error { - resolvedTemplateFile, err := ResolveTemplateFile(*templateFile, *templateUrl, *templateSha512) + resolvedTemplateDir, err := ResolveTemplateDir(*templateFile, *templateUrl, *templateSha512) if err != nil { return errors.WithStack(err) } - err = Snap(resolvedTemplateFile, options) + err = Snap(resolvedTemplateDir, options) if err != nil { switch e := errors.Cause(err).(type) { case util.MessageError: @@ -101,7 +101,7 @@ func ConfigureCommand(app *kingpin.Application) { }) } -func ResolveTemplateFile(templateFile string, templateUrl string, templateSha512 string) (string, error) { +func ResolveTemplateDir(templateFile string, templateUrl string, templateSha512 string) (string, error) { if len(templateFile) != 0 || len(templateUrl) == 0 { return templateFile, nil } @@ -159,9 +159,9 @@ func doCheckSnapVersion(rawVersion string, installMessage string) error { } } -func Snap(templateFile string, options SnapOptions) error { +func Snap(templateDir string, options SnapOptions) error { stageDir := *options.stageDir - isUseTemplateApp := len(templateFile) != 0 + isUseTemplateApp := len(templateDir) != 0 var snapMetaDir string if isUseTemplateApp { snapMetaDir = filepath.Join(stageDir, "meta") @@ -202,7 +202,7 @@ func Snap(templateFile string, options SnapOptions) error { switch { case isUseTemplateApp: - return buildUsingTemplate(templateFile, options) + return buildUsingTemplate(templateDir, options) default: return buildWithoutTemplate(options, scriptDir) } @@ -240,7 +240,7 @@ func writeCommandWrapper(options SnapOptions, isUseTemplateApp bool, scriptDir s return nil } -func buildUsingTemplate(templateFile string, options SnapOptions) error { +func buildUsingTemplate(templateDir string, options SnapOptions) error { stageDir := *options.stageDir mksquashfsPath, err := linuxTools.GetMksquashfs() @@ -250,7 +250,7 @@ func buildUsingTemplate(templateFile string, options SnapOptions) error { var args []string - args, err = linuxTools.ReadDirContentTo(templateFile, args, nil) + args, err = linuxTools.ReadDirContentTo(templateDir, args, nil) if err != nil { return errors.WithStack(err) } @@ -260,6 +260,25 @@ func buildUsingTemplate(templateFile string, options SnapOptions) error { return errors.WithStack(err) } + // https://github.com/electron-userland/electron-builder/issues/3608 + // even if electron-builder will correctly unset setgid/setuid, still, quite a lot of possibilities for user to create such incorrect permissions, + // so, just unset it using chmod right before packaging + dirs := []string{stageDir, *options.appDir, templateDir} + err = util.MapAsync(len(dirs), func(taskIndex int) (func() error, error) { + dir := dirs[taskIndex] + return func() error { + _, err := util.Execute(exec.Command("chmod", "-R", "g-s", dir), dir) + if err != nil { + log.WithError(err).Warn("cannot execute chmod") + } + return nil + }, nil + }) + + if err != nil { + return errors.WithStack(err) + } + args, err = linuxTools.ReadDirContentTo(*options.appDir, args, func(name string) bool { if name == "LICENSES.chromium.html" || name == "LICENSE.electron.txt" { return false diff --git a/pkg/package-format/snap/snap_test.go b/pkg/package-format/snap/snap_test.go index 381b9a2..143df3a 100644 --- a/pkg/package-format/snap/snap_test.go +++ b/pkg/package-format/snap/snap_test.go @@ -9,13 +9,16 @@ import ( func TestCheckWineVersion(t *testing.T) { g := NewGomegaWithT(t) - err := doCheckSnapVersion("3.0", "") + err := doCheckSnapVersion("3.1", "") g.Expect(err).NotTo(HaveOccurred()) - err = doCheckSnapVersion("snapcraft, version 3.0.1", "") + err = doCheckSnapVersion("snapcraft, version 3.1.1", "") g.Expect(err).NotTo(HaveOccurred()) - err = doCheckSnapVersion(" version 3.0.1", "") + err = doCheckSnapVersion("snapcraft, version '3.1.1'", "") + g.Expect(err).NotTo(HaveOccurred()) + + err = doCheckSnapVersion(" version 3.2.1", "") g.Expect(err).NotTo(HaveOccurred()) err = doCheckSnapVersion("2.12", "") diff --git a/pkg/util/async.go b/pkg/util/async.go index 559330c..89b1f59 100644 --- a/pkg/util/async.go +++ b/pkg/util/async.go @@ -8,7 +8,7 @@ import ( ) func MapAsync(taskCount int, taskProducer func(taskIndex int) (func() error, error)) error { - return MapAsyncConcurrency(taskCount, runtime.NumCPU(), taskProducer) + return MapAsyncConcurrency(taskCount, runtime.NumCPU() + 1, taskProducer) } func MapAsyncConcurrency(taskCount int, concurrency int, taskProducer func(taskIndex int) (func() error, error)) error {