mirror of
https://github.com/ddworken/hishtory.git
synced 2025-01-23 06:38:52 +01:00
Support a TMPDIR variable in case /tmp/ is mounted noexec
This commit is contained in:
parent
d0ce6efb32
commit
846f256fa4
@ -26,12 +26,15 @@ else:
|
||||
|
||||
with urllib.request.urlopen(download_url) as response:
|
||||
hishtory_binary = response.read()
|
||||
if os.path.exists('/tmp/hishtory-client'):
|
||||
os.remove('/tmp/hishtory-client')
|
||||
with open('/tmp/hishtory-client', 'wb') as f:
|
||||
|
||||
tmpdir = os.environ.get('TMPDIR', '') or '/tmp/'
|
||||
tmpFilePath = tmpdir+'hishtory-client'
|
||||
if os.path.exists(tmpFilePath):
|
||||
os.remove(tmpFilePath)
|
||||
with open(tmpFilePath, 'wb') as f:
|
||||
f.write(hishtory_binary)
|
||||
os.system('chmod +x /tmp/hishtory-client')
|
||||
exitCode = os.system('/tmp/hishtory-client install')
|
||||
os.system('chmod +x ' + tmpFilePath)
|
||||
exitCode = os.system(tmpFilePath + ' install')
|
||||
if exitCode != 0:
|
||||
raise Exception("failed to install downloaded hishtory client via `/tmp/hishtory-client install`!")
|
||||
raise Exception("failed to install downloaded hishtory client via `" + tmpFilePath +" install` (is that directory mounted noexec? Consider setting an alternate directory via the TMPDIR environment variable)!")
|
||||
print('Succesfully installed hishtory! Open a new terminal, try running a command, and then running `hishtory query`.')
|
||||
|
@ -922,6 +922,14 @@ func GetDownloadData() (shared.UpdateInfo, error) {
|
||||
return downloadData, nil
|
||||
}
|
||||
|
||||
func getTmpClientPath() string {
|
||||
tmpDir := "/tmp/"
|
||||
if os.Getenv("TMPDIR") != "" {
|
||||
tmpDir = os.Getenv("TMPDIR")
|
||||
}
|
||||
return path.Join(tmpDir, "hishtory-client")
|
||||
}
|
||||
|
||||
func Update(ctx *context.Context) error {
|
||||
// Download the binary
|
||||
downloadData, err := GetDownloadData()
|
||||
@ -940,9 +948,9 @@ func Update(ctx *context.Context) error {
|
||||
// Verify the SLSA attestation
|
||||
var slsaError error
|
||||
if runtime.GOOS == "darwin" {
|
||||
slsaError = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData)
|
||||
slsaError = verifyBinaryMac(ctx, getTmpClientPath(), downloadData)
|
||||
} else {
|
||||
slsaError = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
|
||||
slsaError = verifyBinary(ctx, getTmpClientPath(), getTmpClientPath()+".intoto.jsonl", downloadData.Version)
|
||||
}
|
||||
if slsaError != nil {
|
||||
err = handleSlsaFailure(slsaError)
|
||||
@ -961,7 +969,7 @@ func Update(ctx *context.Context) error {
|
||||
}
|
||||
|
||||
// Install the new one
|
||||
cmd := exec.Command("chmod", "+x", "/tmp/hishtory-client")
|
||||
cmd := exec.Command("chmod", "+x", getTmpClientPath())
|
||||
var stdout bytes.Buffer
|
||||
cmd.Stdout = &stdout
|
||||
var stderr bytes.Buffer
|
||||
@ -970,13 +978,13 @@ func Update(ctx *context.Context) error {
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to chmod +x the update (stdout=%#v, stderr=%#v): %v", stdout.String(), stderr.String(), err)
|
||||
}
|
||||
cmd = exec.Command("/tmp/hishtory-client", "install")
|
||||
cmd = exec.Command(getTmpClientPath(), "install")
|
||||
cmd.Stdout = os.Stdout
|
||||
stderr = bytes.Buffer{}
|
||||
cmd.Stdin = os.Stdin
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to install update (stderr=%#v): %v", stderr.String(), err)
|
||||
return fmt.Errorf("failed to install update (stderr=%#v), is %s in a noexec directory? (if so, set the TMPDIR environment variable): %v", stderr.String(), getTmpClientPath(), err)
|
||||
}
|
||||
fmt.Printf("Successfully updated hishtory from v0.%s to %s\n", Version, downloadData.Version)
|
||||
return nil
|
||||
@ -1024,7 +1032,7 @@ func verifyBinaryMac(ctx *context.Context, binaryPath string, downloadData share
|
||||
}
|
||||
|
||||
// Step 4: Use SLSA to verify the unsigned binary
|
||||
return verifyBinary(ctx, unsignedBinaryPath, "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
|
||||
return verifyBinary(ctx, unsignedBinaryPath, getTmpClientPath()+".intoto.jsonl", downloadData.Version)
|
||||
}
|
||||
|
||||
func assertIdenticalBinaries(bin1Path, bin2Path string) error {
|
||||
@ -1089,11 +1097,11 @@ func downloadFiles(updateInfo shared.UpdateInfo) error {
|
||||
} else {
|
||||
return fmt.Errorf("no update info found for GOOS=%s, GOARCH=%s", runtime.GOOS, runtime.GOARCH)
|
||||
}
|
||||
err := downloadFile("/tmp/hishtory-client", clientUrl)
|
||||
err := downloadFile(getTmpClientPath(), clientUrl)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = downloadFile("/tmp/hishtory-client.intoto.jsonl", clientProvenanceUrl)
|
||||
err = downloadFile(getTmpClientPath()+".intoto.jsonl", clientProvenanceUrl)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user