-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(droproot): support non-Linux platforms #733
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #733 +/- ##
==========================================
- Coverage 88.49% 88.40% -0.09%
==========================================
Files 48 48
Lines 1990 1992 +2
==========================================
Hits 1761 1761
- Misses 208 210 +2
Partials 21 21
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Thanks! See #728 for the plan to include a build that does exactly what you suggested. Ideally, it should be a build tag. PS: any suggestion for the name of the alternative build that works for non-Linux (and apparently Linux containers)? |
Hah, that's serendipitous! I think the tag name of I think maybe a good start is calling it something similar to your suggestions or mine for a build tag, and having a blurb in the README mentioning that alternative operating systems should try using the $BUILDTAG instead? |
@skarekrow Yes, the two use cases differ, but they have the same solution. ;-) I want #728 to work for both reasons. Perhaps we can focus on portability and generality. I feel Or, maybe the original version should be called BTW, you should have run |
@favonia haha i just didn't commit that after I noticed, I did now :D I'm honestly not sure, maybe just calling it EDIT: If we decide to use |
The DDNS updater will try very hard to change process UID and GID if it was 0 (usually the root). However, I do feel |
Well not without the droproot stuff we'd be dropping is what I mean. I'm not sure if |
@skarekrow I have been thinking about that but it gave me the feeling of "no limit (cap)" instead of "not manipulating capabilities" 🤷 (I don't have a good idea, either.) |
How about |
For easier migration, I slightly prefer some UI warning the user that it is no longer taking |
What about |
@favonia don't worry, i haven't dropped. Just not a lot of time right now irl. I will say though, with a cursory glance at the go build flags, it doesn't seem like it will do what we want without making EDIT: Are you against me including a sample rc file for OpenBSD users to use as well? I got it working nicely in my setup, it's quite simple! |
No, but please open a new issue or a new PR for that. 🙂 |
This has a few prerequisites: - Creating a `_cloudflare_ddns` user - Add a `cloudflare_ddns` section to your `/etc/login.conf` (for env variables, this is noted in the accompanying `README` commit Relies on favonia#733
This has a few prerequisites: - Creating a `_cloudflare_ddns` user - Add a `cloudflare_ddns` section to your `/etc/login.conf` (for env variables, this is noted in the accompanying `README` commit Relies on favonia#733
7311cca
to
28e4da7
Compare
@favonia OK all working locally here! The build fails when the tag is not supplied, as expected. Ex:
|
I will say that I would prefer instead that we did this by OS, so if we ever need to extend specific support elsewhere. As in something like this:
Where we can then add a |
Sorry for the long radar silence. I couldn't meaningfully contribute to this project for months.
I like this idea! Maybe a combination of OS tags and PS: Theoretically the |
@skarekrow Do you agree with the suggested approach? If so, do you want to implement it now? If you agree but you are busy now, do you mind me hijacking this PR? |
@favonia Hijack away! |
This also likely allows other OS's besides Linux to use this, not tested by me however. Introduces a new build tag called `nocapdrop` that when supplied will use the no-op instead.
7449810
to
67c920c
Compare
@skarekrow Could you test if |
0502b2f
to
fe9f8bd
Compare
fe9f8bd
to
819ba3d
Compare
f54387a
to
618501a
Compare
Let me merge this first. :-) I need to test the Docker tagging. |
This has a few prerequisites: - Creating a `_cloudflare_ddns` user - Add a `cloudflare_ddns` section to your `/etc/login.conf` (for env variables, this is noted in the accompanying `README` commit Relies on favonia#733
Thanks for your work on this! Ideally I'd be having this run on my router (OpenBSD) as a standard user, which causes obvious failures since this relies on libcap for Linux :D
This PR is more a discussion point as I don't understand how to skip certain dependencies based on the
GOOS
received, but thought I'd show there's interest in running this outside of docker as an unprivileged user. I suspect since you can cross complie with many targets, this opens up the possibility of running on a lot of other UNIX-like systems (*BSD's come to mind)This compiles fine and runs great on an OpenBSD host with this one dependency dropped however!
Ran using: