LeChatP · LeChatP · Aug 30, 2023 · Jul 29, 2023 · Aug 20, 2023 · Aug 21, 2023
diff --git a/.cargo/config.toml b/.cargo/config.toml
@@ -0,0 +1,2 @@
+[alias]
+xtask = "run --package xtask --"
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -0,0 +1,32 @@
+name: Audit
+
+on:
+  push:
+    paths: 
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+
+  rust-quality-gate:
+    name: Rust Quality Gate
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
+        with:
+          profile: minimal
+          toolchain: stable
+          components: clippy
+          override: true
+
+      - name: Cargo audit
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,52 +10,15 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    env:
-      DOCKER: 1
     steps:
-    - uses: actions/checkout@v2
-
+    - uses: actions/checkout@v3
     - name: Update version
       run: sudo apt-get update
     - name: Install Dependencies
-      run: sudo ./configure.sh -yd
-    - name: Configure PAM
       run: |
-        sudo bash -c 'echo "#%PAM-1.0
-        auth    [success=1 default=ignore]  pam_permit.so
-        auth    requisite                   pam_permit.so
-        auth    required                    pam_permit.so
-        account [success=1 default=ignore]  pam_permit.so
-        account requisite                   pam_permit.so
-        account required                    pam_permit.so
-        session [success=1 default=ignore]  pam_permit.so
-        session requisite                   pam_permit.so
-        session required                    pam_permit.so" | tee /etc/pam.d/sr'
-    - name: Build Project
-      run: sudo -E make -e install
-    - name: Run Project
-      run: sr -h
-    - name: Print capabilities with sr
-      run: sr cat /proc/self/status
-  rust-build:
-    runs-on: ubuntu-latest
-    env:
-      working-directory: "role-manager"
-    steps:
-    - uses: actions/checkout@v2
-    - name: Install Rust
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-        override: true
-    - name: rustup update
-      run: rustup update
-    - name: cargo version
-      run: cargo version
-    - name: Update version
-      run: sudo apt-get update
-    - name: Install Dependencies
-      run: sudo ./configure.sh -yd
+        sudo ./configure.sh -yd
+        sudo cp /root/.cargo/bin/bpf-linker /usr/bin/
+        echo "/home/runner/.cargo/bin" >> $GITHUB_PATH
     - name: Configure PAM
       run: |
         sudo bash -c 'echo "#%PAM-1.0
@@ -68,24 +31,15 @@ jobs:
         session [success=1 default=ignore]  pam_permit.so
         session requisite                   pam_permit.so
         session required                    pam_permit.so" | tee /etc/pam.d/sr'
-    - name: Install sr tool
-      run: sudo -E make -e install
-      env:
-        DEBUG: 1
     - name: Add read access on config on rootasrole... Because Github Actions...
       run: sudo chmod a+r /etc/security/rootasrole.xml
     - name: print config
-      run: |
-        sr cat /etc/security/rootasrole.xml
+      run: cat /etc/security/rootasrole.xml
     - name: getenv
       run: env
-    - name: sr getenv
-      run: sr env
-    - name: Print capabilities with sr
-      run: sr cat /proc/self/status
-    - name: Build Project
-      run: cargo build --release
-      working-directory: ${{ env.working-directory }}
-    - name: Run Project
-      run: cargo run --release -- -h
-      working-directory: ${{ env.working-directory }}
+    - name: Install Project
+      run: sudo -E make -e install
+    - name: Run Sr
+      run: /usr/bin/sr -h
+    - name: Run Chsr
+      run: /usr/bin/chsr -h
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -21,116 +21,34 @@ on:
     branches:
       - 'main'
 
-permissions:
-  contents: read
-
 jobs:
-  codacy-security-scan:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status 
-    name: Codacy Security Scan
-    runs-on: ubuntu-latest
-    steps:
-      # Checkout the repository to the GitHub Actions runner
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
-      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
-        with:
-          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
-          # You can also omit the token and run the tools that support default configurations
-          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
-          verbose: true
-          output: results.sarif
-          format: sarif
-          # Adjust severity of non-security issues
-          gh-code-scanning-compat: true
-          # Force 0 exit code to allow SARIF file generation
-          # This will handover control about PR rejection to the GitHub side
-          max-allowed-issues: 2147483647
 
-      # Upload the SARIF file generated in the previous step
-      - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: results.sarif
   rust-quality-gate:
     name: Rust Quality Gate
-    env:
-      working-directory: "role-manager"
     runs-on: ubuntu-latest
+    permissions: write-all
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Install Rust
-        uses: actions-rs/toolchain@v1
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
         with:
+          profile: minimal
           toolchain: stable
+          components: clippy
           override: true
 
-      - name: Build code
-        run: cargo build --all --release
-        working-directory: ${{ env.working-directory }}
-
-      - name: Install required cargo
-        run: cargo install clippy-sarif sarif-fmt
-
-      - name: Run rust-clippy
-        run:
-          cargo clippy
-          --all-features
-          --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
-        continue-on-error: true
-        working-directory: ${{ env.working-directory }}
-
-      - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: ${{ env.working-directory }}/rust-clippy-results.sarif
-          wait-for-processing: true
+      - name: Install Dependencies
+        run: sudo ./configure.sh -yd
 
-  rust-format:
-    name: Rust Formatting Gate
-    env:
-      working-directory: "role-manager"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Install Rust
-        uses: actions-rs/toolchain@v1
+      # if pull request review only
+      - uses: mbrobbel/rustfmt-check@master
         with:
-          toolchain: stable
-          override: true
-      - name: Build code
-        run: cargo build --all --release
-        working-directory: ${{ env.working-directory }}
-      - name: Format code with Rustfmt
-        run: cargo fmt --all -- --check
-        working-directory: ${{ env.working-directory }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+        continue-on-error: true #TODO: remove this line when rustfmt-check is fixed
 
-  rust-security:
-    name: Rust Security Gate
-    env:
-      working-directory: "role-manager"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Install Rust
-        uses: actions-rs/toolchain@v1
+      - uses: actions-rs/clippy-check@v1
         with:
-          toolchain: stable
-          override: true
-
-      - name: Cargo audit
-        run: cargo audit --json | tee cargo-audit.json
-        working-directory: ${{ env.working-directory }}
-        id: cargo-audit
+          token: ${{ secrets.GITHUB_TOKEN }}
+          args: --all-features
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -9,36 +9,8 @@ on:
       - 'main'
 
 jobs:
-  criterion:
-    runs-on: ubuntu-latest
-
-    env:
-      TEST: 1
-      DEBUG: 1
-      COV: 1
-
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Update version
-      run: sudo apt-get update
-    - name: Install Dependencies
-      run: sudo -E ./configure.sh
-    - name: Build Unit Tests
-      run: make -e build_unit_test
-    - name: Run Unit Tests
-      run: ./bin/unit_test
-    - name: Upload coverage reports to Codecov
-      uses: codecov/codecov-action@v3
-      env: 
-        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      with:
-        gcov: true
   rust-coverage:
     runs-on: ubuntu-latest
-    needs: criterion # cannot upload concurrenlty to codecov
-    env:
-      working-directory: role-manager
     steps:
     - name: Checkout code
       uses: actions/checkout@v2
@@ -47,37 +19,31 @@ jobs:
       uses: actions-rs/toolchain@v1
       with:
         toolchain: stable
+        components: llvm-tools-preview
         override: true
 
     - name: Install grcov
-      working-directory: ${{ env.working-directory }}
       run: cargo install grcov
 
-    - name: Install llvm-tools-preview
-      working-directory: ${{ env.working-directory }}
-      run: rustup component add llvm-tools-preview
-
-    - name: Build project for generating version.rs
-      working-directory: ${{ env.working-directory }}
-      run: cargo build
+    - name: Install Dependencies
+      run: sudo ./configure.sh -yd
 
     - name: run tests with coverage
-      working-directory: ${{ env.working-directory }}
       run: cargo test
       env: 
+        RUST_LOG: debug
         CARGO_INCREMENTAL: 0
         RUSTFLAGS: '-Cinstrument-coverage'
         LLVM_PROFILE_FILE: 'cargo-test-%p-%m.profraw'
       continue-on-error: true
 
     - name: generate report
-      working-directory: ${{ env.working-directory }}
-      run: grcov . --binary-path ./target/debug/deps/ -s . -t lcov --branch --ignore-not-existing --ignore '../*' --ignore "/*" -o target/debug/role-manager.lcov
+      run: grcov . --binary-path ./target/debug/deps/ -s . -t lcov --branch --ignore-not-existing --ignore '../*' --ignore "/*" -o target/debug/rootasrole.lcov
 
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@v3
       env: 
         CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       with:
-        file: role-manager/target/debug/role-manager.lcov
+        file: target/debug/rootasrole.lcov
         flags: unittests
diff --git a/.gitignore b/.gitignore
@@ -43,6 +43,7 @@
 *.su
 *.idb
 *.pdb
+*.sarif
 
 # Kernel Module Compile Results
 *.mod*
@@ -60,7 +61,7 @@ bin/
 # Hidden folders (for Linux IDE)
 /.idea/
 *target/
-version.rs
+*/src/xml_version.rs
 
 # Rust crates
 Cargo.lock
diff --git a/.vscode/gdb_root.sh b/.vscode/gdb_root.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+SELF_PATH=$(realpath -s "$0")
+
+if [[ "$SUDO_ASKPASS" = "$SELF_PATH" ]]; then
+    zenity --password --title="$1"
+else
+    exec env SUDO_ASKPASS="$SELF_PATH" sudo -A /usr/bin/gdb $@
+fi