Skip to content

Commit

Permalink
Merge pull request #76 from smlx/macos-builds
Browse files Browse the repository at this point in the history
Re-enable macos builds
  • Loading branch information
smlx authored Oct 17, 2021
2 parents 1f674c4 + 17c491b commit 436de7f
Show file tree
Hide file tree
Showing 11 changed files with 102 additions and 6 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ jobs:
matrix:
os:
- ubuntu-latest
- macos-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
Expand Down
13 changes: 13 additions & 0 deletions .goreleaser.macos-latest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
archives:
- files:
- deploy/*
- LICENSE
- README.md
builds:
- dir: cmd/piv-agent
goos:
- darwin
goarch:
- amd64
checksum:
name_template: "{{ .ProjectName }}_{{ .Version }}_darwin_checksums.txt"
6 changes: 3 additions & 3 deletions cmd/piv-agent/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ import (
"path/filepath"
"time"

"github.com/coreos/go-systemd/activation"
"github.com/smlx/piv-agent/internal/keyservice/piv"
"github.com/smlx/piv-agent/internal/pinentry"
"github.com/smlx/piv-agent/internal/server"
"github.com/smlx/piv-agent/internal/sockets"
"github.com/smlx/piv-agent/internal/ssh"
"go.uber.org/zap"
"golang.org/x/sync/errgroup"
Expand Down Expand Up @@ -50,8 +50,8 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error {
log.Info("startup", zap.String("version", version),
zap.String("build date", date))
p := piv.New(log)
// use systemd socket activation
ls, err := activation.Listeners()
// use FDs passed via socket activation
ls, err := sockets.Get(validAgents)
if err != nil {
return fmt.Errorf("cannot retrieve listeners: %w", err)
}
Expand Down
26 changes: 26 additions & 0 deletions deploy/launchd/com.github.smlx.piv-agent.plist
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.github.smlx.piv-agent</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/piv-agent</string>
<string>serve</string>
</array>
<key>Sockets</key>
<dict>
<key>ssh</key>
<dict>
<key>SecureSocketWithKey</key>
<string>SSH_AUTH_SOCK</string>
</dict>
<key>gpg</key>
<dict>
<key>SockPathName</key>
<string>/Users/ExampleUserName/.gnupg/S.gpg-agent</string>
</dict>
</dict>
</dict>
</plist>
File renamed without changes.
File renamed without changes.
12 changes: 9 additions & 3 deletions docs/content/en/docs/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,26 @@ sudo apt install libpcsclite1

## Install piv-agent

### Linux

Download the latest [release](https://github.com/smlx/piv-agent/releases), and extract it to a temporary location.
Copy the `piv-agent` binary into your `$PATH`, and the `systemd` unit files to the correct location:

```
sudo cp piv-agent /usr/local/bin/
cp deploy/piv-agent.{socket,service} ~/.config/systemd/user/
cp deploy/systemd/piv-agent.{socket,service} ~/.config/systemd/user/
systemctl --user daemon-reload
```

### macOS

Similarly to Linux, copy `piv-agent` to `/usr/local/bin/`, edit the `.plist` file with the correct home directory, and drop it in `~/Library/LaunchAgents`.

### Socket activation

`piv-agent` relies on [socket activation](https://0pointer.de/blog/projects/socket-activated-containers.html), and is currently only tested with `systemd`.
It doesn't listen to any sockets directly, and instead requires the init system to pass file descriptors to the `piv-agent` process after it is running.
This requirement makes it possible to exit the process when not in use.

`ssh-agent` and `gpg-agent` functionality are enabled by default in `piv-agent.service` and `piv-agent.socket`.
The index of the sockets listed in `piv-agent.socket` are indicated by the arguments to `--agent-types`.
`ssh-agent` and `gpg-agent` functionality are enabled by default in the systemd and launchd configuration files.
On Linux, index of the sockets listed in `piv-agent.socket` are indicated by the arguments to `--agent-types`.
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ require (
github.com/golang/mock v1.6.0
github.com/gopasspw/gopass v1.10.2-0.20201105185611-36c5888f3a49
github.com/smlx/fsm v0.2.0
github.com/x13a/go-launch v0.0.0-20210715084817-fd409384939b
go.uber.org/zap v1.19.1
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/tadvi/systray v0.0.0-20190226123456-11a2b8fa57af h1:6yITBqGTE2lEeTPG04SN9W+iWHCRyHqlVYILiSXziwk=
github.com/tadvi/systray v0.0.0-20190226123456-11a2b8fa57af/go.mod h1:4F09kP5F+am0jAwlQLddpoMDM+iewkxxt6nxUQ5nq5o=
github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
github.com/x13a/go-launch v0.0.0-20210715084817-fd409384939b h1:rpNT9cyxH8nsCM8htO1SLhrehyt74GFczE9s/O6WkfE=
github.com/x13a/go-launch v0.0.0-20210715084817-fd409384939b/go.mod h1:kfVYr1hMcmOVxZt+2kFzCXf/YRX9Cz+F1QkijZQMaMM=
github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
github.com/xrash/smetrics v0.0.0-20200730060457-89a2a8a1fb0b/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
Expand Down
34 changes: 34 additions & 0 deletions internal/sockets/get_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package sockets

import (
"fmt"
"net"
"os"

"github.com/x13a/go-launch"
)

// Get returns the sockets passed to the process from launchd socket
// activation.
func Get(names []string) ([]net.Listener, error) {
var listeners []net.Listener
// get the FDs
for _, name := range names {
nameFDs, err := launch.ActivateSocket(name)
if err != nil {
return nil, err
}
for _, fd := range nameFDs {
f := os.NewFile(uintptr(fd), name)
if f == nil {
return nil, fmt.Errorf("couldn't create file from FD")
}
l, err := net.FileListener(f)
if err != nil {
return nil, err
}
listeners = append(listeners, l)
}
}
return listeners, nil
}
13 changes: 13 additions & 0 deletions internal/sockets/get_linux.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package sockets

import (
"net"

"github.com/coreos/go-systemd/activation"
)

// Get returns the sockets passed to the process from systemd socket
// activation.
func Get(_ []string) ([]net.Listener, error) {
return activation.Listeners()
}

0 comments on commit 436de7f

Please sign in to comment.