Pull request 56: AGDNS-2244 Darwin service

Updates #2. Squashed commit of the following: commit f403747 Author: Eugene Burkov <[email protected]> Date: Mon Jun 24 19:46:31 2024 +0300 README: imp doc commit 1c15e76 Author: Eugene Burkov <[email protected]> Date: Mon Jun 24 17:11:40 2024 +0300 all: imp code commit 8fcfd5e Author: Eugene Burkov <[email protected]> Date: Mon Jun 24 16:45:59 2024 +0300 all: imp docs commit 40da1bc Author: Eugene Burkov <[email protected]> Date: Mon Jun 24 16:39:21 2024 +0300 all: imp docs commit ff804fd Author: Eugene Burkov <[email protected]> Date: Mon Jun 24 15:21:49 2024 +0300 all: require darwin service exec path
AdguardTeam · Jun 25, 2024 · da3b068 · da3b068
1 parent 97642d4
commit da3b068
Show file tree

Hide file tree

Showing 8 changed files with 83 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,12 @@ See also the [v0.0.2 GitHub milestone][ms-v0.0.2].
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
+### Changed
+
+- Path to the executable is now validated when the application installs itself as a `launchd` service on macOS ([#2]).
+
+[#2]: https://github.com/AdguardTeam/AdGuardDNSClient/issues/2
+
 <!--
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->

diff --git a/README.md b/README.md
@@ -38,6 +38,9 @@ Supported CPU architectures:
 
 1. Download and unpack the `.tar.gz` or `.zip` archive from the [releases page][releases].
 
+    > [!WARNING]
+    > On macOS, it's crucial that globally installed daemons are owned by `root` (see the [`launchd` documentation][launchd-requirements]), so the `AdGuardDNSClient` executable must be placed in the `/Applications/` directory or its subdirectory.
+
 2. Install it as a service by running:
 
     ```sh
@@ -58,6 +61,7 @@ To check that it works, use any DNS checking utility. For example, using `nslook
 nslookup -debug 'www.example.com' '127.0.0.1'
 ```
 
+[launchd-requirements]: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
 [releases]: https://github.com/AdguardTeam/AdGuardDNSClient/releases
 
 ### <a href="#start-basic-win" id="start-basic-win" name="start-basic-win">Windows</a>

diff --git a/internal/agdcos/service.go b/internal/agdcos/service.go
@@ -0,0 +1,9 @@
+// Package agdcos contains utilities for functions requiring system calls and
+// other OS-specific APIs.
+package agdcos
+
+// ValidateExecPath returns an error if the path to the executable is not valid
+// for the current platform.
+func ValidateExecPath(execPath string) (err error) {
+	return validateExecPath(execPath)
+}
diff --git a/internal/agdcos/service_darwin.go b/internal/agdcos/service_darwin.go
@@ -0,0 +1,38 @@
+//go:build darwin
+
+package agdcos
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/AdguardTeam/golibs/errors"
+)
+
+// errBadExecPath is returned when the executable is installed into an invalid
+// location.
+const errBadExecPath errors.Error = "bad executable path for service"
+
+// validateExecPath returns an error if execPath is not a valid executable's
+// location, i.e. is not within the /Applications directory.
+//
+// TODO(e.burkov):  Consider allowing the executable to be installed in other
+// directories owned by root.
+func validateExecPath(execPath string) (err error) {
+	execPath, err = filepath.EvalSymlinks(execPath)
+	if err != nil {
+		return fmt.Errorf("evaluating executable path symlinks: %v", err)
+	}
+
+	execPath, err = filepath.Abs(execPath)
+	if err != nil {
+		return fmt.Errorf("getting absolute path of %q: %v", execPath, err)
+	}
+
+	if !strings.HasPrefix(execPath, "/Applications/") {
+		return errBadExecPath
+	}
+
+	return nil
+}
diff --git a/internal/agdcos/service_others.go b/internal/agdcos/service_others.go
@@ -0,0 +1,8 @@
+//go:build !darwin
+
+package agdcos
+
+// validateExecPath is a no-op on non-Darwin platforms.
+func validateExecPath(_ string) (err error) {
+	return nil
+}
diff --git a/internal/cmd/cmd.go b/internal/cmd/cmd.go
@@ -14,7 +14,7 @@ import (
 	osservice "github.com/kardianos/service"
 )
 
-// Main is the entrypoint of AdGuardDNSClient.  Main may accept arguments, such
+// Main is the entrypoint of AdGuardDNS Client.  Main may accept arguments, such
 // as embedded assets and command-line arguments.
 func Main() {
 	// TODO(a.garipov):  Use for start cancelation.

diff --git a/internal/cmd/config.go b/internal/cmd/config.go
@@ -5,6 +5,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/AdguardTeam/AdGuardDNSClient/internal/agdcos"
 	"github.com/AdguardTeam/golibs/errors"
 	"gopkg.in/yaml.v3"
 )
@@ -32,27 +33,27 @@ type configuration struct {
 // TODO(e.burkov):  Make configurable via flags or environment.
 const defaultConfigPath = "config.yaml"
 
-// configPath return the default path to the configuration file.  It assumes
+// absolutePaths return the default path to the configuration file.  It assumes
 // that the configuration file is located in the same directory as the
 // executable.
-func configPath() (confPath string, err error) {
-	execPath, err := os.Executable()
+func absolutePaths() (execPath, confPath string, err error) {
+	execPath, err = os.Executable()
 	if err != nil {
-		return "", fmt.Errorf("getting executable path: %w", err)
+		return "", "", fmt.Errorf("getting executable path: %w", err)
 	}
 
 	absExecPath, err := filepath.Abs(execPath)
 	if err != nil {
-		return "", fmt.Errorf("getting absolute path of %q: %w", execPath, err)
+		return "", "", fmt.Errorf("getting absolute path of %q: %w", execPath, err)
 	}
 
-	return filepath.Join(filepath.Dir(absExecPath), defaultConfigPath), nil
+	return absExecPath, filepath.Join(filepath.Dir(absExecPath), defaultConfigPath), nil
 }
 
 // handleServiceConfig returns the service configuration based on the specified
 // [serviceAction].
 func handleServiceConfig(action serviceAction) (conf *configuration, err error) {
-	confPath, err := configPath()
+	execPath, confPath, err := absolutePaths()
 	if err != nil {
 		// Don't wrap the error since it's informative enough as is.
 		return nil, err
@@ -72,6 +73,14 @@ func handleServiceConfig(action serviceAction) (conf *configuration, err error)
 			return nil, err
 		}
 	case serviceActionInstall:
+		err = agdcos.ValidateExecPath(execPath)
+		if err != nil {
+			_, _ = fmt.Fprintln(os.Stderr, "service executable must be located in the /Applications/ directory or its subdirectories")
+
+			// Don't wrap the error since it's informative enough as is.
+			return nil, err
+		}
+
 		err = writeDefaultConfig(confPath)
 		if err != nil {
 			// Don't wrap the error since it's informative enough as is.

diff --git a/scripts/make/go-lint.sh b/scripts/make/go-lint.sh
@@ -103,6 +103,7 @@ underscores() {
 			-e '_test.go'\
 			-e '_unix.go'\
 			-e '_windows.go'\
+			-e '_others.go'\
 			-v\
 			| sed -e 's/./\t\0/'
 	)"