diff options
| author | Paul Buetow <git@mx.buetow.org> | 2020-12-29 08:34:04 +0000 |
|---|---|---|
| committer | Paul Buetow <git@mx.buetow.org> | 2020-12-29 08:34:04 +0000 |
| commit | 0099a7ab9e1d28300c69c3b50b4ebe1cde9a8cbc (patch) | |
| tree | c9f0dfa884927079de309b68c48224f4b0f00d0d | |
| parent | cab8f9f1e1576dbe42b6e88a5c9c3d14b00d9a37 (diff) | |
Make Linux ACL support optional, as it requires CGo and makes the binary less portable
| -rw-r--r-- | Makefile | 12 | ||||
| -rw-r--r-- | doc/installation.md | 20 | ||||
| -rw-r--r-- | doc/quickstart.md | 6 | ||||
| -rw-r--r-- | internal/io/fs/permissions/permission.go | 2 | ||||
| -rw-r--r-- | internal/io/fs/permissions/permission_linuxacl.c (renamed from internal/io/fs/permissions/permission_linux.c) | 4 | ||||
| -rw-r--r-- | internal/io/fs/permissions/permission_linuxacl.go (renamed from internal/io/fs/permissions/permission_linux.go) | 4 | ||||
| -rw-r--r-- | internal/io/fs/permissions/permission_linuxacl.h (renamed from internal/io/fs/permissions/permission_linux.h) | 2 | ||||
| -rw-r--r-- | internal/io/fs/permissions/permission_test.go | 2 |
8 files changed, 42 insertions, 10 deletions
@@ -1,13 +1,21 @@ GO ?= go all: test build build: +ifndef USE_ACL ${GO} build -o dserver ./cmd/dserver/main.go +else + ${GO} build -tags linuxacl -o dserver ./cmd/dserver/main.go +endif ${GO} build -o dcat ./cmd/dcat/main.go ${GO} build -o dgrep ./cmd/dgrep/main.go ${GO} build -o dmap ./cmd/dmap/main.go ${GO} build -o dtail ./cmd/dtail/main.go install: +ifndef USE_ACL ${GO} install ./cmd/dserver/main.go +else + ${GO} install -tags linuxacl ./cmd/dserver/main.go +endif ${GO} install ./cmd/dcat/main.go ${GO} install ./cmd/dgrep/main.go ${GO} install ./cmd/dmap/main.go @@ -28,4 +36,8 @@ lint: golint $$dir; \ done test: +ifndef USE_ACL ${GO} test ./... -v +else + ${GO} test -tags linuxacl ./... -v +endif diff --git a/doc/installation.md b/doc/installation.md index 6f946c4..6bf17b0 100644 --- a/doc/installation.md +++ b/doc/installation.md @@ -7,6 +7,26 @@ The following installation guide has been tested successfully on CentOS 7. You m Please check the [Quick Starting Guide](quickstart.md) for instructions how to compile DTail. It is recommended to automate the build process via your build pipeline (e.g. produce a deployable RPM via Jenkins). You don't have to use ``go get...`` to compile and install the binaries. You can also clone the repository and use ``make`` instead. +## Linux ACL support + +This is optional but it gives you better security. On Linux you have the option to compile `dserver` with File System Access Control List support. For that you need: + +### 1. Install the `libacl` development library. On RHEL, CentOS and Fedora it would be + +```console +% sudo dnf install libacl-devel -y +``` + +### 2. Enable ACL via a Go build flag + +Set the `USE_ACL` environment variable before invoking the make command. + +```console +% export USE_ACL=yes +``` + +Alternatively you could just add `-tags linuxacl` to the Go compiler. + # Install it It is recommended to automate all the installation process outlined here. You could use a configuration management system such as Puppet, Chef or Ansible. However, that relies heavily on how your infrastructure is managed and is out of scope of this documentation. diff --git a/doc/quickstart.md b/doc/quickstart.md index 6baedbb..f1ac000 100644 --- a/doc/quickstart.md +++ b/doc/quickstart.md @@ -7,12 +7,6 @@ This guide assumes that you know how to generate and configure a public/private # Install it -On Linux you need to install the libacl development library for file system ACL permission support in `dserver`. On RHEL, CentOS and Fedora it would be - -```console -% sudo dnf install libacl-devel -y -``` - To compile and install all DTail binaries directly from GitHub run: ```console diff --git a/internal/io/fs/permissions/permission.go b/internal/io/fs/permissions/permission.go index 0ed4f17..cc5dd9b 100644 --- a/internal/io/fs/permissions/permission.go +++ b/internal/io/fs/permissions/permission.go @@ -1,4 +1,4 @@ -// +build !linux +// +build !linuxacl package permissions diff --git a/internal/io/fs/permissions/permission_linux.c b/internal/io/fs/permissions/permission_linuxacl.c index cd10525..86b1185 100644 --- a/internal/io/fs/permissions/permission_linux.c +++ b/internal/io/fs/permissions/permission_linuxacl.c @@ -1,4 +1,6 @@ -#include "permission_linux.h" +// +build linuxacl + +#include "permission_linuxacl.h" #ifdef DEBUG void debug_print_checker(struct permission_checker *pc) { diff --git a/internal/io/fs/permissions/permission_linux.go b/internal/io/fs/permissions/permission_linuxacl.go index bbc039b..7d2d7ca 100644 --- a/internal/io/fs/permissions/permission_linux.go +++ b/internal/io/fs/permissions/permission_linuxacl.go @@ -1,7 +1,9 @@ +// +build linuxacl + package permissions /* -#include "permission_linux.h" +#include "permission_linuxacl.h" #cgo LDFLAGS: -L. -lacl */ import "C" diff --git a/internal/io/fs/permissions/permission_linux.h b/internal/io/fs/permissions/permission_linuxacl.h index a2c266e..52dadcf 100644 --- a/internal/io/fs/permissions/permission_linux.h +++ b/internal/io/fs/permissions/permission_linuxacl.h @@ -1,3 +1,5 @@ +// +build linuxacl + #ifndef PERMISSION_LINUX_H #define PERMISSION_LINUX_H diff --git a/internal/io/fs/permissions/permission_test.go b/internal/io/fs/permissions/permission_test.go index d415ac2..c0ef038 100644 --- a/internal/io/fs/permissions/permission_test.go +++ b/internal/io/fs/permissions/permission_test.go @@ -1,4 +1,4 @@ -// +build linux +// +build linuxacl package permissions |