diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1ae5299 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + cooldown: # applies only to version-updates (not security-updates) + default-days: 7 + semver-minor-days: 14 # wait 14 days before applying minor updates + semver-major-days: 28 + - package-ecosystem: gomod + directory: / + schedule: + interval: weekly + cooldown: + default-days: 7 + semver-minor-days: 14 + semver-major-days: 28 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cfa83a5..6a87de6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,15 +8,24 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - os: ubuntu-latest + arch: amd64 + - os: ubuntu-24.04-arm + arch: arm64 steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + fetch-depth: '1' - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: - go-version: "1.24.1" - check-latest: true + go-version: "stable" - name: Install dependencies run: go mod download @@ -25,7 +34,7 @@ jobs: run: go build -v -o landrun ./cmd/landrun/main.go - name: Upload binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: - name: landrun-linux-amd64 + name: landrun-linux-${{ matrix.arch }} path: ./landrun diff --git a/.github/workflows/go-compatibility.yml b/.github/workflows/go-compatibility.yml index b73df33..63abf1e 100644 --- a/.github/workflows/go-compatibility.yml +++ b/.github/workflows/go-compatibility.yml @@ -4,16 +4,20 @@ on: [push, pull_request] jobs: build: - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} strategy: matrix: - go: ["1.18", "1.20", "1.22", "1.24"] + go: ["1.22", "1.24", "stable"] + os: [ubuntu-latest, ubuntu-24.04-arm] name: Go ${{ matrix.go }} build steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + fetch-depth: '1' - name: Set up Go ${{ matrix.go }} - uses: actions/setup-go@v4 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: ${{ matrix.go }} diff --git a/cmd/landrun/main.go b/cmd/landrun/main.go index ac64dd3..f1bb926 100644 --- a/cmd/landrun/main.go +++ b/cmd/landrun/main.go @@ -5,18 +5,20 @@ import ( osexec "os/exec" "strings" - "github.com/urfave/cli/v2" + "github.com/urfave/cli/v3" "github.com/zouuup/landrun/internal/elfdeps" "github.com/zouuup/landrun/internal/exec" "github.com/zouuup/landrun/internal/log" "github.com/zouuup/landrun/internal/sandbox" + + "context" ) // Version is the current version of landrun const Version = "0.1.15" func main() { - app := &cli.App{ + app := &cli.Command{ Name: "landrun", Usage: "Run a command in a Landlock sandbox", Version: Version, @@ -25,7 +27,7 @@ func main() { Name: "log-level", Usage: "Set logging level (error, info, debug)", Value: "error", - EnvVars: []string{"LANDRUN_LOG_LEVEL"}, + Sources: cli.EnvVars("LANDRUN_LOG_LEVEL"), }, &cli.StringSliceFlag{ Name: "ro", @@ -61,7 +63,6 @@ func main() { &cli.StringSliceFlag{ Name: "env", Usage: "Environment variables to pass to the sandboxed command (KEY=VALUE or just KEY to pass current value)", - Value: cli.NewStringSlice(), }, &cli.BoolFlag{ Name: "unrestricted-filesystem", @@ -84,11 +85,11 @@ func main() { Value: false, }, }, - Before: func(c *cli.Context) error { + Before: func(ctx context.Context, c *cli.Command) (context.Context, error) { log.SetLevel(c.String("log-level")) - return nil + return nil, nil }, - Action: func(c *cli.Context) error { + Action: func(ctx context.Context, c *cli.Command) error { args := c.Args().Slice() if len(args) == 0 { log.Fatal("Missing command to run") @@ -151,7 +152,7 @@ func main() { }, } - if err := app.Run(os.Args); err != nil { + if err := app.Run(context.Background(), os.Args); err != nil { log.Fatal("%v", err) } } diff --git a/go.mod b/go.mod index 1b1578d..86b6e9d 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,13 @@ module github.com/zouuup/landrun -go 1.18 +go 1.22 require ( - github.com/landlock-lsm/go-landlock v0.0.0-20250303204525-1544bccde3a3 - github.com/urfave/cli/v2 v2.27.6 + github.com/landlock-lsm/go-landlock v0.0.0-20251103212306-430f8e5cd97c + github.com/urfave/cli/v3 v3.6.2 ) require ( - github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect - github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect golang.org/x/sys v0.26.0 // indirect - kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 // indirect + kernel.org/pub/linux/libs/security/libcap/psx v1.2.77 // indirect ) diff --git a/go.sum b/go.sum index 23a1ee8..0dc98a8 100644 --- a/go.sum +++ b/go.sum @@ -1,14 +1,16 @@ -github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= -github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/landlock-lsm/go-landlock v0.0.0-20250303204525-1544bccde3a3 h1:zcMi8R8vP0WrrXlFMNUBpDy/ydo3sTnCcUPowq1XmSc= -github.com/landlock-lsm/go-landlock v0.0.0-20250303204525-1544bccde3a3/go.mod h1:RSub3ourNF8Hf+swvw49Catm3s7HVf4hzdFxDUnEzdA= -github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/urfave/cli/v2 v2.27.6 h1:VdRdS98FNhKZ8/Az8B7MTyGQmpIr36O1EHybx/LaZ4g= -github.com/urfave/cli/v2 v2.27.6/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= -github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= -github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/landlock-lsm/go-landlock v0.0.0-20251103212306-430f8e5cd97c h1:QcKqiunpt7hooa/xIx0iyepA6Cs2BgKexaYOxHvHNCs= +github.com/landlock-lsm/go-landlock v0.0.0-20251103212306-430f8e5cd97c/go.mod h1:stwyhp9tfeEy3A4bRJLdOEvjW/CetRJg/vcijNG8M5A= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/urfave/cli/v3 v3.6.2 h1:lQuqiPrZ1cIz8hz+HcrG0TNZFxU70dPZ3Yl+pSrH9A8= +github.com/urfave/cli/v3 v3.6.2/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso= golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 h1:HsB2G/rEQiYyo1bGoQqHZ/Bvd6x1rERQTNdPr1FyWjI= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.70/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.77 h1:Z06sMOzc0GNCwp6efaVrIrz4ywGJ1v+DP0pjVkOfDuA= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.77/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24=