rc_twitch - twitch-go - twitch.tv web application in Go
(HTM) git clone git://git.codemadness.org/twitch-go
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
rc_twitch (1689B)
---
1 #!/bin/sh
2 # This sets up a chroot for a service.
3 # the service is priv-dropped.
4 # NOTE: depending on your service some build_chroot steps can be omitted.
5 #
6 # Some tips:
7 # - idealy setup a separate partition for services with mount options:
8 # nodev,nosuid,ro options.
9 # - pledge(2) the service program.
10 # - specific pf rules for service.
11 # - setup resource limits for service user.
12
13 chroot_daemon="/bin/twitch-go"
14 original_daemon="/usr/local/sbin/twitch-go"
15 chroot="/services/twitch"
16 user="_twitch"
17 group="_twitch"
18
19 # NOTE: GODEBUG=netdns=cgo to force system DNS resolver.
20 daemon="GODEBUG=netdns=cgo chroot -u ${user} -g ${group} $chroot ${chroot_daemon}"
21 daemon_flags="-t tcp4 -d /data -l 127.0.0.1:8081 -c twitch_clientid_here"
22
23 . /etc/rc.d/rc.subr
24
25 rc_reload=NO
26 rc_bg=YES
27
28 pexp="${chroot_daemon} .*"
29
30 build_chroot() {
31 # Locations of binaries and libraries.
32 mkdir -p "$chroot/etc" \
33 "$chroot/bin" \
34 "$chroot/dev" \
35 "$chroot/usr/lib" \
36 "$chroot/usr/libexec"
37
38 # Copy original daemon.
39 cp "$original_daemon" "$chroot/bin"
40
41 # Copy password and group information.
42 cp /etc/passwd /etc/resolv.conf "$chroot/etc"
43 grep "$group" "/etc/group" > "$chroot/etc/group"
44
45 # cert bundle.
46 mkdir -p "$chroot/etc/ssl"
47 cp /etc/ssl/cert.pem "$chroot/etc/ssl"
48
49 # copy shared core libraries.
50 cp /usr/lib/libpthread.so.* "$chroot/usr/lib"
51 cp /usr/lib/libc.so.* "$chroot/usr/lib"
52 cp /usr/libexec/ld.so "$chroot/usr/libexec"
53
54 # setup /dev
55 # NOTE: make sure mount in $chroot does not have "nodev" set.
56 test -e "$chroot/dev/urandom" || mknod -m 644 "$chroot/dev/urandom" c 45 2
57 test -e "$chroot/dev/null" || mknod -m 644 "$chroot/dev/null" c 2 2
58 }
59
60 rc_pre() {
61 build_chroot
62 }
63
64 rc_cmd $1
65
66