Add podman config

.gitignore

@@ -1,5 +1,6 @@
 node_modules
 .env
+.killignore
 .tmp
 test/*.out
 phpmyadmin

.killignore.test

@@ -0,0 +1,11 @@
+root
+bridge
+do-agent
+dbus
+earlyoom
+mysql
+named
+nobody
+postgres
+polkitd
+rpc

app.js

@@ -1 +1,6 @@
+import { dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+process.chdir(__dirname);
+
 import './src/index.js';

package.json

@@ -1,6 +1,6 @@
 {
   "name": "domcloud-bridge",
-  "version": "0.36.0",
+  "version": "0.37.0",
   "description": "Deployment runner for DOM Cloud",
   "main": "app.js",
   "engines": {

src/controllers/runner.js

@@ -9,7 +9,6 @@ import {
     PassThrough
 } from 'stream';
 import {
-    execSync,
     spawn
 } from 'child_process';
 import path from 'path';

src/executor/podman.js

@@ -0,0 +1,67 @@
+import {
+    cat,
+    executeLock,
+    spawnSudoUtil,
+    writeTo
+} from '../util.js';
+import { writeFile } from 'fs/promises';
+
+const killIgnoreFile = '.killignore'
+
+class PodmanExecutor {
+    constructor() {
+    }
+    /**
+     * @param {string} user
+     */
+    checkPodmanEnabled(user) {
+        try {
+            return cat(killIgnoreFile).split('\n').includes(user);
+        } catch (err) {
+            if (err.code === 'ENOENT') {
+                writeTo(killIgnoreFile, "root\n");
+            } else {
+                throw err;
+            }
+            return false;
+        }
+    }
+    /**
+     * @param {string} user
+     */
+    async enablePodman(user) {
+        if (this.checkPodmanEnabled(user)) {
+            return "Done unchanged";
+        }
+        return await executeLock('podman', async () => {
+            const content = cat(killIgnoreFile).trim() + `\n${user}\n`;
+            await writeFile(killIgnoreFile, content, {
+                encoding: 'utf-8'
+            });
+            await spawnSudoUtil("SHELL_SUDO", ["root",
+                "usermod", "--add-subuids", "100000-165535",
+                "--add-subgids", "100000-165535", user]);
+            return "Updated for podman";
+        });
+    }
+    /**
+     * @param {string} user
+     */
+    async disablePodman(user) {
+        if (!this.checkPodmanEnabled(user)) {
+            return "Done unchanged";
+        }
+        return await executeLock('podman', async () => {
+            var content = cat(killIgnoreFile).trim().split('\n').filter(x => x !== user);
+            await writeFile(killIgnoreFile, content.join("\n") + "\n", {
+                encoding: 'utf-8'
+            });
+            await spawnSudoUtil("SHELL_SUDO", ["root",
+                "usermod", "--del-subuids", "100000-165535",
+                "--del-subgids", "100000-165535", user]);
+            return "Updated for podman";
+        });
+    }
+}
+
+export const podmanExec = new PodmanExecutor();

src/util.js

@@ -6,9 +6,8 @@ import fs from 'fs';
 
 
 let tokenSecret, allowIps, sudoutil, version, revision;
-// PHP for <= 7.4 is around ~25% of the market share as of 2023
 // https://packagist.org/php-statistics
-let phpVersionsList = ['7.4'];
+let phpVersionsList = [];
 let rubyVersionsList = [];
 let pythonVersionsList = [];
 let javaVersionsList = [];
@@ -26,7 +25,7 @@ let javaVersionsMap = {};
 let sslWildcardsMap = {};
 const pythonConstants = {
     // https://raw.githubusercontent.com/indygreg/python-build-standalone/latest-release/latest-release.json
-    tag: "20230507",
+    tag: "20231002",
     // NOTE: x86_64_v3 requires AVX2 CPU support
     match: /cpython-(\d+\.\d+\.\d+)\+\d+-x86_64_v3-unknown-linux-gnu-pgo\+lto-full\.tar\.zst/g,
     index() {
@@ -49,31 +48,25 @@ export const initUtils = async () => {
         return a;
     }, {}) : null
     sudoutil = path.join(process.cwd(), '/sudoutil.js');
-    version = JSON.parse(fs.readFileSync(path.join(process.cwd(), '/package.json')).toString('utf-8')).version;
-    const rev = fs.readFileSync('.git/HEAD').toString().trim();
-    revision = rev.indexOf(':') === -1 ? rev : fs.readFileSync('.git/' + rev.substring(5)).toString().trim();
+    version = JSON.parse(cat('package.json')).version;
+    const rev = cat('.git/HEAD').trim();
+    revision = rev.indexOf(':') === -1 ? rev : cat('.git/' + rev.substring(5)).trim();
     revision = revision.substring(0, 7);
-    sslWildcardsMap = process.env.SSL_WILDCARDS ? process.env.SSL_WILDCARDS.split(',').reduce((a, b) => {
+    sslWildcardsMap = (process.env.SSL_WILDCARDS || '').split(',').reduce((a, b) => {
         var splits = b.split(':');
         if (splits.length == 2) {
             a[splits[0].toLowerCase()] = splits[1];
         }
         return a;
-    }, {}) : {};
-    await axios.get('https://www.php.net/releases/?json').then(res => {
-        Object.values(res.data).forEach(v => {
-            v.supported_versions.forEach((/** @type {string} */ ver) => {
-                if (!phpVersionsList.includes(ver)) {
-                    phpVersionsList.push(ver);
-                }
-            });
-        });
-        phpVersionsList = sortSemver(phpVersionsList).reverse();
-    }).catch(err => {
-        console.error('error fetching PHP releases', err);
-    });
+    }, {});
+    const phpPath = process.env.PHPFPM_REMILIST || '/etc/opt/remi/';
+    const phpFiles = fs.readdirSync(phpPath, { withFileTypes: true });
+    phpVersionsList = phpFiles
+        .filter(dirent => dirent.isDirectory())
+        .map(dirent => dirent.name.replace(/php(\d)(\d+)/, '$1.$2'))
+    phpVersionsList = sortSemver(phpVersionsList).reverse();
     // TODO: detect OS/arch?
-    await axios.get('https://rvm.io/binaries/centos/9/x86_64/').then(res => {
+    await axios.get('https://rvm_io.global.ssl.fastly.net/binaries/centos/9/x86_64/').then(res => {
         // @ts-ignore
         var matches = [...("" + res.data).matchAll(/href="ruby-([.\d]+).tar.bz2"/g)]
         for (const match of matches) {
@@ -535,8 +528,8 @@ export function splitLimit(/** @type {string} */ input,/** @type {string|RegExp}
  * @param {string[]} arr
  */
 export function sortSemver(arr) {
-    return arr.map(a => a.replace(/\d+/g, n => +n+100000+'')).sort()
-        .map(a => a.replace(/\d+/g, n => +n-100000+''));
+    return arr.map(a => a.replace(/\d+/g, n => +n + 100000 + '')).sort()
+        .map(a => a.replace(/\d+/g, n => +n - 100000 + ''));
 }
 
 /**

sudokill.js

@@ -4,6 +4,12 @@
 
 import shelljs from 'shelljs';
 import cli from 'cli'
+import { existsSync, readFileSync } from 'fs';
+import { dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
 const { exec } = shelljs;
 
 const opts = cli.parse({
@@ -27,6 +33,12 @@ const ignoreUsers = opts.ignore.split(',')
         return acc;
     }, {});
 
+if (existsSync(__dirname + '/.killignore')) {
+    Object.assign(ignoreUsers, readFileSync(__dirname + '/.killignore', {
+        encoding: 'utf-8'
+    }).split('\n').map(x => x.trim()).filter(x => x))
+}
+
 ignoreUsers.root = true;
 
 // process and filter output

tools-init.sh

@@ -17,7 +17,7 @@ else
     cd ..
 fi
 if [ ! -d "./phppgadmin" ]; then
-    git clone https://github.com/phpPgAdmin2/phpPgAdmin.git phppgadmin --filter=tree:0
+    git clone https://github.com/ReimuHakurei/phpPgAdmin.git phppgadmin --filter=tree:0
     cd ./phppgadmin
     cp conf/config.inc.php-dist conf/config.inc.php
     sed -i "s/['host'] = ''/['host'] = 'localhost'/" conf/config.inc.php