diff --git a/.gitignore b/.gitignore index 3223cf5..5cb86a4 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,6 @@ result-* # Nix VM *.qcow2 + +# Packaging +/assets/completions/ diff --git a/Cargo.toml b/Cargo.toml index 5955609..aa2919f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -68,3 +68,47 @@ anyhow = "1.0.100" [dev-dependencies] regex = "1.12.2" + +[package.metadata.deb] +name = "mysqladm-rs" +priority = "optional" +section = "databases" +depends = "$auto" +license-file = ["LICENSE", "0"] +maintainer = "Programvareverkstedet " +copyright = "Copyright (c) 2025, Programvareverkstedet" +assets = [ + [ + "target/release/mysqladm", + "usr/bin/", + "755", + ], + [ + "example-config.toml", + "etc/mysqladm/config.toml", + "600", + ], + [ + "assets/completions/_*", + "usr/share/zsh/site-functions/completions/", + "644", + ], + [ + "assets/completions/*.bash", + "usr/share/bash-completion/completions/", + "644", + ], + [ + "assets/completions/*.fish", + "usr/share/fish/vendor_completions.d/", + "644", + ], + [ + "assets/systemd/*", + "etc/systemd/system/", + "644", + ], +] +systemd-units = [ + { unit-name = "mysqladm", unit-scripts = "assets/systemd", enable = true }, +] diff --git a/assets/systemd/mysqladm.service b/assets/systemd/mysqladm.service new file mode 100644 index 0000000..014894a --- /dev/null +++ b/assets/systemd/mysqladm.service @@ -0,0 +1,54 @@ +[Unit] +Description=MySQL administration tool for non-admin users +Requires=mysqladm.socket + +[Service] +Type=notify +ExecStart=/usr/bin/mysqladm-rs server --systemd socket-activate + +WatchdogSec=15 + +User=mysqladm +Group=mysqladm +DynamicUser=yes + +ConfigurationDirectory=mysqladm +RuntimeDirectory=mysqladm + +# This is required to read unix user/group details. +PrivateUsers=false + +# Needed to communicate with MySQL. +PrivateNetwork=false +PrivateIPC=false + +AmbientCapabilities= +CapabilityBoundingSet= +DeviceAllow= +DevicePolicy=closed +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateMounts=true +PrivateTmp=yes +ProcSubset=pid +ProtectClock=true +ProtectControlGroups=strict +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RemoveIPC=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true +SocketBindDeny=any +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0777 diff --git a/assets/systemd/mysqladm.socket b/assets/systemd/mysqladm.socket new file mode 100644 index 0000000..1b2dea9 --- /dev/null +++ b/assets/systemd/mysqladm.socket @@ -0,0 +1,8 @@ +[Unit] +Description=MySQL administration tool for non-admin users +WantedBy=sockets.target + +[Socket] +ListenStream=/run/mysqladm/mysqladm.sock +Accept=no +PassCredentials=true diff --git a/create-deb.sh b/create-deb.sh new file mode 100755 index 0000000..9b3eaa9 --- /dev/null +++ b/create-deb.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +cargo build --release + +mkdir -p assets/completions + +./target/release/mysqladm generate-completions --shell bash > assets/completions/mysqladm.bash +./target/release/mysqladm generate-completions --shell zsh > assets/completions/_mysqladm +./target/release/mysqladm generate-completions --shell fish > assets/completions/mysqladm.fish + +./target/release/mysqladm generate-completions --shell bash --command mysql-dbadm > assets/completions/mysql-dbadm.bash +./target/release/mysqladm generate-completions --shell zsh --command mysql-dbadm > assets/completions/_mysql-dbadm +./target/release/mysqladm generate-completions --shell fish --command mysql-dbadm > assets/completions/mysql-dbadm.fish + +./target/release/mysqladm generate-completions --shell bash --command mysql-useradm > assets/completions/mysql-useradm.bash +./target/release/mysqladm generate-completions --shell zsh --command mysql-useradm > assets/completions/_mysql-useradm +./target/release/mysqladm generate-completions --shell fish --command mysql-useradm > assets/completions/mysql-useradm.fish + +cargo deb \ No newline at end of file diff --git a/flake.nix b/flake.nix index ffa5354..4b6289d 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,8 @@ cargo-nextest cargo-edit cargo-deny + cargo-deb + dpkg ]; RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";