From 1f0476f0bfccc0553cc98fb45f46c8babc11fca2 Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Sun, 8 Dec 2019 02:42:44 +0100
Subject: pkgs/profpatsch/youtube2audiopodcast: use sandbox instead of tempdir
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If we sandbox each run of our youtube-dl script inside of the UCSPI
TCP server, we get a temporary directory “for free”, plus guarantees
that the files are cleaned up after the process exits.
---
 pkgs/profpatsch/youtube2audiopodcast/default.nix | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'pkgs/profpatsch/youtube2audiopodcast')

diff --git a/pkgs/profpatsch/youtube2audiopodcast/default.nix b/pkgs/profpatsch/youtube2audiopodcast/default.nix
index 75740204..d4a4993a 100644
--- a/pkgs/profpatsch/youtube2audiopodcast/default.nix
+++ b/pkgs/profpatsch/youtube2audiopodcast/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, writeExecline, getBins, runInEmptyEnv }:
+{ pkgs, lib, writeExecline, getBins, runInEmptyEnv, sandbox }:
 
 let
   bins = getBins pkgs.hello [ "hello" ]
@@ -7,11 +7,12 @@ let
     // getBins pkgs.s6-networking [ "s6-tcpserver" ]
     // getBins pkgs.execline [ "fdmove" "backtick" "importas" "if" "redirfd" "pipeline" ];
 
-  youtube-dl-audio = writeExecline "abc" { readNArgs = 2; } [
+  youtube-dl-audio = writeExecline "youtube-dl-audio" { readNArgs = 1; } [
     bins.youtube-dl
+      "--verbose"
       "--extract-audio"
       "--audio-format" "opus"
-      "--output" "\${1}/audio.opus" "https://www.youtube.com/watch?v=\${2}"
+      "--output" "./audio.opus" "https://www.youtube.com/watch?v=\${1}"
   ];
 
   # minimal CGI request parser for use as UCSPI middleware
@@ -27,7 +28,7 @@ let
 
     inbuf = sys.stdin.buffer
 
-    first_line = inbuf.readline().split(sep=b" ")
+    first_line = inbuf.readline().rstrip(b"\n").split(sep=b" ")
     parse_ass(len(first_line) == 3)
     parse_ass(first_line[2].startswith(b"HTTP/"))
 
@@ -47,10 +48,9 @@ let
   serve-audio = writeExecline "audio-server" {} [
     (runInEmptyEnv [])
     bins.s6-tcpserver "::1" "8888"
+    (sandbox { extraMounts = [ "/etc" ]; })
     yolo-cgi
     # bins.fdmove "1" "2" bins.env
-    bins.backtick "-i" "tmpdir" [ bins.mktemp "-d" ]
-    bins.importas "-u" "tmpdir" "tmpdir"
     bins.${"if"} [
       # remove leading slash
       bins.backtick "-i" "yt-video-id" [
@@ -58,11 +58,11 @@ let
         bins.cut "-c2-"
       ]
       bins.importas "yt-video-id" "yt-video-id"
-      bins.fdmove "1" "2"
-      youtube-dl-audio "$tmpdir" "$yt-video-id"
+      bins.fdmove "-c" "1" "2"
+      youtube-dl-audio "$yt-video-id"
     ]
     bins.backtick "-i" "-n" "filesize" [
-      bins.redirfd "-r" "0" "\${tmpdir}/audio.opus"
+      bins.redirfd "-r" "0" "./audio.opus"
       bins.wc "--bytes"
     ]
     bins.importas "filesize" "filesize"
@@ -72,7 +72,7 @@ let
       Content-Length: %u
 
     '' "$filesize" ]
-    bins.redirfd "-r" "0" "\${tmpdir}/audio.opus" bins.cat
+    bins.redirfd "-r" "0" "./audio.opus" bins.cat
   ];
 
 # in printFeed
-- 
cgit 1.4.1