feat: use deepin-immutable-ctrl to wrap and call locale-gen

[mhduiy]

Avoiding permission issues caused by immutable systems

Log: use deepin-immutable-ctrl to wrap and call locale-gen

Summary by Sourcery

Wrap calls to locale-gen with deepin-immutable-ctl on immutable systems to avoid permission issues, falling back to direct execution when the wrapper is unavailable.

Bug Fixes:

• Fix permission errors on immutable systems by invoking locale-gen via deepin-immutable-ctl

Enhancements:

• Add detection of deepin-immutable-ctl and import utility for file existence checks
• Introduce deepin-immutable-ctl wrapper for both locale-gen and parameterized locale-gen calls with warning logs and output capture

[sourcery-ai]

Reviewer's Guide

This PR adds conditional wrapping of locale-gen with deepin-immutable-ctl to avoid permission issues on immutable systems, falling back to direct execution when the wrapper is unavailable.

Sequence diagram for locale generation with deepin-immutable-ctl fallback

sequenceDiagram
    participant Helper
    participant dutils
    participant deepin-immutable-ctl
    participant locale-gen
    Helper->>dutils: IsFileExist(deepin-immutable-ctl)
    alt deepin-immutable-ctl exists
        Helper->>deepin-immutable-ctl: exec locale-gen
        deepin-immutable-ctl->>locale-gen: run
        locale-gen-->>deepin-immutable-ctl: result
        deepin-immutable-ctl-->>Helper: output
    else deepin-immutable-ctl not found
        Helper->>locale-gen: run directly
        locale-gen-->>Helper: result
    end

Loading

Class diagram for updated Helper locale generation methods

classDiagram
    class Helper {
        +doGenLocale() error
        +doGenLocaleWithParam(locale string) error
    }
    class dutils {
        +IsFileExist(path string) bool
    }

Loading

File-Level Changes

Change	Details	Files
Declare deepin-immutable-ctl binary and import utility package	Import dutils from go-lib/utils Define deepinImmutableCtlBin constant alongside existing service constants	locale-helper/main.go
Wrap locale-gen calls with deepin-immutable-ctl and handle failures	Check for deepin-immutable-ctl presence and log a warning if missing Execute locale-gen via deepin-immutable-ctl using CombinedOutput Log and return errors when wrapper invocation fails Fallback to direct exec.Command calls when wrapper is absent	locale-helper/main.go

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @mhduiy - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `locale-helper/main.go:94` </location>
<code_context>
 }

 func (h *Helper) doGenLocale() error {
-	return exec.Command(localeGenBin).Run()
+	if !dutils.IsFileExist(deepinImmutableCtlBin) {
</code_context>

<issue_to_address>
Consider extracting the duplicated logic in both methods into a single helper function to simplify the code.

You can collapse the nearly‐identical logic in both methods into a single helper. For example:

```go
// new helper extracted from doGenLocale + doGenLocaleWithParam
func (h *Helper) execLocaleCmd(args ...string) error {
    if !dutils.IsFileExist(deepinImmutableCtlBin) {
        logger.Warning("deepin-immutable-ctl not found, use locale-gen directly")
        return exec.Command(localeGenBin, args...).Run()
    }

    // Use “--” to separate flags from the command itself
    ctlArgs := append([]string{"admin", "exec", "--", localeGenBin}, args...)
    output, err := exec.Command(deepinImmutableCtlBin, ctlArgs...).CombinedOutput()
    if err != nil {
        logger.Warning(
            "deepin-immutable-ctl exec locale-gen failed,",
            "err:", err,
            "output:", string(output),
        )
    }
    return err
}
```

Then simplify your two API methods to:

```go
func (h *Helper) doGenLocale() error {
    return h.execLocaleCmd()
}

func (h *Helper) doGenLocaleWithParam(locale string) error {
    return h.execLocaleCmd(locale)
}
```

This removes the duplication, keeps the exact same behavior, and flattens the control flow.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (complexity): Consider extracting the duplicated logic in both methods into a single helper function to simplify the code.

You can collapse the nearly‐identical logic in both methods into a single helper. For example:

// new helper extracted from doGenLocale + doGenLocaleWithParam
func (h *Helper) execLocaleCmd(args ...string) error {
    if !dutils.IsFileExist(deepinImmutableCtlBin) {
        logger.Warning("deepin-immutable-ctl not found, use locale-gen directly")
        return exec.Command(localeGenBin, args...).Run()
    }

    // Use “--” to separate flags from the command itself
    ctlArgs := append([]string{"admin", "exec", "--", localeGenBin}, args...)
    output, err := exec.Command(deepinImmutableCtlBin, ctlArgs...).CombinedOutput()
    if err != nil {
        logger.Warning(
            "deepin-immutable-ctl exec locale-gen failed,",
            "err:", err,
            "output:", string(output),
        )
    }
    return err
}

Then simplify your two API methods to:

func (h *Helper) doGenLocale() error {
    return h.execLocaleCmd()
}

func (h *Helper) doGenLocaleWithParam(locale string) error {
    return h.execLocaleCmd(locale)
}

This removes the duplication, keeps the exact same behavior, and flattens the control flow.

[deepin-ci-robot]

deepin pr auto review

代码审查意见：

1. 代码重复：doGenLocale 和 doGenLocaleWithParam 函数中存在大量重复代码，建议提取公共逻辑到一个单独的函数中，以减少代码重复和提高可维护性。

2. 错误处理：在 doGenLocale 和 doGenLocaleWithParam 函数中，当 deepin-immutable-ctl 执行失败时，只是记录了警告日志，但没有提供任何错误反馈给调用者。建议在错误处理部分增加更多的错误信息，以便于调试和问题追踪。

3. 日志记录：在 doGenLocale 和 doGenLocaleWithParam 函数中，日志记录使用了 logger.Warning，但没有使用 logger.Error 或 logger.Fatal 来区分不同级别的日志。建议根据错误严重程度选择合适的日志级别。

4. 命令执行的安全性：在 doGenLocale 和 doGenLocaleWithParam 函数中，使用 exec.Command 执行外部命令时，没有对输入参数进行任何验证或清洗，这可能导致命令注入攻击。建议对输入参数进行验证，或者使用更安全的方法来执行外部命令。

5. 注释：在 doGenLocale 和 doGenLocaleWithParam 函数中，注释 TODO 应该被解决，而不是仅仅留下。建议在解决 TODO 问题后，删除或更新相应的注释。

6. 系统调用权限：在 doGenLocale 和 doGenLocaleWithParam 函数中，使用 deepin-immutable-ctl 执行 locale-gen 可能需要较高的权限。建议在执行此类操作时，确保有足够的权限，或者使用更安全的方法来提升权限。

7. 服务配置：在 deepin-locale-helper.service 文件中，注释掉了一些 ReadWritePaths 和 RestrictNamespaces，这可能会影响服务的正常运行。建议在移除这些注释之前，确保服务有足够的权限来访问所需的路径，并且不会对系统安全性造成影响。

8. 服务配置的临时解决方案：在 deepin-locale-helper.service 文件中，使用了临时解决方案来绕过 ReadWritePaths 和 RestrictNamespaces 的限制。建议在找到更合适的解决方案后，移除这些临时解决方案。

总体来说，代码中存在一些重复、错误处理不足、日志记录不明确、安全性问题以及临时解决方案等问题，建议进行相应的修改和优化。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, KT-lcz, mhduiy

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment