Snappy

Merge lp:~chipaca/snappy/mangle into lp:~snappy-dev/snappy/snappy-moved-to-github

  1. mangle
  2. Merge into snappy-moved-to-github
Proposed by John Lenton on 2015-06-03
Status: Merged
Approved by: Michael Vogt on 2015-06-09
Approved revision: 486
Merged at revision: 494
Proposed branch: lp:~chipaca/snappy/mangle
Merge into: lp:~snappy-dev/snappy/snappy-moved-to-github
Diff against target: 377 lines (+149/-81)
7 files modified
snappy/build.go (+0/-39)
snappy/build_test.go (+1/-15)
snappy/click.go (+6/-1)
snappy/security.go (+5/-26)
snappy/security_test.go (+15/-0)
snappy/snapp.go (+55/-0)
snappy/snapp_test.go (+67/-0)
To merge this branch: bzr merge lp:~chipaca/snappy/mangle
Reviewer Review Type Date Requested Status
Michael Vogt Approve on 2015-06-09
Sergio Schvezov 2015-06-03 Pending
Review via email: mp+260934@code.launchpad.net

Commit Message

Added integrate() to set Integration to default values needed for integration.

To post a comment you must log in.
Sergio Schvezov (sergiusens) wrote :

Hey this looks good, lots of confusing red going down the drain, I did add a couple of comments and maybe it's the time, but I see no tests for services or Description of services, which I have a weird opinion of anyways ;-)

I'll give it another view in the morning.

Also, again, thanks for fixing!

lp:~chipaca/snappy/mangle updated on 2015-06-08
485. By John Lenton on 2015-06-08

addressed issues raised in review

486. By John Lenton on 2015-06-08

merged trunk

Michael Vogt (mvo) wrote :

Looks good, thanks a lot for working on this!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'snappy/build.go'
2--- snappy/build.go 2015-05-28 11:58:30 +0000
3+++ snappy/build.go 2015-06-08 16:38:59 +0000
4@@ -128,13 +128,6 @@
5 func handleBinaries(buildDir string, m *packageYaml) error {
6 for _, v := range m.Binaries {
7 hookName := filepath.Base(v.Name)
8-
9- if _, ok := m.Integration[hookName]; !ok {
10- m.Integration[hookName] = make(map[string]string)
11- }
12- // legacy click hook
13- m.Integration[hookName]["bin-path"] = v.Exec
14-
15 // handle the apparmor stuff
16 if err := handleApparmor(buildDir, m, hookName, &v.SecurityDefinitions); err != nil {
17 return err
18@@ -145,36 +138,9 @@
19 }
20
21 func handleServices(buildDir string, m *packageYaml) error {
22- _, description, err := parseReadme(filepath.Join(buildDir, "meta", "readme.md"))
23- if err != nil {
24- return err
25- }
26-
27 for _, v := range m.Services {
28 hookName := filepath.Base(v.Name)
29
30- if _, ok := m.Integration[hookName]; !ok {
31- m.Integration[hookName] = make(map[string]string)
32- }
33-
34- // generate snappyd systemd unit json
35- if v.Description == "" {
36- v.Description = description
37- }
38-
39- // omit the name from the json to make the
40- // click-reviewers-tool happy
41- v.Name = ""
42- snappySystemdContent, err := json.MarshalIndent(v, "", " ")
43- if err != nil {
44- return err
45- }
46- snappySystemdContentFile := filepath.Join("meta", hookName+".snappy-systemd")
47- if err := ioutil.WriteFile(filepath.Join(buildDir, snappySystemdContentFile), []byte(snappySystemdContent), 0644); err != nil {
48- return err
49- }
50- m.Integration[hookName]["snappy-systemd"] = snappySystemdContentFile
51-
52 // handle the apparmor stuff
53 if err := handleApparmor(buildDir, m, hookName, &v.SecurityDefinitions); err != nil {
54 return err
55@@ -499,11 +465,6 @@
56 return "", err
57 }
58
59- // defaults, mangling
60- if m.Integration == nil {
61- m.Integration = make(map[string]clickAppHook)
62- }
63-
64 // generate compat hooks for binaries
65 if err := handleBinaries(buildDir, m); err != nil {
66 return "", err
67
68=== modified file 'snappy/build_test.go'
69--- snappy/build_test.go 2015-06-02 20:46:07 +0000
70+++ snappy/build_test.go 2015-06-08 16:38:59 +0000
71@@ -217,27 +217,13 @@
72 "title": "some title",
73 "hooks": {
74 "foo": {
75- "apparmor": "meta/foo.apparmor",
76- "snappy-systemd": "meta/foo.snappy-systemd"
77+ "apparmor": "meta/foo.apparmor"
78 }
79 }
80 }`
81 readJSON, err := exec.Command("dpkg-deb", "-I", "hello_3.0.1_all.snap", "manifest").Output()
82 c.Assert(err, IsNil)
83 c.Assert(string(readJSON), Equals, expectedJSON)
84-
85- // check the generated meta file
86- unpackDir := c.MkDir()
87- err = exec.Command("dpkg-deb", "-x", "hello_3.0.1_all.snap", unpackDir).Run()
88- c.Assert(err, IsNil)
89-
90- snappySystemdContent, err := ioutil.ReadFile(filepath.Join(unpackDir, "meta/foo.snappy-systemd"))
91- c.Assert(err, IsNil)
92- c.Assert(string(snappySystemdContent), Equals, `{
93- "description": "some description",
94- "start": "bin/hello-world",
95- "stop-timeout": "30s"
96-}`)
97 }
98
99 func (s *SnapTestSuite) TestBuildAutoGenerateConfigAppArmor(c *C) {
100
101=== modified file 'snappy/click.go'
102--- snappy/click.go 2015-06-04 22:21:51 +0000
103+++ snappy/click.go 2015-06-08 16:38:59 +0000
104@@ -457,12 +457,17 @@
105
106 udevPartName := m.qualifiedName(originFromBasedir(baseDir))
107
108+ desc := service.Description
109+ if desc == "" {
110+ desc = fmt.Sprintf("service %s for package %s", service.Name, m.Name)
111+ }
112+
113 return systemd.New(globalRootDir, nil).GenServiceFile(
114 &systemd.ServiceDescription{
115 AppName: m.Name,
116 ServiceName: service.Name,
117 Version: m.Version,
118- Description: service.Description,
119+ Description: desc,
120 AppPath: baseDir,
121 Start: service.Start,
122 Stop: service.Stop,
123
124=== modified file 'snappy/security.go'
125--- snappy/security.go 2015-05-28 11:58:30 +0000
126+++ snappy/security.go 2015-06-08 16:38:59 +0000
127@@ -89,34 +89,15 @@
128 }
129
130 func handleApparmor(buildDir string, m *packageYaml, hookName string, s *SecurityDefinitions) error {
131-
132- // ensure we have a hook
133- if _, ok := m.Integration[hookName]; !ok {
134- m.Integration[hookName] = clickAppHook{}
135- }
136-
137- // legacy use of "Integration" - the user should
138- // use the new format, nothing needs to be done
139- _, hasApparmor := m.Integration[hookName]["apparmor"]
140- _, hasApparmorProfile := m.Integration[hookName]["apparmor-profile"]
141- if hasApparmor || hasApparmorProfile {
142- return nil
143- }
144-
145- // see if we have a custom security policy
146- if s.SecurityPolicy != nil && s.SecurityPolicy.Apparmor != "" {
147- m.Integration[hookName]["apparmor-profile"] = s.SecurityPolicy.Apparmor
148- return nil
149- }
150-
151- // see if we have a security override
152- if s.SecurityOverride != nil && s.SecurityOverride.Apparmor != "" {
153- m.Integration[hookName]["apparmor"] = s.SecurityOverride.Apparmor
154+ hasSecPol := s.SecurityPolicy != nil && s.SecurityPolicy.Apparmor != ""
155+ hasSecOvr := s.SecurityOverride != nil && s.SecurityOverride.Apparmor != ""
156+
157+ if hasSecPol || hasSecOvr {
158 return nil
159 }
160
161 // generate apparmor template
162- apparmorJSONFile := filepath.Join("meta", hookName+".apparmor")
163+ apparmorJSONFile := m.Integration[hookName]["apparmor"]
164 securityJSONContent, err := s.generateApparmorJSONContent()
165 if err != nil {
166 return err
167@@ -125,8 +106,6 @@
168 return err
169 }
170
171- m.Integration[hookName]["apparmor"] = apparmorJSONFile
172-
173 return nil
174 }
175
176
177=== modified file 'snappy/security_test.go'
178--- snappy/security_test.go 2015-06-02 20:46:07 +0000
179+++ snappy/security_test.go 2015-06-08 16:38:59 +0000
180@@ -62,6 +62,9 @@
181 func (a *SecurityTestSuite) TestSnappyHandleApparmorSecurityDefault(c *C) {
182 sec := &SecurityDefinitions{}
183
184+ a.m.Binaries = append(a.m.Binaries, Binary{Name: "app", SecurityDefinitions: *sec})
185+ a.m.legacyIntegration()
186+
187 err := handleApparmor(a.buildDir, a.m, "app", sec)
188 c.Assert(err, IsNil)
189
190@@ -81,6 +84,9 @@
191 SecurityCaps: []string{"cap1", "cap2"},
192 }
193
194+ a.m.Binaries = append(a.m.Binaries, Binary{Name: "app", SecurityDefinitions: *sec})
195+ a.m.legacyIntegration()
196+
197 err := handleApparmor(a.buildDir, a.m, "app", sec)
198 c.Assert(err, IsNil)
199
200@@ -101,6 +107,9 @@
201 SecurityTemplate: "docker-client",
202 }
203
204+ a.m.Binaries = append(a.m.Binaries, Binary{Name: "app", SecurityDefinitions: *sec})
205+ a.m.legacyIntegration()
206+
207 err := handleApparmor(a.buildDir, a.m, "app", sec)
208 c.Assert(err, IsNil)
209
210@@ -120,6 +129,9 @@
211 },
212 }
213
214+ a.m.Binaries = append(a.m.Binaries, Binary{Name: "app", SecurityDefinitions: *sec})
215+ a.m.legacyIntegration()
216+
217 err := handleApparmor(a.buildDir, a.m, "app", sec)
218 c.Assert(err, IsNil)
219
220@@ -133,6 +145,9 @@
221 },
222 }
223
224+ a.m.Binaries = append(a.m.Binaries, Binary{Name: "app", SecurityDefinitions: *sec})
225+ a.m.legacyIntegration()
226+
227 err := handleApparmor(a.buildDir, a.m, "app", sec)
228 c.Assert(err, IsNil)
229
230
231=== modified file 'snappy/snapp.go'
232--- snappy/snapp.go 2015-06-04 12:55:54 +0000
233+++ snappy/snapp.go 2015-06-08 16:38:59 +0000
234@@ -323,6 +323,8 @@
235 }
236 }
237
238+ m.legacyIntegration()
239+
240 return &m, nil
241 }
242
243@@ -445,6 +447,59 @@
244 return nil
245 }
246
247+func (m *packageYaml) legacyIntegrateSecDef(hookName string, s *SecurityDefinitions) {
248+ // see if we have a custom security policy
249+ if s.SecurityPolicy != nil && s.SecurityPolicy.Apparmor != "" {
250+ m.Integration[hookName]["apparmor-profile"] = s.SecurityPolicy.Apparmor
251+ return
252+ }
253+
254+ // see if we have a security override
255+ if s.SecurityOverride != nil && s.SecurityOverride.Apparmor != "" {
256+ m.Integration[hookName]["apparmor"] = s.SecurityOverride.Apparmor
257+ return
258+ }
259+
260+ // apparmor template
261+ m.Integration[hookName]["apparmor"] = filepath.Join("meta", hookName+".apparmor")
262+
263+ return
264+}
265+
266+// legacyIntegration sets up the Integration property of packageYaml from its other attributes
267+func (m *packageYaml) legacyIntegration() {
268+ if m.Integration != nil {
269+ // TODO: append "Overriding user-provided values." to the end of the blurb.
270+ logger.Noticef(`The "integration" key is deprecated, and all uses of "integration" should be rewritten; see https://developer.ubuntu.com/en/snappy/guides/package-metadata/ (the "binaries" and "services" sections are probably especially relevant)."`)
271+ } else {
272+ // TODO: do this always, not just when Integration is not set
273+ m.Integration = make(map[string]clickAppHook)
274+ }
275+
276+ for _, v := range m.Binaries {
277+ hookName := filepath.Base(v.Name)
278+
279+ if _, ok := m.Integration[hookName]; !ok {
280+ m.Integration[hookName] = clickAppHook{}
281+ }
282+ // legacy click hook
283+ m.Integration[hookName]["bin-path"] = v.Exec
284+
285+ m.legacyIntegrateSecDef(hookName, &v.SecurityDefinitions)
286+ }
287+
288+ for _, v := range m.Services {
289+ hookName := filepath.Base(v.Name)
290+
291+ if _, ok := m.Integration[hookName]; !ok {
292+ m.Integration[hookName] = clickAppHook{}
293+ }
294+
295+ // handle the apparmor stuff
296+ m.legacyIntegrateSecDef(hookName, &v.SecurityDefinitions)
297+ }
298+}
299+
300 // NewInstalledSnapPart returns a new SnapPart from the given yamlPath
301 func NewInstalledSnapPart(yamlPath, origin string) (*SnapPart, error) {
302 m, err := parsePackageYamlFile(yamlPath)
303
304=== modified file 'snappy/snapp_test.go'
305--- snappy/snapp_test.go 2015-06-04 13:34:57 +0000
306+++ snappy/snapp_test.go 2015-06-08 16:38:59 +0000
307@@ -1433,3 +1433,70 @@
308 udevName := packageYaml.qualifiedName("")
309 c.Assert(udevName, Equals, "foo")
310 }
311+
312+func (s *SnapTestSuite) TestIntegrateBoring(c *C) {
313+ m := &packageYaml{}
314+ m.legacyIntegration()
315+
316+ // no binaries, no service, no legacyIntegration
317+ c.Check(m.Integration, HasLen, 0)
318+}
319+
320+func (s *SnapTestSuite) TestIntegrateBinary(c *C) {
321+ m := &packageYaml{
322+ Binaries: []Binary{
323+ {
324+ Name: "testme",
325+ Exec: "bin/testme",
326+ },
327+ {
328+ Name: "testme-override",
329+ Exec: "bin/testme-override",
330+ SecurityDefinitions: SecurityDefinitions{
331+ SecurityOverride: &SecurityOverrideDefinition{Apparmor: "meta/testme-override.apparmor"},
332+ },
333+ },
334+ {
335+ Name: "testme-policy",
336+ Exec: "bin/testme-policy",
337+ SecurityDefinitions: SecurityDefinitions{
338+ SecurityPolicy: &SecurityPolicyDefinition{Apparmor: "meta/testme-policy.profile"},
339+ },
340+ },
341+ },
342+ }
343+ m.legacyIntegration()
344+
345+ c.Check(m.Integration, DeepEquals, map[string]clickAppHook{
346+ "testme": {
347+ "apparmor": "meta/testme.apparmor",
348+ "bin-path": "bin/testme",
349+ },
350+ "testme-override": {
351+ "apparmor": "meta/testme-override.apparmor",
352+ "bin-path": "bin/testme-override",
353+ },
354+ "testme-policy": {
355+ "apparmor-profile": "meta/testme-policy.profile",
356+ "bin-path": "bin/testme-policy",
357+ },
358+ })
359+}
360+
361+func (s *SnapTestSuite) TestIntegrateService(c *C) {
362+ m := &packageYaml{
363+ Services: []Service{
364+ {
365+ Name: "svc",
366+ },
367+ },
368+ }
369+
370+ m.legacyIntegration()
371+
372+ // no binaries, no service, no integrate
373+ c.Check(m.Integration, DeepEquals, map[string]clickAppHook{
374+ "svc": clickAppHook{
375+ "apparmor": "meta/svc.apparmor",
376+ }})
377+}

Subscribers

People subscribed via source and target branches