trust-store

Merge lp:~dbarth/trust-store/cleaner into lp:trust-store

cleaner
Merge into trunk

Proposed by David Barth on 2016-07-06

Status:	Needs review
Proposed branch:	lp:~dbarth/trust-store/cleaner
Merge into:	lp:trust-store
Diff against target:	588 lines (+414/-4) 12 files modified include/core/trust/store.h (+9/-0) src/CMakeLists.txt (+31/-0) src/core/trust/cleaner.cpp (+84/-0) src/core/trust/cleaner.h (+74/-0) src/core/trust/cleaner_main.cpp (+26/-0) src/core/trust/impl/sqlite3/store.cpp (+29/-3) src/core/trust/impl/sqlite3/store.h (+1/-1) src/core/trust/resolve.cpp (+6/-0) tests/CMakeLists.txt (+18/-0) tests/cleaner_test.cpp (+129/-0) tests/mock_store.h (+2/-0) tests/test_data.h.in (+5/-0)
To merge this branch:	bzr merge lp:~dbarth/trust-store/cleaner
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Alexandre Abreu (community)		2016-07-06	Disapprove on 2016-07-07
PS Jenkins bot	continuous-integration		Pending
Review via email: mp+299294@code.launchpad.net

Commit message

Provide a new command line tool to clean the trust dbs of entries related to a particular app. Use when an application is being uninstalled.

Description of the change

Provide a new command line tool to clean the trust dbs of entries related to a particular app. Use when an application is being uninstalled.

lp:~dbarth/trust-store/cleaner updated on 2016-07-06

161. By David Barth on 2016-07-06: define extra PurgeableStore class to preserve the vtable ABI, as suggested by tvoss; switch to using it

Revision history for this message

David Barth (dbarth) wrote on 2016-07-06:

I updated the branch with the PurgeableStore suggestion, but got straight to calling the sqlite impl class; i would have preferred to dynamic_cast instead, but my c++11 is not so great :/

Revision history for this message

Alexandre Abreu (abreu-alexandre) wrote on 2016-07-07:

Has been superseded by https://code.launchpad.net/~abreu-alexandre/trust-store/cleaner/+merge/299460

review: Disapprove

Unmerged revisions

161. By David Barth on 2016-07-06: define extra PurgeableStore class to preserve the vtable ABI, as suggested by tvoss; switch to using it
160. By David Barth on 2016-07-06: provide trust-store-cleaner cli tool; add unit tests for the new command
159. By David Barth on 2016-07-04: wip

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

David Barth

Ubuntu Phablet Team

 === modified file 'include/core/trust/store.h'
 --- include/core/trust/store.h	2014-07-23 13:55:07 +0000
 +++ include/core/trust/store.h	2016-07-06 16:22:59 +0000
@@ -203,6 +203,15 @@
      };
  };
++class PurgeableStore : public trust::Store
++{
++public:
++    /** @brief purge the store from any reference to the given application
++     * When this function returns true, the request has been persisted by the implementation.
++     */
++    virtual void purge(const std::string& id) = 0;
++};
++
  /**
    * @brief Creates an instance for the default store implementation.
    * @throw Error::ServiceNameMustNotBeEmpty.
 === modified file 'src/CMakeLists.txt'
 --- src/CMakeLists.txt	2016-01-11 09:51:51 +0000
 +++ src/CMakeLists.txt	2016-07-06 16:22:59 +0000
@@ -192,6 +192,19 @@
    core/trust/preseed_main.cpp
+ )
++add_library(
++  trust-store-cleaner-helper
++
++  core/trust/cleaner.h
++  core/trust/cleaner.cpp
++)
++
++add_executable(
++  trust-store-cleaner
++
++  core/trust/cleaner_main.cpp
++)
++
  target_link_libraries(
    trust-store
@@ -242,6 +255,19 @@
    trust-store-preseed-helper
+ )
++target_link_libraries(
++  trust-store-cleaner-helper
++
++  trust-store
++)
++
++target_link_libraries(
++  trust-store-cleaner
++
++  trust-store-cleaner-helper
++)
++
++
  # We compile with all symbols visible by default. For the shipping library, we strip
  # out all symbols that are not in core::trust::*
  set(symbol_map "${CMAKE_SOURCE_DIR}/symbols.map")
@@ -277,3 +303,8 @@
    TARGETS trust-store-preseed
    RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+ )
++
++install(
++  TARGETS trust-store-cleaner
++  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
++)
 === added file 'src/core/trust/cleaner.cpp'
 --- src/core/trust/cleaner.cpp	1970-01-01 00:00:00 +0000
 +++ src/core/trust/cleaner.cpp	2016-07-06 16:22:59 +0000
@@ -0,0 +1,84 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ *              David Barth <david.barth@canonical.com>
++ */
++
++#include <xdg.h>
++
++#include <core/trust/cleaner.h>
++
++#include <core/trust/impl/sqlite3/store.h>
++
++#include <boost/program_options.hpp>
++
++#include <istream>
++
++namespace Options = boost::program_options;
++
++std::istream& operator>>(std::istream& in, core::trust::Feature& f)
++{
++    return in >> f.value;
++}
++
++core::trust::Cleaner::Configuration core::trust::Cleaner::Configuration::parse_from_command_line(int argc, const char** argv)
++{
++    Options::variables_map vm;
++
++    Options::options_description options{"Known options"};
++    options.add_options()
++            (Parameters::ForService::name, Options::value<std::string>()->required(), Parameters::ForService::description)
++            (Parameters::PurgeRequest::name, Options::value<std::vector<std::string>>()->composing(), Parameters::PurgeRequest::description);
++
++    Options::command_line_parser parser
++    {
++        argc,
++        argv
++    };
++
++    auto parsed_options = parser.options(options).allow_unregistered().run();
++    Options::store(parsed_options, vm);
++    Options::notify(vm);
++
++    auto service_name = vm[Parameters::ForService::name].as<std::string>();
++    auto requests = vm[Parameters::PurgeRequest::name].as<std::vector<std::string>>();
++
++    core::trust::Cleaner::Configuration config
++    {
++        core::trust::impl::sqlite::create_for_service(service_name, *xdg::BaseDirSpecification::create()),
++        {} // The empty set.
++    };
++
++    for (const auto& request : requests)
++    {
++        std::stringstream ss{request}; core::trust::Request r;
++
++        // Parse the request.
++        ss >> r.from >> r.feature;
++
++        config.purge_requests.push_back(r);
++    }
++
++    return config;
++}
++
++core::posix::exit::Status core::trust::Cleaner::main(const core::trust::Cleaner::Configuration& configuration)
++{
++    for (const auto& r : configuration.purge_requests)
++        configuration.store->purge(r.from);
++
++    return core::posix::exit::Status::success;
++}
 === added file 'src/core/trust/cleaner.h'
 --- src/core/trust/cleaner.h	1970-01-01 00:00:00 +0000
 +++ src/core/trust/cleaner.h	2016-07-06 16:22:59 +0000
@@ -0,0 +1,74 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ *              David Barth <david.barth@canonical.com>
++ */
++
++#ifndef CORE_TRUST_CLEANER_H_
++#define CORE_TRUST_CLEANER_H_
++
++#include <core/trust/store.h>
++
++#include <core/posix/exit.h>
++
++#include <vector>
++
++namespace core
++{
++namespace trust
++{
++// A helper to clean trust caches of authorizations for applications being uninstalled
++// Invoke with:
++//   <helper>
++//   --for-service MyServiceName
++//   --purge "id.of.app.being.removed"
++struct Cleaner
++{
++    // Command-line parameters, their name and their description
++    struct Parameters
++    {
++        Parameters() = delete;
++
++        struct ForService
++        {
++            static constexpr const char* name{"for-service"};
++            static constexpr const char* description{"The name of the service to handle trust for."};
++        };
++
++        struct PurgeRequest
++        {
++            static constexpr const char* name{"purge"};
++            static constexpr const char* description{"App ID which authorizations need be removed from the trust store. Can be specified multiple times."};
++        };
++    };
++
++    // Parameters for execution of the preseed executable.
++    struct Configuration
++    {
++        // Parses command line args and produces a configuration
++        static Configuration parse_from_command_line(int argc, const char** argv);
++        // The store that should be purged of entries for an application
++        std::shared_ptr<core::trust::PurgeableStore> store;
++        // The set of requests for cleaning that should be applied to the store.
++        std::vector<core::trust::Request> purge_requests;
++    };
++
++    static core::posix::exit::Status main(const Configuration& configuration);
++};
++}
++}
++
++#endif // CORE_TRUST_CLEANER_H_
 === added file 'src/core/trust/cleaner_main.cpp'
 --- src/core/trust/cleaner_main.cpp	1970-01-01 00:00:00 +0000
 +++ src/core/trust/cleaner_main.cpp	2016-07-06 16:22:59 +0000
@@ -0,0 +1,26 @@
++/*
++ * Copyright © 2014 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ */
++
++#include <core/trust/cleaner.h>
++
++int main(int argc, const char** argv)
++{
++    auto result = core::trust::Cleaner::main(core::trust::Cleaner::Configuration::parse_from_command_line(argc, argv));
++
++    return result == core::posix::exit::Status::success ? EXIT_SUCCESS : EXIT_FAILURE;
++}
 === modified file 'src/core/trust/impl/sqlite3/store.cpp'
 --- src/core/trust/impl/sqlite3/store.cpp	2015-12-02 10:05:00 +0000
 +++ src/core/trust/impl/sqlite3/store.cpp	2016-07-06 16:22:59 +0000
@@ -346,7 +346,7 @@
  // A store implementation persisting requests in an sqlite database.
  struct Store
--        : public core::trust::Store,
++        : public core::trust::PurgeableStore,
            public std::enable_shared_from_this<Store>
+ {
      // Our schema version constant.
@@ -473,6 +473,20 @@
                  return s;
+             }
          };
++
++        struct Purge
++        {
++            static const std::string& statement()
++            {
++                static const std::string s
++                {
++                    "DELETE FROM " +
++                    Store::RequestsTable::name() +
++                    " WHERE ApplicationId=?;"
++                };
++                return s;
++            }
++        };
      };
      // An implementation of the query interface for the SQLite-based store.
@@ -696,6 +710,7 @@
      // From core::trust::Store
      void reset();
      void add(const Request& request);
++    void purge(const std::string& id);
      std::shared_ptr<core::trust::Store::Query> query();
      std::mutex guard;
@@ -704,6 +719,7 @@
      TaggedPreparedStatement<Statements::Delete> delete_statement;
      TaggedPreparedStatement<Statements::Insert> insert_statement;
++    TaggedPreparedStatement<Statements::Purge> purge_statement;
  };
+ }
+ }
@@ -721,6 +737,7 @@
      delete_statement = db.prepare_tagged_statement<Statements::Delete>();
      insert_statement = db.prepare_tagged_statement<Statements::Insert>();
++    purge_statement = db.prepare_tagged_statement<Statements::Purge>();
+ }
  sqlite::Store::~Store()
@@ -771,12 +788,21 @@
      insert_statement.step();
+ }
++void sqlite::Store::purge(const std::string& id)
++{
++    std::lock_guard<std::mutex> lg(guard);
++
++    purge_statement.reset();
++    purge_statement.bind_text<sqlite::Store::RequestsTable::Column::ApplicationId::index>(id);
++    purge_statement.step();
++}
++
  std::shared_ptr<trust::Store::Query> sqlite::Store::query()
+ {
      return std::shared_ptr<trust::Store::Query>{new sqlite::Store::Query{shared_from_this()}};
+ }
--std::shared_ptr<core::trust::Store> core::trust::impl::sqlite::create_for_service(const std::string& name, xdg::BaseDirSpecification& spec)
++std::shared_ptr<core::trust::PurgeableStore> core::trust::impl::sqlite::create_for_service(const std::string& name, xdg::BaseDirSpecification& spec)
+ {
      if (name.empty())
          throw core::trust::Errors::ServiceNameMustNotBeEmpty();
@@ -786,5 +812,5 @@
  std::shared_ptr<core::trust::Store> core::trust::create_default_store(const std::string& service_name)
+ {
--    return core::trust::impl::sqlite::create_for_service(service_name, *xdg::BaseDirSpecification::create());
++  return core::trust::impl::sqlite::create_for_service(service_name, *xdg::BaseDirSpecification::create());
+ }
 === modified file 'src/core/trust/impl/sqlite3/store.h'
 --- src/core/trust/impl/sqlite3/store.h	2015-11-18 08:28:51 +0000
 +++ src/core/trust/impl/sqlite3/store.h	2016-07-06 16:22:59 +0000
@@ -40,7 +40,7 @@
  // create_for_service creates a Store implementation relying on sqlite3, managing
  // trust for the service identified by service_name. Uses spec to determine a user-specific
  // directory to place the trust database.
--CORE_TRUST_DLL_PUBLIC std::shared_ptr<core::trust::Store> create_for_service(const std::string& service_name, xdg::BaseDirSpecification& spec);
++CORE_TRUST_DLL_PUBLIC std::shared_ptr<core::trust::PurgeableStore> create_for_service(const std::string& service_name, xdg::BaseDirSpecification& spec);
+ }
+ }
+ }
 === modified file 'src/core/trust/resolve.cpp'
 --- src/core/trust/resolve.cpp	2014-07-29 17:00:35 +0000
 +++ src/core/trust/resolve.cpp	2016-07-06 16:22:59 +0000
@@ -195,6 +195,12 @@
              throw std::runtime_error(response.error().print());
+     }
++    void clean(const std::string& id)
++    {
++        (void)id;
++        throw std::runtime_error("not implemented");
++    }
++
      void reset()
+     {
          try
 === modified file 'tests/CMakeLists.txt'
 --- tests/CMakeLists.txt	2016-01-11 09:51:51 +0000
 +++ tests/CMakeLists.txt	2016-07-06 16:22:59 +0000
@@ -86,6 +86,11 @@
    preseed_test.cpp
+ )
++add_executable(
++  cleaner_test
++  cleaner_test.cpp
++)
++
  target_link_libraries(
    bug_1387734
@@ -241,6 +246,19 @@
    ${PROCESS_CPP_LIBRARIES}
+ )
++target_link_libraries(
++  cleaner_test
++
++  trust-store-cleaner-helper
++
++  gmock
++
++  gtest
++  gtest_main
++
++  ${PROCESS_CPP_LIBRARIES}
++)
++
  add_test(bug_1387734 ${CMAKE_CURRENT_BINARY_DIR}/bug_1387734)
  add_test(trust_store_test ${CMAKE_CURRENT_BINARY_DIR}/trust_store_test)
  add_test(remote_trust_store_test ${CMAKE_CURRENT_BINARY_DIR}/remote_trust_store_test)
 === added file 'tests/cleaner_test.cpp'
 --- tests/cleaner_test.cpp	1970-01-01 00:00:00 +0000
 +++ tests/cleaner_test.cpp	2016-07-06 16:22:59 +0000
@@ -0,0 +1,129 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ *              David Barth <david.barth@canonical.com>
++ */
++
++#include <core/trust/cleaner.h>
++#include <core/trust/preseed.h>
++
++#include "test_data.h"
++
++#include <core/posix/exec.h>
++#include <core/posix/this_process.h>
++
++#include <gtest/gtest.h>
++
++#include <map>
++
++namespace
++{
++std::map<std::string, std::string> a_copy_of_the_current_env()
++{
++    std::map<std::string, std::string> result;
++
++    core::posix::this_process::env::for_each([&result](const std::string& s, const std::string& t)
++    {
++        result.insert(std::make_pair(s, t));
++    });
++
++    return result;
++}
++}
++
++TEST(Cleaner, accepts_parameters)
++{
++    const std::string service_name{"JustANameForTesting"};
++
++    const std::vector<std::string> argv
++    {
++        "--for-service", service_name,
++        "--purge", "other.app",
++        "--purge", "does.not.exist.app"
++    };
++
++    auto child = core::posix::exec(
++                core::trust::testing::trust_store_cleaner_executable_in_build_dir,
++                argv,
++                a_copy_of_the_current_env(),
++                core::posix::StandardStream::empty);
++
++    auto result = child.wait_for(core::posix::wait::Flags::untraced);
++
++    EXPECT_EQ(core::posix::wait::Result::Status::exited, result.status);
++    EXPECT_EQ(core::posix::exit::Status::success, result.detail.if_exited.status);
++}
++
++TEST(Cleaner, can_remove_authorization_for_app)
++{
++    const std::string service_name{"JustANameForTesting"};
++    const std::string app_name{"does.not.exist.app"};
++    const std::string other_app{"other.app"};
++
++    const std::vector<std::string> argv_preseed
++    {
++        "--for-service", service_name,
++        "--request", "does.not.exist.app 0 granted",     // 1
++        "--request", "other.app 1 denied",               // 2
++    };
++
++    auto child_preseed = core::posix::exec(
++                core::trust::testing::trust_store_preseed_executable_in_build_dir,
++                argv_preseed,
++                a_copy_of_the_current_env(),
++                core::posix::StandardStream::empty);
++
++    auto result_preseed = child_preseed.wait_for(core::posix::wait::Flags::untraced);
++
++    EXPECT_EQ(core::posix::wait::Result::Status::exited, result_preseed.status);
++    EXPECT_EQ(core::posix::exit::Status::success, result_preseed.detail.if_exited.status);
++
++    // TODO: should verify that the store is preseeded properly
++
++    const std::vector<std::string> argv
++    {
++        "--for-service", service_name,
++        "--purge", app_name
++    };
++
++    auto child = core::posix::exec(
++                core::trust::testing::trust_store_cleaner_executable_in_build_dir,
++                argv,
++                a_copy_of_the_current_env(),
++                core::posix::StandardStream::empty);
++
++    auto result = child.wait_for(core::posix::wait::Flags::untraced);
++
++    EXPECT_EQ(core::posix::wait::Result::Status::exited, result.status);
++    EXPECT_EQ(core::posix::exit::Status::success, result.detail.if_exited.status);
++
++    auto store = core::trust::create_default_store(service_name);
++
++    auto query = store->query();
++
++    EXPECT_NO_THROW(query->execute());
++
++    EXPECT_EQ(core::trust::Store::Query::Status::has_more_results, query->status());
++
++    std::size_t counter{0};
++
++    while (query->status() != core::trust::Store::Query::Status::eor)
++    {
++        EXPECT_NE(app_name, query->current().from);
++        query->next(); counter++;
++    }
++
++}
 === modified file 'tests/mock_store.h'
 --- tests/mock_store.h	2014-07-24 11:30:09 +0000
 +++ tests/mock_store.h	2016-07-06 16:22:59 +0000
@@ -69,6 +69,8 @@
        */
      MOCK_METHOD1(add, void(const core::trust::Request&));
++    MOCK_METHOD1(clean, void(const std::string&));
++
      /**
       * @brief Create a query for this store.
       */
 === modified file 'tests/test_data.h.in'
 --- tests/test_data.h.in	2015-11-11 15:31:35 +0000
 +++ tests/test_data.h.in	2016-07-06 16:22:59 +0000
@@ -39,6 +39,11 @@
+ {
      "@CMAKE_BINARY_DIR@/src/trust-store-preseed"
  };
++
++static constexpr const char* trust_store_cleaner_executable_in_build_dir
++{
++    "@CMAKE_BINARY_DIR@/src/trust-store-cleaner"
++};
+ }
+ }
+ }