go-trust-store

Merge lp:~kyrofa/go-trust-store/add_documentation into lp:go-trust-store

  1. add_documentation
  2. Merge into trunk
Proposed by Kyle Fazzari
Status: Merged
Approved by: dobey
Approved revision: 6
Merged at revision: 6
Proposed branch: lp:~kyrofa/go-trust-store/add_documentation
Merge into: lp:go-trust-store
Prerequisite: lp:~kyrofa/go-trust-store/add_agent
Diff against target: 194 lines (+131/-4)
6 files modified
README (+3/-1)
trust/dbus/doc.go (+85/-0)
trust/doc.go (+37/-0)
trust/test_answer.go (+2/-1)
trust/test_request.go (+2/-1)
trust/test_request_parameters.go (+2/-1)
To merge this branch: bzr merge lp:~kyrofa/go-trust-store/add_documentation
Reviewer Review Type Date Requested Status
dobey (community) Approve
Review via email: mp+273138@code.launchpad.net

Commit message

Add documentation.

Description of the change

Add documentation.

To post a comment you must log in.
Revision history for this message
dobey (dobey) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'README'
2--- README 2015-09-22 17:43:06 +0000
3+++ README 2015-10-01 21:05:46 +0000
4@@ -1,4 +1,6 @@
5 Go Trust Store
6 ======
7
8-Trust-store bindings for Go.
9+Trust-store bindings for Go. More detailed documentation:
10+
11+ https://godoc.org/launchpad.net/go-trust-store/trust
12
13=== added file 'trust/dbus/doc.go'
14--- trust/dbus/doc.go 1970-01-01 00:00:00 +0000
15+++ trust/dbus/doc.go 2015-10-01 21:05:46 +0000
16@@ -0,0 +1,85 @@
17+/* Copyright (C) 2015 Canonical Ltd.
18+ *
19+ * This file is part of go-trust-store.
20+ *
21+ * go-trust-store is free software: you can redistribute it and/or modify it
22+ * under the terms of the GNU Lesser General Public License version 3, as
23+ * published by the Free Software Foundation.
24+ *
25+ * go-trust-store is distributed in the hope that it will be useful, but WITHOUT
26+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
27+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
28+ * details.
29+ *
30+ * You should have received a copy of the GNU Lesser General Public License
31+ * along with go-trust-store. If not, see <http://www.gnu.org/licenses/>.
32+ *
33+ * Authored by: Kyle Fazzari <kyle@canonical.com>
34+ */
35+
36+/*
37+When initially designing a trusted helper, the author must decide whether to
38+host the trust store in-process or out-of-process. This package implements the
39+bindings for the trust store DBus agent, which is meant to communicate with a
40+remote (out-of-process) trust store-- specifically, trust-stored-skeleton (from
41+the trust-store-bin package).
42+
43+For example, say the trust-stored-skeleton was run with the following
44+incantation:
45+
46+ $ trust-stored-skeleton --remote-agent DBusRemoteAgent --bus=session \
47+ --local-agent MirAgent \
48+ --trusted-mir-socket=/var/run/user/$(id -u)/mir_socket_trusted \
49+ --for-service FooBar --with-text-domain foo-bar --store-bus session
50+
51+One could communicate with that instance and cause a trust store prompt like the following:
52+
53+ package main
54+
55+ import (
56+ "log"
57+ "launchpad.net/go-trust-store/trust"
58+ "launchpad.net/go-trust-store/trust/dbus"
59+ )
60+
61+ func main() {
62+ // We need the PID and full app ID of a running app here. This is the
63+ // app that is requesting permission to something in our example, and
64+ // it's the app over which the trust prompt will be shown.
65+ appPid := 1234
66+ appId := "com.ubuntu.foo_bzr_1.2.3"
67+
68+ trustAgent, err := dbus.CreateMultiUserAgentForBusConnection(
69+ dbus.WellKnownBusSession, "FooBar")
70+ if err != nil {
71+ log.Fatalf("Unable to create trust store agent: %s", err)
72+ }
73+
74+ params := &trust.RequestParameters{
75+ Application: trust.Application{
76+ Uid: 1000, // This needs to be the current user ID
77+ Pid: appPid,
78+ Id: appId,
79+ },
80+
81+ // The unique ID of the feature to which access is requested
82+ Feature: trust.Feature(0),
83+
84+ // This is the string that will be shown on the trust prompt. Note
85+ // that this MUST have %1% in it, which trust-stored-skeleton will
86+ // replace with the app name. If the string doesn't have it, you'll
87+ // just get cryptic errors.
88+ Description: "%1% wants to access my feature",
89+ }
90+
91+ answer := trustAgent.AuthenticateRequestWithParameters(params)
92+ log.Println("Answer:", answer)
93+ }
94+
95+If, when running the skeleton, it immediately dies with something like "the name
96+core.trust.dbus.Agent.FooBar was not provided by any .service files," then you
97+hit a skeleton bug that requires the trust agent to be running before it will
98+run. In that case, add a time.Sleep() (or a prompt) to the above code after the
99+agent creation and before the authentication request.
100+*/
101+package dbus
102
103=== added file 'trust/doc.go'
104--- trust/doc.go 1970-01-01 00:00:00 +0000
105+++ trust/doc.go 2015-10-01 21:05:46 +0000
106@@ -0,0 +1,37 @@
107+/* Copyright (C) 2015 Canonical Ltd.
108+ *
109+ * This file is part of go-trust-store.
110+ *
111+ * go-trust-store is free software: you can redistribute it and/or modify it
112+ * under the terms of the GNU Lesser General Public License version 3, as
113+ * published by the Free Software Foundation.
114+ *
115+ * go-trust-store is distributed in the hope that it will be useful, but WITHOUT
116+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
117+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
118+ * details.
119+ *
120+ * You should have received a copy of the GNU Lesser General Public License
121+ * along with go-trust-store. If not, see <http://www.gnu.org/licenses/>.
122+ *
123+ * Authored by: Kyle Fazzari <kyle@canonical.com>
124+ */
125+
126+/*
127+Some services on the Ubuntu Phone deal with resources and functionality that can
128+be abused. As a result, the trust model requires that any access to them be
129+specifically requested and granted by the user. The resulting user interaction
130+is implemented by a "trust prompt." If the user explicitly grants the trust
131+request via the prompt, the service grants access to the requested resource. Any
132+service executing this trust prompting is called a "trusted helper." The trust
133+model also makes the assumption that a given answer for a trust request remains
134+valid until otherwise told. This information is stored using the "trust store."
135+For more technical information regarding the trust store and sessions, see
136+https://wiki.ubuntu.com/Security/TrustStoreAndSessions.
137+
138+This package serves as Go bindings to the trust-store
139+(https://launchpad.net/trust-store), allowing Go programs to be trusted helpers.
140+Note that only the DBus agent is currently implemented in the bindings. For
141+examples and other DBus-agent-specific information, see the dbus package.
142+*/
143+package trust
144
145=== modified file 'trust/test_answer.go'
146--- trust/test_answer.go 2015-10-01 18:03:08 +0000
147+++ trust/test_answer.go 2015-10-01 21:05:46 +0000
148@@ -17,10 +17,11 @@
149 * Authored by: Kyle Fazzari <kyle@canonical.com>
150 */
151
152+package trust
153+
154 // Since cgo cannot be used within Go test files, this file holds the actual
155 // tests and the corresponding test file calls them (i.e. the tests contained
156 // within this file are not run directly, but are called from other tests).
157-package trust
158
159 // #include <stdlib.h>
160 // #include "answer_shim.h"
161
162=== modified file 'trust/test_request.go'
163--- trust/test_request.go 2015-10-01 21:05:46 +0000
164+++ trust/test_request.go 2015-10-01 21:05:46 +0000
165@@ -17,10 +17,11 @@
166 * Authored by: Kyle Fazzari <kyle@canonical.com>
167 */
168
169+package trust
170+
171 // Since cgo cannot be used within Go test files, this file holds the actual
172 // tests and the corresponding test file calls them (i.e. the tests contained
173 // within this file are not run directly, but are called from other tests).
174-package trust
175
176 // #include <stdlib.h>
177 // #include "request_shim.h"
178
179=== modified file 'trust/test_request_parameters.go'
180--- trust/test_request_parameters.go 2015-10-01 21:05:46 +0000
181+++ trust/test_request_parameters.go 2015-10-01 21:05:46 +0000
182@@ -17,10 +17,11 @@
183 * Authored by: Kyle Fazzari <kyle@canonical.com>
184 */
185
186+package trust
187+
188 // Since cgo cannot be used within Go test files, this file holds the actual
189 // tests and the corresponding test file calls them (i.e. the tests contained
190 // within this file are not run directly, but are called from other tests).
191-package trust
192
193 // #include <stdlib.h>
194 // #include "request_parameters_shim.h"

Subscribers

People subscribed via source and target branches

to all changes: