go-trust-store

Merge lp:~kyrofa/go-trust-store/add_documentation into lp:go-trust-store

  1. add_documentation
  2. Merge into trunk
Proposed by Kyle Fazzari
Status: Merged
Approved by: dobey
Approved revision: 6
Merged at revision: 6
Proposed branch: lp:~kyrofa/go-trust-store/add_documentation
Merge into: lp:go-trust-store
Prerequisite: lp:~kyrofa/go-trust-store/add_agent
Diff against target: 194 lines (+131/-4)
6 files modified
README (+3/-1)
trust/dbus/doc.go (+85/-0)
trust/doc.go (+37/-0)
trust/test_answer.go (+2/-1)
trust/test_request.go (+2/-1)
trust/test_request_parameters.go (+2/-1)
To merge this branch: bzr merge lp:~kyrofa/go-trust-store/add_documentation
Reviewer Review Type Date Requested Status
dobey (community) Approve
Review via email: mp+273138@code.launchpad.net

Commit message

Add documentation.

Description of the change

Add documentation.

To post a comment you must log in.
Revision history for this message
dobey (dobey) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'README'
--- README 2015-09-22 17:43:06 +0000
+++ README 2015-10-01 21:05:46 +0000
@@ -1,4 +1,6 @@
1Go Trust Store1Go Trust Store
2======2======
33
4Trust-store bindings for Go.4Trust-store bindings for Go. More detailed documentation:
5
6 https://godoc.org/launchpad.net/go-trust-store/trust
57
=== added file 'trust/dbus/doc.go'
--- trust/dbus/doc.go 1970-01-01 00:00:00 +0000
+++ trust/dbus/doc.go 2015-10-01 21:05:46 +0000
@@ -0,0 +1,85 @@
1/* Copyright (C) 2015 Canonical Ltd.
2 *
3 * This file is part of go-trust-store.
4 *
5 * go-trust-store is free software: you can redistribute it and/or modify it
6 * under the terms of the GNU Lesser General Public License version 3, as
7 * published by the Free Software Foundation.
8 *
9 * go-trust-store is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12 * details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with go-trust-store. If not, see <http://www.gnu.org/licenses/>.
16 *
17 * Authored by: Kyle Fazzari <kyle@canonical.com>
18 */
19
20/*
21When initially designing a trusted helper, the author must decide whether to
22host the trust store in-process or out-of-process. This package implements the
23bindings for the trust store DBus agent, which is meant to communicate with a
24remote (out-of-process) trust store-- specifically, trust-stored-skeleton (from
25the trust-store-bin package).
26
27For example, say the trust-stored-skeleton was run with the following
28incantation:
29
30 $ trust-stored-skeleton --remote-agent DBusRemoteAgent --bus=session \
31 --local-agent MirAgent \
32 --trusted-mir-socket=/var/run/user/$(id -u)/mir_socket_trusted \
33 --for-service FooBar --with-text-domain foo-bar --store-bus session
34
35One could communicate with that instance and cause a trust store prompt like the following:
36
37 package main
38
39 import (
40 "log"
41 "launchpad.net/go-trust-store/trust"
42 "launchpad.net/go-trust-store/trust/dbus"
43 )
44
45 func main() {
46 // We need the PID and full app ID of a running app here. This is the
47 // app that is requesting permission to something in our example, and
48 // it's the app over which the trust prompt will be shown.
49 appPid := 1234
50 appId := "com.ubuntu.foo_bzr_1.2.3"
51
52 trustAgent, err := dbus.CreateMultiUserAgentForBusConnection(
53 dbus.WellKnownBusSession, "FooBar")
54 if err != nil {
55 log.Fatalf("Unable to create trust store agent: %s", err)
56 }
57
58 params := &trust.RequestParameters{
59 Application: trust.Application{
60 Uid: 1000, // This needs to be the current user ID
61 Pid: appPid,
62 Id: appId,
63 },
64
65 // The unique ID of the feature to which access is requested
66 Feature: trust.Feature(0),
67
68 // This is the string that will be shown on the trust prompt. Note
69 // that this MUST have %1% in it, which trust-stored-skeleton will
70 // replace with the app name. If the string doesn't have it, you'll
71 // just get cryptic errors.
72 Description: "%1% wants to access my feature",
73 }
74
75 answer := trustAgent.AuthenticateRequestWithParameters(params)
76 log.Println("Answer:", answer)
77 }
78
79If, when running the skeleton, it immediately dies with something like "the name
80core.trust.dbus.Agent.FooBar was not provided by any .service files," then you
81hit a skeleton bug that requires the trust agent to be running before it will
82run. In that case, add a time.Sleep() (or a prompt) to the above code after the
83agent creation and before the authentication request.
84*/
85package dbus
086
=== added file 'trust/doc.go'
--- trust/doc.go 1970-01-01 00:00:00 +0000
+++ trust/doc.go 2015-10-01 21:05:46 +0000
@@ -0,0 +1,37 @@
1/* Copyright (C) 2015 Canonical Ltd.
2 *
3 * This file is part of go-trust-store.
4 *
5 * go-trust-store is free software: you can redistribute it and/or modify it
6 * under the terms of the GNU Lesser General Public License version 3, as
7 * published by the Free Software Foundation.
8 *
9 * go-trust-store is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12 * details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with go-trust-store. If not, see <http://www.gnu.org/licenses/>.
16 *
17 * Authored by: Kyle Fazzari <kyle@canonical.com>
18 */
19
20/*
21Some services on the Ubuntu Phone deal with resources and functionality that can
22be abused. As a result, the trust model requires that any access to them be
23specifically requested and granted by the user. The resulting user interaction
24is implemented by a "trust prompt." If the user explicitly grants the trust
25request via the prompt, the service grants access to the requested resource. Any
26service executing this trust prompting is called a "trusted helper." The trust
27model also makes the assumption that a given answer for a trust request remains
28valid until otherwise told. This information is stored using the "trust store."
29For more technical information regarding the trust store and sessions, see
30https://wiki.ubuntu.com/Security/TrustStoreAndSessions.
31
32This package serves as Go bindings to the trust-store
33(https://launchpad.net/trust-store), allowing Go programs to be trusted helpers.
34Note that only the DBus agent is currently implemented in the bindings. For
35examples and other DBus-agent-specific information, see the dbus package.
36*/
37package trust
038
=== modified file 'trust/test_answer.go'
--- trust/test_answer.go 2015-10-01 18:03:08 +0000
+++ trust/test_answer.go 2015-10-01 21:05:46 +0000
@@ -17,10 +17,11 @@
17 * Authored by: Kyle Fazzari <kyle@canonical.com>17 * Authored by: Kyle Fazzari <kyle@canonical.com>
18 */18 */
1919
20package trust
21
20// Since cgo cannot be used within Go test files, this file holds the actual22// Since cgo cannot be used within Go test files, this file holds the actual
21// tests and the corresponding test file calls them (i.e. the tests contained23// tests and the corresponding test file calls them (i.e. the tests contained
22// within this file are not run directly, but are called from other tests).24// within this file are not run directly, but are called from other tests).
23package trust
2425
25// #include <stdlib.h>26// #include <stdlib.h>
26// #include "answer_shim.h"27// #include "answer_shim.h"
2728
=== modified file 'trust/test_request.go'
--- trust/test_request.go 2015-10-01 21:05:46 +0000
+++ trust/test_request.go 2015-10-01 21:05:46 +0000
@@ -17,10 +17,11 @@
17 * Authored by: Kyle Fazzari <kyle@canonical.com>17 * Authored by: Kyle Fazzari <kyle@canonical.com>
18 */18 */
1919
20package trust
21
20// Since cgo cannot be used within Go test files, this file holds the actual22// Since cgo cannot be used within Go test files, this file holds the actual
21// tests and the corresponding test file calls them (i.e. the tests contained23// tests and the corresponding test file calls them (i.e. the tests contained
22// within this file are not run directly, but are called from other tests).24// within this file are not run directly, but are called from other tests).
23package trust
2425
25// #include <stdlib.h>26// #include <stdlib.h>
26// #include "request_shim.h"27// #include "request_shim.h"
2728
=== modified file 'trust/test_request_parameters.go'
--- trust/test_request_parameters.go 2015-10-01 21:05:46 +0000
+++ trust/test_request_parameters.go 2015-10-01 21:05:46 +0000
@@ -17,10 +17,11 @@
17 * Authored by: Kyle Fazzari <kyle@canonical.com>17 * Authored by: Kyle Fazzari <kyle@canonical.com>
18 */18 */
1919
20package trust
21
20// Since cgo cannot be used within Go test files, this file holds the actual22// Since cgo cannot be used within Go test files, this file holds the actual
21// tests and the corresponding test file calls them (i.e. the tests contained23// tests and the corresponding test file calls them (i.e. the tests contained
22// within this file are not run directly, but are called from other tests).24// within this file are not run directly, but are called from other tests).
23package trust
2425
25// #include <stdlib.h>26// #include <stdlib.h>
26// #include "request_parameters_shim.h"27// #include "request_parameters_shim.h"

Subscribers

People subscribed via source and target branches

to all changes: