Sorry about the long list here, most of it is about fitting in with the design styles that have grown in Mir and you would not yet be familiar with. I've voted "Needs Fixing" but many of the points might be addressed by discussion.
~~~~
src/server/default_server_configuration.cpp
There's a lot of code added here (to generate a seed) that probably doesn't belong in a translation unit that is about constructing the right objects to configure the system. I'd prefer to see it put in a separate file. (Is there any reason it can't be part of the new library?)
Could we not use a return value instead of an out parameter?
~~~~
+std::string mir_test_framework::udev_recordings_path()
+{
+ std::string share_path = MIR_INSTALL_PREFIX"/share/udev_recordings";
+ std::string bin_path = MIR_BUILD_PREFIX"/bin/udev_recordings";
+
+ if (boost::filesystem::exists(share_path))
+ return share_path;
+ else if (boost::filesystem::exists(bin_path))
+ return bin_path;
+
+ BOOST_THROW_EXCEPTION(std::runtime_error("Failed to find udev_recordings in standard search locations"));
+}
Can this be right? A development test binary looks in the location where it would be installed? Even though a developer may be making changes to the version in the build path.
The older logic (based on the executable path) seems less surprising.
What is the reason for preferring the Cheshire Cat idiom over Interface Class? This makes it far harder to substitute alternative implementations (e.g. for testing that cookies actually are validated when necessary).
I can also imagine a desire to provide a different verification model in a (hypothetical) downstream server.
Sorry about the long list here, most of it is about fitting in with the design styles that have grown in Mir and you would not yet be familiar with. I've voted "Needs Fixing" but many of the points might be addressed by discussion.
~~~~
src/server/ default_ server_ configuration. cpp
There's a lot of code added here (to generate a seed) that probably doesn't belong in a translation unit that is about constructing the right objects to configure the system. I'd prefer to see it put in a separate file. (Is there any reason it can't be part of the new library?)
~~~~
+void fill_vector_ with_random_ data(std: :vector< uint8_t> & buffer)
Could we not use a return value instead of an out parameter?
~~~~
+std::string mir_test_ framework: :udev_recording s_path( ) PREFIX" /share/ udev_recordings "; PREFIX" /bin/udev_ recordings" ; :filesystem: :exists( share_path) ) :filesystem: :exists( bin_path) ) EXCEPTION( std::runtime_ error(" Failed to find udev_recordings in standard search locations"));
+{
+ std::string share_path = MIR_INSTALL_
+ std::string bin_path = MIR_BUILD_
+
+ if (boost:
+ return share_path;
+ else if (boost:
+ return bin_path;
+
+ BOOST_THROW_
+}
Can this be right? A development test binary looks in the location where it would be installed? Even though a developer may be making changes to the version in the build path.
The older logic (based on the executable path) seems less surprising.
~~~~
+class CookieFactory std::vector< uint8_t> const& secret); to_cookie( uint64_ t const& timestamp); timestamp( MirCookie const& cookie); ptr<CookieImpl> impl;
+{
+public:
+ CookieFactory(
+ ~CookieFactory() noexcept;
+
+ MirCookie timestamp_
+
+ bool attest_
+
+private:
+ class CookieImpl;
+ std::unique_
+};
What is the reason for preferring the Cheshire Cat idiom over Interface Class? This makes it far harder to substitute alternative implementations (e.g. for testing that cookies actually are validated when necessary).
I can also imagine a desire to provide a different verification model in a (hypothetical) downstream server.
~~~~~
+void mir::Server: :set_cookie_ secret( std::vector< uint8_t> const& secret) setting_ allowed( self->server_ config) ; factory = std::make_ shared< CookieFactory> (secret) ;
+{
+ verify_
+ self->cookie_
+}
It is a little surprising that this sets the cookie factory, not the secret. I can't immediately think of anything this breaks but...
Between this and the previous, I think this would fit better into Mir's design patterns if:
1. CookieFactory were an interface and CookieImpl a derived class. the_cookie_ factory
2. the configuration point were override_
~~~~~
=== added file 'tests/ acceptance- tests/test_ mir_cookie. cpp'
This reads more like a unit test
~~~~~
+ mir_discover_ tests_with_ fd_leak_ detection( mir_acceptance_ tests LD_PRELOAD= libumockdev- preload. so.0 G_SLICE= always- malloc G_DEBUG= gc-friendly)
The acceptance tests (before and after this MP) don't need libumockdev- preload. so.0 (which is convenient when running them by hand) why change that?
~~~~~
AFAICS the_cookie_ factory( ) isn't used. I've not looked in the parent branch - I assume use (and real acceptance tests) is coming soon?