Checkbox

Merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox

trusted-launcher-standalone
Merge into trunk

Proposed by Sylvain Pineau on 2013-04-04

Status:	Merged
Approved by:	Sylvain Pineau on 2013-05-08
Approved revision:	2107
Merged at revision:	2107
Proposed branch:	lp:~sylvain-pineau/checkbox/trusted-launcher-standalone
Merge into:	lp:checkbox
Diff against target:	1208 lines (+814/-111) 11 files modified plainbox/.coveragerc (+2/-0) plainbox/MANIFEST.in (+1/-0) plainbox/plainbox/data/org.freedesktop.policykit.pkexec.policy (+30/-0) plainbox/plainbox/impl/job.py (+10/-59) plainbox/plainbox/impl/rfc822.py (+4/-19) plainbox/plainbox/impl/runner.py (+39/-16) plainbox/plainbox/impl/secure/__init__.py (+27/-0) plainbox/plainbox/impl/secure/checkbox_trusted_launcher.py (+402/-0) plainbox/plainbox/impl/secure/test_checkbox_trusted_launcher.py (+268/-0) plainbox/plainbox/impl/test_rfc822.py (+23/-16) plainbox/setup.py (+8/-1)
To merge this branch:	bzr merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Sylvain Pineau (community)		Approve on 2013-05-08
Zygmunt Krynicki (community)	2013-04-04	Approve on 2013-05-07
Review via email: mp+157045@code.launchpad.net

Description of the change

This is an implementation proposal for Plainbox.

It provides the trusted launcher component to run commands as another user (root most of time).
This launcher has be started by pkexec to apply the rules defined in the policy file.
The root password will only be asked once for the lifetime of the plainbox process (see auth_admin_keep).

The policy file has to be installed manually (sorry...) to test it (in /usr/share/polkit-1/actions)

It's just a proof of concept as some code is needed to ask the password when the sessions starts not before the first test requiring root.

To avoid running the trusted launcher as a service, it will be started for each test requiring root privileges.

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-04-04:

The standalone launcher looks pretty good. I need to look at the other bits and read it in more detail.
I'll send a second review after fixing trunk now.

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-04-09:

92 + cmd = ['checkbox-trusted-launcher', job.get_checksum()] + [
93 "{key}={value}".format(key=key, value=value)
94 for key, value in self._get_script_env(
95 job, only_changes=True
96 ).items()
97 - ] + cmd
98 + ]
99 + if job.via is not None:
100 + cmd = cmd + ['--via', job.via]
101 + if job._checkbox._mode == 'src':
102 + # Running PlainBox from source doesn't require the trusted
103 + # launcher

This looks as if it was structured incorrectly. How about something like this:

if job._checkbox._mode == 'src':
   cmd = self._get_command_src()
elif job.user is not None:
   cmd = self._get_command_trusted()
else:
   ...

+ for filename in path_expand("/usr/share/checkbox*"):

Isn't that /usr/share/checkbox/jobs/*.txt

+
365 + for job in desired_job_list:
366 + job_result = subprocess.check_output(

This means we'll runn all jobs as root. I think we should respect the user key and actually use the right user for each particular job that we execute (including local jobs)

367 + job.command,
368 + shell=True,
369 + universal_newlines=True,
370 + env=job.modify_execution_environment(args.ENV, packages))
371 + stream = io.StringIO()
372 + stream.write(job_result)

Yuck! Just pass PIPE and use the stream, there is no need to copy anything

373 + stream.seek(0)
374 + for message in RFC822Parser().loads(stream):

I'll keep reviewing this

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-04-09:

+include org.freedesktop.policykit.pkexec.policy

Let's keep that in a non-root directory. Ideas welcome

172 +class Job():

No need to use () there

340 + # List of all available jobs in system-wide locations
341 + builtin_jobs = []
342 + # List of all checkbox related packages, like checkbox-oem
343 + packages = []

I don't like this part. I would much rather have a fixed set of places and not probe the system for anything.

344 +
345 + def path_expand(path):
346 + for path in glob.glob(path):

Variable shadowed

347 + packages.append(path)
348 + for dirpath, dirs, filenames in os.walk(os.path.join(
349 + path, 'jobs')):
350 + for name in filenames:
351 + if name.endswith(".txt") or name.endswith(".txt.in"):
352 + yield os.path.join(dirpath, name)

All of that _lacks_tests_, copying tested code without adding test is semi-okay but adding features without a shred of tests is a no-go.

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-04-11:

Marking as needs fixing to get it to move to appropriate slot in +activereviews

review: Needs Fixing

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-03:

The new version with tests is ready for review.

The documentation is still missing but I will propose it in a separate branch.

review: Needs Resubmitting

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-05-03:

103 + cmd = cmd + ['--via', job.via]

107 + # Running PlainBox from source doesn't require the trusted launcher
108 + # That's why we use the env(1)' command and pass it the list of
109 + # changed environment variables.
110 + # The whole pkexec and env part gets prepended to the command
111 + # we were supposed to run.

docstring, also affects the method above

193 +:mod:`plainbox.scripts` -- code for external (trusted) launchers

Move to plainbox.impl.secure please

337 +
338 + pass

Remove

420 + Runner for jobs - executes jobs and produces results

Not true, the runner just executes the process and pipes back stdout/stderr

436 + if name.endswith(".txt") or name.endswith(".txt.in"):

.txt.in should be skipped, it is only relevant to in-tree development

477 + try:
478 + target_job = [j for j in lookup_list
479 + if j.get_checksum() == args.HASH][0]
480 + os.execve(
481 + '/bin/bash',
482 + ['bash', '-c', target_job.command],
483 + target_job.modify_execution_environment(
484 + args.ENV,
485 + self.packages)
486 + )
487 + except IndexError:
488 + return "Job not found"

Move try/index errror together, do anther try/catch for anything you may want to catch from os.execve

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-03:

Thanks for your review, I've fixed all the issues except the docstring. env(1) is really only used for the 'src' mode.
When usinf the trusted launcher, env keys are appended to the list of optional parameters.

Regarding the tests, I can't subclass the existing RFCParserTests. When called, it use the plainbox parser load method instead of the launcher one. So it was easier do just duplicate tests.

review: Needs Resubmitting

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-05-06:

> Regarding the tests, I can't subclass the existing RFCParserTests. When
> called, it use the plainbox parser load method instead of the launcher one. So
> it was easier do just duplicate tests.

You could add a test method like get_parser() that would return the appropriate parser method.

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-06:

RFC822 parser tests are now shared between the trusted launcher and PlainBox core. No duplication of tests!

review: Needs Resubmitting

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-06:

Rebasing/reordering/squashing and solving the following issues:

setup.py: pep8 fixes (just for long lines)
runner.py: removed an uneeded logging call
policy file: use the checkbox icon
job.py: add a docstring to Job.via attribute
trusted-launcher: Removed a useless comment in the main function

review: Needs Resubmitting

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-06:

Download full text (3.9 KiB)

(05:29:23 PM) zyga: spineau: http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2103 the flow in _get_command_src is okay but looks strange, perhaps use cmd += three times or simply return the long expression instead
(05:30:59 PM) spineau: zyga: hehe, I just put there the existing command, but I can make it readable, gimme 5 m
(05:31:20 PM) zyga: spineau: in http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2101 I would move loader and syntax_error to class attributes and rename CommonRFC822ParserTests to MixIn, this way users would not need to worry about setup call (which is actually called per test, and setupclass is more appropriate), I would also move those loader/error attributes to class attributes as those are trivial to redefine in derivative c
(05:31:29 PM) zyga: spineau: but the code there looks great
(05:31:48 PM) zyga: spineau: and that's a very nice way to reuse tests and keep both implementation in sync
(05:33:37 PM) zyga: spineau: lookin at http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2100 I wonder if we could do a base secure job class, dedicated trusted launcher class and decidated normal job class, it would probably cut a lot of the duplication without affecting security, but it's up to you. I just thought that after that test reuse we could perhaps reuse some (most) of the boring job methods
(05:34:10 PM) zyga: spineau: ditto for errors and records, we _might_ import them from the non-secure codepath and cut code
(05:35:45 PM) zyga: spineau: in http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2100 in the _modify_execution_environment() method, did you use both 'bin' and 'scripts' for the old checkbox packaging change or was there any other reason?
(05:36:49 PM) spineau: zyga: I use both, but give precedence to bin
(05:37:00 PM) zyga: spineau: again in http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2100 I would use - instead of _ in metavar, typically metavar is what --help / --usage prints and the convention is to use dashes
(05:37:10 PM) zyga: spineau: yeah, I know you give precendence to bin
(05:37:17 PM) zyga: spineau: I was just checking if that was the cause
(05:37:20 PM) spineau: zyga: and yes it's for the old style packaging
(05:37:43 PM) zyga: spineau: on the same line, VIA_HASH should be lowercase as this is just a variable
(05:38:22 PM) zyga: spineau: same revision, diff lines 319-322, unless you had a reason not to, use with open(...) there
(05:39:41 PM) spineau: zyga: it may be a bug in coverage but with a "with" statement, I get a partial branch coverage, don't know why
(05:40:12 PM) zyga: spineau: same revision, you don't wait for the process wrapped by via_job_result, that adds zombies
(05:40:24 PM) zyga: spineau: interesting, flip that and repush, I'll investigate
(05:40:49 PM) zyga: spineau: I suspect you just need try/finally: with via_job_result.wait() there (to the second problem)
(05:40:59 PM) zyga: spineau: otherwise the runner looks okay
(05:41:42 PM) zyga: spineau: I've yet to read http://baz...

(05:29:23 PM) zyga: spineau: http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2103 the flow in _get_command_src is okay but looks strange, perhaps use cmd += three times or simply return the long expression instead
(05:30:59 PM) spineau: zyga: hehe, I just put there the existing command, but I can make it readable, gimme 5 m
(05:31:20 PM) zyga: spineau: in http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2101 I would move loader and syntax_error to class attributes and rename CommonRFC822ParserTests to MixIn, this way users would not need to worry about setup call (which is actually called per test, and setupclass is more appropriate), I would also move those loader/error attributes to class attributes as those are trivial to redefine in derivative c
(05:31:29 PM) zyga: spineau: but the code there looks great
(05:31:48 PM) zyga: spineau: and that's a very nice way to reuse tests and keep both implementation in sync 
(05:33:37 PM) zyga: spineau: lookin at http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2100 I wonder if we could do a base secure job class, dedicated trusted launcher class and decidated normal job class, it would probably cut a lot of the duplication without affecting security, but it's up to you. I just thought that after that test reuse we could perhaps reuse some (most) of the boring job methods
(05:34:10 PM) zyga: spineau: ditto for errors and records, we _might_ import them from the non-secure codepath and cut code
(05:35:45 PM) zyga: spineau: in http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2100 in the _modify_execution_environment() method, did you use both 'bin' and 'scripts' for the old checkbox packaging change or was there any other reason?
(05:36:49 PM) spineau: zyga: I use both, but give precedence to bin
(05:37:00 PM) zyga: spineau: again in http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2100 I would use - instead of _ in metavar, typically metavar is what --help / --usage prints and the convention is to use dashes 
(05:37:10 PM) zyga: spineau: yeah, I know you give precendence to bin
(05:37:17 PM) zyga: spineau: I was just checking if that was the cause
(05:37:20 PM) spineau: zyga: and yes it's for the old style packaging
(05:37:43 PM) zyga: spineau: on the same line, VIA_HASH should be lowercase as this is just a variable
(05:38:22 PM) zyga: spineau: same revision, diff lines 319-322, unless you had a reason not to, use with open(...) there
(05:39:41 PM) spineau: zyga: it may be a bug in coverage but with a "with" statement, I get a partial branch coverage, don't know why
(05:40:12 PM) zyga: spineau: same revision, you don't wait for the process wrapped by via_job_result, that adds zombies 
(05:40:24 PM) zyga: spineau: interesting, flip that and repush, I'll investigate
(05:40:49 PM) zyga: spineau: I suspect you just need try/finally: with via_job_result.wait() there (to the second problem)
(05:40:59 PM) zyga: spineau: otherwise the runner looks okay
(05:41:42 PM) zyga: spineau: I've yet to read http://bazaar.launchpad.net/~sylvain-pineau/checkbox/trusted-launcher-standalone/revision/2102 which adds tests for all of that
(05:41:48 PM) zyga: spineau: I'll be back in a moment to do so
(05:41:50 PM) spineau: zyga: regarding the creation of a secure base class for job definition, I would prefer to not import stuff from plainbox at all
(05:42:01 PM) zyga: spineau: no
(05:42:04 PM) zyga: spineau: it's the other way around
(05:42:10 PM) zyga: spineau: secure code would define base job
(05:42:22 PM) zyga: spineau: and actual job that secure launcher needs
(05:42:23 PM) spineau: zyga: I see
(05:42:28 PM) zyga: spineau: then rest of the code could import the base
(05:42:36 PM) zyga: spineau: with just minor extra methods
(05:42:39 PM) zyga: spineau: so less code duplication

review: Needs Fixing

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-07:

This new version is mainly for code optimization and reuse.

base classes are provided by the secure module and inherited by the core.

review: Needs Resubmitting

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-07:

Ready to land

review: Needs Resubmitting

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-05-07:

review: Approve

Revision history for this message

Daniel Manrique (roadmr) wrote on 2013-05-07:

Download full text (4.1 KiB)

The attempt to merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox failed. Below is the output from the failed tests.

[precise] Bringing VM 'up'
Timing for [precise] Bringing VM 'up'
7.99user 3.50system 5:44.30elapsed 3%CPU (0avgtext+0avgdata 21464maxresident)k
0inputs+200outputs (0major+186336minor)pagefaults 0swaps
[precise] Starting tests...
[precise] CheckBox test suite: pass
Timing for Checkbox test suite
1.14user 0.48system 0:11.96elapsed 13%CPU (0avgtext+0avgdata 20020maxresident)k
7352inputs+16outputs (85major+47707minor)pagefaults 0swaps
Timing for refreshing plainbox installation
0.75user 0.29system 0:05.57elapsed 18%CPU (0avgtext+0avgdata 20592maxresident)k
0inputs+16outputs (0major+49428minor)pagefaults 0swaps
[precise] PlainBox test suite: fail
[precise] stdout: http://paste.ubuntu.com/5641266/
[precise] stderr: http://paste.ubuntu.com/5641267/
Timing for plainbox test suite
Command exited with non-zero status 1
0.92user 0.33system 0:11.58elapsed 10%CPU (0avgtext+0avgdata 20796maxresident)k
0inputs+184outputs (0major+50181minor)pagefaults 0swaps
[precise] PlainBox documentation build: pass
Timing for plainbox documentation build
0.71user 0.31system 0:14.56elapsed 7%CPU (0avgtext+0avgdata 20512maxresident)k
0inputs+16outputs (0major+49217minor)pagefaults 0swaps
[precise] Integration tests: pass
Timing for integration tests
0.78user 0.25system 0:08.41elapsed 12%CPU (0avgtext+0avgdata 20832maxresident)k
0inputs+8outputs (0major+49897minor)pagefaults 0swaps
[precise] Destroying VM
[quantal] Bringing VM 'up'
Timing for [quantal] Bringing VM 'up'
8.05user 3.72system 4:02.01elapsed 4%CPU (0avgtext+0avgdata 21244maxresident)k
24inputs+184outputs (1major+207545minor)pagefaults 0swaps
[quantal] Starting tests...
[quantal] CheckBox test suite: pass
Timing for Checkbox test suite
0.76user 0.31system 0:12.89elapsed 8%CPU (0avgtext+0avgdata 20764maxresident)k
0inputs+16outputs (0major+49537minor)pagefaults 0swaps
Timing for refreshing plainbox installation
0.78user 0.30system 0:06.91elapsed 15%CPU (0avgtext+0avgdata 20800maxresident)k
0inputs+16outputs (0major+49407minor)pagefaults 0swaps
[quantal] PlainBox test suite: fail
[quantal] stdout: http://paste.ubuntu.com/5641278/
[quantal] stderr: http://paste.ubuntu.com/5641279/
Timing for plainbox test suite
Command exited with non-zero status 1
0.98user 0.34system 0:14.49elapsed 9%CPU (0avgtext+0avgdata 19996maxresident)k
0inputs+184outputs (0major+49673minor)pagefaults 0swaps
[quantal] PlainBox documentation build: pass
Timing for plainbox documentation build
0.72user 0.33system 0:07.19elapsed 14%CPU (0avgtext+0avgdata 20612maxresident)k
0inputs+8outputs (0major+49540minor)pagefaults 0swaps
[quantal] Integration tests: pass
Timing for integration tests
0.72user 0.32system 0:09.98elapsed 10%CPU (0avgtext+0avgdata 20608maxresident)k
0inputs+8outputs (0major+49259minor)pagefaults 0swaps
[quantal] Destroying VM
[raring] Bringing VM 'up'
Timing for [raring] Bringing VM 'up'
8.42user 3.67system 6:04.12elapsed 3%CPU (0avgtext+0avgdata 21468maxresident)k
0inputs+232outputs (0major+219084minor)pagefaults 0swaps
[raring] Starting tests...
[raring] CheckBox test suite: pass
Timi...

The attempt to merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox failed. Below is the output from the failed tests.

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2013-05-07:

14:21 < zyga> spineau_afk: you have two test failures
14:22 < zyga> spineau_afk: so first one is mock older api, you can probably work around that with just assinging stuff after you instantiate mock itself
14:22 < zyga> spineau_afk: the second failure is a bit more annoying, that's argparse incompatibility between 3.2 and 3.3
14:22 < zyga> spineau_afk: plainbox has a fix for that, look at how I resolved it, the fix is in box.py with a lenghty comment that explains why it is needed
14:22 < zyga> spineau_afk: thanks

Revision history for this message

Sylvain Pineau (sylvain-pineau) wrote on 2013-05-08:

Self-approval.

This version fixed the bug with Mock version 0.7.2 on precise and 0.8.0 on quantal.
Also resolved the argparse imcompatibility with python3.3, basically with run the launcher without args we call parser.error().

review: Approve

Revision history for this message

Daniel Manrique (roadmr) wrote on 2013-05-08:

The attempt to merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox failed. Below is the output from the failed tests.

[precise] Bringing VM 'up'
Timing for [precise] Bringing VM 'up'
8.50user 3.87system 6:01.39elapsed 3%CPU (0avgtext+0avgdata 21308maxresident)k
0inputs+216outputs (0major+184644minor)pagefaults 0swaps
[precise] Starting tests...
[precise] CheckBox test suite: pass
Timing for Checkbox test suite
0.82user 0.25system 0:11.25elapsed 9%CPU (0avgtext+0avgdata 20600maxresident)k
0inputs+16outputs (0major+48956minor)pagefaults 0swaps
Timing for refreshing plainbox installation
0.76user 0.31system 0:05.58elapsed 19%CPU (0avgtext+0avgdata 20584maxresident)k
0inputs+16outputs (0major+49567minor)pagefaults 0swaps
[precise] PlainBox test suite: pass
Timing for plainbox test suite
0.96user 0.32system 0:12.08elapsed 10%CPU (0avgtext+0avgdata 20800maxresident)k
0inputs+184outputs (0major+49372minor)pagefaults 0swaps
[precise] PlainBox documentation build: pass
Timing for plainbox documentation build
0.84user 0.29system 0:14.77elapsed 7%CPU (0avgtext+0avgdata 20820maxresident)k
0inputs+16outputs (0major+48997minor)pagefaults 0swaps
[precise] Integration tests: pass
Timing for integration tests
0.80user 0.32system 0:08.99elapsed 12%CPU (0avgtext+0avgdata 19980maxresident)k
0inputs+8outputs (0major+49591minor)pagefaults 0swaps
[precise] Destroying VM
[quantal] Bringing VM 'up'
Timing for [quantal] Bringing VM 'up'
7.78user 3.36system 3:49.48elapsed 4%CPU (0avgtext+0avgdata 22176maxresident)k
0inputs+176outputs (0major+195590minor)pagefaults 0swaps
[quantal] Starting tests...
[quantal] CheckBox test suite: pass
Timing for Checkbox test suite
0.78user 0.28system 0:13.06elapsed 8%CPU (0avgtext+0avgdata 20496maxresident)k
0inputs+16outputs (0major+49512minor)pagefaults 0swaps
Timing for refreshing plainbox installation
0.80user 0.27system 0:06.67elapsed 16%CPU (0avgtext+0avgdata 20680maxresident)k
0inputs+16outputs (0major+49785minor)pagefaults 0swaps
[quantal] PlainBox test suite: pass
Timing for plainbox test suite
0.98user 0.28system 0:14.31elapsed 8%CPU (0avgtext+0avgdata 20812maxresident)k
0inputs+184outputs (0major+49627minor)pagefaults 0swaps
[quantal] PlainBox documentation build: pass
Timing for plainbox documentation build
0.78user 0.26system 0:07.18elapsed 14%CPU (0avgtext+0avgdata 20600maxresident)k
0inputs+8outputs (0major+49466minor)pagefaults 0swaps
[quantal] Integration tests: pass
Timing for integration tests
0.82user 0.26system 0:10.03elapsed 10%CPU (0avgtext+0avgdata 20748maxresident)k
0inputs+8outputs (0major+49358minor)pagefaults 0swaps
[quantal] Destroying VM
[raring] Bringing VM 'up'
[raring] Unable to 'up' VM!
[raring] stdout: http://paste.ubuntu.com/5643984/
[raring] stderr: http://paste.ubuntu.com/5643985/
[raring] NOTE: unable to execute tests, marked as failed

The attempt to merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox failed. Below is the output from the failed tests.

Revision history for this message

Daniel Manrique (roadmr) wrote on 2013-05-08:

The attempt to merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox failed. Below is the output from the failed tests.

[precise] Bringing VM 'up'
[precise] Unable to 'up' VM!
[precise] stdout: http://paste.ubuntu.com/5644063/
[precise] stderr: http://paste.ubuntu.com/5644064/
[precise] NOTE: unable to execute tests, marked as failed
[quantal] Bringing VM 'up'
[quantal] Unable to 'up' VM!
[quantal] stdout: http://paste.ubuntu.com/5644065/
[quantal] stderr: http://paste.ubuntu.com/5644066/
[quantal] NOTE: unable to execute tests, marked as failed
[raring] Bringing VM 'up'
[raring] Unable to 'up' VM!
[raring] stdout: http://paste.ubuntu.com/5644067/
[raring] stderr: http://paste.ubuntu.com/5644068/
[raring] NOTE: unable to execute tests, marked as failed

Revision history for this message

Daniel Manrique (roadmr) wrote on 2013-05-08:

The attempt to merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox failed. Below is the output from the failed tests.

[precise] Bringing VM 'up'
[precise] Unable to 'up' VM!
[precise] stdout: http://paste.ubuntu.com/5644099/
[precise] stderr: http://paste.ubuntu.com/5644100/
[precise] NOTE: unable to execute tests, marked as failed
[quantal] Bringing VM 'up'
[quantal] Unable to 'up' VM!
[quantal] stdout: http://paste.ubuntu.com/5644104/
[quantal] stderr: http://paste.ubuntu.com/5644105/
[quantal] NOTE: unable to execute tests, marked as failed
[raring] Bringing VM 'up'
[raring] Unable to 'up' VM!
[raring] stdout: http://paste.ubuntu.com/5644107/
[raring] stderr: http://paste.ubuntu.com/5644108/
[raring] NOTE: unable to execute tests, marked as failed

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Checkbox Developers

Kyle Ireland

Ma Jun

Sylvain Pineau

Thao Nguyen

Zygmunt Krynicki

 === modified file 'plainbox/.coveragerc'
 --- plainbox/.coveragerc	2013-03-22 08:30:28 +0000
 +++ plainbox/.coveragerc	2013-05-08 07:38:29 +0000
@@ -9,6 +9,8 @@
      plainbox/impl/integration_tests.py
      plainbox/impl/commands/test_*
      plainbox/impl/exporter/test_*
++    plainbox/impl/transport/test_*
++    plainbox/impl/secure/test_*
      plainbox/testing_utils/test_*
  [report]
 === modified file 'plainbox/MANIFEST.in'
 --- plainbox/MANIFEST.in	2013-04-04 17:12:12 +0000
 +++ plainbox/MANIFEST.in	2013-05-08 07:38:29 +0000
@@ -5,3 +5,4 @@
  recursive-include docs *.rst
  include docs/conf.py
  include plainbox/data/report/hardware-1_0.rng
++include plainbox/data/org.freedesktop.policykit.pkexec.policy
 === added file 'plainbox/plainbox/data/org.freedesktop.policykit.pkexec.policy'
 --- plainbox/plainbox/data/org.freedesktop.policykit.pkexec.policy	1970-01-01 00:00:00 +0000
 +++ plainbox/plainbox/data/org.freedesktop.policykit.pkexec.policy	2013-05-08 07:38:29 +0000
@@ -0,0 +1,30 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<!DOCTYPE policyconfig PUBLIC
++ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
++ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
++<policyconfig>
++
++  <!--
++    Policy definitions for PlainBox system actions.
++    (C) 2013 Canonical Ltd.
++    Author: Sylvain Pineau <sylvain.pineau@canonical.com>
++  -->
++
++  <vendor>PlainBox</vendor>
++  <vendor_url>https://launchpad.net/checkbox</vendor_url>
++  <icon_name>checkbox</icon_name>
++
++  <action id="org.freedesktop.policykit.pkexec.run-plainbox-job">
++    <description>Run Job command</description>
++    <message>Authentication is required to run a job command as another user</message>
++    <defaults>
++      <allow_any>no</allow_any>
++      <allow_inactive>no</allow_inactive>
++      <allow_active>auth_admin_keep</allow_active>
++    </defaults>
++    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/checkbox-trusted-launcher</annotate>
++    <annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
++  </action>
++
++</policyconfig>
++
 === modified file 'plainbox/plainbox/impl/job.py'
 --- plainbox/plainbox/impl/job.py	2013-04-23 00:16:38 +0000
 +++ plainbox/plainbox/impl/job.py	2013-05-08 07:38:29 +0000
@@ -26,9 +26,6 @@
      THIS MODULE DOES NOT HAVE STABLE PUBLIC API
  """
--import collections
--import hashlib
--import json
  import logging
  import os
  import re
@@ -36,12 +33,13 @@
  from plainbox.abc import IJobDefinition
  from plainbox.impl.config import Unset
  from plainbox.impl.resource import ResourceProgram
++from plainbox.impl.secure.checkbox_trusted_launcher import BaseJob
  logger = logging.getLogger("plainbox.job")
--class JobDefinition(IJobDefinition):
++class JobDefinition(BaseJob, IJobDefinition):
      """
      Job definition class.
@@ -50,10 +48,6 @@
      """
      @property
--    def plugin(self):
--        return self.__getattr__('plugin')
--
--    @property
      def name(self):
          return self.__getattr__('name')
@@ -65,13 +59,6 @@
              return None
      @property
--    def command(self):
--        try:
--            return self.__getattr__('command')
--        except AttributeError:
--            return None
--
--    @property
      def description(self):
          try:
              return self.__getattr__('description')
@@ -86,16 +73,13 @@
              return None
      @property
--    def user(self):
--        try:
--            return self.__getattr__('user')
--        except AttributeError:
--            return None
--
--    @property
--    def environ(self):
--        try:
--            return self.__getattr__('environ')
++    def via(self):
++        """
++        The checksum of the "parent" job when the current JobDefinition comes
++        from a job output using the local plugin
++        """
++        try:
++            return self.__getattr__('via')
          except AttributeError:
              return None
@@ -184,15 +168,6 @@
          else:
              return set()
--    def get_environ_settings(self):
--        """
--        Return a set of requested environment variables
--        """
--        if self.environ is not None:
--            return {variable for variable in re.split('[\s,]+', self.environ)}
--        else:
--            return set()
--
      @classmethod
      def from_rfc822_record(cls, record):
          """
@@ -270,35 +245,11 @@
          jobs (plugin local). The intent is to encapsulate the sharing of the
          embedded checkbox reference.
          """
++        record.data['via'] = self.get_checksum()
          job = self.from_rfc822_record(record)
          job._checkbox = self._checkbox
          return job
--    def get_checksum(self):
--        """
--        Compute a checksum of the job definition.
--
--        This method can be used to compute the checksum of the canonical form
--        of the job definition.  The canonical form is the UTF-8 encoded JSON
--        serialization of the data that makes up the full definition of the job
--        (all keys and values). The JSON serialization uses no indent and
--        minimal separators.
--
--        The checksum is defined as the SHA256 hash of the canonical form.
--        """
--        # Ideally we'd use simplejson.dumps() with sorted keys to get
--        # predictable serialization but that's another dependency. To get
--        # something simple that is equally reliable, just sort all the keys
--        # manually and ask standard json to serialize that..
--        sorted_data = collections.OrderedDict(sorted(self._data.items()))
--        # Compute the canonical form which is arbitrarily defined as sorted
--        # json text with default indent and separator settings.
--        canonical_form = json.dumps(
--            sorted_data, indent=None, separators=(',', ':'))
--        # Compute the sha256 hash of the UTF-8 encoding of the canonical form
--        # and return the hex digest as the checksum that can be displayed.
--        return hashlib.sha256(canonical_form.encode('UTF-8')).hexdigest()
--
      @classmethod
      def from_json_record(cls, record):
          """
 === modified file 'plainbox/plainbox/impl/rfc822.py'
 --- plainbox/plainbox/impl/rfc822.py	2013-02-25 11:02:59 +0000
 +++ plainbox/plainbox/impl/rfc822.py	2013-05-08 07:38:29 +0000
@@ -32,6 +32,9 @@
  from inspect import cleandoc
++from plainbox.impl.secure.checkbox_trusted_launcher import RFC822SyntaxError
++from plainbox.impl.secure.checkbox_trusted_launcher import BaseRFC822Record
++
  logger = logging.getLogger("plainbox.rfc822")
@@ -62,7 +65,7 @@
              self.filename, self.line_start, self.line_end)
--class RFC822Record:
++class RFC822Record(BaseRFC822Record):
      """
      Class for tracking RFC822 records
@@ -85,24 +88,6 @@
          """
          return self._origin
--    @property
--    def data(self):
--        """
--        The data set (dictionary)
--        """
--        return self._data
--
--
--class RFC822SyntaxError(SyntaxError):
--    """
--    SyntaxError subclass for RFC822 parsing functions
--    """
--
--    def __init__(self, filename, lineno, msg):
--        self.filename = filename
--        self.lineno = lineno
--        self.msg = msg
--
  def load_rfc822_records(stream, data_cls=dict):
      """
 === modified file 'plainbox/plainbox/impl/runner.py'
 --- plainbox/plainbox/impl/runner.py	2013-04-25 09:23:45 +0000
 +++ plainbox/plainbox/impl/runner.py	2013-05-08 07:38:29 +0000
@@ -298,6 +298,37 @@
          else:
              return env
++    def _get_command_trusted(self, job, config=None):
++        # When the job requires to run as root then elevate our permissions
++        # via pkexec(1). Since pkexec resets environment we need to somehow
++        # pass the extra things we require. To do that we pass the list of
++        # changed environment variables in addition to the job hash.
++        cmd = ['checkbox-trusted-launcher', job.get_checksum()] + [
++            "{key}={value}".format(key=key, value=value)
++            for key, value in self._get_script_env(
++                job, config, only_changes=True
++            ).items()
++        ]
++        if job.via is not None:
++            cmd += ['--via', job.via]
++        return cmd
++
++    def _get_command_src(self, job, config=None):
++        # Running PlainBox from source doesn't require the trusted launcher
++        # That's why we use the env(1)' command and pass it the list of
++        # changed environment variables.
++        # The whole pkexec and env part gets prepended to the command
++        # we were supposed to run.
++        cmd = ['env']
++        cmd += [
++            "{key}={value}".format(key=key, value=value)
++            for key, value in self._get_script_env(
++                job, only_changes=True
++            ).items()
++        ]
++        cmd += ['bash', '-c', job.command]
++        return cmd
++
      def _run_command(self, job, config):
          """
          Run the shell command associated with the specified job.
@@ -350,26 +381,18 @@
          # threads although all callbacks will be fired from a single
          # thread (which is _not_ the main thread)
          logger.debug("job[%s] starting command: %s", job.name, job.command)
--        # XXX: sadly using /bin/sh results in broken output
--        # XXX: maybe run it both ways and raise exceptions on differences?
--        cmd = ['bash', '-c', job.command]
          if job.user is not None:
--            # When the job requires to run as root then elevate our permissions
--            # via pkexec(1). Since pkexec resets environment we need to somehow
--            # pass the extra things we require. To do that we use the env(1)
--            # command and pass it the list of changed environment variables.
--            #
--            # The whole pkexec and env part gets prepended to the command we
--            # were supposed to run.
--            cmd = ['pkexec', '--user', job.user, 'env'] + [
--                "{key}={value}".format(key=key, value=value)
--                for key, value in self._get_script_env(
--                    job, config, only_changes=True
--                ).items()
--            ] + cmd
++            if job._checkbox._mode == 'src':
++                cmd = self._get_command_src(job, config)
++            else:
++                cmd = self._get_command_trusted(job, config)
++            cmd = ['pkexec', '--user', job.user] + cmd
              logging.debug("job[%s] executing %r", job.name, cmd)
              return_code = logging_popen.call(cmd)
          else:
++            # XXX: sadly using /bin/sh results in broken output
++            # XXX: maybe run it both ways and raise exceptions on differences?
++            cmd = ['bash', '-c', job.command]
              logging.debug("job[%s] executing %r", job.name, cmd)
              return_code = logging_popen.call(
                  cmd, env=self._get_script_env(job, config))
 === added directory 'plainbox/plainbox/impl/secure'
 === added file 'plainbox/plainbox/impl/secure/__init__.py'
 --- plainbox/plainbox/impl/secure/__init__.py	1970-01-01 00:00:00 +0000
 +++ plainbox/plainbox/impl/secure/__init__.py	2013-05-08 07:38:29 +0000
@@ -0,0 +1,27 @@
++# This file is part of Checkbox.
++#
++# Copyright 2013 Canonical Ltd.
++# Written by:
++#   Sylvain Pineau <sylvain.pineau@canonical.com>
++#
++# Checkbox is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# Checkbox is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with Checkbox.  If not, see <http://www.gnu.org/licenses/>.
++
++"""
++:mod:`plainbox.impl.secure` -- code for external (trusted) launchers
++====================================================================
++
++.. warning::
++
++    THIS MODULE DOES NOT HAVE STABLE PUBLIC API
++"""
 === added file 'plainbox/plainbox/impl/secure/checkbox_trusted_launcher.py'
 --- plainbox/plainbox/impl/secure/checkbox_trusted_launcher.py	1970-01-01 00:00:00 +0000
 +++ plainbox/plainbox/impl/secure/checkbox_trusted_launcher.py	2013-05-08 07:38:29 +0000
@@ -0,0 +1,402 @@
++# This file is part of Checkbox.
++#
++# Copyright 2013 Canonical Ltd.
++# Written by:
++#   Sylvain Pineau <sylvain.pineau@canonical.com>
++#
++# Checkbox is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# Checkbox is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with Checkbox.  If not, see <http://www.gnu.org/licenses/>.
++
++"""
++:mod:`plainbox.impl.secure.checkbox_trusted_launcher` -- command launcher
++=========================================================================
++
++.. warning::
++
++    THIS MODULE DOES NOT HAVE STABLE PUBLIC API
++"""
++
++import argparse
++import collections
++import glob
++import hashlib
++import json
++import os
++import re
++import subprocess
++from argparse import _ as argparse_gettext
++from inspect import cleandoc
++
++
++class BaseJob:
++    """
++    Base Job definition class.
++    """
++
++    @property
++    def plugin(self):
++        return self.__getattr__('plugin')
++
++    @property
++    def command(self):
++        try:
++            return self.__getattr__('command')
++        except AttributeError:
++            return None
++
++    @property
++    def environ(self):
++        try:
++            return self.__getattr__('environ')
++        except AttributeError:
++            return None
++
++    @property
++    def user(self):
++        try:
++            return self.__getattr__('user')
++        except AttributeError:
++            return None
++
++    def __init__(self, data):
++        self._data = data
++
++    def __getattr__(self, attr):
++        if attr in self._data:
++            return self._data[attr]
++        raise AttributeError(attr)
++
++    def get_checksum(self):
++        """
++        Compute a checksum of the job definition.
++
++        This method can be used to compute the checksum of the canonical form
++        of the job definition.  The canonical form is the UTF-8 encoded JSON
++        serialization of the data that makes up the full definition of the job
++        (all keys and values). The JSON serialization uses no indent and
++        minimal separators.
++
++        The checksum is defined as the SHA256 hash of the canonical form.
++        """
++        # Ideally we'd use simplejson.dumps() with sorted keys to get
++        # predictable serialization but that's another dependency. To get
++        # something simple that is equally reliable, just sort all the keys
++        # manually and ask standard json to serialize that..
++        sorted_data = collections.OrderedDict(sorted(self._data.items()))
++        # Compute the canonical form which is arbitrarily defined as sorted
++        # json text with default indent and separator settings.
++        canonical_form = json.dumps(
++            sorted_data, indent=None, separators=(',', ':'))
++        # Compute the sha256 hash of the UTF-8 encoding of the canonical form
++        # and return the hex digest as the checksum that can be displayed.
++        return hashlib.sha256(canonical_form.encode('UTF-8')).hexdigest()
++
++    def get_environ_settings(self):
++        """
++        Return a set of requested environment variables
++        """
++        if self.environ is not None:
++            return {variable for variable in re.split('[\s,]+', self.environ)}
++        else:
++            return set()
++
++    def modify_execution_environment(self, environ, packages):
++        """
++        Compute the environment the script will be executed in
++        """
++        # Get a proper environment
++        env = dict(os.environ)
++        # Use non-internationalized environment
++        env['LANG'] = 'C.UTF-8'
++        # Create CHECKBOX*_SHARE for every checkbox related packages
++        # Add their respective script directory to the PATH variable
++        # giving precedence to those located in /usr/lib/
++        for path in packages:
++            basename = os.path.basename(path)
++            env[basename.upper().replace('-', '_') + '_SHARE'] = path
++            # Update PATH so that scripts can be found
++            env['PATH'] = os.pathsep.join([
++                os.path.join('usr', 'lib', basename, 'bin'),
++                os.path.join(path, 'scripts')]
++                + env.get("PATH", "").split(os.pathsep))
++        if 'CHECKBOX_DATA' in env:
++            env['CHECKBOX_DATA'] = environ['CHECKBOX_DATA']
++        # Add new environment variables only if they are defined in the
++        # job environ property
++        for key in self.get_environ_settings():
++            if key in environ:
++                env[key] = environ[key]
++        return env
++
++
++class BaseRFC822Record:
++    """
++    Base class for tracking RFC822 records
++
++    This is a simple container for the dictionary of data.
++    """
++
++    def __init__(self, data):
++        self._data = data
++
++    @property
++    def data(self):
++        """
++        The data set (dictionary)
++        """
++        return self._data
++
++
++class RFC822SyntaxError(SyntaxError):
++    """
++    SyntaxError subclass for RFC822 parsing functions
++    """
++
++    def __init__(self, filename, lineno, msg):
++        self.filename = filename
++        self.lineno = lineno
++        self.msg = msg
++
++
++def load_rfc822_records(stream, data_cls=dict):
++    """
++    Load a sequence of rfc822-like records from a text stream.
++
++    Each record consists of any number of key-value pairs. Subsequent records
++    are separated by one blank line. A record key may have a multi-line value
++    if the line starts with whitespace character.
++
++    Returns a list of subsequent values as instances BaseRFC822Record class. If
++    the optional data_cls argument is collections.OrderedDict then the values
++    retain their original ordering.
++    """
++    return list(gen_rfc822_records(stream, data_cls))
++
++
++def gen_rfc822_records(stream, data_cls=dict):
++    """
++    Load a sequence of rfc822-like records from a text stream.
++
++    Each record consists of any number of key-value pairs. Subsequent records
++    are separated by one blank line. A record key may have a multi-line value
++    if the line starts with whitespace character.
++
++    Returns a list of subsequent values as instances BaseRFC822Record class. If
++    the optional data_cls argument is collections.OrderedDict then the values
++    retain their original ordering.
++    """
++    record = None
++    data = None
++    key = None
++    value_list = None
++
++    def _syntax_error(msg):
++        """
++        Report a syntax error in the current line
++        """
++        try:
++            filename = stream.name
++        except AttributeError:
++            filename = None
++        return RFC822SyntaxError(filename, lineno, msg)
++
++    def _new_record():
++        """
++        Reset local state to track new record
++        """
++        nonlocal key
++        nonlocal value_list
++        nonlocal record
++        nonlocal data
++        key = None
++        value_list = None
++        data = data_cls()
++        record = BaseRFC822Record(data)
++
++    def _commit_key_value_if_needed():
++        """
++        Finalize the most recently seen key: value pair
++        """
++        nonlocal key
++        if key is not None:
++            data[key] = cleandoc('\n'.join(value_list))
++            key = None
++
++    # Start with an empty record
++    _new_record()
++    # Iterate over subsequent lines of the stream
++    for lineno, line in enumerate(stream, start=1):
++        # Treat empty lines as record separators
++        if line.strip() == "":
++            # Commit the current record so that the multi-line value of the
++            # last key, if any, is saved as a string
++            _commit_key_value_if_needed()
++            # If data is non-empty, yield the record, this allows us to safely
++            # use newlines for formatting
++            if data:
++                yield record
++            # Reset local state so that we can build a new record
++            _new_record()
++        # Treat lines staring with whitespace as multi-line continuation of the
++        # most recently seen key-value
++        elif line.startswith(" "):
++            if key is None:
++                # If we have not seen any keys yet then this is a syntax error
++                raise _syntax_error("Unexpected multi-line value")
++            # Append the current line to the list of values of the most recent
++            # key. This prevents quadratic complexity of string concatenation
++            if line == " .\n":
++                value_list.append(" ")
++            elif line == " ..\n":
++                value_list.append(" .")
++            else:
++                value_list.append(line.rstrip())
++        # Treat lines with a colon as new key-value pairs
++        elif ":" in line:
++            # Since we have a new, key-value pair we need to commit any
++            # previous key that we may have (regardless of multi-line or
++            # single-line values).
++            _commit_key_value_if_needed()
++            # Parse the line by splitting on the colon, get rid of additional
++            # whitespace from both key and the value
++            key, value = line.split(":", 1)
++            key = key.strip()
++            value = value.strip()
++            # Check if the key already exist in this message
++            if key in record.data:
++                raise _syntax_error((
++                    "Job has a duplicate key {!r} "
++                    "with old value {!r} and new value {!r}").format(
++                        key, record.data[key], value))
++            # Construct initial value list out of the (only) value that we have
++            # so far. Additional multi-line values will just append to
++            # value_list
++            value_list = [value]
++        # Treat all other lines as syntax errors
++        else:
++            raise _syntax_error("Unexpected non-empty line")
++    # Make sure to commit the last key from the record
++    _commit_key_value_if_needed()
++    # Once we've seen the whole file return the last record, if any
++    if data:
++        yield record
++
++
++class Runner:
++    """
++    Runner for jobs
++
++    Executes the command process and pipes back stdout/stderr
++    """
++
++    CHECKBOXES = "/usr/share/checkbox*"
++
++    def __init__(self, builtin_jobs=[], packages=[]):
++        # List of all available jobs in system-wide locations
++        self.builtin_jobs = builtin_jobs
++        # List of all checkbox variants, like checkbox-oem(-.*)?
++        self.packages = packages
++
++    def path_expand(self, path):
++        for p in glob.glob(path):
++            self.packages.append(p)
++            for dirpath, dirs, filenames in os.walk(os.path.join(p, 'jobs')):
++                for name in filenames:
++                    if name.endswith(".txt"):
++                        yield os.path.join(dirpath, name)
++
++    def main(self, argv=None):
++        parser = argparse.ArgumentParser(prog="checkbox-trusted-launcher")
++        # Argh the horrror!
++        #
++        # Since CPython revision cab204a79e09 (landed for python3.3)
++        # http://hg.python.org/cpython/diff/cab204a79e09/Lib/argparse.py
++        # the argparse module behaves differently than it did in python3.2
++        #
++        # On python3.2, if we didn't use all the Positional objects, there
++        # were too few arg strings supplied and we called parser.error().
++        #
++        # To compensate, on python3.3 and beyond, when the user just runs
++        # the trusted launcher without specifying arguments, we manually,
++        # explicitly do what python3.2 did:
++        # call parser.error(_('too few arguments'))
++        if not argv:
++            parser.error(argparse_gettext("too few arguments"))
++        parser.add_argument('HASH', metavar='HASH', help='job hash to match')
++        parser.add_argument(
++            'ENV', metavar='NAME=VALUE', nargs='*',
++            help='Set each NAME to VALUE in the string environment')
++        parser.add_argument(
++            '--via',
++            metavar='LOCAL-JOB-HASH',
++            dest='via_hash',
++            help='Local job hash to use to match the generated job')
++        args = parser.parse_args(argv)
++
++        for filename in self.path_expand(self.CHECKBOXES):
++            stream = open(filename, "r", encoding="utf-8")
++            for message in load_rfc822_records(stream):
++                self.builtin_jobs.append(BaseJob(message.data))
++            stream.close()
++        lookup_list = [j for j in self.builtin_jobs if j.user]
++
++        if args.via_hash is not None:
++            local_list = [j for j in self.builtin_jobs if j.plugin == 'local']
++            desired_job_list = [j for j in local_list
++                                if j.get_checksum() == args.via_hash]
++            if desired_job_list:
++                via_job = desired_job_list.pop()
++                via_job_result = subprocess.Popen(
++                    via_job.command,
++                    shell=True,
++                    universal_newlines=True,
++                    stdout=subprocess.PIPE,
++                    env=via_job.modify_execution_environment(
++                        args.ENV,
++                        self.packages)
++                )
++                try:
++                    for message in load_rfc822_records(via_job_result.stdout):
++                        message._data['via'] = args.via_hash
++                        lookup_list.append(BaseJob(message.data))
++                finally:
++                    # Always call Popen.wait() in order to avoid zombies
++                    via_job_result.stdout.close()
++                    via_job_result.wait()
++
++        try:
++            target_job = [j for j in lookup_list
++                          if j.get_checksum() == args.HASH][0]
++        except IndexError:
++            return "Job not found"
++        try:
++            os.execve(
++                '/bin/bash',
++                ['bash', '-c', target_job.command],
++                target_job.modify_execution_environment(
++                    args.ENV,
++                    self.packages)
++            )
++        # if execv doesn't fail, it never returns...
++        except OSError:
++            return "Fatal error"
++        finally:
++            return "Fatal error"
++
++
++def main(argv=None):
++    """
++    Entry point for the checkbox trusted launcher
++    """
++    runner = Runner()
++    raise SystemExit(runner.main(argv))
 === added file 'plainbox/plainbox/impl/secure/test_checkbox_trusted_launcher.py'
 --- plainbox/plainbox/impl/secure/test_checkbox_trusted_launcher.py	1970-01-01 00:00:00 +0000
 +++ plainbox/plainbox/impl/secure/test_checkbox_trusted_launcher.py	2013-05-08 07:38:29 +0000
@@ -0,0 +1,268 @@
++# This file is part of Checkbox.
++#
++# Copyright 2013 Canonical Ltd.
++# Written by:
++#   Sylvain Pineau <sylvain.pineau@canonical.com>
++#
++# Checkbox is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# Checkbox is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with Checkbox.  If not, see <http://www.gnu.org/licenses/>.
++
++"""
++plainbox.impl.secure.test_checkbox_trusted_launcher
++===================================================
++
++Test definitions for plainbox.impl.secure.checkbox_trusted_launcher module
++"""
++
++import os
++
++from inspect import cleandoc
++from io import StringIO
++from mock import Mock, patch
++from tempfile import NamedTemporaryFile, TemporaryDirectory
++from unittest import TestCase
++
++from plainbox.impl.secure.checkbox_trusted_launcher import BaseJob
++from plainbox.impl.secure.checkbox_trusted_launcher import load_rfc822_records
++from plainbox.impl.secure.checkbox_trusted_launcher import main
++from plainbox.impl.secure.checkbox_trusted_launcher import Runner
++from plainbox.impl.test_rfc822 import RFC822ParserTestsMixIn
++from plainbox.testing_utils.io import TestIO
++from plainbox.testing_utils.testcases import TestCaseWithParameters
++
++
++class TestJobDefinition(TestCase):
++
++    def setUp(self):
++        self._full_record = {
++            'plugin': 'plugin',
++            'command': 'command',
++            'environ': 'environ',
++            'user': 'user'
++        }
++        self._min_record = {
++            'plugin': 'plugin',
++            'name': 'name',
++        }
++
++    def test_smoke_full_record(self):
++        job = BaseJob(self._full_record)
++        self.assertEqual(job.plugin, "plugin")
++        self.assertEqual(job.command, "command")
++        self.assertEqual(job.environ, "environ")
++        self.assertEqual(job.user, "user")
++
++    def test_smoke_min_record(self):
++        job = BaseJob(self._min_record)
++        self.assertEqual(job.plugin, "plugin")
++        self.assertEqual(job.command, None)
++        self.assertEqual(job.environ, None)
++        self.assertEqual(job.user, None)
++
++    def test_checksum_smoke(self):
++        job1 = BaseJob({'plugin': 'plugin', 'user': 'root'})
++        identical_to_job1 = BaseJob({'plugin': 'plugin', 'user': 'root'})
++        # Two distinct but identical jobs have the same checksum
++        self.assertEqual(job1.get_checksum(), identical_to_job1.get_checksum())
++        job2 = BaseJob({'plugin': 'plugin', 'user': 'anonymous'})
++        # Two jobs with different definitions have different checksum
++        self.assertNotEqual(job1.get_checksum(), job2.get_checksum())
++        # The checksum is stable and does not change over time
++        self.assertEqual(
++            job1.get_checksum(),
++            "c47cc3719061e4df0010d061e6f20d3d046071fd467d02d093a03068d2f33400")
++
++
++class ParsingTests(TestCaseWithParameters):
++
++    parameter_names = ('glue',)
++    parameter_values = (
++        ('commas',),
++        ('spaces',),
++        ('tabs',),
++        ('newlines',),
++        ('spaces_and_commas',),
++        ('multiple_spaces',),
++        ('multiple_commas',)
++    )
++    parameters_keymap = {
++        'commas': ',',
++        'spaces': ' ',
++        'tabs': '\t',
++        'newlines': '\n',
++        'spaces_and_commas': ', ',
++        'multiple_spaces': '   ',
++        'multiple_commas': ',,,,'
++    }
++
++    def test_environ_parsing_with_various_separators(self):
++        job = BaseJob({
++            'name': 'name',
++            'plugin': 'plugin',
++            'environ': self.parameters_keymap[
++                self.parameters.glue].join(['foo', 'bar', 'froz'])})
++        expected = set({'foo', 'bar', 'froz'})
++        observed = job.get_environ_settings()
++        self.assertEqual(expected, observed)
++
++    def test_environ_parsing_empty(self):
++        job = BaseJob({'plugin': 'plugin'})
++        expected = set()
++        observed = job.get_environ_settings()
++        self.assertEqual(expected, observed)
++
++
++class JobEnvTests(TestCase):
++
++    def setUp(self):
++        self.job = BaseJob({'plugin': 'plugin', 'environ': 'foo'})
++
++    def test_checkbox_env(self):
++        base_env = {"PATH": "", 'foo': 'bar', 'baz': 'qux'}
++        path = '/usr/share/checkbox-lambda'
++        with patch.dict('os.environ', {}):
++            env = self.job.modify_execution_environment(base_env, [path])
++            self.assertEqual(env['CHECKBOX_LAMBDA_SHARE'], path)
++            self.assertEqual(env['foo'], 'bar')
++            self.assertNotIn('bar', env)
++
++    def test_checkbox_env_with_data_dir(self):
++        base_env = {"PATH": "", "CHECKBOX_DATA": "DEADBEEF"}
++        path = '/usr/share/checkbox-lambda'
++        with patch.dict('os.environ', {"CHECKBOX_DATA": "DEADBEEF"}):
++            env = self.job.modify_execution_environment(base_env, [path])
++            self.assertEqual(env['CHECKBOX_LAMBDA_SHARE'], path)
++            self.assertEqual(env['CHECKBOX_DATA'], "DEADBEEF")
++
++
++class RFC822ParserTests(TestCase, RFC822ParserTestsMixIn):
++
++    @classmethod
++    def setUpClass(cls):
++        cls.loader = load_rfc822_records
++
++
++class TestMain(TestCase):
++
++    def setUp(self):
++        self.scratch_dir = TemporaryDirectory(prefix='checkbox-')
++        job_dir = os.path.join(self.scratch_dir.name, 'jobs')
++        os.mkdir(job_dir)
++        with NamedTemporaryFile(suffix='.txt', dir=job_dir, delete=False) as f:
++            f.write(b'plugin: plugin\nuser: me\ncommand: true\n')
++        with NamedTemporaryFile(
++                suffix='.txt', dir=job_dir, delete=False) as f:
++            f.write(b'plugin: unknown\nuser: user\n')
++        with NamedTemporaryFile(
++                suffix='.txt', dir=job_dir, delete=False) as f:
++            f.write(b'plugin: local\nuser: you\ncommand: a new job\n')
++        with NamedTemporaryFile(
++                suffix='.conf', dir=job_dir, delete=False) as f:
++            f.write(b'plugin: local\nuser: you\ncommand: a new job\n')
++
++    def test_help(self):
++        with TestIO(combined=True) as io:
++            with self.assertRaises(SystemExit) as call:
++                main(['--help'])
++        self.assertEqual(call.exception.args, (0,))
++        self.maxDiff = None
++        expected = """
++        usage: checkbox-trusted-launcher [-h] [--via LOCAL-JOB-HASH]
++                                         HASH [NAME=VALUE [NAME=VALUE ...]]
++
++        positional arguments:
++          HASH                  job hash to match
++          NAME=VALUE            Set each NAME to VALUE in the string environment
++
++        optional arguments:
++          -h, --help            show this help message and exit
++          --via LOCAL-JOB-HASH  Local job hash to use to match the generated job
++        """
++        self.assertEqual(io.combined, cleandoc(expected) + "\n")
++
++    def test_run_without_args(self):
++        with TestIO(combined=True) as io:
++            with self.assertRaises(SystemExit) as call:
++                main([])
++            self.assertEqual(call.exception.args, (2,))
++        expected = """
++        usage: checkbox-trusted-launcher [-h]
++        checkbox-trusted-launcher: error: too few arguments
++        """
++        self.assertEqual(io.combined, cleandoc(expected) + "\n")
++
++    @patch.object(Runner, 'CHECKBOXES', 'foo')
++    def test_run_invalid_hash(self):
++        with TestIO(combined=True) as io:
++            with self.assertRaises(SystemExit) as call:
++                main(['bar'])
++            self.assertEqual(call.exception.args, ('Job not found',))
++        self.assertEqual(io.combined, '')
++
++    def test_run_valid_hash(self):
++        self.maxDiff = None
++        with patch.object(Runner, 'CHECKBOXES', self.scratch_dir.name),\
++                patch('os.execve'):
++            with TestIO(combined=True) as io:
++                with self.assertRaises(SystemExit) as call:
++                    main(['9ab0e98cce8866b9a2fa217e87b4e8bb'
++                          '739e5f74977ba5fa30822cab2a178c48'])
++                self.assertEqual(call.exception.args, ('Fatal error',))
++            self.assertEqual(io.combined, '')
++
++    def test_run_valid_hash_exec_error(self):
++        self.maxDiff = None
++        with patch.object(Runner, 'CHECKBOXES', self.scratch_dir.name),\
++                patch('os.execve') as mock_execve:
++            mock_execve.side_effect = OSError('foo')
++            with TestIO(combined=True) as io:
++                with self.assertRaises(SystemExit) as call:
++                    main(['9ab0e98cce8866b9a2fa217e87b4e8bb'
++                          '739e5f74977ba5fa30822cab2a178c48'])
++                self.assertEqual(call.exception.args, ('Fatal error',))
++            self.assertEqual(io.combined, '')
++
++    def test_run_valid_hash_invalid_via(self):
++        self.maxDiff = None
++        with patch.object(Runner, 'CHECKBOXES', self.scratch_dir.name),\
++                patch('os.execve'),\
++                patch('subprocess.Popen') as mock_popen:
++            mock_iobuffer = Mock()
++            mock_iobuffer.stdout = StringIO('test: me')
++            mock_popen.return_value = mock_iobuffer
++            with TestIO(combined=True) as io:
++                with self.assertRaises(SystemExit) as call:
++                    main(['9ab0e98cce8866b9a2fa217e87b4e8bb'
++                          '739e5f74977ba5fa30822cab2a178c48', '--via=maybe'])
++                self.assertEqual(call.exception.args, ('Fatal error',))
++            self.assertEqual(io.combined, '')
++
++    def test_run_valid_hash_valid_via(self):
++        self.maxDiff = None
++        with patch.object(Runner, 'CHECKBOXES', self.scratch_dir.name),\
++                patch('os.execve'),\
++                patch('subprocess.Popen') as mock_popen:
++            mock_iobuffer = Mock()
++            mock_iobuffer.stdout = StringIO('test: me')
++            mock_popen.return_value = mock_iobuffer
++            with TestIO(combined=True) as io:
++                with self.assertRaises(SystemExit) as call:
++                    main(['9ab0e98cce8866b9a2fa217e87b4e8bb'
++                          '739e5f74977ba5fa30822cab2a178c48',
++                          '--via=a0dc4a9673b8f2d80b1ae4775c'
++                          '03e8a777eefa061fc7ecf7a3af2f20a33bb177'])
++                self.assertEqual(call.exception.args, ('Fatal error',))
++            self.assertEqual(io.combined, '')
++
++    def tearDown(self):
++        self.scratch_dir.cleanup()
 === modified file 'plainbox/plainbox/impl/test_rfc822.py'
 --- plainbox/plainbox/impl/test_rfc822.py	2013-03-14 10:36:25 +0000
 +++ plainbox/plainbox/impl/test_rfc822.py	2013-05-08 07:38:29 +0000
@@ -29,9 +29,9 @@
  from plainbox.impl.rfc822 import Origin
  from plainbox.impl.rfc822 import RFC822Record
--from plainbox.impl.rfc822 import RFC822SyntaxError
  from plainbox.impl.rfc822 import load_rfc822_records
  from plainbox.impl.rfc822 import dump_rfc822_records
++from plainbox.impl.secure.checkbox_trusted_launcher import RFC822SyntaxError
  class OriginTests(TestCase):
@@ -65,16 +65,18 @@
          self.assertEqual(record.origin, origin)
--class RFC822ParserTests(TestCase):
++class RFC822ParserTestsMixIn():
++
++    loader = load_rfc822_records
      def test_empty(self):
          with StringIO("") as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 0)
      def test_single_record(self):
          with StringIO("key:value") as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 1)
          self.assertEqual(records[0].data, {'key': 'value'})
@@ -94,7 +96,7 @@
              "\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 3)
          self.assertEqual(records[0].data, {'key1': 'value1'})
          self.assertEqual(records[1].data, {'key2': 'value2'})
@@ -109,7 +111,7 @@
              "key3:value3\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 3)
          self.assertEqual(records[0].data, {'key1': 'value1'})
          self.assertEqual(records[1].data, {'key2': 'value2'})
@@ -122,7 +124,7 @@
              " value\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 1)
          self.assertEqual(records[0].data, {'key': 'longer\nvalue'})
@@ -134,7 +136,7 @@
              " value\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 1)
          self.assertEqual(records[0].data, {'key': 'longer\n\nvalue'})
@@ -146,7 +148,7 @@
              " value\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 1)
          self.assertEqual(records[0].data, {'key': 'longer\n.\nvalue'})
@@ -161,7 +163,7 @@
              " value 2\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 2)
          self.assertEqual(records[0].data, {'key1': 'initial\nlonger\nvalue 1'})
          self.assertEqual(records[1].data, {'key2': 'longer\nvalue 2'})
@@ -169,7 +171,7 @@
      def test_irrelevant_whitespace(self):
          text = "key :  value  "
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 1)
          self.assertEqual(records[0].data, {'key': 'value'})
@@ -179,7 +181,7 @@
              " value\n"
+         )
          with StringIO(text) as stream:
--            records = load_rfc822_records(stream)
++            records = type(self).loader(stream)
          self.assertEqual(len(records), 1)
          self.assertEqual(records[0].data, {'key': 'value'})
@@ -187,21 +189,21 @@
          text = " extra value"
          with StringIO(text) as stream:
              with self.assertRaises(RFC822SyntaxError) as call:
--                load_rfc822_records(stream)
++                type(self).loader(stream)
              self.assertEqual(call.exception.msg, "Unexpected multi-line value")
      def test_garbage(self):
          text = "garbage"
          with StringIO(text) as stream:
              with self.assertRaises(RFC822SyntaxError) as call:
--                load_rfc822_records(stream)
++                type(self).loader(stream)
              self.assertEqual(call.exception.msg, "Unexpected non-empty line")
      def test_syntax_error(self):
          text = "key1 = value1"
          with StringIO(text) as stream:
              with self.assertRaises(RFC822SyntaxError) as call:
--                load_rfc822_records(stream)
++                type(self).loader(stream)
              self.assertEqual(call.exception.msg, "Unexpected non-empty line")
      def test_duplicate_error(self):
@@ -211,12 +213,17 @@
+         )
          with StringIO(text) as stream:
              with self.assertRaises(RFC822SyntaxError) as call:
--                load_rfc822_records(stream)
++                type(self).loader(stream)
              self.assertEqual(call.exception.msg, (
                  "Job has a duplicate key 'key1' with old value 'value1'"
                  " and new value 'value2'"))
++class RFC822ParserTests(TestCase, RFC822ParserTestsMixIn):
++
++    pass
++
++
  class RFC822WriterTests(TestCase):
      def test_single_record(self):
 === modified file 'plainbox/setup.py'
 --- plainbox/setup.py	2013-04-25 20:43:24 +0000
 +++ plainbox/setup.py	2013-05-08 07:38:29 +0000
@@ -40,9 +40,15 @@
          'lxml >= 2.3',
          'requests >= 1.0',
      ],
++    data_files=[
++        ("share/polkit-1/actions",
++            ["plainbox/data/org.freedesktop.policykit.pkexec.policy"])
++    ],
      entry_points={
          'console_scripts': [
              'plainbox=plainbox.public:main',
++            'checkbox-trusted-launcher='
++            'plainbox.impl.secure.checkbox_trusted_launcher:main',
          ],
          'plainbox.exporter': [
              'text=plainbox.impl.exporter.text:TextSessionStateExporter',
@@ -51,7 +57,8 @@
              'xml=plainbox.impl.exporter.xml:XMLSessionStateExporter',
          ],
          'plainbox.transport': [
--            'certification=plainbox.impl.transport.certification:CertificationTransport',
++            'certification='
++            'plainbox.impl.transport.certification:CertificationTransport',
          ],
      },
      include_package_data=True)

Checkbox

Merge lp:~sylvain-pineau/checkbox/trusted-launcher-standalone into lp:checkbox

Commit message

Description of the change

Preview Diff

Subscribers