Ubuntu Application Launcher

Merge lp:~ted/ubuntu-app-launch/install-root into lp:ubuntu-app-launch/16.10

  1. install-root
  2. Merge into trunk.16.10
Proposed by Ted Gould
Status: Superseded
Proposed branch: lp:~ted/ubuntu-app-launch/install-root
Merge into: lp:ubuntu-app-launch/16.10
Prerequisite: lp:~ted/ubuntu-app-launch/jobs-systemd
Diff against target: 258 lines (+85/-23)
11 files modified
docs/index.rst (+41/-0)
libubuntu-app-launch/registry-impl.cpp (+8/-0)
libubuntu-app-launch/registry-impl.h (+12/-0)
libubuntu-app-launch/ubuntu-app-launch.cpp (+5/-1)
upstart-jobs/application-click.conf.in (+4/-5)
upstart-jobs/application-failed.conf.in (+1/-1)
upstart-jobs/application-legacy.conf.in (+4/-4)
upstart-jobs/application-snap.conf.in (+4/-5)
upstart-jobs/application.conf.in (+1/-1)
upstart-jobs/untrusted-helper-type-end.conf.in (+1/-1)
upstart-jobs/untrusted-helper.conf.in (+4/-5)
To merge this branch: bzr merge lp:~ted/ubuntu-app-launch/install-root
Reviewer Review Type Date Requested Status
Ted Gould Pending
Marcus Tomlinson Pending
unity-api-1-bot continuous-integration Pending
Review via email: mp+309765@code.launchpad.net

This proposal supersedes a proposal from 2016-09-14.

This proposal has been superseded by a proposal from 2016-11-10.

Commit message

Make UAL relocatable for Snappy installs

Description of the change

For things that it makes sense to override we have an envvar to override it. For the Upstart jobs we're just relying on ${SNAP} to be set.

Also added docs for all the envvars that we use.

To post a comment you must log in.
Revision history for this message
unity-api-1-bot (unity-api-1-bot) wrote : Posted in a previous version of this proposal

PASSED: Continuous integration, rev:256
https://jenkins.canonical.com/unity-api-1/job/lp-ubuntu-app-launch-ci/99/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build/647
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-0-fetch/653
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=amd64,release=vivid+overlay/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=amd64,release=vivid+overlay/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=amd64,release=xenial+overlay/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=amd64,release=xenial+overlay/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=amd64,release=yakkety/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=amd64,release=yakkety/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=armhf,release=vivid+overlay/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=armhf,release=vivid+overlay/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=armhf,release=xenial+overlay/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=armhf,release=xenial+overlay/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=armhf,release=yakkety/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=armhf,release=yakkety/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=i386,release=vivid+overlay/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=i386,release=vivid+overlay/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=i386,release=xenial+overlay/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=i386,release=xenial+overlay/469/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=i386,release=yakkety/469
        deb: https://jenkins.canonical.com/unity-api-1/job/build-2-binpkg/arch=i386,release=yakkety/469/artifact/output/*zip*/output.zip

Click here to trigger a rebuild:
https://jenkins.canonical.com/unity-api-1/job/lp-ubuntu-app-launch-ci/99/rebuild

review: Approve (continuous-integration)
Revision history for this message
Marcus Tomlinson (marcustomlinson) wrote : Posted in a previous version of this proposal

Comforting to see that all code paths are covered in the tests. Also, your bug, your fix (extra comfort) :)

LGTM

review: Approve
Revision history for this message
Ted Gould (ted) wrote : Posted in a previous version of this proposal

So further testing on real systems revealed an interesting flaw. Basically by including $SNAP in the exec line it doesn't work. Why? Because to resolve the environment variable Upstart switches from doing an exec directly, to instead using a shell which then does the exec. Not a big deal, except that there seems to be a bug in the way it works with AppArmor. So Upstart switches profiles on exec, but that is after the binary is read, so the exec-line-exec binary doesn't need to be in the Application's apparmor profile. But when the shell goes first the shell itself is exec'ing under the application's profile, and thus needs permission.

This is, at some level, a bug in Upstart. Not sure how it should be fixed. Will have to have conversations with security taking into account the maintenance level of the various packages involved.

review: Needs Fixing
lp:~ted/ubuntu-app-launch/install-root updated
258. By Ted Gould

Update to latest systemd branch

259. By Ted Gould

Pulling through updates

260. By Ted Gould

Adding an environment variable for XMir Helper

261. By Ted Gould

Pulling through trunk

262. By Ted Gould

Restructure exec line building so we can add more

263. By Ted Gould

Adding extra environment in the snap world

264. By Ted Gould

Make sure we get the other snap environment variables

265. By Ted Gould

Switch to calling legacy-exec

266. By Ted Gould

Starting utilities to put together an environment setup

267. By Ted Gould

Better exit codes

268. By Ted Gould

Fleshing out our utilities

269. By Ted Gould

Get the binaries into a deb

270. By Ted Gould

Make the command line reference the outside util

271. By Ted Gould

Call the snappy-xmir util unconfined

272. By Ted Gould

Handle write() returns

273. By Ted Gould

Disable for a moment

274. By Ted Gould

Remove the snap setting libertine launch

275. By Ted Gould

Fix command name

276. By Ted Gould

Make sure we sleep forever

277. By Ted Gould

Get negative errors as well

278. By Ted Gould

Make sure the FD stays open

279. By Ted Gould

Provide a way to test and put the fd number on the command line

280. By Ted Gould

Some basic test scripts

281. By Ted Gould

Switch to an abstract socket

282. By Ted Gould

Make sure we don't overrun sun_path

283. By Ted Gould

Clear out the MIR_* variables

284. By Ted Gould

Getting the snappy-xmir tests into the test suite

285. By Ted Gould

Check for MIR_ variables

286. By Ted Gould

Making sure we clean up the envvars utils

287. By Ted Gould

Increase output and debugging info in tests

288. By Ted Gould

Read everything in, and then start processing it into individual variables

289. By Ted Gould

Cleanup magic numbers

290. By Ted Gould

Explicitly set the DBus address as well

291. By Ted Gould

Make sure to pad with zeros

292. By Ted Gould

Test for long AppIDs

293. By Ted Gould

Removing snap variables from the Upstart jobs. If we're under a SNAP we'll be using systemd

294. By Ted Gould

Use the path in the current snap as the place to find the helper

295. By Ted Gould

Fix formatting

296. By Ted Gould

We don't need to care about the SNAP_ variables because they'll be reinserted when we come through the snap commands

297. By Ted Gould

Use a build variable to get the path

298. By Ted Gould

Switching back to setting the libertine-launch path in non-snap cases

299. By Ted Gould

Allow the legacy-exec util to be overridden

300. By Ted Gould

Merge error

301. By Ted Gould

More magic numbers brought down to Earth

302. By Ted Gould

Bigger libs warning. Like really people, read this.

303. By Ted Gould

Fix the libertine-launch case for non-snaps

304. By Ted Gould

Removing QT and XDG variables, don't think we need them

305. By Ted Gould

Removing more variables

306. By Ted Gould

Upstream changes

307. By Ted Gould

Make sure we don't have a Mir socket before checking that we don't

308. By Ted Gould

Merge upstream updates

309. By Ted Gould

Update to trunk

310. By Ted Gould

Update to current jobs-systemd

311. By Ted Gould

Grab QT_ and XDG_ for legacy apps on deb installs

312. By Ted Gould

Switching functions

313. By Ted Gould

Merge Trunk

314. By Ted Gould

Merge changes to jobs-systemd

315. By Ted Gould

Put the wrong environment var into the documentation

316. By Ted Gould

Getting these variables figured out

317. By Ted Gould

Fix docs to include default path for LEGACY_EXEC

318. By Ted Gould

Cache snap env var

319. By Ted Gould

Make sure we only use references in loops

320. By Ted Gould

Don't store if we have the variable

321. By Ted Gould

Return const pointer

322. By Ted Gould

Handle larger possible pids

323. By Ted Gould

Make sure we're gettin' data

324. By Ted Gould

Move debug outside of the print loop

325. By Ted Gould

A read failure is a helper failure

326. By Ted Gould

If we don't have a MIR_SOCKET use the default one

327. By Ted Gould

Special case legacy apps on Unity8 from debs

328. By Ted Gould

Put on the dunce cap and sit in the corner

Unmerged revisions

328. By Ted Gould

Put on the dunce cap and sit in the corner

327. By Ted Gould

Special case legacy apps on Unity8 from debs

326. By Ted Gould

If we don't have a MIR_SOCKET use the default one

325. By Ted Gould

A read failure is a helper failure

324. By Ted Gould

Move debug outside of the print loop

323. By Ted Gould

Make sure we're gettin' data

322. By Ted Gould

Handle larger possible pids

321. By Ted Gould

Return const pointer

320. By Ted Gould

Don't store if we have the variable

319. By Ted Gould

Make sure we only use references in loops

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'docs/index.rst'
2--- docs/index.rst 2016-11-10 21:59:11 +0000
3+++ docs/index.rst 2016-11-10 21:59:12 +0000
4@@ -18,6 +18,47 @@
5
6 .. _Upstart: http://upstart.ubuntu.com/
7
8+
9+Environment Variables
10+=====================
11+
12+There are a few environment variables that can effect the behavior of UAL while
13+it is running.
14+
15+UBUNTU_APP_LAUNCH_CG_MANAGER_NAME
16+ The DBus name that CG Manager registers under if it is on the session bus.
17+
18+UBUNTU_APP_LAUNCH_CG_MANAGER_SESSION_BUS
19+ Tell UAL to look on the session bus for CG Manager.
20+
21+UBUNTU_APP_LAUNCH_DEMANGLER
22+ Path to the UAL demangler tool that will get the Mir FD for trusted prompt session.
23+
24+UBUNTU_APP_LAUNCH_DISABLE_SNAPD_TIMEOUT
25+ Wait as long as Snapd wants to return data instead of erroring after 100ms.
26+
27+UBUNTU_APP_LAUNCH_LEGACY_ROOT
28+ Set the path that represents the root for legacy applications.
29+
30+UBUNTU_APP_LAUNCH_LIBERTINE_LAUNCH
31+ Path to the libertine launch utility for setting up libertine containers and XMir based legacy apps.
32+
33+UBUNTU_APP_LAUNCH_LINK_FARM
34+ Path to the link farm that is created by Click of all the installed Click applications.
35+
36+UBUNTU_APP_LAUNCH_OOM_HELPER
37+ Path to the setuid helper that configures OOM values on application processes that we otherwise couldn't, mostly this is for Oxide.
38+
39+UBUNTU_APP_LAUNCH_OOM_PROC_PATH
40+ Path to look for the files to set OOM values, defaults to /proc.
41+
42+UBUNTU_APP_LAUNCH_SNAP_BASEDIR
43+ The place where snaps are installed in the system, /snap is the default.
44+
45+UBUNTU_APP_LAUNCH_SNAPD_SOCKET
46+ Path to the snapd socket.
47+
48+
49 API Documentation
50 =================
51
52
53=== modified file 'libubuntu-app-launch/registry-impl.cpp'
54--- libubuntu-app-launch/registry-impl.cpp 2016-11-10 21:59:11 +0000
55+++ libubuntu-app-launch/registry-impl.cpp 2016-11-10 21:59:12 +0000
56@@ -48,6 +48,14 @@
57 return std::shared_ptr<GDBusConnection>(g_bus_get_sync(G_BUS_TYPE_SESSION, cancel.get(), nullptr),
58 [](GDBusConnection* bus) { g_clear_object(&bus); });
59 });
60+
61+ /* Determine where we're getting the helper from */
62+ oomHelper_ = OOM_HELPER;
63+ auto goomHelper = g_getenv("UBUNTU_APP_LAUNCH_OOM_HELPER");
64+ if (goomHelper != nullptr)
65+ {
66+ oomHelper_ = goomHelper;
67+ }
68 }
69
70 void Registry::Impl::initClick()
71
72=== modified file 'libubuntu-app-launch/registry-impl.h'
73--- libubuntu-app-launch/registry-impl.h 2016-11-10 21:59:11 +0000
74+++ libubuntu-app-launch/registry-impl.h 2016-11-10 21:59:12 +0000
75@@ -83,6 +83,11 @@
76 static void watchingAppStarting(bool rWatching);
77 static bool isWatchingAppStarting();
78
79+ const std::string oomHelper()
80+ {
81+ return oomHelper_;
82+ }
83+
84 private:
85 Registry* _registry; /**< The Registry that we're spawned from */
86
87@@ -97,6 +102,13 @@
88 /** All of our icon finders based on the path that they're looking
89 into */
90 std::unordered_map<std::string, std::shared_ptr<IconFinder>> _iconFinders;
91+
92+ /** Getting the Upstart job path is relatively expensive in
93+ that it requires a DBus call. Worth keeping a cache of. */
94+ std::map<std::string, std::string> upstartJobPathCache_;
95+
96+ /** Path to the OOM Helper */
97+ std::string oomHelper_;
98 };
99
100 } // namespace app_launch
101
102=== modified file 'libubuntu-app-launch/ubuntu-app-launch.cpp'
103--- libubuntu-app-launch/ubuntu-app-launch.cpp 2016-11-10 21:59:11 +0000
104+++ libubuntu-app-launch/ubuntu-app-launch.cpp 2016-11-10 21:59:12 +0000
105@@ -1672,7 +1672,11 @@
106 /* The exec value */
107 gchar * envstr = NULL;
108 if (demangler) {
109- envstr = g_strdup_printf("APP_EXEC=%s %s", DEMANGLER_PATH, execline);
110+ const gchar * demangler_path = g_getenv("UBUNTU_APP_LAUNCH_DEMANGLER");
111+ if (demangler_path == nullptr) {
112+ demangler_path = DEMANGLER_PATH;
113+ }
114+ envstr = g_strdup_printf("APP_EXEC=%s %s", demangler_path, execline);
115 } else {
116 envstr = g_strdup_printf("APP_EXEC=%s", execline);
117 }
118
119=== modified file 'upstart-jobs/application-click.conf.in'
120--- upstart-jobs/application-click.conf.in 2015-08-17 21:34:39 +0000
121+++ upstart-jobs/application-click.conf.in 2016-11-10 21:59:12 +0000
122@@ -14,7 +14,6 @@
123 env APP_XMIR_ENABLE
124
125 env UBUNTU_APP_LAUNCH_ARCH="@ubuntu_app_launch_arch@"
126-export UBUNTU_APP_LAUNCH_ARCH
127
128 apparmor switch ${APP_ID}
129 cgroup freezer
130@@ -23,12 +22,12 @@
131 oom score 100
132
133 # Remember, this is confined
134-exec @pkglibexecdir@/exec-line-exec
135+exec ${SNAP}/@pkglibexecdir@/exec-line-exec
136
137-post-start exec @pkglibexecdir@/zg-report-app open
138+post-start exec ${SNAP}/@pkglibexecdir@/zg-report-app open
139 post-stop script
140- @pkglibexecdir@/zg-report-app close
141- @pkglibexecdir@/cgroup-reap-all
142+ ${SNAP}/@pkglibexecdir@/zg-report-app close
143+ ${SNAP}/@pkglibexecdir@/cgroup-reap-all
144
145 DEVELOPER_MODE=`gdbus call --system --dest com.canonical.PropertyService --object-path /com/canonical/PropertyService --method com.canonical.PropertyService.GetProperty adb`
146 if [ "$DEVELOPER_MODE" != "(true,)" ] ; then
147
148=== modified file 'upstart-jobs/application-failed.conf.in'
149--- upstart-jobs/application-failed.conf.in 2016-08-04 14:04:40 +0000
150+++ upstart-jobs/application-failed.conf.in 2016-11-10 21:59:12 +0000
151@@ -3,4 +3,4 @@
152 start on stopped application-legacy RESULT=failed or stopped application-click RESULT=failed or stopped application-snap RESULT=failed
153 task
154
155-exec @pkglibexecdir@/application-failed
156+exec ${SNAP}/@pkglibexecdir@/application-failed
157
158=== modified file 'upstart-jobs/application-legacy.conf.in'
159--- upstart-jobs/application-legacy.conf.in 2016-09-23 22:01:53 +0000
160+++ upstart-jobs/application-legacy.conf.in 2016-11-10 21:59:12 +0000
161@@ -22,12 +22,12 @@
162 oom score 110
163
164 # This could be confined
165-exec @pkglibexecdir@/exec-line-exec
166+exec ${SNAP}/@pkglibexecdir@/exec-line-exec
167
168-post-start exec @pkglibexecdir@/zg-report-app open
169+post-start exec ${SNAP}/@pkglibexecdir@/zg-report-app open
170 post-stop script
171- @pkglibexecdir@/zg-report-app close
172- @pkglibexecdir@/cgroup-reap-all
173+ ${SNAP}/@pkglibexecdir@/zg-report-app close
174+ ${SNAP}/@pkglibexecdir@/cgroup-reap-all
175
176 DEVELOPER_MODE=`gdbus call --system --dest com.canonical.PropertyService --object-path /com/canonical/PropertyService --method com.canonical.PropertyService.GetProperty adb`
177 if [ "$DEVELOPER_MODE" != "(true,)" ] ; then
178
179=== modified file 'upstart-jobs/application-snap.conf.in'
180--- upstart-jobs/application-snap.conf.in 2016-09-08 15:05:06 +0000
181+++ upstart-jobs/application-snap.conf.in 2016-11-10 21:59:12 +0000
182@@ -15,7 +15,6 @@
183 env INSTANCE_ID=""
184
185 env UBUNTU_APP_LAUNCH_ARCH="@ubuntu_app_launch_arch@"
186-export UBUNTU_APP_LAUNCH_ARCH
187
188 # apparmor is taken care of by confine
189 cgroup freezer
190@@ -24,12 +23,12 @@
191 oom score 100
192
193 # Remember, this is confined
194-exec @pkglibexecdir@/exec-line-exec
195+exec ${SNAP}/@pkglibexecdir@/exec-line-exec
196
197-post-start exec @pkglibexecdir@/zg-report-app open
198+post-start exec ${SNAP}/@pkglibexecdir@/zg-report-app open
199 post-stop script
200- @pkglibexecdir@/zg-report-app close
201- @pkglibexecdir@/cgroup-reap-all
202+ ${SNAP}/@pkglibexecdir@/zg-report-app close
203+ ${SNAP}/@pkglibexecdir@/cgroup-reap-all
204
205 DEVELOPER_MODE=`gdbus call --system --dest com.canonical.PropertyService --object-path /com/canonical/PropertyService --method com.canonical.PropertyService.GetProperty adb`
206 if [ "$DEVELOPER_MODE" != "(true,)" ] ; then
207
208=== modified file 'upstart-jobs/application.conf.in'
209--- upstart-jobs/application.conf.in 2014-02-05 20:54:29 +0000
210+++ upstart-jobs/application.conf.in 2016-11-10 21:59:12 +0000
211@@ -14,4 +14,4 @@
212 env APP_URIS
213 export APP_URIS
214
215-exec @pkglibexecdir@/application-job
216+exec ${SNAP}/@pkglibexecdir@/application-job
217
218=== modified file 'upstart-jobs/untrusted-helper-type-end.conf.in'
219--- upstart-jobs/untrusted-helper-type-end.conf.in 2014-01-22 17:35:10 +0000
220+++ upstart-jobs/untrusted-helper-type-end.conf.in 2016-11-10 21:59:12 +0000
221@@ -6,4 +6,4 @@
222
223 emits untrusted-helper-end
224
225-exec @pkglibexecdir@/untrusted-helper-type-end
226+exec ${SNAP}/@pkglibexecdir@/untrusted-helper-type-end
227
228=== modified file 'upstart-jobs/untrusted-helper.conf.in'
229--- upstart-jobs/untrusted-helper.conf.in 2014-08-07 16:16:05 +0000
230+++ upstart-jobs/untrusted-helper.conf.in 2016-11-10 21:59:12 +0000
231@@ -12,7 +12,6 @@
232 env APP_URIS
233
234 env UBUNTU_APP_LAUNCH_ARCH="@ubuntu_app_launch_arch@"
235-export UBUNTU_APP_LAUNCH_ARCH
236
237 apparmor switch ${APP_ID}
238 cgroup freezer
239@@ -20,8 +19,8 @@
240
241 # This is unconfined
242 pre-start script
243- if [ -x "@pkglibexecdir@/${HELPER_TYPE}/exec-tool" ] ; then
244- @pkglibexecdir@/${HELPER_TYPE}/exec-tool
245+ if [ -x "${SNAP}/@pkglibexecdir@/${HELPER_TYPE}/exec-tool" ] ; then
246+ ${SNAP}/@pkglibexecdir@/${HELPER_TYPE}/exec-tool
247 else
248 echo "Unable to find exec tool for ${HELPER_TYPE}"
249 exit -1
250@@ -29,6 +28,6 @@
251 end script
252
253 # Remember, this is confined
254-exec @pkglibexecdir@/exec-line-exec
255+exec ${SNAP}/@pkglibexecdir@/exec-line-exec
256
257-post-stop exec @pkglibexecdir@/cgroup-reap-all
258+post-stop exec ${SNAP}/@pkglibexecdir@/cgroup-reap-all

Subscribers

People subscribed via source and target branches