- And gracefully terminate the process after finishing the current requests
underway.
Tests:
- Trigger a long operation such as an app installation. While the operation is
underway, run 'systemctl stop freedombox-privilved.service'. Journal will show
that the SIGTERM is handled and shutdown is more or less immediately complete.
However, the whole process will wait until the ongoing request is complete and
then exit.
- During the wait period, no new requests are accepted as experienced with
'freedombox-cmd plinth is_package_manager_busy --no-args' command.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- When arguments are not provided to freedombox-cmd it shows errors on the
console.
- When a command is successfully executed, the output is printed on the console.
- The output of the privileged daemon goes to the journald.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- If there is a syntax error in communication with privileged server. 'stdout'
and 'stderr' keys are present in 'exception' dictionary of the reply.
- If there is a error in the privileged method in communication with privileged
server. 'stdout' and 'stderr' keys are present in 'exception' dictionary of the
reply. The values are filled with output of the command that have been run.
- If a privileged method uses action_utils.run, then raising an exception in the
method shows proper stdout and stderr in the UI HTML message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Regression: downloading does not work with sudo based action anymore. However,
sudo based actions are to be removed in later patches.
Tests:
- Downloading tar backup archive works. Untar works. Downloading gives upto
10MiB/s speed.
- If API is not called with _raw_output=True, then special exception is raised.
- Downloading tar file from command line using nc also works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- This daemon will be faster than running actions using 'sudo' because the
actions sometimes load all the modules before certain safety checks can be
performed. The daemon will load just once for many privileged calls.
Tests:
- After daemon is started, systemd shows the status as 'activated'.
- When daemon is started using socket activation and requests are sent, the
requests succeed.
- When daemon is started manually and requests are sent, the requests succeed.
The socket file is created with root:root ownership and 0666 permissions.
Parent directory is created if not exists. After the daemon exits, the socket
file is removed. When daemon is started manually, automatic idle timeout exit
does not happen.
- According to journalctl, server exists after 5 seconds. Proper log message is
seen.
- Without development mode, server exists after 5 minutes of idle. Proper log
message is seen.
- When a sleep is added in one of the actions and when the action is running,
server does not exit. Server exits after the request is completed.
- When an error is raised in verify request, the server exits with proper error
message. If the server exists with non-zero error code and is immediately
restarted by systemd.
- Sending a sample request using nc from root user and plinth user works.
- Sending a sample request using nc from fbx user is rejected.
- If a non-unicode text is sent as request, the response is a valid error
dictionary.
- If the request is larger than 1M, an 'request too large' error is thrown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
