- So that we write decorators that can handle errors as needed by backups app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When subprocess.call() fails and one of the arguments is a Path-like object,
the exception also contains a Path-like object. The default JSON encoder can't
handle this and will lead to failure when encoding the exception altogether
resulting in a generic exception.
Tests:
- Add an invalid .zim file to kiwix. It fails and shows a default error
exception. Without this patch, it fails.
- Functional tests for kiwix pass.
- Backups app can list archives. This is a result returned from a privileged
method.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This is to ensure that secret parameter which must likely be marked as secret
are not marked as secret. The partially mitigates the biggest disadvantage of
printing all the parameters by default and marking exception, that is,
forgetting to mark.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When privileged action is called, it is logged without arguments currently.
Extend this to log all arguments but excluding the parameters of type
secret_str.
- When error is raised, all arguments are being logged currently. Extend this to
exclude the parameters of type secret_str.
Tests:
- Privileged actions with secret strings log messages with '****' instead of
secret string.
- When an error is raised in a privileged action, an exception is logged. In the
exception message, the method and parameters are printed. Parameters that are
secret strings are shown as '****'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Method parameters marked with secret_str will not be logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
It is already available separately and now printed nicely. In cases where the
exception is caused outside of the action method, continue to print stderr.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
return_value is not available during exception handling.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All tests in patch series have been done with this patch applied
- Unit tests pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently privileged actions use stdout for returning the results. If any of the
sub-processes accidentally output to stdout, decoding errors occur. Prevent this
by opening a pipe to the privileged action and returning the output in that
pipe.
Tests:
- Run unit tests
- Functional tests for other apps pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Currently, privileged actions are not allowed under top-level plinth module.
They are only allowed under each app module. Allow privileged actions under
plinth module.
- Currently, privileged actions are not allowed under a sub-module of
'privileged' package. They are allowed only in 'privileged' module. Allow
sub-modules under 'privileged' package.
Tests:
- Email app functional tests pass
- Functional tests for apps using package and service privileged methods pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This can be improved later by using a IPC mechanism other than stdin/stdout.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Any privileged action (a method) can be marked as such with the new decorator. A
call to the method will be serialized into a sudo call (or later into a D-Bus
call). The method arguments are turned to JSON and method is called as
superuser. Arguments are de-serialized and are verified for type before the
actual call as superuser. Return values are serialized and returned where they
are de-serialized. Exceptions are also serialized and de-serialized.
The method must have be strictly typed and should not have keyword-only
arguments. Currently supported types are int, float, str, dict/Dict, list/List
and Optional.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use '#' vs '$' to indicate root vs. user message.
- Remove '-n' argument to sudo as it is always present.
- Remove env arguments to sudo as they are only present during debug.
- Remove full path to the action as they are already thoroughly checked.
- Print the message as a shell command with escapes instead of as python list.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't set bufsize to 1 while streaming backup download. This is only effective
with text streams with universal_newline flag set. An actual buffer size of 1
is very inefficient and plain wrong. Leave the python default of
io.DEFAULT_BUFFER_SIZE.
- Minor simplification to argument passing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- some variable names, indentation and documentation changes
- removed unused backups action
- changed name of upload session variable to 'fbx-backups-upload-path'
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
async is a reserved keyword in Python 3.7. It can no longer be used as method
parameter. Change the name so that we are ready for Python 3.7.
See: https://www.python.org/dev/peps/pep-0492/#deprecation-plans
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Created basic plinth app which starts an introducer and a storage
node on the FreedomBox.
- Prompt user to set a domain name before creating Tahoe-LAFS nodes.
- Support adding and removing of introducers to the storage node.
- Serve Tahoe-LAFS from a different port.
- Start all nodes and introducers at system startup.
- Add utility class YAMLFile with test cases.
- Don't allow strings to be sent as arguments. The mixup with
lists/tuples could be dangerous.
- Don't escape arguments. subprocess.Popen takes care that arguments
are passed on nicely to the actions.
- Update tests.
The package license (AGPL3+) implicitly indicates the license of each
file. However, it is desirable to have license headers in each file.
This is the case for many prominent projects like GNU project, Mozilla
etc.
