bwrap 1.0.0.pre.alpha5 → 1.0.0.pre.beta1

data/lib/bwrap/bwrap.rb

@@ -0,0 +1,150 @@
+# frozen_string_literal: true
+
+#require "deep-cover" if ENV["DEEP_COVER"]
+
+require "bwrap/version"
+require "bwrap/args/construct"
+require "bwrap/config"
+require "bwrap/execution"
+
+# Executes given command under {https://github.com/containers/bubblewrap bwrap}
+# using given configuration.
+#
+# @see ::Bwrap Bwrap module for usage example
+class Bwrap::Bwrap
+  include Bwrap::Execution
+
+  # @param config [Bwrap::Config] Configuration used to tailor bwrap
+  def initialize config
+    # TODO: Ensure that costruct.rb and utilities it uses does not enforce Config to be valid object.
+    # Create a test for that also. Well, as long as that makes sense. If it doesn’t work, validate
+    # Config object to be valid here.
+    @config = config
+  end
+
+  # Parses command line arguments given to caller script.
+  #
+  # @note This method automatically sets output levels according parsed
+  #   options. It is also possible to set the levels manually using
+  #   {Bwrap::Output.handle_output_options}, for example with flags
+  #   parsed with optparse’s `OptionParser`, found in Ruby’s standard
+  #   library.
+  #
+  # @warning Requires optimist gem to be installed, which is not a dependency of this gem.
+  def parse_command_line_arguments
+    options = parse_options
+
+    Bwrap::Output.handle_output_options options
+  end
+
+  # Binds and executes given command available on running system inside bwrap.
+  #
+  # If {Config#root} has been set, given executable is scanned for necessary
+  # libraries and they are bound inside sandbox. This often reduces amount of
+  # global binds, but some miscellaneous things may need custom handling.
+  #
+  # @see Config#features about binding bigger feature sets to sandbox.
+  #
+  # Executed command is constructed using configuration passed to constructor.
+  # After execution has completed, bwrap will also shut down.
+  #
+  # @param command [String, Array] Command to be executed inside bwrap along with necessary arguments
+  # @see #run_inside_root to execute a command that already is inside sandbox.
+  def run command
+    construct = Bwrap::Args::Construct.new
+    construct.command = command
+    construct.config = @config
+    bwrap_args = construct.construct_bwrap_args
+
+    exec_command = [ "bwrap" ]
+    exec_command += bwrap_args
+    exec_command.append command
+    exec_command += @cli_args if @cli_args
+
+    execute exec_command
+
+    construct.cleanup
+  end
+
+  # Convenience method to executes a command that is inside bwrap.
+  #
+  # Given command is expected to already be inside {Config#root}.
+  #
+  # Calling this method is equivalent to setting {Config#command_inside_root} to `true`.
+  #
+  # @note This may have a bit unintuitive usage, as most things are checked anyway, so this is not
+  #   akin to running something inside a chroot, but rather for convenience.
+  #
+  # @param command [String, Array] Command to be executed inside bwrap along with necessary arguments
+  # @see #run to execute a command that needs to be bound to the sandbox.
+  def run_inside_root command
+    if @config
+      config = @config.dup
+      config.command_inside_root = true
+    else
+      config = nil
+    end
+
+    construct = Bwrap::Args::Construct.new
+    construct.command = command
+    construct.config = config
+    bwrap_args = construct.construct_bwrap_args
+
+    exec_command = [ "bwrap" ]
+    exec_command += bwrap_args
+    exec_command.append command
+    exec_command += @cli_args if @cli_args
+
+    execute exec_command
+
+    construct.cleanup
+  end
+
+  # Parses global bwrap flags using Optimist.
+  #
+  # Sets instance variable `@cli_args`.
+  #
+  # @warning Requires optimist gem to be installed, which is not a dependency of this gem.
+  #
+  # @api private
+  # @return [Hash] options parsed by `Optimist.options`
+  private def parse_options
+    begin
+      require "optimist"
+    rescue LoadError => e
+      puts "Failed to load optimist gem. In order to use Bwrap::Bwrap#parse_command_line_arguments, " \
+           "ensure optimist gem is present for example in your Gemfile."
+      puts
+      raise e
+    end
+
+    options = Optimist.options do
+      version ::Bwrap::VERSION
+
+      banner "Usage:"
+      banner "  #{$PROGRAM_NAME} [global options]\n \n"
+      banner "Global options:"
+      opt :verbose,
+          "Show verbose output",
+          short: "v"
+      opt :debug,
+          "Show debug output (useful when debugging a problem)",
+          short: "d"
+      opt :trace,
+          "Show trace output (noisiest, probably not useful for most of time)",
+          short: :none
+      opt :version,
+          "Print version and exit",
+          short: "V"
+      opt :help,
+          "Show help message",
+          short: "h"
+
+      educate_on_error
+    end
+
+    @cli_args = ARGV.dup
+
+    options
+  end
+end

data/lib/bwrap/config/features.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+class Bwrap::Config
+  # Methods to enable or disable feature sets to control various aspects of sandboxing.
+  class Features
+    # Defines Bash feature set.
+    class Bash
+      def enabled?
+        @enabled
+      end
+
+      def enable
+        @enabled = true
+      end
+
+      # Disable Bash feature set.
+      def disable
+        @enabled = false
+      end
+    end
+
+    # Defines Ruby feature set.
+    class Ruby
+      # Extra libraries to be loaded from `RbConfig::CONFIG["rubyarchdir"]`.
+      #
+      # @note This is only required to be called if extra dependencies are necessary.
+      #     For example, psych.so requires libyaml.so.
+      #
+      # @note There is stdlib= method also. Yardoc is broken.
+      #
+      # @return [Array] list of needed libraries.
+      attr_reader :stdlib
+
+      def initialize
+        @stdlib = []
+      end
+
+      # @see enabled=
+      def enabled?
+        @enabled
+      end
+
+      # Enable Ruby feature set.
+      #
+      # Among others, binds `RbConfig::CONFIG["sitedir"]` so scripts works.
+      #
+      # @note This does not allow development headers needed for compilation for now.
+      #   I’ll look at it after I have an use for it.
+      def enable
+        @enabled = true
+      end
+
+      # Disable Ruby feature set.
+      def disable
+        @enabled = false
+      end
+
+      # @see #stdlib
+      def stdlib= libs
+        # Just a little check to have error earlier.
+        libs.each do |lib|
+          unless File.exist? "#{RbConfig::CONFIG["rubyarchdir"]}/#{lib}.so"
+            raise "Library “#{lib}” passed to Bwrap::Config::Ruby.stdlib= does not exist."
+          end
+        end
+
+        @stdlib = libs
+      end
+    end
+
+    # @return [Bash] Instance of feature class for Bash
+    def bash
+      @bash ||= Bash.new
+    end
+
+    # @return [Ruby] Instance of feature class for Ruby
+    def ruby
+      @ruby ||= Ruby.new
+    end
+  end
+end

data/lib/bwrap/config.rb

@@ -3,10 +3,20 @@
 require "bwrap/output"
 require "bwrap/version"
 
-# Represents configuration set by user for bwrap execution.
+# Features classes, used through {Config#features}.
+require_relative "config/features"
+
+# Represents configuration used to tailor bwrap execution.
+#
+# @developer_note
+#   Logger methods (debug, warn and so on) can’t be used here as logger
+#   isn’t initialized before this class.
+#
+#   For same reason, it’s not advised to execute anything here.
 #
-# Implementation NOTE: logger methods (debug, warn and so on) can’t be used here as logger
-# isn’t initialized before this class.
+# Note that all attributes also have writers, even though they are not documented.
+#
+# @todo Add some documentation about syntax where necessary, like for #binaries_from.
 class Bwrap::Config
   attr_accessor :hostname
 
@@ -45,10 +55,11 @@ class Bwrap::Config
   # @return [Boolean] true if network should be shared from host.
   attr_accessor :share_net
 
-  # TODO: This should cause Bind#full_system_mounts to mount /lib64/ld-linux-x86-64.so.2 and so on,
-  # probably according executable type of specified command. But that needs some magic.
+  # Causes libraries required by the executable given to {Bwrap#run} to be
+  # mounted inside sandbox.
   #
-  # For now this just mounts all relevant files it can find.
+  # Often it is enough to use this flag instead of binding all system libraries
+  # using {#libdir_mounts=}
   #
   # @return [Boolean] true if Linux library loaders are mounted inside chroot
   attr_accessor :full_system_mounts
@@ -58,9 +69,20 @@ class Bwrap::Config
   #
   # /usr/bin can be mounted using {Config#binaries_from=}.
   #
+  # Often it is enough to use {#full_system_mounts=} instead of binding all
+  # system libraries using this flag.
+  #
   # @return [Boolean] true if libdirs are mounted to the chroot
   attr_accessor :libdir_mounts
 
+  # Set to `true` if command given to {Bwrap::Bwrap#run} is expected to
+  # be inside sandbox, and not bound from host.
+  #
+  # @return [Boolean] `true` if executed command is inside sandbox
+  attr_accessor :command_inside_root
+
+  attr_accessor :extra_executables
+
   # Array of directories to be bind mounted and used to construct PATH environment variable.
   attr_reader :binaries_from
 
@@ -72,71 +94,38 @@ class Bwrap::Config
   # Use given directory as root. End result is similar to classic chroot.
   attr_reader :root
 
-  # `Hash`[`Pathname`] => `Pathname` containing custom read-only binds.
+  # @overload ro_binds
+  #   `Hash`[`Pathname`] => `Pathname` containing custom read-only binds.
+  # @overload ro_binds=
+  #   Set given hash of paths to be bound with --ro-bind.
+  #
+  #   Key is source path, value is destination path.
+  #
+  #   Given source paths must exist.
   attr_reader :ro_binds
 
-  # Path to temporary directory.
+  # @overload tmpdir
+  #   Path to temporary directory.
+  #
+  #   Defaults to Dir.tmpdir.
+  # @overload tmpdir=(dir)
+  #   Sets given directory as temporary directory for certain operations.
   #
-  # Defaults to Dir.tmpdir.
+  #   @note Requires `dir` to be path to existing directory.
+  #   @raise [RuntimeError] If given directory does not exist
+  #   @param dir Path to temporary directory
   attr_reader :tmpdir
 
-  # Methods to enable or disable feature sets to control various aspects of sandboxing.
-  class Features
-    # Defines Ruby feature set.
-    class Ruby
-      # @return [Array] list of needed libraries.
-      attr_reader :stdlib
-
-      def initialize
-        @stdlib = []
-      end
-
-      # @see enabled=
-      def enabled?
-        @enabled
-      end
-
-      # Enable Ruby feature set.
-      #
-      # Among others, binds RbConfig::CONFIG["sitedir"] so scripts works.
-      #
-      # @note This does not allow development headers needed for compilation for now.
-      #   I’ll look at it after I have an use for it.
-      def enable
-        @enabled = true
-      end
-
-      # Disable Ruby feature set.
-      def disable
-        @enabled = false
-      end
-
-      # Extra libraries to be loaded from `RbConfig::CONFIG["rubyarchdir"]`.
-      #
-      # @note This is only required to be called if extra dependencies are necessary.
-      #     For example, psych.so requires libyaml.so.
-      def stdlib= libs
-        # Just a little check to have error earlier.
-        libs.each do |lib|
-          unless File.exist? "#{RbConfig::CONFIG["rubyarchdir"]}/#{lib}.so"
-            raise "Library “#{lib}” passed to Bwrap::Config::Ruby.stdlib= does not exist."
-          end
-        end
-
-        @stdlib = libs
-      end
-    end
-
-    # @return [Ruby] Instance of feature class for Ruby
-    def ruby
-      @ruby ||= Ruby.new
-    end
-  end
+  # Paths to be added to sandbox instance’s PATH environment variable.
+  #
+  # @see #add_env_path
+  attr_reader :env_paths
 
   def initialize
     @binaries_from = []
     @tmpdir = Dir.tmpdir
     @audio = []
+    @env_paths = []
   end
 
   def binaries_from= array
@@ -178,14 +167,13 @@ class Bwrap::Config
     @root = directory
   end
 
-  # Set given hash of paths to be bound with --ro-bind.
-  #
-  # Key is source path, value is destination path.
-  #
-  # Given source paths must exist.
   def ro_binds= binds
     @ro_binds = {}
     binds.each do |source_path, destination_path|
+      if destination_path.nil?
+        raise "binds should be key-value storage of Strings, for example a Hash."
+      end
+
       source_path = Pathname.new source_path
       unless source_path.exist?
         raise "Given read only bind does not exist. Please check path “#{source_path}” is correct."
@@ -197,14 +185,17 @@ class Bwrap::Config
     end
   end
 
-  # Sets given directory as temporary directory for certain operations.
-  #
-  # @note Requires `dir` to be path to existing directory.
-  # @raise [RuntimeError] If given directory does not exist
-  # @param dir Path to temporary directory
+  # See attr_accessor :tmpdir for documentation.
   def tmpdir= dir
     raise "Directory to be set as a temporary directory, “#{dir}”, does not exist." unless Dir.exist? dir
 
     @tmpdir = dir
   end
+
+  # Add a path to sandbox instance’s PATH environment variable.
+  #
+  # @param path [String] Path to be added added to PATH environment variable
+  def add_env_path path
+    @env_paths << path
+  end
 end

data/lib/bwrap/execution/exceptions.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Bwrap::Execution
+  # Unspecified execution related error.
+  class CommandError < StandardError
+  end
+
+  # Signifies that command execution has failed.
+  class ExecutionFailed < CommandError
+  end
+
+  # Thrown if given command was not found.
+  class CommandNotFound < CommandError
+    # Command that was looked at.
+    attr_reader :command
+
+    def initialize command:
+      @command = command
+      msg = "Failed to find #{command} from PATH."
+
+      super msg
+    end
+  end
+end

data/lib/bwrap/execution/execute.rb

@@ -3,11 +3,14 @@
 # force_encoding modifies string, so can’t freeze strings.
 
 require "bwrap/output"
+require_relative "exceptions"
 require_relative "execution"
 
 # Methods that performs actual execution logic.
 #
-# @api internal
+# @note This is kind of pseudo-internal API. Hopefully there won’t be breaking changes.
+#   But please use {Bwrap::Execution} instead of relying functionality of this class,
+#   outside of {.prepend_rootcmd}.
 class Bwrap::Execution::Execute
   include Bwrap::Output
 

data/lib/bwrap/execution/execution.rb

@@ -1,8 +1,152 @@
 # frozen_string_literal: true
 
 require "bwrap/version"
+require "bwrap/output"
+require_relative "exceptions"
+require_relative "execute"
+require_relative "path"
 
-# Generic execution functionality.
+# Provides methods to execute commands and handle its output.
+#
+# Output can be controlled by using log levels of Output module.
+#
+# @example Executing a command
+#   class MyClass
+#     include Bwrap::Execution
+#
+#     def my_method
+#       execute %w{ ls /dev/null }
 module Bwrap::Execution
-  # Nyan.
-end
+  include Bwrap::Output
+  include Bwrap::Execution::Path
+
+  # Actual implementation of execution command. Can be used when static method is needed.
+  #
+  # @note When an array is given as a command, empty strings are passed as empty arguments.
+  #
+  #   This means that `[ "foo", "bar" ]` passes one argument to "foo" command, when
+  #   `[ "foo", "", "bar" ]` passes two arguments.
+  #
+  #   This may or may not be what is assumed, so it can’t be fixed here. It is up to the
+  #   command to decide how to handle empty arguments.
+  #
+  # Returns pid of executed command if wait is false.
+  # Returns command output if wait is true.
+  #
+  # fail == If true, an error is raised in case the command returns failure code.
+  #
+  # @param error if :show, warn()s output of the command is shown if execution failed.
+  #
+  # @see #execute
+  def self.do_execute command,
+                      fail: true,
+                      wait: true,
+                      log: true,
+                      direct_output: false,
+                      env: {},
+                      clear_env: false,
+                      error: nil,
+                      log_callback: 2,
+                      rootcmd: nil
+    command = Execute.format_command command, rootcmd: rootcmd
+    Execute.handle_logging command, log_callback: log_callback, log: log, dry_run: @dry_run
+    return if @dry_run || Bwrap::Execution::Execute.dry_run
+
+    Execute.open_pipes direct_output
+
+    # If command is an array, there can’t be arrays inside the array.
+    # For convenience, the array is flattened here, so callers can construct commands more easily.
+    if command.respond_to? :flatten!
+      command.flatten!
+    end
+
+    # If command is string, splat operator (the *) does not do anything. If array, it expand the arguments.
+    # This causes spawning work correctly, as that’s how spawn() expects to have the argu
+    pid = spawn(env, *command, err: [ :child, :out ], out: Execute.w, unsetenv_others: clear_env)
+    output = Execute.finish_execution(log: log, wait: wait, direct_output: direct_output)
+    return pid unless wait
+
+    # This is instant return, but allows us to have $?/$CHILD_STATUS set.
+    Process.wait pid
+    @last_status = $CHILD_STATUS
+
+    output = Execute.process_output output: output
+    Execute.handle_execution_fail fail: fail, error: error, output: output
+    output
+  ensure
+    Execute.clean_variables
+  end
+
+  # Returns Process::Status instance of last execution.
+  #
+  # @note This only is able to return the status if wait is true, as otherwise caller is assumed to
+  # handle execution flow.
+  def self.last_status
+    @last_status
+  end
+
+  # Execute a command.
+  #
+  # This method can be used by including Execution module in a class that should be able to
+  # execute commands.
+  #
+  # @see .do_execute .do_execute for documentation of argument syntax
+  private def execute *args
+    # Mangle proper location to error message.
+    if args.last.is_a? Hash
+      args.last[:log_callback] = 3
+    else
+      args << { log_callback: 3 }
+    end
+    Bwrap::Execution.do_execute(*args)
+  end
+
+  # Same as ::execute, but uses log: false to avoid unnecessary output when we’re just getting a
+  # value for internal needs.
+  #
+  # Defaults to fail: false, since when one just wants to get the value, there is not that much
+  # need to unconditionally die if getting bad exit code.
+  private def execvalue *args, fail: false, rootcmd: nil, env: {}
+    # This logging handling is a bit of duplication from execute(), but to be extra safe, it is duplicated.
+    # The debug message contents will always be evaluated, so can just do it like this.
+    log_command = args[0].respond_to?(:join) && args[0].join(" ") || args[0]
+    log_command =
+        if log_command.frozen?
+          log_command.dup.force_encoding("UTF-8")
+        else
+          log_command.force_encoding("UTF-8")
+        end
+    if @dry_run
+      puts "Would execvalue “#{log_command}” at #{caller_locations(1, 1)[0]}"
+      return
+    end
+    trace "Execvaluing “#{log_command}” at #{caller_locations(1, 1)[0]}"
+    execute(*args, fail: fail, log: false, rootcmd: rootcmd, env: env)
+  end
+
+  private def exec_success?
+    $CHILD_STATUS.success?
+  end
+
+  private def exec_failure?
+    !exec_success?
+  end
+
+  # When running through bundler, don’t use whatever it defines as we’re running inside chroot.
+  private def clean_execute
+    if (Bundler&.bundler_major_version) >= 2
+      Bundler.with_unbundled_env do
+        yield 2
+      end
+    elsif Bundler&.bundler_major_version == 1
+      Bundler.with_clean_env do
+        yield 1
+      end
+    else
+      yield nil
+    end
+  rescue NameError
+    # If NameError is thrown, no Bundler is available.
+    yield nil
+  end
+end

data/lib/bwrap/execution/labels.rb

@@ -1,7 +1,14 @@
 # frozen_string_literal: true
 
 require "bwrap/version"
-require_relative "execution"
+
+# Just declaring the module here so full Execution module
+# doesn’t need to be required just to have labels.
+#
+# Most users probably should just require bwrap/execution directly
+# instead of this file, but bwrap/output.rb benefits from this.
+module Bwrap::Execution
+end
 
 # Exit codes for exit status handling.
 #