bwrap 1.1.1 → 1.2.0

data/lib/bwrap/execution/logging.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: false
+
+# force_encoding modifies string, so can’t freeze strings.
+
+require "bwrap/output"
+require_relative "execute"
+
+# Logging utilities for execution.
+class Bwrap::Execution::Logging
+  # Formats given command for logging, depending on dry-run flag.
+  def self.handle_logging command, log_callback:, log:, dry_run:
+    log_callback += 1 # This is another method in the chain, so need to add one.
+
+    # The debug message contents will always be evaluated, so can just do it like this.
+    log_command = calculate_log_command command
+
+    if dry_run || Bwrap::Execution::Execute.dry_run
+      puts "Would execute “#{log_command.force_encoding("UTF-8")}” at #{caller_locations(log_callback, 1)[0]}"
+      return
+    end
+
+    return unless log
+
+    msg = "Executing “#{log_command.force_encoding("UTF-8")}” at #{caller_locations(log_callback, 1)[0]}"
+    Bwrap::Output.debug_output msg
+  end
+
+  private_class_method def self.calculate_log_command command
+    return command.dup unless command.respond_to?(:join)
+
+    temp = command.dup
+
+    # NOTE: These are not exactly safe, but this is only a debugging aid anyway.
+    temp.map! do |argument|
+      if argument.empty?
+        # If empty value, insert it to quotes so pasting to cli is safer.
+        argument = %{'#{argument}'}
+      elsif argument.include? " "
+        # Wrap multi word arguments to quotes, for convenience.
+        escaped = argument.gsub '"', '\"'
+        argument = %{"#{escaped}"}
+      end
+      argument
+    end
+
+    temp.join(" ")
+  end
+end
+

data/lib/bwrap/execution/popen2e.rb

@@ -1,26 +1,83 @@
 # frozen_string_literal: true
 
-# @see {Bwrap::Execution.popen2e}
+require "bwrap"
+require "bwrap/output"
+require_relative "logging"
+
+# @see Bwrap::Execution.popen2e
 class Bwrap::Execution::Popen2e
+  include Bwrap::Output
+
   attr_writer :dry_run
 
-  # @see {Bwrap::Execution.popen2e}
-  # TODO: Add a test for this (does Ruby have anything I could use here?).
+  # @param rootcmd [Array|Symbol] Flags used to construct bubblewrap environment
+  # @param config [Bwrap::Config] Configuration used to launch the command inside bubblewrap
+  def initialize rootcmd: nil, config: nil
+    self.rootcmd = rootcmd
+    self.config = config
+  end
+
+  # @param value [Bwrap::Config] Configuration used to launch the command inside bubblewrap
+  def config= value
+    @config = value
+
+    return unless @config and @rootcmd
+
+    error "Only either rootcmd or config object can be given to popen2e. " \
+          "Please set rootcmd to nil if wanting to use config object."
+  end
+
+  # Can be used to implement kind of tag based bubblewrap command things.
+  # This system is not well documented, and originally done for purposes
+  # of the code where this gem was splitted from.
+  #
+  # Probably using {#config=} instead makes more sense.
+  #
+  # @param value [Array|Symbol] Flags used to construct bubblewrap environment
+  def rootcmd= value
+    @rootcmd = value
+
+    return unless @config and @rootcmd
+
+    error "Only either rootcmd or config object can be given to popen2e. " \
+          "Please set config to nil if wanting to use rootcmd flags."
+  end
+
+  # @see Bwrap::Execution.popen2e
   #
-  # @note Also options accepted by {Open3.popen2e} are accepted
+  # @note Also options accepted by upstream’s `Open3.popen2e` are accepted
   #   here, in addition to those specified here.
-  def popen2e *cmd, rootcmd: nil, log_callback: 1, log: true, &block
-    @rootcmd = rootcmd
-    @log_callback = log_callback + 1 # Passing to another method, so need to add one more.
-    @log = log
+  #
+  # @option kwargs [Boolean]
+  #   log            (true)
+  #   If true, prints output if verbose flag has been set.
+  #   And if a log file has been configured, also logs to that file
+  # @option kwargs [Integer]
+  #   log_callback   (3)
+  #   Semi-internal variable used to tailor caller in debug messages
+  #
+  # @yieldreturn In case a block is given, its return value is also returned by popen2e
+  # @return [Array<(IO, IO, Thread)>] Write and read `IO` and a wait thread
+  def popen2e *cmd, **kwargs, &block
+    @log            = kwargs.key?(:log)           ? kwargs.delete(:log)           : true
+    @log_callback   = kwargs.key?(:log_callback)  ? kwargs.delete(:log_callback)  : 1
+
+    @log_callback += 1 # Passing to another method, so need to add one more.
+
     self.opts_from_input = cmd
+    if kwargs
+      @opts ||= {}
+      @opts.merge! kwargs
+    end
 
     resolve_actual_command cmd
 
-    return if @dry_run || Bwrap::Execution::Execute.dry_run
+    return if dry_run?
 
     open_pipes
-    popen_run(@actual_command, [ @in_read, @out_write ], [ @in_write, @out_read ], &block)
+    child_io = [ @in_read, @out_write ]
+    parent_io = [ @in_write, @out_read ]
+    popen_run(@actual_command, child_io, parent_io, &block)
   ensure
     if block
       @in_read.close
@@ -30,6 +87,13 @@ class Bwrap::Execution::Popen2e
     end
   end
 
+  # Only contains `Process::Status` if no block has been passed to {#popen2e}.
+  #
+  # @return [Process::Status|nil] Exit status of the process
+  def child_status
+    @child_status
+  end
+
   # Sets @opts from `cmd` given to {#popen2e}, if any extra options have been given.
   private def opts_from_input= cmd
     @opts = cmd.last.is_a?(Hash) && cmd.pop.dup || {}
@@ -54,8 +118,11 @@ class Bwrap::Execution::Popen2e
     # Delete option hash.
     option_hash = temp_cmd.pop if temp_cmd.last.is_a? Hash
 
-    temp_cmd = Bwrap::Execution::Execute.format_command temp_cmd, rootcmd: @rootcmd
-    Bwrap::Execution::Execute.handle_logging temp_cmd, log_callback: @log_callback, log: @log, dry_run: @dry_run
+    temp_cmd = Bwrap::Execution::Execute.format_command temp_cmd, rootcmd: @rootcmd, config: @config
+    Bwrap::Execution::Logging.handle_logging temp_cmd,
+                                             log_callback: @log_callback,
+                                             log: @log,
+                                             dry_run: @dry_run
 
     temp_cmd.unshift env_hash if env_hash
     temp_cmd.push option_hash if option_hash
@@ -79,9 +146,14 @@ class Bwrap::Execution::Popen2e
       ensure
         parent_io.each(&:close)
         wait_thr.join
+        @child_status = wait_thr.value # Process::Status
       end
     end
 
     result
   end
+
+  private def dry_run?
+    @dry_run || Bwrap::Execution::Execute.dry_run
+  end
 end

data/lib/bwrap/resolvers/executable.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require_relative "resolvers"
+
+# Resolves for example symlinks and such stuff.
+#
+# @api private
+class Bwrap::Resolvers::Executable
+  # May be either relative or absolute path. If relative, the path may be invalid.
+  #
+  # @return [Pathname|nil] The executable, without arguments
+  attr_reader :executable
+
+  # If the executable is a symlink, contains each resolved symlink
+  # and the real target. Otherwise only contains the executable.
+  #
+  # @return [Hash<Pathname, :path|:symlink>|nil] Resolved paths to the command
+  attr_reader :executable_paths
+
+  # @param command [Array|String|nil] The command given to {Bwrap#run}.
+  def initialize command = nil
+    self.command = command if command
+  end
+
+  # The command given to {Bwrap#run}.
+  #
+  # @see Bwrap::Args::Construct#command=
+  def command= value
+    self.executable = executable_from_command value
+    @raw_command = value
+  end
+
+  # Resolves given executable and sets relevant data.
+  def executable= value
+    @executable = Pathname.new value
+
+    @executable_paths = { @executable => :path }
+
+    return unless @executable.symlink?
+
+    temp = @executable
+    while temp.symlink?
+      temp = temp.readlink
+      @executable_paths[temp] = :symlink
+    end
+  end
+
+  # Returns true if executable name parsed from command is absolute
+  # path, and not only the executable name.
+  #
+  # @return [Bool] true if path full path, false if it is only executable name
+  def absolute_path?
+    return false unless @executable
+
+    @executable.absolute?
+  end
+
+  private def executable_from_command command
+    if command.is_a? String
+      return command
+    end
+
+    # Array-like.
+    if command.respond_to? :at
+      return command.at(0)
+    end
+
+    raise "Can’t recognize type of given command. Type: #{command.class}"
+  end
+end

data/lib/bwrap/{args → resolvers}/library.rb

@@ -2,19 +2,19 @@
 
 require "bwrap/execution"
 require "bwrap/output"
-require_relative "args"
+require_relative "resolvers"
 
 # Class to clean up namespace for implementation specific reasons.
 #
 # @api private
-class Bwrap::Args::Library
+class Bwrap::Resolvers::Library
   include Bwrap::Execution
   include Bwrap::Output
 
   # NOTE: This caching can be made more efficient, but need to look at it later, what to do about it.
   @@needed_libraries_cache ||= []
 
-  # Empties {@@needed_libraries_cache}.
+  # Empties `@@needed_libraries_cache`.
   def self.clear_needed_libraries_cache
     @@needed_libraries_cache.clear
   end
@@ -22,6 +22,7 @@ class Bwrap::Args::Library
   # Otherwise similar to {#needed_libraries}, but checks used libc to handle musl executables.
   #
   # @param executable [String] Path to the executable to find dependencies for
+  # @return [Array] Libraries the executable needs, if any
   def libraries_needed_by executable
     # %i == interpreter, the library used to load the executable by kernel.
     # %F == Path to given file.
@@ -30,6 +31,12 @@ class Bwrap::Args::Library
     scanelf_command << executable
 
     data = execvalue scanelf_command
+
+    # If data is empty, target probably is a script of some sort.
+    if data.empty?
+      return []
+    end
+
     data = data.strip
     interpreter, _executable_path = data.split "::SEPARATOR::"
     interpreter = Pathname.new interpreter
@@ -43,16 +50,19 @@ class Bwrap::Args::Library
   end
 
   # @param binary_paths [String, Array] one or more paths to be resolved
-  #
-  # @todo Maybe caching should be done here too?
   def musl_needed_libraries binary_paths
     trace "Finding musl libraries #{binary_paths} requires"
     @needed_libraries = []
 
-    if binary_paths.is_a? String
-      binary_paths = [ binary_paths ]
+    binary_paths = convert_binary_paths binary_paths
+
+    # Check if the exe is already resolved.
+    binary_paths.delete_if do |binary_path|
+      @@needed_libraries_cache.include? binary_path
     end
 
+    return [] if binary_paths.empty?
+
     binary_paths.each do |binary_path|
       output = execvalue %W{ ldd #{binary_path} }
       lines = output.split "\n"
@@ -75,9 +85,7 @@ class Bwrap::Args::Library
     output_format = "%F::SEPARATOR::%n"
     scanelf_command = %W{ scanelf --nobanner --quiet --format #{output_format} --ldcache --needed }
 
-    if binary_paths.is_a? String
-      binary_paths = [ binary_paths ]
-    end
+    binary_paths = convert_binary_paths binary_paths
 
     # Check if the exe is already resolved.
     binary_paths.delete_if do |binary_path|
@@ -97,19 +105,34 @@ class Bwrap::Args::Library
     @needed_libraries
   end
 
+  private def convert_binary_paths binary_paths
+    if binary_paths.is_a? String
+      [ binary_paths ]
+    elsif binary_paths.is_a? Pathname
+      [ binary_paths.to_s ]
+    else
+      binary_paths
+    end
+  end
+
   # Used by {#needed_libraries}.
   private def parse_scanelf_line line
     binary_path, libraries_line = line.split "::SEPARATOR::"
     libraries = libraries_line.split ","
 
+    # Add to needed libraries if not already added.
     (@needed_libraries & libraries).each do |library|
-      debug "Binding #{library} as dependency of #{binary_path}"
+      # Probably no sense to log these unless tracing,
+      # as dependencies should work most of time.
+      #
+      # It also outputs tons of output for more complex programs.
+      trace "Binding #{library} as dependency of #{binary_path}"
     end
 
     @needed_libraries |= libraries
 
     # Also check if requisite libraries needs some libraries.
-    inner = Bwrap::Args::Library.new
+    inner = Bwrap::Resolvers::Library.new
     @needed_libraries |= inner.needed_libraries libraries
 
     @@needed_libraries_cache |= libraries
@@ -128,8 +151,10 @@ class Bwrap::Args::Library
     end
 
     # Also check if requisite libraries needs some libraries.
-    inner = Bwrap::Args::Library.new
+    inner = Bwrap::Resolvers::Library.new
     @needed_libraries |= inner.musl_needed_libraries library_path
+
+    @@needed_libraries_cache << library_path
   end
 end
 # class Library ended

data/lib/bwrap/resolvers/mime.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require "bwrap/execution"
+require "bwrap/output"
+require_relative "resolvers"
+
+# Finds out mime type of given executable.
+#
+# @api private
+class Bwrap::Resolvers::Mime
+  include Bwrap::Execution
+  include Bwrap::Execution::Path
+  include Bwrap::Output
+
+  # Name given to {#initialize}.
+  attr_reader :executable_name
+
+  # Either path given to {#initialize} or one parsed from shebang.
+  attr_reader :executable_path
+
+  # @return [String|nil] Resolved mime type of the executable
+  attr_reader :mime_type
+
+  def initialize executable_name, executable_path
+    @executable_name = executable_name
+    @executable_path = executable_path
+  end
+
+  # Checks if target executable is a script, in which case executable
+  # is parsed from a shebang line, if found.
+  def resolve_mime_type
+    @mime_type = execvalue %W{ file --brief --mime-type #{@executable_path} }
+    trace "Mime type of #{@executable_path} is #{@mime_type}"
+  end
+
+  # Checks if the executable is run using another executable,
+  # using a shebang.
+  #
+  # For example, if the executable is a bash script, returns `true`.
+  def interpreter?
+    return false unless @mime_type[0..6] == "text/x-"
+
+    @shebang_line = File.open @executable_path, &:readline
+    if @shebang_line[0..1] != "#!"
+      return false
+    end
+
+    true
+  end
+
+  # Parses shebang line to find out path to actual executable
+  # used to run the script.
+  #
+  # TODO: Handle this is better way.
+  def resolve_real_executable
+    # Following sets @shebang_line.
+    interpreter? if @shebang_line.nil?
+
+    shebang = @shebang_line
+    #trace "Figuring out correct executable from shebang #{shebang}"
+
+    command_line = shebang.delete_prefix("#!").strip
+    real_executable, args = command_line.split " ", 2
+
+    if [ "/usr/bin/env", "/bin/env" ].include? real_executable
+      # First argument is name of the executable, resolved from PATH.
+      executable_name = args.split(" ", 2).first
+      real_executable = which executable_name
+    end
+
+    debug "Parsed #{real_executable} from the script’s shebang. Using as executable."
+
+    real_executable
+  end
+end

data/lib/bwrap/resolvers/resolvers.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require "bwrap/bwrap_module"
+
+# Classes that allows resolution of executable dependencies, for example.
+module Bwrap::Resolvers
+end

data/lib/bwrap/version.rb

@@ -2,7 +2,7 @@
 
 module Bwrap
   # Current version of bwrap.
-  VERSION = "1.1.1"
+  VERSION = "1.2.0"
 end
 
 require "deep-cover" if ENV["DEEP_COVER"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bwrap
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Samu Voutilainen
@@ -34,7 +34,7 @@ cert_chain:
   X4ioQwEn1/9tHs19VO1CLF58451HgEo1BXd7eWLmV1V5cqw0YWok1ly4L/Su/Phf
   MRxVMHiVAqY=
   -----END CERTIFICATE-----
-date: 2022-06-07 00:00:00.000000000 Z
+date: 2022-07-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -148,18 +148,18 @@ files:
 - lib/bwrap.rb
 - lib/bwrap/args/args.rb
 - lib/bwrap/args/bind.rb
+- lib/bwrap/args/bind/device.rb
 - lib/bwrap/args/bind/library.rb
 - lib/bwrap/args/bind/library/ruby_binds.rb
-- lib/bwrap/args/bind/mime.rb
 - lib/bwrap/args/construct.rb
 - lib/bwrap/args/environment.rb
 - lib/bwrap/args/features.rb
 - lib/bwrap/args/features/binds_base.rb
 - lib/bwrap/args/features/ruby_binds.rb
-- lib/bwrap/args/library.rb
 - lib/bwrap/args/machine_id.rb
 - lib/bwrap/args/mount.rb
 - lib/bwrap/args/network.rb
+- lib/bwrap/args/user.rb
 - lib/bwrap/bwrap.rb
 - lib/bwrap/bwrap_module.rb
 - lib/bwrap/config.rb
@@ -168,9 +168,11 @@ files:
 - lib/bwrap/config/features/ruby.rb
 - lib/bwrap/execution.rb
 - lib/bwrap/execution/exceptions.rb
+- lib/bwrap/execution/exec.rb
 - lib/bwrap/execution/execute.rb
 - lib/bwrap/execution/execution.rb
 - lib/bwrap/execution/labels.rb
+- lib/bwrap/execution/logging.rb
 - lib/bwrap/execution/path.rb
 - lib/bwrap/execution/popen2e.rb
 - lib/bwrap/output.rb
@@ -178,6 +180,10 @@ files:
 - lib/bwrap/output/levels.rb
 - lib/bwrap/output/log.rb
 - lib/bwrap/output/output_impl.rb
+- lib/bwrap/resolvers/executable.rb
+- lib/bwrap/resolvers/library.rb
+- lib/bwrap/resolvers/mime.rb
+- lib/bwrap/resolvers/resolvers.rb
 - lib/bwrap/version.rb
 homepage: https://git.sr.ht/~smar/ruby-bwrap
 licenses:

data/lib/bwrap/args/bind/mime.rb

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-
-require "bwrap/execution"
-require "bwrap/output"
-
-class Bwrap::Args::Bind
-  # Inner class to clean up namespace for implementation specific reasons.
-  #
-  # @api private
-  class Mime
-    include Bwrap::Execution
-    include Bwrap::Output
-
-    # Name given to {#initialize}.
-    attr_reader :executable_name
-
-    # Either path given to {#initialize} or one parsed from shebang.
-    attr_reader :executable_path
-
-    def initialize executable_name, executable_path
-      @executable_name = executable_name
-      @executable_path = executable_path
-    end
-
-    # Checks if target executable is a script, in which case executable
-    # is parsed from a shebang line, if found.
-    #
-    # @return false if caller should also return
-    def resolve_mime_type
-      mime_type = execvalue %W{ file --brief --mime-type #{@executable_path} }
-      debug "Mime type of #{@executable_path} is #{mime_type}"
-      return true unless mime_type[0..6] == "text/x-"
-
-      shebang = File.open @executable_path, &:readline
-      if shebang[0..1] != "#!"
-        warn "Executable #{@executable_name} was recognized as #{mime_type} but does not have " \
-             "proper shebang line. Skipping automatic library mounts."
-        return false
-      end
-
-      resolve_real_executable shebang
-
-      true
-    end
-
-    # Parses shebang line to find out path to actual executable
-    # used to run the script.
-    private def resolve_real_executable shebang
-      #trace "Figuring out correct executable from shebang #{shebang}"
-
-      command_line = shebang.delete_prefix("#!").strip
-      real_executable, args = command_line.split " ", 2
-
-      if [ "/usr/bin/env", "/bin/env" ].include? real_executable
-        # First argument is name of the executable, resolved from PATH.
-        executable_name = args.split(" ", 2).first
-        real_executable = which executable_name
-      end
-
-      debug "Parsed #{real_executable} from the script’s shebang. Using as executable."
-
-      @executable_path = real_executable
-    end
-  end
-end