bwrap 1.1.1 → 1.3.1

data/lib/bwrap/execution/execution.rb

@@ -3,7 +3,9 @@
 require "bwrap/version"
 require "bwrap/output"
 require_relative "exceptions"
+require_relative "exec"
 require_relative "execute"
+require_relative "logging"
 require_relative "path"
 require_relative "popen2e"
 
@@ -36,68 +38,88 @@ module Bwrap::Execution
   #
   # fail == If true, an error is raised in case the command returns failure code.
   #
-  # @param error if :show, warn()s output of the command is shown if execution failed.
+  # @option kwargs [Boolean]
+  #   clear_env      (false)
+  #   If true, executed command will run with no environment variables
+  # @option kwargs [Bwrap::Config|nil]
+  #   config         (nil)
+  #   Configuration used to launch the command inside bubblewrap
+  # @option kwargs [Boolean]
+  #   direct_output  (false)
+  #   Instead of buffering output, it will be directly outputted to `$stdout`
+  # @option kwargs [Hash<String, String>]
+  #   env            ({})
+  #   Environment variables to add to the command. Also see `clear_env` option
+  # @option kwargs [:show|nil]
+  #   error          (nil)
+  #   if :show and execution failed, prints output of the command with {#warn}
+  # @option kwargs [Boolean]
+  #   fail           (true)
+  #   If true, {ExecutionFailed} is raised if process did not finish successfully
+  # @option kwargs [Boolean]
+  #   log            (true)
+  #   If true, prints output if verbose flag has been set.
+  #   And if a log file has been configured, also logs to that file
+  # @option kwargs [Integer]
+  #   log_callback   (1)
+  #   Semi-internal variable used to tailor caller in debug messages
+  # @option kwargs [Array|Symbol|nil]
+  #   rootcmd        (nil)
+  #   Flags used to construct bubblewrap environment
+  # @option kwargs [Boolean]
+  #   wait           (true)
+  #   If true, this method blocks until the command has finished.
+  #   Otherwise returns immediately. It is possible for user to
+  #   call `Process.wait` to wait for result at suitable place
+  #
+  # TODO: log kwarg could take log level as argument. Like :trace.
   #
   # @see #execute
-  def self.do_execute command,
-                      fail: true,
-                      wait: true,
-                      log: true,
-                      direct_output: false,
-                      env: {},
-                      clear_env: false,
-                      error: nil,
-                      log_callback: 2,
-                      rootcmd: nil
-    command = Execute.format_command command, rootcmd: rootcmd
-    Execute.handle_logging command, log_callback: log_callback, log: log, dry_run: @dry_run
-    return if @dry_run || Bwrap::Execution::Execute.dry_run
+  def self.do_execute command, **kwargs
+    executor = Exec.new command
+    executor.dry_run = @dry_run
 
-    Execute.open_pipes direct_output
+    executor.clear_env      = kwargs.key?(:clear_env)     ? kwargs.delete(:clear_env)     : false
+    executor.config         = kwargs.key?(:config)        ? kwargs.delete(:config)        : nil
+    executor.direct_output  = kwargs.key?(:direct_output) ? kwargs.delete(:direct_output) : false
+    executor.env            = kwargs.key?(:env)           ? kwargs.delete(:env)           : {}
+    executor.error          = kwargs.key?(:error)         ? kwargs.delete(:error)         : nil
+    executor.fail           = kwargs.key?(:fail)          ? kwargs.delete(:fail)          : true
+    executor.log            = kwargs.key?(:log)           ? kwargs.delete(:log)           : true
+    executor.log_callback   = kwargs.key?(:log_callback)  ? kwargs.delete(:log_callback)  : 1
+    executor.rootcmd        = kwargs.key?(:rootcmd)       ? kwargs.delete(:rootcmd)       : nil
+    executor.wait           = kwargs.key?(:wait)          ? kwargs.delete(:wait)          : true
 
-    # If command is an array, there can’t be arrays inside the array.
-    # For convenience, the array is flattened here, so callers can construct commands more easily.
-    if command.respond_to? :flatten!
-      command.flatten!
+    unless kwargs.empty?
+      raise ArgumentError, %{unknown keywords: #{kwargs.keys.join ","}}
     end
 
-    # If command is string, splat operator (the *) does not do anything. If array, it expand the arguments.
-    # This causes spawning work correctly, as that’s how spawn() expects to have the arguments.
-    pid = spawn(env, *command, err: [ :child, :out ], out: Execute.w, unsetenv_others: clear_env)
-    output = Execute.finish_execution(log: log, wait: wait, direct_output: direct_output)
-    return pid unless wait
-
-    # This is instant return, but allows us to have $?/$CHILD_STATUS set.
-    Process.wait pid
-    @last_status = $CHILD_STATUS
-
-    output = Execute.process_output output: output
-    Execute.handle_execution_fail fail: fail, error: error, output: output, command: command
-    output
+    executor.execute
   ensure
-    Execute.clean_variables
+    @last_status = executor.last_status if executor&.last_status
   end
 
-  # Works similarly to {Open3.popen2e}.
-  #
-  # TODO: If there will be any difference to input syntax, document those differences here.
-  # For now, rootcmd option has been implemented.
+  # Works similarly to Ruby’s official `Open3.popen2e`.
   #
-  # A block is accepted, as does {Open3.popen2e}. For now, at least.
-  #
-  # TODO: Implement this so that this uses same execution things as other things here.
-  # This way bwrap actually can be integrated to this...
+  # A block is accepted, as does `Open3.popen2e`. For now, at least.
   #
   # TODO: Verify default log_callback is correct
   #
   # @warning Only array style commands are accepted. For example, `ls /`
-  # is not ok, but `ls` or `%w{ ls / }` is ok.
-  def popen2e *cmd, rootcmd: nil, log_callback: 1, log: true, &block
-    popen = Bwrap::Execution::Popen2e.new
-    popen.dry_run = @dry_run
-    popen.popen2e(*cmd, rootcmd: rootcmd, log_callback: log_callback, log: log, &block)
+  #   is not ok, but `ls` or `%w{ ls / }` is ok.
+  #
+  # @param config [Bwrap::Config] Configuration used to launch the executable inside bubblewrap
+  # @param rootcmd [Array|Symbol|nil] A strange way to use bwrap. Probably no sense to use this
+  # @param log [Boolean]
+  #   If true, prints output if verbose flag has been set.
+  #   And if a log file has been configured, also logs to that file
+  # @option log_callback [Integer] Semi-internal variable used to tailor caller in debug messages
+  def popen2e *cmd, rootcmd: nil, config: nil, log_callback: 2, log: true, &block
+    popen = Bwrap::Execution::Popen2e.new rootcmd: rootcmd, config: config
+    popen.dry_run = @dry_run # TODO: Add a test that tests that this works as it works with execute().
+    popen.popen2e(*cmd, log_callback: log_callback, log: log, &block)
   ensure
-    @last_status = $CHILD_STATUS
+    @last_status = popen&.child_status
   end
   module_function :popen2e
 
@@ -115,13 +137,18 @@ module Bwrap::Execution
   # execute commands.
   #
   # @see .do_execute .do_execute for documentation of argument syntax
+  #
+  # TODO Default log_callback should be 2 or something, and callers should add one for each subsequent method.
   private def execute *args, **kwargs
     # Mangle proper location to error message.
     if kwargs.is_a? Hash
-      kwargs[:log_callback] = 3
+      kwargs[:log_callback] ||= 1
     else
-      kwargs = { log_callback: 3 }
+      kwargs = { log_callback: 1 }
     end
+    # Add 1 to log callback so execution is shown to be from caller.
+    kwargs[:log_callback] += 1
+
     Bwrap::Execution.do_execute(*args, **kwargs)
   end
 
@@ -162,7 +189,7 @@ module Bwrap::Execution
       Bundler.with_unbundled_env do
         yield 2
       end
-    elsif Bundler&.bundler_major_version == 1
+    elsif (Bundler&.bundler_major_version) == 1
       Bundler.with_clean_env do
         yield 1
       end

data/lib/bwrap/execution/logging.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: false
+
+# force_encoding modifies string, so can’t freeze strings.
+
+require "bwrap/output"
+require_relative "execute"
+
+# Logging utilities for execution.
+class Bwrap::Execution::Logging
+  # Formats given command for logging, depending on dry-run flag.
+  def self.handle_logging command, log_callback:, log:, dry_run:
+    log_callback += 1 # This is another method in the chain, so need to add one.
+
+    # The debug message contents will always be evaluated, so can just do it like this.
+    log_command = calculate_log_command command
+
+    if dry_run || Bwrap::Execution::Execute.dry_run
+      puts "Would execute “#{log_command.force_encoding("UTF-8")}” at #{caller_locations(log_callback, 1)[0]}"
+      return
+    end
+
+    return unless log
+
+    msg = "Executing “#{log_command.force_encoding("UTF-8")}” at #{caller_locations(log_callback, 1)[0]}"
+    Bwrap::Output.debug_output msg
+  end
+
+  private_class_method def self.calculate_log_command command
+    return command.dup unless command.respond_to?(:join)
+
+    temp = command.dup
+
+    # NOTE: These are not exactly safe, but this is only a debugging aid anyway.
+    temp.map! do |argument|
+      if argument.empty?
+        # If empty value, insert it to quotes so pasting to cli is safer.
+        argument = %{'#{argument}'}
+      elsif argument.include? " "
+        # Wrap multi word arguments to quotes, for convenience.
+        escaped = argument.gsub '"', '\"'
+        argument = %{"#{escaped}"}
+      end
+      argument
+    end
+
+    temp.join(" ")
+  end
+end
+

data/lib/bwrap/execution/popen2e.rb

@@ -1,26 +1,83 @@
 # frozen_string_literal: true
 
-# @see {Bwrap::Execution.popen2e}
+require "bwrap"
+require "bwrap/output"
+require_relative "logging"
+
+# @see Bwrap::Execution.popen2e
 class Bwrap::Execution::Popen2e
+  include Bwrap::Output
+
   attr_writer :dry_run
 
-  # @see {Bwrap::Execution.popen2e}
-  # TODO: Add a test for this (does Ruby have anything I could use here?).
+  # @param rootcmd [Array|Symbol] Flags used to construct bubblewrap environment
+  # @param config [Bwrap::Config] Configuration used to launch the command inside bubblewrap
+  def initialize rootcmd: nil, config: nil
+    self.rootcmd = rootcmd
+    self.config = config
+  end
+
+  # @param value [Bwrap::Config] Configuration used to launch the command inside bubblewrap
+  def config= value
+    @config = value
+
+    return unless @config and @rootcmd
+
+    error "Only either rootcmd or config object can be given to popen2e. " \
+          "Please set rootcmd to nil if wanting to use config object."
+  end
+
+  # Can be used to implement kind of tag based bubblewrap command things.
+  # This system is not well documented, and originally done for purposes
+  # of the code where this gem was splitted from.
+  #
+  # Probably using {#config=} instead makes more sense.
+  #
+  # @param value [Array|Symbol] Flags used to construct bubblewrap environment
+  def rootcmd= value
+    @rootcmd = value
+
+    return unless @config and @rootcmd
+
+    error "Only either rootcmd or config object can be given to popen2e. " \
+          "Please set config to nil if wanting to use rootcmd flags."
+  end
+
+  # @see Bwrap::Execution.popen2e
   #
-  # @note Also options accepted by {Open3.popen2e} are accepted
+  # @note Also options accepted by upstream’s `Open3.popen2e` are accepted
   #   here, in addition to those specified here.
-  def popen2e *cmd, rootcmd: nil, log_callback: 1, log: true, &block
-    @rootcmd = rootcmd
-    @log_callback = log_callback + 1 # Passing to another method, so need to add one more.
-    @log = log
+  #
+  # @option kwargs [Boolean]
+  #   log            (true)
+  #   If true, prints output if verbose flag has been set.
+  #   And if a log file has been configured, also logs to that file
+  # @option kwargs [Integer]
+  #   log_callback   (3)
+  #   Semi-internal variable used to tailor caller in debug messages
+  #
+  # @yieldreturn In case a block is given, its return value is also returned by popen2e
+  # @return [Array<(IO, IO, Thread)>] Write and read `IO` and a wait thread
+  def popen2e *cmd, **kwargs, &block
+    @log            = kwargs.key?(:log)           ? kwargs.delete(:log)           : true
+    @log_callback   = kwargs.key?(:log_callback)  ? kwargs.delete(:log_callback)  : 1
+
+    @log_callback += 1 # Passing to another method, so need to add one more.
+
     self.opts_from_input = cmd
+    if kwargs
+      @opts ||= {}
+      @opts.merge! kwargs
+    end
 
     resolve_actual_command cmd
 
-    return if @dry_run || Bwrap::Execution::Execute.dry_run
+    return if dry_run?
 
     open_pipes
-    popen_run(@actual_command, [ @in_read, @out_write ], [ @in_write, @out_read ], &block)
+    child_io = [ @in_read, @out_write ]
+    parent_io = [ @in_write, @out_read ]
+    popen_run(@actual_command, child_io, parent_io, &block)
   ensure
     if block
       @in_read.close
@@ -30,6 +87,13 @@ class Bwrap::Execution::Popen2e
     end
   end
 
+  # Only contains `Process::Status` if no block has been passed to {#popen2e}.
+  #
+  # @return [Process::Status|nil] Exit status of the process
+  def child_status
+    @child_status
+  end
+
   # Sets @opts from `cmd` given to {#popen2e}, if any extra options have been given.
   private def opts_from_input= cmd
     @opts = cmd.last.is_a?(Hash) && cmd.pop.dup || {}
@@ -54,8 +118,11 @@ class Bwrap::Execution::Popen2e
     # Delete option hash.
     option_hash = temp_cmd.pop if temp_cmd.last.is_a? Hash
 
-    temp_cmd = Bwrap::Execution::Execute.format_command temp_cmd, rootcmd: @rootcmd
-    Bwrap::Execution::Execute.handle_logging temp_cmd, log_callback: @log_callback, log: @log, dry_run: @dry_run
+    temp_cmd = Bwrap::Execution::Execute.format_command temp_cmd, rootcmd: @rootcmd, config: @config
+    Bwrap::Execution::Logging.handle_logging temp_cmd,
+                                             log_callback: @log_callback,
+                                             log: @log,
+                                             dry_run: @dry_run
 
     temp_cmd.unshift env_hash if env_hash
     temp_cmd.push option_hash if option_hash
@@ -79,9 +146,14 @@ class Bwrap::Execution::Popen2e
       ensure
         parent_io.each(&:close)
         wait_thr.join
+        @child_status = wait_thr.value # Process::Status
       end
     end
 
     result
   end
+
+  private def dry_run?
+    @dry_run || Bwrap::Execution::Execute.dry_run
+  end
 end

data/lib/bwrap/execution.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require_relative "exceptions"
 require_relative "bwrap_module"
 
 # Declare Execution module here so Bwrap::Execution module is

data/lib/bwrap/resolvers/executable.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require_relative "resolvers"
+
+# Resolves for example symlinks and such stuff.
+#
+# @api private
+class Bwrap::Resolvers::Executable
+  # May be either relative or absolute path. If relative, the path may be invalid.
+  #
+  # @return [Pathname|nil] The executable, without arguments
+  attr_reader :executable
+
+  # If the executable is a symlink, contains each resolved symlink
+  # and the real target. Otherwise only contains the executable.
+  #
+  # @return [Hash<Pathname, :path|:symlink>|nil] Resolved paths to the command
+  attr_reader :executable_paths
+
+  # @param command [Array|String|nil] The command given to {Bwrap#run}.
+  def initialize command = nil
+    self.command = command if command
+  end
+
+  # The command given to {Bwrap#run}.
+  #
+  # @see Bwrap::Args::Construct#command=
+  def command= value
+    self.executable = executable_from_command value
+    @raw_command = value
+  end
+
+  # Resolves given executable and sets relevant data.
+  def executable= value
+    @executable = Pathname.new value
+
+    @executable_paths = { @executable => :path }
+
+    return unless @executable.symlink?
+
+    temp = @executable
+    while temp.symlink?
+      temp = temp.readlink
+      @executable_paths[temp] = :symlink
+    end
+  end
+
+  # Returns true if executable name parsed from command is absolute
+  # path, and not only the executable name.
+  #
+  # @return [Bool] true if path full path, false if it is only executable name
+  def absolute_path?
+    return false unless @executable
+
+    @executable.absolute?
+  end
+
+  private def executable_from_command command
+    if command.is_a? String
+      return command
+    end
+
+    # Array-like.
+    if command.respond_to? :at
+      return command.at(0)
+    end
+
+    raise "Can’t recognize type of given command. Type: #{command.class}"
+  end
+end

data/lib/bwrap/resolvers/library/base.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "bwrap/execution"
+require "bwrap/output"
+require_relative "../library"
+
+# Base definitions for library resolver subclasses.
+class Bwrap::Resolvers::Library::Base
+  include Bwrap::Execution
+  include Bwrap::Output
+
+  private def convert_binary_paths binary_paths
+    case binary_paths
+    when String
+      [ binary_paths ]
+    when Pathname
+      [ binary_paths.to_s ]
+    else
+      binary_paths
+    end
+  end
+end

data/lib/bwrap/resolvers/library/library.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require "bwrap/execution"
+require "bwrap/output"
+require_relative "llvm_readelf"
+require_relative "musl"
+require_relative "../resolvers"
+
+# See ../library.rb for class documentation.
+class Bwrap::Resolvers::Library
+  include Bwrap::Execution
+  include Bwrap::Output
+
+  # NOTE: This caching can be made more efficient, but need to look at it later, what to do about it.
+  @@needed_libraries_cache ||= []
+
+  # Empties `@@needed_libraries_cache`.
+  def self.clear_needed_libraries_cache
+    @@needed_libraries_cache.clear
+  end
+
+  class << self
+    def needed_libraries_cache
+      @@needed_libraries_cache
+    end
+  end
+
+  # Otherwise similar to {#needed_libraries}, but checks used libc to handle musl executables.
+  #
+  # @param executable [String] Path to the executable to find dependencies for
+  # @return [Array] Libraries the executable needs, if any
+  def libraries_needed_by executable
+    trace "Finding libraries needed by #{executable}"
+
+    # %i == interpreter, the library used to load the executable by kernel.
+    # %F == Path to given file.
+    output_format = "%i::SEPARATOR::%F"
+    scanelf_command = %W{ scanelf --nobanner --quiet --format #{output_format} }
+    scanelf_command << executable
+
+    data = execvalue scanelf_command
+
+    # If data is empty, target probably is a script of some sort.
+    if data.empty?
+      return []
+    end
+
+    data = data.strip
+    interpreter, _executable_path = data.split "::SEPARATOR::"
+    interpreter = Pathname.new interpreter
+
+    if interpreter.basename.to_s[0..6] == "ld-musl"
+      trace "Resolved to musl interpreter: #{interpreter}"
+      musl_needed_libraries executable
+    else
+      trace "Defaulting to glibc interpreter: #{interpreter}"
+      # For glibc, scanelf can return full paths for us most of time.
+      needed_libraries executable
+    end
+  end
+
+  # @param binary_paths [String, Array] one or more paths to be resolved
+  def musl_needed_libraries binary_paths
+    musl = Musl.new
+    @needed_libraries = musl.needed_libraries binary_paths
+  end
+
+  # @param binary_paths [String, Array] one or more paths to be resolved
+  def needed_libraries binary_paths
+    llvm_readelf = LLVMReadelf.new
+    @needed_libraries = llvm_readelf.needed_libraries binary_paths
+  end
+end
+# class Library ended

data/lib/bwrap/resolvers/library/llvm_readelf.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require_relative "base"
+
+# Used via {Bwrap::Resolvers::Library}.
+#
+# @api private
+class Bwrap::Resolvers::Library::LLVMReadelf < Bwrap::Resolvers::Library::Base
+  # Resolve dependents using llvm-readelf.
+  #
+  # @param binary_paths [String, Array] one or more paths to be resolved
+  def needed_libraries binary_paths
+    raise ArgumentError, "binary_paths is nil, expected an Array" if binary_paths.nil?
+
+    trace "Finding libraries #{binary_paths} requires"
+    @needed_libraries = []
+
+    llvm_readelf_command = %w{ llvm-readelf --needed-libs }
+
+    binary_paths = convert_binary_paths binary_paths
+
+    # Check if the exe is already resolved.
+    binary_paths.delete_if do |binary_path|
+      Bwrap::Resolvers::Library.needed_libraries_cache.include? binary_path
+    end
+
+    return [] if binary_paths.empty?
+
+    data = execvalue(llvm_readelf_command + binary_paths)
+    parse_llvm_readelf_output binary_paths, data
+
+    @needed_libraries
+  end
+
+  # Parses output returned by llvm-readelf --needed-libraries
+  #
+  # Sets libraries to @needed_libraries variable.
+  private def parse_llvm_readelf_output binary_paths, data
+    iter = data.split("\n").each
+    source_binary = binary_paths.first
+    begin
+      while (line = iter.next)
+        source_binary = line[6..-1].strip if line[0..5] == "File: "
+        next unless line[0..16] == "NeededLibraries ["
+
+        while (library = iter.next)
+          library = library.strip
+          # End of library list for current NeededLibraries block.
+          break if library == "]"
+
+          library = convert_to_full_path source_binary, library
+
+          add_library_to_needed_libraries library
+        end
+      end
+    rescue StopIteration
+      # End of the iteration.
+    end
+  end
+
+  # NOTE: Maybe this could be in general file here, if needed elsewhere also?
+  #   This also applies to some other methods here.
+  #
+  # Finds where given library would be loaded from.
+  #
+  # source_binary is used to to if it has RPATH set as third possibility.
+  # TODO: Implement above.
+  #
+  # @param source_binary [String] Executable or library which is loading the binary
+  private def convert_to_full_path source_binary, library
+    # TODO: Somewhere put a cleanup for this variable, so this is erased
+    #  before application is run. That will save at least 200 kB of memory.
+    @@ld_so_cache ||= File.read("/etc/ld.so.cache", mode: "rb")
+
+    path_regex = %r{[\w\-/. ]{3,}}
+
+    check_next = false
+    @@ld_so_cache.scan(path_regex).each do |match|
+      if check_next
+        # TODO: Any sense checking for executable bit?
+        return match if File.exist? match
+
+        check_next = false
+      end
+
+      check_next = true if match == library
+    end
+
+    warn "Failed to resolve full path of library #{library}, needed by #{source_binary}."
+    library
+  end
+
+  # @param library [Array] library to add.
+  private def add_library_to_needed_libraries library
+    raise ArgumentError, "library is nil, expected a String" if library.nil?
+
+    return if @needed_libraries.include? library
+
+    # Probably no sense to log these unless tracing,
+    # as dependencies should work most of time.
+    #
+    # It also outputs tons of output for more complex programs.
+    trace "Binding #{library}"
+
+    @needed_libraries << library
+
+    # Also check if requisite libraries needs some libraries.
+    inner = Bwrap::Resolvers::Library.new
+    @needed_libraries |= inner.needed_libraries library
+
+    Bwrap::Resolvers::Library.needed_libraries_cache << library
+  end
+
+  # @param libraries [Array] libraries to add.
+  private def add_libraries_to_needed_libraries libraries
+    # Add to needed libraries if not already added.
+    (@needed_libraries & libraries).each do |library|
+      # Probably no sense to log these unless tracing,
+      # as dependencies should work most of time.
+      #
+      # It also outputs tons of output for more complex programs.
+      trace "Binding #{library}"
+    end
+
+    @needed_libraries |= libraries
+
+    # Also check if requisite libraries needs some libraries.
+    inner = Bwrap::Resolvers::Library.new
+    @needed_libraries |= inner.needed_libraries libraries
+
+    Bwrap::Resolvers::Library.needed_libraries_cache |= libraries
+  end
+end