bwrap 1.1.1 → 1.3.1

data/lib/bwrap/resolvers/library/musl.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require_relative "base"
+
+# Used via {Bwrap::Resolvers::Library}.
+#
+# @api private
+class Bwrap::Resolvers::Library::Musl < Bwrap::Resolvers::Library::Base
+  # @param binary_paths [String, Array] one or more paths to be resolved
+  def needed_libraries binary_paths
+    trace "Finding musl libraries #{binary_paths} requires"
+    @needed_libraries = []
+
+    binary_paths = convert_binary_paths binary_paths
+
+    # Check if the exe is already resolved.
+    binary_paths.delete_if do |binary_path|
+      Bwrap::Resolvers::Library.needed_libraries_cache.include? binary_path
+    end
+
+    return [] if binary_paths.empty?
+
+    binary_paths.each do |binary_path|
+      output = execvalue %W{ ldd #{binary_path} }
+      lines = output.split "\n"
+      _interpreter_line = lines.shift
+
+      lines.each do |line|
+        parse_ldd_line line
+      end
+    end
+
+    @needed_libraries
+  end
+
+  # Used by {#musl_needed_libraries}.
+  private def parse_ldd_line line
+    line = line.strip
+    _library_name, library_data = line.split " => "
+
+    matches = library_data.match(/(.*) \(0x[0-9a-f]+\)/)
+    library_path = matches[1]
+
+    unless @needed_libraries.include? library_path
+      @needed_libraries << library_path
+    end
+
+    # Also check if requisite libraries needs some libraries.
+    inner = Bwrap::Resolvers::Library.new
+    @needed_libraries |= inner.musl_needed_libraries library_path
+
+    Bwrap::Resolvers::Library.needed_libraries_cache << library_path
+  end
+end

data/lib/bwrap/resolvers/library.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "resolvers"
+
+# Class to clean up namespace for implementation specific reasons.
+#
+# @api private
+class Bwrap::Resolvers::Library
+  # Declared here only for convenience.
+end
+
+require_relative "library/library"

data/lib/bwrap/resolvers/mime.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require "bwrap/execution"
+require "bwrap/output"
+require_relative "resolvers"
+
+# Finds out mime type of given executable.
+#
+# @api private
+class Bwrap::Resolvers::Mime
+  include Bwrap::Execution
+  include Bwrap::Execution::Path
+  include Bwrap::Output
+
+  # Name given to {#initialize}.
+  attr_reader :executable_name
+
+  # Either path given to {#initialize} or one parsed from shebang.
+  attr_reader :executable_path
+
+  # @return [String|nil] Resolved mime type of the executable
+  attr_reader :mime_type
+
+  def initialize executable_name, executable_path
+    @executable_name = executable_name
+    @executable_path = executable_path
+  end
+
+  # Checks if target executable is a script, in which case executable
+  # is parsed from a shebang line, if found.
+  def resolve_mime_type
+    @mime_type = execvalue %W{ file --brief --mime-type #{@executable_path} }
+    trace "Mime type of #{@executable_path} is #{@mime_type}"
+  end
+
+  # Checks if the executable is run using another executable,
+  # using a shebang.
+  #
+  # For example, if the executable is a bash script, returns `true`.
+  def interpreter?
+    return false unless @mime_type[0..6] == "text/x-"
+
+    @shebang_line = File.open @executable_path, &:readline
+    if @shebang_line[0..1] != "#!"
+      return false
+    end
+
+    true
+  end
+
+  # Parses shebang line to find out path to actual executable
+  # used to run the script.
+  #
+  # TODO: Handle this is better way.
+  def resolve_real_executable
+    # Following sets @shebang_line.
+    interpreter? if @shebang_line.nil?
+
+    shebang = @shebang_line
+    #trace "Figuring out correct executable from shebang #{shebang}"
+
+    command_line = shebang.delete_prefix("#!").strip
+    real_executable, args = command_line.split " ", 2
+
+    if [ "/usr/bin/env", "/bin/env" ].include? real_executable
+      # First argument is name of the executable, resolved from PATH.
+      executable_name = args.split(" ", 2).first
+      real_executable = which executable_name
+    end
+
+    debug "Parsed #{real_executable} from the script’s shebang. Using as executable."
+
+    real_executable
+  end
+end

data/lib/bwrap/resolvers/resolvers.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require "bwrap/bwrap_module"
+
+# Classes that allows resolution of executable dependencies, for example.
+module Bwrap::Resolvers
+end

data/lib/bwrap/version.rb

@@ -2,7 +2,7 @@
 
 module Bwrap
   # Current version of bwrap.
-  VERSION = "1.1.1"
+  VERSION = "1.3.1"
 end
 
 require "deep-cover" if ENV["DEEP_COVER"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bwrap
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.3.1
 platform: ruby
 authors:
 - Samu Voutilainen
@@ -10,8 +10,8 @@ bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIEJDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNid3Jh
-  cC9EQz1zbWFyL0RDPWZpMB4XDTIxMTAyMDA0NTkwOVoXDTIyMTAyMDA0NTkwOVow
+  MIID8DCCAligAwIBAgIBAjANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNid3Jh
+  cC9EQz1zbWFyL0RDPWZpMB4XDTIzMDEwNjA2NTUyNFoXDTI0MDEwNjA2NTUyNFow
   HjEcMBoGA1UEAwwTYndyYXAvREM9c21hci9EQz1maTCCAaIwDQYJKoZIhvcNAQEB
   BQADggGPADCCAYoCggGBAKUQ5wFdLLIejwiCNeGMlbApquoC0jT59H+d6zOLWxYd
   RRdum9G1lxFFFolEsFj5RSplg/SlhAhYRMUjDHiSk/usxVcOt28h4sdiFTbi1zKA
@@ -21,20 +21,19 @@ cert_chain:
   NqpsI0mQejnq+QdiNz9gAWObO+UhrOv5S7E0NYQTaf1e3G56kCmIG9p0pFXjWNPx
   DhL6YDoizVSQKTllYWbDhBx0+D+sevtmKAy0vHDAY33teAQYOxgeE/iXqvvROPU7
   HNOAqNazQHwPsTepLT9Dc/5bVbazL1MNNiWh5ZYjmJnlGSttHhM/xsZZkckJ20oh
-  0iJSyUprpR2epHP8832n6wIDAQABo20wazAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE
-  sDAdBgNVHQ4EFgQUywyVCkA/Pr5zdaaMvAVlHKSXeJkwGAYDVR0RBBEwD4ENYndy
-  YXBAc21hci5maTAYBgNVHRIEETAPgQ1id3JhcEBzbWFyLmZpMA0GCSqGSIb3DQEB
-  CwUAA4IBgQB6mMDP9dY/aJZhNgZMx2d18nPLuKzTUieWJv13uPDileUbN0/nr+w4
-  dFDOTa/yjcp0mWQLF1mP/f3T8cwExlZzffftjX7dDZQJNWx3OCUHyS3GRowAE61F
-  dIWRUjd3RBfZEVrx/xY1OVp5T+N8Qn6g84Xp2OxO8GR95YlFX4WKun8f6kDEjfVi
-  m+Kso0RI4aJ93vOlm56mteupRLPyrA7dIcXG1qsglckNk3NnNvtAPSC7ncI43N3x
-  NZXFxgnAa3HZcJPhaPWpViVvrSdIYAa8ZLhvfIaDml3RE320+MenIWIqnpuwiFCg
-  jpHgtXCEQSwZTEkKj7NoUBkDjVOKnF6CB9nR4l564+BRWvtN0RJBKMmBIx3LP9vm
-  BwxPnxDROuNLx3wckCTGRH61p/K84L6Y2VEC6X+A2ztKVIjv+qRgH6NdhGFOf8US
-  X4ioQwEn1/9tHs19VO1CLF58451HgEo1BXd7eWLmV1V5cqw0YWok1ly4L/Su/Phf
-  MRxVMHiVAqY=
+  0iJSyUprpR2epHP8832n6wIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE
+  sDAdBgNVHQ4EFgQUywyVCkA/Pr5zdaaMvAVlHKSXeJkwDQYJKoZIhvcNAQELBQAD
+  ggGBAGmSe4zkcmNd3JfmTA9CDpBu3j6qiPnbk2x8vTjDQAyAGRjX8Depzz39jUbF
+  cmmL/J5XqqkZaYy7X+w2nWVYk8BwmAP3ft6L6qO0rmZhOtfsyTzf0fI1zY20Y98W
+  uoDoS2cL6fIJ8Gv6B4tXCSZO1cQOHMAhzAeRGbfn0InbDtalfVbYFmnmo9PqJz4C
+  kRUFHNCTRt+YAneAZ2gAU4r89EuNheyyEmPonWHjCwPIGKS/rsChFWIU22wrZkGd
+  aWT3as+jC2gDiQTw82JalFWsqK9p9UxsRt1lkV4mb5NSDcKl7ApI1TAW2EANeLOx
+  PWJbiDgQIrErC5lDu25gzWF+g5sYc7uaMcKxS8BqAggMWuW/lUcNX8e+4WdDAPgO
+  tDIK8ZQo4kVJE9EQTA4LsP4TMNDn18vBr0aIY92p+uq31rocusojfAszU50DSw3M
+  7a31nUjVeQjpooaUQi6ECFr+Neidh3jhzreVfXqjxMkPOYLlCAmd9E1izCTRIgLS
+  cAzqsw==
   -----END CERTIFICATE-----
-date: 2022-06-07 00:00:00.000000000 Z
+date: 2023-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -148,29 +147,33 @@ files:
 - lib/bwrap.rb
 - lib/bwrap/args/args.rb
 - lib/bwrap/args/bind.rb
+- lib/bwrap/args/bind/device.rb
 - lib/bwrap/args/bind/library.rb
 - lib/bwrap/args/bind/library/ruby_binds.rb
-- lib/bwrap/args/bind/mime.rb
 - lib/bwrap/args/construct.rb
 - lib/bwrap/args/environment.rb
 - lib/bwrap/args/features.rb
 - lib/bwrap/args/features/binds_base.rb
 - lib/bwrap/args/features/ruby_binds.rb
-- lib/bwrap/args/library.rb
 - lib/bwrap/args/machine_id.rb
 - lib/bwrap/args/mount.rb
+- lib/bwrap/args/namespace.rb
 - lib/bwrap/args/network.rb
+- lib/bwrap/args/user.rb
 - lib/bwrap/bwrap.rb
 - lib/bwrap/bwrap_module.rb
 - lib/bwrap/config.rb
 - lib/bwrap/config/features.rb
 - lib/bwrap/config/features/base.rb
 - lib/bwrap/config/features/ruby.rb
+- lib/bwrap/exceptions.rb
 - lib/bwrap/execution.rb
 - lib/bwrap/execution/exceptions.rb
+- lib/bwrap/execution/exec.rb
 - lib/bwrap/execution/execute.rb
 - lib/bwrap/execution/execution.rb
 - lib/bwrap/execution/labels.rb
+- lib/bwrap/execution/logging.rb
 - lib/bwrap/execution/path.rb
 - lib/bwrap/execution/popen2e.rb
 - lib/bwrap/output.rb
@@ -178,6 +181,14 @@ files:
 - lib/bwrap/output/levels.rb
 - lib/bwrap/output/log.rb
 - lib/bwrap/output/output_impl.rb
+- lib/bwrap/resolvers/executable.rb
+- lib/bwrap/resolvers/library.rb
+- lib/bwrap/resolvers/library/base.rb
+- lib/bwrap/resolvers/library/library.rb
+- lib/bwrap/resolvers/library/llvm_readelf.rb
+- lib/bwrap/resolvers/library/musl.rb
+- lib/bwrap/resolvers/mime.rb
+- lib/bwrap/resolvers/resolvers.rb
 - lib/bwrap/version.rb
 homepage: https://git.sr.ht/~smar/ruby-bwrap
 licenses:

data/lib/bwrap/args/bind/mime.rb

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-
-require "bwrap/execution"
-require "bwrap/output"
-
-class Bwrap::Args::Bind
-  # Inner class to clean up namespace for implementation specific reasons.
-  #
-  # @api private
-  class Mime
-    include Bwrap::Execution
-    include Bwrap::Output
-
-    # Name given to {#initialize}.
-    attr_reader :executable_name
-
-    # Either path given to {#initialize} or one parsed from shebang.
-    attr_reader :executable_path
-
-    def initialize executable_name, executable_path
-      @executable_name = executable_name
-      @executable_path = executable_path
-    end
-
-    # Checks if target executable is a script, in which case executable
-    # is parsed from a shebang line, if found.
-    #
-    # @return false if caller should also return
-    def resolve_mime_type
-      mime_type = execvalue %W{ file --brief --mime-type #{@executable_path} }
-      debug "Mime type of #{@executable_path} is #{mime_type}"
-      return true unless mime_type[0..6] == "text/x-"
-
-      shebang = File.open @executable_path, &:readline
-      if shebang[0..1] != "#!"
-        warn "Executable #{@executable_name} was recognized as #{mime_type} but does not have " \
-             "proper shebang line. Skipping automatic library mounts."
-        return false
-      end
-
-      resolve_real_executable shebang
-
-      true
-    end
-
-    # Parses shebang line to find out path to actual executable
-    # used to run the script.
-    private def resolve_real_executable shebang
-      #trace "Figuring out correct executable from shebang #{shebang}"
-
-      command_line = shebang.delete_prefix("#!").strip
-      real_executable, args = command_line.split " ", 2
-
-      if [ "/usr/bin/env", "/bin/env" ].include? real_executable
-        # First argument is name of the executable, resolved from PATH.
-        executable_name = args.split(" ", 2).first
-        real_executable = which executable_name
-      end
-
-      debug "Parsed #{real_executable} from the script’s shebang. Using as executable."
-
-      @executable_path = real_executable
-    end
-  end
-end

data/lib/bwrap/args/library.rb

@@ -1,135 +0,0 @@
-# frozen_string_literal: true
-
-require "bwrap/execution"
-require "bwrap/output"
-require_relative "args"
-
-# Class to clean up namespace for implementation specific reasons.
-#
-# @api private
-class Bwrap::Args::Library
-  include Bwrap::Execution
-  include Bwrap::Output
-
-  # NOTE: This caching can be made more efficient, but need to look at it later, what to do about it.
-  @@needed_libraries_cache ||= []
-
-  # Empties {@@needed_libraries_cache}.
-  def self.clear_needed_libraries_cache
-    @@needed_libraries_cache.clear
-  end
-
-  # Otherwise similar to {#needed_libraries}, but checks used libc to handle musl executables.
-  #
-  # @param executable [String] Path to the executable to find dependencies for
-  def libraries_needed_by executable
-    # %i == interpreter, the library used to load the executable by kernel.
-    # %F == Path to given file.
-    output_format = "%i::SEPARATOR::%F"
-    scanelf_command = %W{ scanelf --nobanner --quiet --format #{output_format} }
-    scanelf_command << executable
-
-    data = execvalue scanelf_command
-    data = data.strip
-    interpreter, _executable_path = data.split "::SEPARATOR::"
-    interpreter = Pathname.new interpreter
-
-    if interpreter.basename.to_s[0..6] == "ld-musl"
-      musl_needed_libraries executable
-    else
-      # For glibc, scanelf can return full paths for us most of time.
-      needed_libraries executable
-    end
-  end
-
-  # @param binary_paths [String, Array] one or more paths to be resolved
-  #
-  # @todo Maybe caching should be done here too?
-  def musl_needed_libraries binary_paths
-    trace "Finding musl libraries #{binary_paths} requires"
-    @needed_libraries = []
-
-    if binary_paths.is_a? String
-      binary_paths = [ binary_paths ]
-    end
-
-    binary_paths.each do |binary_path|
-      output = execvalue %W{ ldd #{binary_path} }
-      lines = output.split "\n"
-      _interpreter_line = lines.shift
-
-      lines.each do |line|
-        parse_ldd_line line
-      end
-    end
-
-    @needed_libraries
-  end
-
-  # @param binary_paths [String, Array] one or more paths to be resolved
-  def needed_libraries binary_paths
-    trace "Finding libraries #{binary_paths} requires"
-    @needed_libraries = []
-
-    # %i == interpreter, the library used to load the executable by kernel.
-    output_format = "%F::SEPARATOR::%n"
-    scanelf_command = %W{ scanelf --nobanner --quiet --format #{output_format} --ldcache --needed }
-
-    if binary_paths.is_a? String
-      binary_paths = [ binary_paths ]
-    end
-
-    # Check if the exe is already resolved.
-    binary_paths.delete_if do |binary_path|
-      @@needed_libraries_cache.include? binary_path
-    end
-
-    return [] if binary_paths.empty?
-
-    data = execvalue(scanelf_command + binary_paths)
-    trace "scanelf found following libraries: #{data}"
-
-    lines = data.split "\n"
-    lines.each do |line|
-      parse_scanelf_line line
-    end
-
-    @needed_libraries
-  end
-
-  # Used by {#needed_libraries}.
-  private def parse_scanelf_line line
-    binary_path, libraries_line = line.split "::SEPARATOR::"
-    libraries = libraries_line.split ","
-
-    (@needed_libraries & libraries).each do |library|
-      debug "Binding #{library} as dependency of #{binary_path}"
-    end
-
-    @needed_libraries |= libraries
-
-    # Also check if requisite libraries needs some libraries.
-    inner = Bwrap::Args::Library.new
-    @needed_libraries |= inner.needed_libraries libraries
-
-    @@needed_libraries_cache |= libraries
-  end
-
-  # Used by {#musl_needed_libraries}.
-  private def parse_ldd_line line
-    line = line.strip
-    _library_name, library_data = line.split " => "
-
-    matches = library_data.match(/(.*) \(0x[0-9a-f]+\)/)
-    library_path = matches[1]
-
-    unless @needed_libraries.include? library_path
-      @needed_libraries << library_path
-    end
-
-    # Also check if requisite libraries needs some libraries.
-    inner = Bwrap::Args::Library.new
-    @needed_libraries |= inner.musl_needed_libraries library_path
-  end
-end
-# class Library ended