mixlib-shellout 3.2.7-x64-mingw-ucrt

data/lib/mixlib/shellout/unix.rb

@@ -0,0 +1,420 @@
+#
+# Author:: Daniel DeLeo (<dan@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Mixlib
+  class ShellOut
+    module Unix
+
+      # "1.8.7" as a frozen string. We use this with a hack that disables GC to
+      # avoid segfaults on Ruby 1.8.7, so we need to allocate the fewest
+      # objects we possibly can.
+      ONE_DOT_EIGHT_DOT_SEVEN = "1.8.7".freeze
+
+      # Option validation that is unix specific
+      def validate_options(opts)
+        if opts[:elevated]
+          raise InvalidCommandOption, "Option `elevated` is supported for Powershell commands only"
+        end
+      end
+
+      # Whether we're simulating a login shell
+      def using_login?
+        login && user
+      end
+
+      # Helper method for sgids
+      def all_seconderies
+        ret = []
+        Etc.endgrent
+        while ( g = Etc.getgrent )
+          ret << g
+        end
+        Etc.endgrent
+        ret
+      end
+
+      # The secondary groups that the subprocess will switch to.
+      # Currently valid only if login is used, and is set
+      # to the user's secondary groups
+      def sgids
+        return nil unless using_login?
+
+        user_name = Etc.getpwuid(uid).name
+        all_seconderies.select { |g| g.mem.include?(user_name) }.map(&:gid)
+      end
+
+      # The environment variables that are deduced from simulating logon
+      # Only valid if login is used
+      def logon_environment
+        return {} unless using_login?
+
+        entry = Etc.getpwuid(uid)
+        # According to `man su`, the set fields are:
+        #  $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS
+        # Values are copied from "shadow" package in Ubuntu 14.10
+        { "HOME" => entry.dir, "SHELL" => entry.shell, "USER" => entry.name, "LOGNAME" => entry.name, "PATH" => "/sbin:/bin:/usr/sbin:/usr/bin", "IFS" => "\t\n" }
+      end
+
+      # Merges the two environments for the process
+      def process_environment
+        logon_environment.merge(environment)
+      end
+
+      # Run the command, writing the command's standard out and standard error
+      # to +stdout+ and +stderr+, and saving its exit status object to +status+
+      # === Returns
+      # returns   +self+; +stdout+, +stderr+, +status+, and +exitstatus+ will be
+      # populated with results of the command.
+      # === Raises
+      # * Errno::EACCES  when you are not privileged to execute the command
+      # * Errno::ENOENT  when the command is not available on the system (or not
+      #   in the current $PATH)
+      # * Chef::Exceptions::CommandTimeout  when the command does not complete
+      #   within +timeout+ seconds (default: 600s). When this happens, ShellOut
+      #   will send a TERM and then KILL to the entire process group to ensure
+      #   that any grandchild processes are terminated. If the invocation of
+      #   the child process spawned multiple child processes (which commonly
+      #   happens if the command is passed as a single string to be interpreted
+      #   by bin/sh, and bin/sh is not bash), the exit status object may not
+      #   contain the correct exit code of the process (of course there is no
+      #   exit code if the command is killed by SIGKILL, also).
+      def run_command
+        @child_pid = fork_subprocess
+        @reaped = false
+
+        configure_parent_process_file_descriptors
+
+        # Ruby 1.8.7 and 1.8.6 from mid 2009 try to allocate objects during GC
+        # when calling IO.select and IO#read. Disabling GC works around the
+        # segfault, but obviously it's a bad workaround. We no longer support
+        # 1.8.6 so we only need this hack for 1.8.7.
+        GC.disable if RUBY_VERSION == ONE_DOT_EIGHT_DOT_SEVEN
+
+        # CHEF-3390: Marshall.load on Ruby < 1.8.7p369 also has a GC bug related
+        # to Marshall.load, so try disabling GC first.
+        propagate_pre_exec_failure
+
+        @status = nil
+        @result = nil
+        @execution_time = 0
+
+        write_to_child_stdin
+
+        until @status
+          ready_buffers = attempt_buffer_read
+          unless ready_buffers
+            @execution_time += READ_WAIT_TIME
+            if @execution_time >= timeout && !@result
+              # kill the bad proccess
+              reap_errant_child
+              # read anything it wrote when we killed it
+              attempt_buffer_read
+              # raise
+              raise CommandTimeout, "Command timed out after #{@execution_time.to_i}s:\n#{format_for_exception}"
+            end
+          end
+
+          attempt_reap
+        end
+
+        self
+      rescue Errno::ENOENT
+        # When ENOENT happens, we can be reasonably sure that the child process
+        # is going to exit quickly, so we use the blocking variant of waitpid2
+        reap
+        raise
+      ensure
+        reap_errant_child if should_reap?
+        # make one more pass to get the last of the output after the
+        # child process dies
+        attempt_buffer_read
+        # no matter what happens, turn the GC back on, and hope whatever busted
+        # version of ruby we're on doesn't allocate some objects during the next
+        # GC run.
+        GC.enable
+        close_all_pipes
+      end
+
+      private
+
+      def set_user
+        if user
+          Process.uid = uid
+          Process.euid = uid
+        end
+      end
+
+      def set_group
+        if group
+          Process.egid = gid
+          Process.gid = gid
+        end
+      end
+
+      def set_secondarygroups
+        if sgids
+          Process.groups = sgids
+        end
+      end
+
+      def set_environment
+        # user-set variables should override the login ones
+        process_environment.each do |env_var, value|
+          ENV[env_var] = value
+        end
+      end
+
+      def set_umask
+        File.umask(umask) if umask
+      end
+
+      def set_cwd
+        Dir.chdir(cwd) if cwd
+      end
+
+      # Since we call setsid the child_pgid will be the child_pid, set to negative here
+      # so it can be directly used in arguments to kill, wait, etc.
+      def child_pgid
+        -@child_pid
+      end
+
+      def initialize_ipc
+        @stdin_pipe, @stdout_pipe, @stderr_pipe, @process_status_pipe = IO.pipe, IO.pipe, IO.pipe, IO.pipe
+        @process_status_pipe.last.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+      end
+
+      def child_stdin
+        @stdin_pipe[1]
+      end
+
+      def child_stdout
+        @stdout_pipe[0]
+      end
+
+      def child_stderr
+        @stderr_pipe[0]
+      end
+
+      def child_process_status
+        @process_status_pipe[0]
+      end
+
+      def close_all_pipes
+        child_stdin.close   unless child_stdin.closed?
+        child_stdout.close  unless child_stdout.closed?
+        child_stderr.close  unless child_stderr.closed?
+        child_process_status.close unless child_process_status.closed?
+      end
+
+      # Replace stdout, and stderr with pipes to the parent, and close the
+      # reader side of the error marshaling side channel.
+      #
+      # If there is no input, close STDIN so when we exec,
+      # the new program will know it's never getting input ever.
+      def configure_subprocess_file_descriptors
+        process_status_pipe.first.close
+
+        # HACK: for some reason, just STDIN.close isn't good enough when running
+        # under ruby 1.9.2, so make it good enough:
+        stdin_pipe.last.close
+        STDIN.reopen stdin_pipe.first
+        stdin_pipe.first.close unless input
+
+        stdout_pipe.first.close
+        STDOUT.reopen stdout_pipe.last
+        stdout_pipe.last.close
+
+        stderr_pipe.first.close
+        STDERR.reopen stderr_pipe.last
+        stderr_pipe.last.close
+
+        STDOUT.sync = STDERR.sync = true
+        STDIN.sync = true if input
+      end
+
+      def configure_parent_process_file_descriptors
+        # Close the sides of the pipes we don't care about
+        stdin_pipe.first.close
+        stdin_pipe.last.close unless input
+        stdout_pipe.last.close
+        stderr_pipe.last.close
+        process_status_pipe.last.close
+        # Get output as it happens rather than buffered
+        child_stdin.sync = true if input
+        child_stdout.sync = true
+        child_stderr.sync = true
+
+        true
+      end
+
+      # Some patch levels of ruby in wide use (in particular the ruby 1.8.6 on OSX)
+      # segfault when you IO.select a pipe that's reached eof. Weak sauce.
+      def open_pipes
+        @open_pipes ||= [child_stdout, child_stderr, child_process_status]
+      end
+
+      # Keep this unbuffered for now
+      def write_to_child_stdin
+        return unless input
+
+        child_stdin << input
+        child_stdin.close # Kick things off
+      end
+
+      def attempt_buffer_read
+        ready = IO.select(open_pipes, nil, nil, READ_WAIT_TIME)
+        if ready
+          read_stdout_to_buffer if ready.first.include?(child_stdout)
+          read_stderr_to_buffer if ready.first.include?(child_stderr)
+          read_process_status_to_buffer if ready.first.include?(child_process_status)
+        end
+        ready
+      end
+
+      def read_stdout_to_buffer
+        while ( chunk = child_stdout.read_nonblock(READ_SIZE) )
+          @stdout << chunk
+          @live_stdout << chunk if @live_stdout
+        end
+      rescue Errno::EAGAIN
+      rescue EOFError
+        open_pipes.delete(child_stdout)
+      end
+
+      def read_stderr_to_buffer
+        while ( chunk = child_stderr.read_nonblock(READ_SIZE) )
+          @stderr << chunk
+          @live_stderr << chunk if @live_stderr
+        end
+      rescue Errno::EAGAIN
+      rescue EOFError
+        open_pipes.delete(child_stderr)
+      end
+
+      def read_process_status_to_buffer
+        while ( chunk = child_process_status.read_nonblock(READ_SIZE) )
+          @process_status << chunk
+        end
+      rescue Errno::EAGAIN
+      rescue EOFError
+        open_pipes.delete(child_process_status)
+      end
+
+      def fork_subprocess
+        initialize_ipc
+
+        fork do
+          # Child processes may themselves fork off children. A common case
+          # is when the command is given as a single string (instead of
+          # command name plus Array of arguments) and /bin/sh does not
+          # support the "ONESHOT" optimization (where sh -c does exec without
+          # forking). To support cleaning up all the children, we need to
+          # ensure they're in a unique process group.
+          #
+          # We use setsid here to abandon our controlling tty and get a new session
+          # and process group that are set to the pid of the child process.
+          Process.setsid
+
+          configure_subprocess_file_descriptors
+
+          set_secondarygroups
+          set_group
+          set_user
+          set_environment
+          set_umask
+          set_cwd
+
+          begin
+            command.is_a?(Array) ? exec(*command, close_others: true) : exec(command, close_others: true)
+
+            raise "forty-two" # Should never get here
+          rescue Exception => e
+            Marshal.dump(e, process_status_pipe.last)
+            process_status_pipe.last.flush
+          end
+          process_status_pipe.last.close unless process_status_pipe.last.closed?
+          exit!
+        end
+      end
+
+      # Attempt to get a Marshaled error from the side-channel.
+      # If it's there, un-marshal it and raise. If it's not there,
+      # assume everything went well.
+      def propagate_pre_exec_failure
+        attempt_buffer_read until child_process_status.eof?
+        e = Marshal.load(@process_status)
+        raise(Exception === e ? e : "unknown failure: #{e.inspect}")
+      rescue ArgumentError # If we get an ArgumentError error, then the exec was successful
+        true
+      ensure
+        child_process_status.close
+        open_pipes.delete(child_process_status)
+      end
+
+      def reap_errant_child
+        return if attempt_reap
+
+        @terminate_reason = "Command exceeded allowed execution time, process terminated"
+        logger&.error("Command exceeded allowed execution time, sending TERM")
+        Process.kill(:TERM, child_pgid)
+        sleep 3
+        attempt_reap
+        logger&.error("Command exceeded allowed execution time, sending KILL")
+        Process.kill(:KILL, child_pgid)
+        reap
+
+        # Should not hit this but it's possible if something is calling waitall
+        # in a separate thread.
+      rescue Errno::ESRCH
+        nil
+      end
+
+      def should_reap?
+        # if we fail to fork, no child pid so nothing to reap
+        @child_pid && !@reaped
+      end
+
+      # Unconditionally reap the child process. This is used in scenarios where
+      # we can be confident the child will exit quickly, and has not spawned
+      # and grandchild processes.
+      def reap
+        results = Process.waitpid2(@child_pid)
+        @reaped = true
+        @status = results.last
+      rescue Errno::ECHILD
+        # When cleaning up timed-out processes, we might send SIGKILL to the
+        # whole process group after we've cleaned up the direct child. In that
+        # case the grandchildren will have been adopted by init so we can't
+        # reap them even if we wanted to (we don't).
+        nil
+      end
+
+      # Try to reap the child process but don't block if it isn't dead yet.
+      def attempt_reap
+        results = Process.waitpid2(@child_pid, Process::WNOHANG)
+        if results
+          @reaped = true
+          @status = results.last
+        else
+          nil
+        end
+      end
+
+    end
+  end
+end

data/lib/mixlib/shellout/version.rb

@@ -0,0 +1,5 @@
+module Mixlib
+  class ShellOut
+    VERSION = "3.2.7".freeze
+  end
+end