From patchwork Thu Jan 6 22:48:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josselin Poiret X-Patchwork-Id: 36058 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 57A0027BBEA; Thu, 6 Jan 2022 22:50:50 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B927827BBE9 for ; Thu, 6 Jan 2022 22:50:49 +0000 (GMT) Received: from localhost ([::1]:48142 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n5baq-0002Nu-V8 for patchwork@mira.cbaines.net; Thu, 06 Jan 2022 17:50:48 -0500 Received: from eggs.gnu.org ([209.51.188.92]:57564) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n5bZA-0007QZ-Cu for guix-patches@gnu.org; Thu, 06 Jan 2022 17:49:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:49727) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n5bZA-00074p-2e for guix-patches@gnu.org; Thu, 06 Jan 2022 17:49:04 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n5bZA-00005U-1a for guix-patches@gnu.org; Thu, 06 Jan 2022 17:49:04 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53063] [PATCH wip-harden-installer 05/14] installer: Capture external commands output. Resent-From: Josselin Poiret Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 06 Jan 2022 22:49:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53063 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 53063@debbugs.gnu.org Cc: Josselin Poiret Received: via spool by 53063-submit@debbugs.gnu.org id=B53063.164150932232656 (code B ref 53063); Thu, 06 Jan 2022 22:49:04 +0000 Received: (at 53063) by debbugs.gnu.org; 6 Jan 2022 22:48:42 +0000 Received: from localhost ([127.0.0.1]:42602 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n5bYn-0008Uc-UC for submit@debbugs.gnu.org; Thu, 06 Jan 2022 17:48:42 -0500 Received: from jpoiret.xyz ([206.189.101.64]:36022) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n5bYj-0008TD-5q for 53063@debbugs.gnu.org; Thu, 06 Jan 2022 17:48:37 -0500 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id A8FB4184F83; Thu, 6 Jan 2022 22:48:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1641509316; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uTGdC2EX6qw+BliWL5OQ5r7Y5jqJ4OPjiOZeVXaXzjc=; b=CTqliVjCk5mRJCGt0tACz3ml1iGyd+Yvd4TvHmvAmRDMgwAQnoZPFIiub0l3SPexWybovf DG4G8sa4/uCz5mYribNR1idNIsF0rClrjf7l0YHKiB0pGGQswS42BgvQ9MCESOq0r0l64g qnkywArWmRPujL+vZUeXHObREoipIafYmufhHubdq+28I6o+xDD5SwhLdKq1FBHk9fCY56 7dltw44zspe7smJiHrYKj7VV7yxgPvi4NDpiTW8QLXkvV62V4aAS6M94oNLRT3DbbTXaqi 7N9CVNnBoU60Y455tSYt8bM1wgPxAdUU5/4KzJ4JG19UvAkTwVR/aQc3SeMYZQ== Date: Thu, 6 Jan 2022 23:48:03 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Spamd-Bar: / Authentication-Results: jpoiret.xyz; auth=pass smtp.auth=jpoiret@jpoiret.xyz smtp.mailfrom=dev@jpoiret.xyz X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" Reply-to: Josselin Poiret X-ACL-Warn: , Josselin Poiret via Guix-patches X-Patchwork-Original-From: Josselin Poiret via Guix-patches via From: Josselin Poiret X-getmail-retrieved-from-mailbox: Patches * gnu/installer/utils.scm (close-fdes-ignore-badf, reset-fds, run-external-command-with-handler, run-external-command-with-line-hooks): New variables. (run-command): Use run-external-command-with-line-hooks. --- gnu/installer/utils.scm | 154 ++++++++++++++++++++++++++++++++++------ 1 file changed, 134 insertions(+), 20 deletions(-) diff --git a/gnu/installer/utils.scm b/gnu/installer/utils.scm index 1bff1e1229..878434f074 100644 --- a/gnu/installer/utils.scm +++ b/gnu/installer/utils.scm @@ -25,7 +25,9 @@ (define-module (gnu installer utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-34) + #:use-module (ice-9 control) #:use-module (ice-9 match) + #:use-module (ice-9 popen) #:use-module (ice-9 rdelim) #:use-module (ice-9 regex) #:use-module (ice-9 format) @@ -78,37 +80,149 @@ (define (read-percentage percentage) (and result (string->number (match:substring result 1))))) +;; This is needed because there are two close procedures in Guile: +;; * close, which relocates ports that were using the fd to use a +;; newly dup'd fd; +;; * vanilla close-fdes, which does not ignore EBADF, making it +;; impossible to use it to close all ports. +(define (close-fdes-ignore-badf fd) + (let/ec escape + (with-exception-handler + (lambda (exn) + (if (eq? (exception-kind exn) 'system-error) + (let ((args (exception-args exn))) + (if (eq? (car (car (cdr (cdr (cdr args))))) + 9) ;; EBADF + (escape) + (raise-exception exn))) + (raise-exception exn))) + (lambda () + (close-fdes fd))))) + +(define (reset-fds in out err) + "Resets the stdin, stdout and stderr to IN, OUT and ERR +respectively, while closing all other open file descriptors." + ;; getrlimit is undocumented, but defined in + ;; libguile/posix.c. + (define maxfds (getrlimit 'nofile)) + (let loop ((fd 0)) + (and (< fd maxfds) + (begin (unless (or (eq? in fd) + (eq? out fd) + (eq? err fd)) + (close-fdes-ignore-badf fd)) + (loop (+ fd 1))))) + (define (next-available fd) + (and (< fd maxfds) + (if (or (eq? in fd) + (eq? out fd) + (eq? err fd)) + (next-available (+ fd 1)) + fd))) + (define dupin (next-available 3)) + (define dupout (next-available (+ dupin 1))) + (define duperr (next-available (+ dupout 1))) + (dup2 in dupin) + (dup2 out dupout) + (dup2 err duperr) + (for-each close-fdes-ignore-badf (list in out err)) + (dup2 dupin 0) + (dup2 dupout 1) + (dup2 duperr 2) + (for-each close-fdes (list dupin dupout duperr)) + (set-current-input-port (fdes->inport 0)) + (set-current-output-port (fdes->outport 1)) + (set-current-error-port (fdes->outport 2))) + +(define* (run-external-command-with-handler handler command) + "Run command specified by the list COMMAND in a child with output handler +HANDLER. HANDLER is a procedure taking an input port, to which the command +will write its standard output and error. Returns the integer status value of +the child process as returned by waitpid." + (match-let (((input . output) (pipe))) + (match (primitive-fork) + (0 ;; We're in the child + (close-port input) + (reset-fds + (open-fdes "/dev/null" O_WRONLY) + ;; Avoid port GC'ing closing the fd by increasing its revealed count. + (port->fdes output) + (fileno output)) + (with-exception-handler + (lambda (exn) + ((@@ (ice-9 exceptions) format-exception) (current-error-port) + exn) + (primitive-_exit 1)) + (lambda () + (apply execlp (car command) command) + (primitive-_exit 1)))) + (pid + (close-port output) + (handler input) + (close-port input) + (cdr (waitpid pid)))))) + +(define (run-external-command-with-line-hooks line-hooks command) + "Run command specified by ARGS in a child, processing each output line with +the procedures in LINE-HOOKS. Returns the integer status value of +the child process as returned by waitpid." + (define (handler input) + (and (and=> (get-line input) + (lambda (line) + (if (eof-object? line) + #f + (begin (for-each (lambda (f) (f line)) + (append line-hooks + %default-installer-line-hooks)) + #t)))) + (handler input))) + (run-external-command-with-handler handler command)) + (define* (run-command command) "Run COMMAND, a list of strings. Return true if COMMAND exited successfully, #f otherwise." - (define env (environ)) - (define (pause) (format #t (G_ "Press Enter to continue.~%")) (send-to-clients '(pause)) - (environ env) ;restore environment variables (match (select (cons (current-input-port) (current-clients)) '() '()) (((port _ ...) _ _) (read-line port)))) - (setenv "PATH" "/run/current-system/profile/bin") - - (guard (c ((invoke-error? c) - (newline) - (format (current-error-port) - (G_ "Command failed with exit code ~a.~%") - (invoke-error-exit-status c)) - (installer-log-line "command ~s failed with exit code ~a" - command (invoke-error-exit-status c)) - (pause) - #f)) - (installer-log-line "running command ~s" command) - (apply invoke command) - (installer-log-line "command ~s succeeded" command) - (newline) - (pause) - #t)) + (installer-log-line "running command ~s" command) + (define result (run-external-command-with-line-hooks + (list %display-line-hook) + command)) + (define exit-val (status:exit-val result)) + (define term-sig (status:term-sig result)) + (define stop-sig (status:stop-sig result)) + (define succeeded? + (cond + ((and exit-val (not (zero? exit-val))) + (installer-log-line "command ~s exited with value ~a" + command exit-val) + (format #t (G_ "Command ~s exited with value ~a") + command exit-val) + #f) + (term-sig + (installer-log-line "command ~s killed by signal ~a" + command term-sig) + (format #t (G_ "Command ~s killed by signal ~a") + command term-sig) + #f) + (stop-sig + (installer-log-line "command ~s stopped by signal ~a" + command stop-sig) + (format #t (G_ "Command ~s stopped by signal ~a") + command stop-sig) + #f) + (else + (installer-log-line "command ~s succeeded" command) + (format #t (G_ "Command ~s succeeded") command) + #t))) + (newline) + (pause) + succeeded?) ;;;