Some invocations to external programs used exec.CombinedOutput, that
combines stdout and strerr into a single byte array. This can be an
issue if this output is parsed, as many programs print debug output or
warnings to stderr and that data is unexpected by the parsers. This
patch changes to using osutil.RunSplitOutput or osutil.RunCmd (that
return separately stdout and stderr) when we need to parse stdout, and
also in some other cases when printing separately both streams could
be helpful. Fixes LP #1885597.
Replace ioutil.WriteFile with os.WriteFile since the former has been
deprecated since go1.16 and simply calls the latter.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
Go 1.19 includes some changes to gofmt which intend to make lists and
heading clearer when rendered (https://go.dev/doc/go1.19). This commit
is the result of running the new gofmt and manually fixing some of it.
This was necessary because the new gofmt assumed lines beginning w/ tabs
to start lists or examples. While this is often true in our codebase,
we occasionally also use tabs to indent the lines after a TODO or FIXME
prefix or in yaml (e.g., excerpts of a snap.yaml). This meant that a lot of the
reformatted comments were broken and had to be fixed manually.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
This commit replaces the use of "sanity" with more inclusive
naming.
When `sanity` is used in a more general sense either `validity`
or `quick` is used.
Most of the handling is of xdg-open requests from the snaps id done by
xdg-desktop-protal now, the handler in userd remains a fallback for scenarios
where the desktop setup is incomplete. The code of io.snapcraft.OpenURL()
handler would only allow a handful of schemes to be passed to xdg-open on the
host side. However, updating the list of schemes manually has proven be to
unmaintainable, and got filled with various vendor specific entries.
In https://github.com/snapcore/snapd/pull/7731#issuecomment-585721100 an
approach was proposed to use xdg-query to find out whether there is handler for
given scheme on the host side, and if so allow the URL to be passed to xdg-open,
which is implemented in this patch.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
had to make the comment in wrappers/services_test.go a one-liner
otherwise half of it is lost
last set of files needing changing (as per current master)
The unit tests will fail right now on systems that do not have
systemd installed (like the trusty sbuild containers) because
`systemd --version` is called but not mocked.
This commit should fix this.
Some systems use /var/lib/snapd, make sure that relevant unit tests are passing
there too.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Add a new interface desktop-launch that allows shells to read .desktop files from /var/lib/snapd/desktop/applications/ and call io.snapcraft.PrivilegedDesktopLauncher.OpenDesktopEntry.
Add io.snapcraft.PrivilegedDesktopLauncher.OpenDesktopEntry support to userd that implements support for this on Classic systems.
The result is that a confined desktop shell can identify other snaps and launch them with (for example) the WAYLAND_DESKTOP environment variable needed for the client to connect to the correct desktop.
Follows on from:
Discussion at forum.snapcraft.io; and,
#7490 (rebased and updated)
* "shell-support" interface
* Spike OpenDesktopEntry method
* Add OpenDesktopEntryEnv to permit setting environment variables
* Switch to Desktop File IDs
* Extract desktopFileIdToFilename()
* Extract readExecCommandFromDesktopFile()
* Clearer use of whitespace
* More robust logic in readExecCommandFromDesktopFile()
* Document the processing of the exec command
* > Missing high-level test for interface 'shell-support'. Please add to:
> * tests/lib/snaps/test-snapd-policy-app-consumer/meta/snap.yaml
* Handle shell quoting in the exec command
* Drop the `OpenDesktopEntry()` method
* Better handling of exec variables
* deny-auto-connection: true
* Use the `MockConnectedPlug` and `MockConnectedSlot` helpers
* Use free functions
* Rename `shell-support` => `app-launch`
* Report error if desktop file not found
* Search all the paths that can be formed by the desktop ID
* We don't need github.com/google/shlex, we have github.com/snapcore/snapd/strutil/shlex
* Don't use error to indicate whether a desktop file is found
* Update comments referring to desktop-entry-spec-latest.html
* Don't ignore errors from os.Stat()
* Restrict the environment variables that may be set to those used to describe the shell to toolkits.
* Comment to explain the code
* Use dirs.SnapDesktopFilesDir, not a hard coded path
* First cut at some internal tests
* Test parsing of Exec command
* Use the shell to launch the app to avoid becoming a parent and/or leaving a zombie process
* Fix "usersession/userd/launcher.go:154:13: undefined: strings.ReplaceAll" in CI
* Drop implicitOnCore as it isn't supportable (yet)
* Remove "unknown field 'reservedForOS' in struct literal of type commonInterface"
* Rename `app-launch` => `desktop-launch`
* Renames to conform to convention
* Use a scanner instead of reading lines "by hand"
* Use the language better
* Update naming
* Use check.v1
* Less evil hack to avoid zombie processes
* Make interface superprivileged
* Add TestStaticInfo() to interface tests
* Reworked comments and added sanity for review
* Additional "hardening" suggested in review
* gofmt -s -w
* Add BaseDeclarationPlugs to desktopLaunchSuite.TestStaticInfo
* Document allowedEnvVars
* Update comment
* Document and correct check on desktop file & path
* gofmt
* Add test for foo-bar_foo-bar.desktop
* A comment to explain test strategy
* Check the desktopFile path all the way down from "/"
* Comment on the recursion in findDesktopFile
* Use err to indicate failure instead of null pointer to string
* Clearer table of test cases in TestParseExecCommandSucceedsWithValidEntry
* Extract verifyDesktopFileLocation() from readExecCommandFromDesktopFile()
* Tests for readExecCommandFromDesktopFile()
* First draft of TestOpenDesktopEntryEnvSucceedsWithGoodDesktopId
* Hack the production code to make the tests pass
* Test some error paths
* Use camelCase
* tests: add a basic spread test for the dbus-launch interface
* Update tests/main/interfaces-desktop-launch/test-app/bin/app.sh
Co-authored-by: James Henstridge <james@jamesh.id.au>
* Add access to /var/lib/snapd/desktop/icons
* Add RegularFileExists() to osutil
* We don't want /foo2 to be treated as under /foo
* Drop contentious checks
* Error out on unexpected exec variables
* Reword comment
* Update test Exec lines with exec variables we do support
* go fmt
* Comments adjusted to match code
* Use systemd-run to launch apps
* Don't pass environment
* Failed PrivilegedDesktopLauncher
* Make path match interface
* Update to reflect snapcore#9370
* Drop OpenDesktopEntry from io.snapcraft.Launcher
* Split out PrivilegedDesktopLauncher tests
* Use export_test.go to access internal functions
* Use dirs.SnapBinariesDir
* Fix and move repetitive test setup to SetUpTest()
* go fmt
* Support for %i
* Correct desktop-launch launcher.sh script
* Revert accidental move of fdToFilename from launcher.go
* userd: delete unused PrivilegedDesktopLauncher.OpenFile D-Bus method
* userd: clean up PrivilegedDesktopLauncher code based on review from @pedronis
* userd: simplify how the mock fileExists handler is injected for testing
* Don't try to pass environment in interfaces-desktop-launch
* Add "internal error: " to what is currently a logic error
* Use the new regularFileExists signature
* Use `--collect` with systemd-run
* unnecessary whitespace
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
* we should keep the error and include it in the message
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
* change to a TODO
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
* Remove spurious comma
* usersession/userd: only pass --collect if we have a new enough systemd
* u/userd: test error message from desktopFileIDToFilename
* usersession/userd: apply a regexp to validate desktop file IDs
* usersession/userd: update copyright notices
* usersession/userd: fix up some error assertions in tests, and catch some more invalid desktop file IDs
* usersession/userd: follow the XDG Base Dir spec in resolving desktop file IDs
* tests: ensure XDG_DATA_DIRS is set in spread test
* usersession/userd: don't reuse the object path of the existing launcher
interface for PrivilegedDesktopLauncher
This reinforces that the API is not in the same security domain as those
exported on /io/snapcraft/Launcher.
* usersession/userd: add a direct test for DesktopFileIDToFilename without mocked stat calls
* usersession/userd: add test demonstrating that launching non-snap desktop files fails
* usersession/userd: more fixups based on review comments
* usersession/userd: reject desktop files with multiple [Desktop Entry] sections
* Address latest review feedback
* Fix accidental paste.
* Update tests to match
* Update tests/main/interfaces-desktop-launch/task.yaml
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
* Update tests/main/interfaces-desktop-launch/task.yaml
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
Co-authored-by: James Henstridge <james@jamesh.id.au>
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
Previously bus names and interface names were conflated, which would
encourage anyone extending userd with new interfaces to also have it
acquire new bus names. That is not necessary or desirable.
