From d1a344b41d208cd6a5f56307f417739c71d2c9f5 Mon Sep 17 00:00:00 2001 From: Drew Tada Date: Mon, 5 Feb 2024 11:13:14 -0500 Subject: [PATCH 1/5] verbosity toggle added when starting a script --- kinode/packages/terminal/terminal/src/lib.rs | 36 ++++++++++++++------ 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/kinode/packages/terminal/terminal/src/lib.rs b/kinode/packages/terminal/terminal/src/lib.rs index 31ddb0fc..38c51c81 100644 --- a/kinode/packages/terminal/terminal/src/lib.rs +++ b/kinode/packages/terminal/terminal/src/lib.rs @@ -2,8 +2,8 @@ use anyhow::anyhow; use kinode_process_lib::kernel_types as kt; use kinode_process_lib::kinode::process::standard as wit; use kinode_process_lib::{ - get_blob, get_capability, get_typed_state, our_capabilities, println, set_state, vfs, Address, - Capability, PackageId, ProcessId, Request, + get_blob, get_capability, get_typed_state, our_capabilities, print_to_terminal, println, + set_state, vfs, Address, Capability, PackageId, ProcessId, Request, }; use regex::Regex; use serde::{Deserialize, Serialize}; @@ -273,6 +273,29 @@ fn handle_run( } } } + if entry.root { + for cap in our_capabilities() { + initial_capabilities.insert(kt::de_wit_capability(cap.clone())); + } + } + print_to_terminal( + 1, + &format!( + "{}: Process {{\n wasm_bytes_handle: {},\n wit_version: {},\n on_exit: {:?},\n public: {}\n capabilities: {}\n}}", + parsed_new_process_id.clone(), + wasm_path.clone(), + "None", + kt::OnExit::None, + entry.public, + { + let mut caps_string = "[".to_string(); + for cap in initial_capabilities.iter() { + caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params); + } + caps_string + "\n ]" + }, + ), + ); Request::new() .target(("our", "kernel", "distro", "sys")) .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { @@ -280,14 +303,7 @@ fn handle_run( wasm_bytes_handle: wasm_path, wit_version: None, on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities - initial_capabilities: if entry.root { - our_capabilities() - .iter() - .map(|wit: &kinode_process_lib::Capability| kt::de_wit_capability(wit.clone())) - .collect() - } else { - initial_capabilities - }, + initial_capabilities, public: entry.public, })?) .inherit(true) From 7bb14129aff2ca0b8a1d9cf81a6f28fcc20d3551 Mon Sep 17 00:00:00 2001 From: Drew Tada Date: Mon, 5 Feb 2024 20:56:27 -0500 Subject: [PATCH 2/5] m is public --- kinode/packages/terminal/pkg/scripts.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kinode/packages/terminal/pkg/scripts.json b/kinode/packages/terminal/pkg/scripts.json index 77f18429..d555c90c 100644 --- a/kinode/packages/terminal/pkg/scripts.json +++ b/kinode/packages/terminal/pkg/scripts.json @@ -52,7 +52,7 @@ }, "m.wasm": { "root": true, - "public": false, + "public": true, "request_networking": true } } \ No newline at end of file From 5b9d9a85f30c21c755fe360640f6165668a830df Mon Sep 17 00:00:00 2001 From: Drew Tada Date: Mon, 5 Feb 2024 21:18:34 -0500 Subject: [PATCH 3/5] Granting Requested caps for scripts --- kinode/packages/terminal/terminal/src/lib.rs | 76 ++++++++++---------- 1 file changed, 40 insertions(+), 36 deletions(-) diff --git a/kinode/packages/terminal/terminal/src/lib.rs b/kinode/packages/terminal/terminal/src/lib.rs index 38c51c81..8c0133dc 100644 --- a/kinode/packages/terminal/terminal/src/lib.rs +++ b/kinode/packages/terminal/terminal/src/lib.rs @@ -2,8 +2,8 @@ use anyhow::anyhow; use kinode_process_lib::kernel_types as kt; use kinode_process_lib::kinode::process::standard as wit; use kinode_process_lib::{ - get_blob, get_capability, get_typed_state, our_capabilities, print_to_terminal, println, - set_state, vfs, Address, Capability, PackageId, ProcessId, Request, + get_blob, get_typed_state, our_capabilities, print_to_terminal, println, set_state, vfs, + Address, Capability, PackageId, ProcessId, Request, }; use regex::Regex; use serde::{Deserialize, Serialize}; @@ -224,19 +224,36 @@ fn handle_run( action: vfs::VfsAction::Read, })?) .send_and_await_response(5)??; + if entry.root { + for cap in our_capabilities() { + initial_capabilities.insert(kt::de_wit_capability(cap.clone())); + } + } + Request::new() + .target(("our", "kernel", "distro", "sys")) + .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { + id: parsed_new_process_id.clone(), + wasm_bytes_handle: wasm_path.clone(), + wit_version: None, + on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities + initial_capabilities: initial_capabilities.clone(), + public: entry.public, + })?) + .inherit(true) + .send_and_await_response(5)??; + let mut requested_caps: Vec = vec![]; if let Some(to_request) = &entry.request_capabilities { for value in to_request { - let mut capability = None; match value { serde_json::Value::String(process_name) => { if let Ok(parsed_process_id) = process_name.parse::() { - capability = get_capability( - &Address { + requested_caps.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - "\"messaging\"".into(), - ); + params: "\"messaging\"".into(), + }); } } serde_json::Value::Object(map) => { @@ -247,13 +264,13 @@ fn handle_run( .parse::() { if let Some(params) = map.get("params") { - capability = get_capability( - &Address { + requested_caps.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - ¶ms.to_string(), - ); + params: params.to_string(), + }); } } } @@ -262,20 +279,6 @@ fn handle_run( continue; } } - if let Some(cap) = capability { - initial_capabilities.insert(kt::de_wit_capability(cap)); - } else { - println!( - "runner: no cap: {}, for {} to request!", - value.to_string(), - package - ); - } - } - } - if entry.root { - for cap in our_capabilities() { - initial_capabilities.insert(kt::de_wit_capability(cap.clone())); } } print_to_terminal( @@ -292,22 +295,23 @@ fn handle_run( for cap in initial_capabilities.iter() { caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params); } + for cap in requested_caps.iter() { + caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params); + } caps_string + "\n ]" }, ), ); - Request::new() + let _ = Request::new() .target(("our", "kernel", "distro", "sys")) - .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { - id: parsed_new_process_id.clone(), - wasm_bytes_handle: wasm_path, - wit_version: None, - on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities - initial_capabilities, - public: entry.public, - })?) - .inherit(true) - .send_and_await_response(5)??; + .body( + serde_json::to_vec(&kt::KernelCommand::GrantCapabilities { + target: parsed_new_process_id.clone(), + capabilities: requested_caps, + }) + .unwrap(), + ) + .send()?; if let Some(to_grant) = &entry.grant_capabilities { for value in to_grant { match value { From e33a5a8b35039b10a4a9be0ca45cf2880bbd9540 Mon Sep 17 00:00:00 2001 From: Drew Tada Date: Mon, 5 Feb 2024 22:00:54 -0500 Subject: [PATCH 4/5] GrantCaps used over initial_caps --- .../packages/app_store/app_store/src/lib.rs | 72 +++++++++++-------- kinode/packages/terminal/terminal/src/lib.rs | 28 ++++---- 2 files changed, 53 insertions(+), 47 deletions(-) diff --git a/kinode/packages/app_store/app_store/src/lib.rs b/kinode/packages/app_store/app_store/src/lib.rs index 9738e548..e3ce9d68 100644 --- a/kinode/packages/app_store/app_store/src/lib.rs +++ b/kinode/packages/app_store/app_store/src/lib.rs @@ -473,13 +473,6 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> { format!("/{}", entry.process_wasm_path) }; let wasm_path = format!("{}{}", drive_path, wasm_path); - // build initial caps - let mut initial_capabilities: HashSet = HashSet::new(); - if entry.request_networking { - initial_capabilities.insert(kt::de_wit_capability(networking_cap.clone())); - } - initial_capabilities.insert(kt::de_wit_capability(read_cap.clone())); - initial_capabilities.insert(kt::de_wit_capability(write_cap.clone())); let process_id = format!("{}:{}", entry.process_name, package); let Ok(parsed_new_process_id) = process_id.parse::() else { return Err(anyhow::anyhow!("app store: invalid process id!")); @@ -499,17 +492,37 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> { action: vfs::VfsAction::Read, })?) .send_and_await_response(5)??; + + Request::new() + .target(("our", "kernel", "distro", "sys")) + .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { + id: parsed_new_process_id.clone(), + wasm_bytes_handle: wasm_path, + wit_version: None, + on_exit: entry.on_exit.clone(), + initial_capabilities: HashSet::new(), + public: entry.public, + })?) + .inherit(true) + .send_and_await_response(5)??; + // build initial caps + let mut requested_capabilities: Vec = vec![]; for value in &entry.request_capabilities { - let mut capability = None; match value { serde_json::Value::String(process_name) => { if let Ok(parsed_process_id) = process_name.parse::() { - capability = get_capability( - &Address { + requested_capabilities.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - "\"messaging\"".into(), + params: "\"messaging\"".into(), + }); + } else { + println!( + "app-store: invalid cap: {} for {} to request!", + value.to_string(), + package ); } } @@ -521,12 +534,18 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> { .parse::() { if let Some(params) = map.get("params") { - capability = get_capability( - &Address { + requested_capabilities.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - ¶ms.to_string(), + params: params.to_string(), + }); + } else { + println!( + "app-store: invalid cap: {} for {} to request!", + value.to_string(), + package ); } } @@ -536,27 +555,18 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> { continue; } } - if let Some(cap) = capability { - initial_capabilities.insert(kt::de_wit_capability(cap)); - } else { - println!( - "app-store: no cap: {} for {} to request!", - value.to_string(), - package - ); - } } + if entry.request_networking { + requested_capabilities.push(kt::de_wit_capability(networking_cap.clone())); + } + requested_capabilities.push(kt::de_wit_capability(read_cap.clone())); + requested_capabilities.push(kt::de_wit_capability(write_cap.clone())); Request::new() .target(("our", "kernel", "distro", "sys")) - .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { - id: parsed_new_process_id.clone(), - wasm_bytes_handle: wasm_path, - wit_version: None, - on_exit: entry.on_exit.clone(), - initial_capabilities, - public: entry.public, + .body(serde_json::to_vec(&kt::KernelCommand::GrantCapabilities { + target: parsed_new_process_id.clone(), + capabilities: requested_capabilities, })?) - .inherit(true) .send_and_await_response(5)??; } // THEN, *after* all processes have been initialized, grant caps in manifest diff --git a/kinode/packages/terminal/terminal/src/lib.rs b/kinode/packages/terminal/terminal/src/lib.rs index 8c0133dc..ed3e8039 100644 --- a/kinode/packages/terminal/terminal/src/lib.rs +++ b/kinode/packages/terminal/terminal/src/lib.rs @@ -205,13 +205,6 @@ fn handle_run( }; let wasm_path = format!("{}{}", drive_path, wasm_path); // build initial caps - let mut initial_capabilities: HashSet = HashSet::new(); - if entry.request_networking { - initial_capabilities.insert(kt::de_wit_capability(Capability { - issuer: Address::new(&our.node, ("kernel", "distro", "sys")), - params: "\"network\"".to_string(), - })); - } let process_id = format!("{}:{}", rand::random::(), package); // all scripts are given random process IDs let Ok(parsed_new_process_id) = process_id.parse::() else { return Err(anyhow::anyhow!("app store: invalid process id!")); @@ -224,11 +217,6 @@ fn handle_run( action: vfs::VfsAction::Read, })?) .send_and_await_response(5)??; - if entry.root { - for cap in our_capabilities() { - initial_capabilities.insert(kt::de_wit_capability(cap.clone())); - } - } Request::new() .target(("our", "kernel", "distro", "sys")) .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { @@ -236,7 +224,7 @@ fn handle_run( wasm_bytes_handle: wasm_path.clone(), wit_version: None, on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities - initial_capabilities: initial_capabilities.clone(), + initial_capabilities: HashSet::new(), public: entry.public, })?) .inherit(true) @@ -281,6 +269,17 @@ fn handle_run( } } } + if entry.request_networking { + requested_caps.push(kt::de_wit_capability(Capability { + issuer: Address::new(&our.node, ("kernel", "distro", "sys")), + params: "\"network\"".to_string(), + })); + } + if entry.root { + for cap in our_capabilities() { + requested_caps.push(kt::de_wit_capability(cap.clone())); + } + } print_to_terminal( 1, &format!( @@ -292,9 +291,6 @@ fn handle_run( entry.public, { let mut caps_string = "[".to_string(); - for cap in initial_capabilities.iter() { - caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params); - } for cap in requested_caps.iter() { caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params); } From 2a883e963e65850c755ca0036c2e06b7f2c33982 Mon Sep 17 00:00:00 2001 From: Drew Tada Date: Tue, 6 Feb 2024 11:23:06 -0500 Subject: [PATCH 5/5] requested changes --- kinode/packages/terminal/terminal/src/lib.rs | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/kinode/packages/terminal/terminal/src/lib.rs b/kinode/packages/terminal/terminal/src/lib.rs index ed3e8039..3636477f 100644 --- a/kinode/packages/terminal/terminal/src/lib.rs +++ b/kinode/packages/terminal/terminal/src/lib.rs @@ -298,15 +298,12 @@ fn handle_run( }, ), ); - let _ = Request::new() + Request::new() .target(("our", "kernel", "distro", "sys")) - .body( - serde_json::to_vec(&kt::KernelCommand::GrantCapabilities { - target: parsed_new_process_id.clone(), - capabilities: requested_caps, - }) - .unwrap(), - ) + .body(serde_json::to_vec(&kt::KernelCommand::GrantCapabilities { + target: parsed_new_process_id.clone(), + capabilities: requested_caps, + })?) .send()?; if let Some(to_grant) = &entry.grant_capabilities { for value in to_grant {