mirror of
https://github.com/uqbar-dao/nectar.git
synced 2024-12-23 16:43:24 +03:00
commit
c213609d47
@ -473,13 +473,6 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> {
|
|||||||
format!("/{}", entry.process_wasm_path)
|
format!("/{}", entry.process_wasm_path)
|
||||||
};
|
};
|
||||||
let wasm_path = format!("{}{}", drive_path, wasm_path);
|
let wasm_path = format!("{}{}", drive_path, wasm_path);
|
||||||
// build initial caps
|
|
||||||
let mut initial_capabilities: HashSet<kt::Capability> = HashSet::new();
|
|
||||||
if entry.request_networking {
|
|
||||||
initial_capabilities.insert(kt::de_wit_capability(networking_cap.clone()));
|
|
||||||
}
|
|
||||||
initial_capabilities.insert(kt::de_wit_capability(read_cap.clone()));
|
|
||||||
initial_capabilities.insert(kt::de_wit_capability(write_cap.clone()));
|
|
||||||
let process_id = format!("{}:{}", entry.process_name, package);
|
let process_id = format!("{}:{}", entry.process_name, package);
|
||||||
let Ok(parsed_new_process_id) = process_id.parse::<ProcessId>() else {
|
let Ok(parsed_new_process_id) = process_id.parse::<ProcessId>() else {
|
||||||
return Err(anyhow::anyhow!("app store: invalid process id!"));
|
return Err(anyhow::anyhow!("app store: invalid process id!"));
|
||||||
@ -499,17 +492,37 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> {
|
|||||||
action: vfs::VfsAction::Read,
|
action: vfs::VfsAction::Read,
|
||||||
})?)
|
})?)
|
||||||
.send_and_await_response(5)??;
|
.send_and_await_response(5)??;
|
||||||
|
|
||||||
|
Request::new()
|
||||||
|
.target(("our", "kernel", "distro", "sys"))
|
||||||
|
.body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess {
|
||||||
|
id: parsed_new_process_id.clone(),
|
||||||
|
wasm_bytes_handle: wasm_path,
|
||||||
|
wit_version: None,
|
||||||
|
on_exit: entry.on_exit.clone(),
|
||||||
|
initial_capabilities: HashSet::new(),
|
||||||
|
public: entry.public,
|
||||||
|
})?)
|
||||||
|
.inherit(true)
|
||||||
|
.send_and_await_response(5)??;
|
||||||
|
// build initial caps
|
||||||
|
let mut requested_capabilities: Vec<kt::Capability> = vec![];
|
||||||
for value in &entry.request_capabilities {
|
for value in &entry.request_capabilities {
|
||||||
let mut capability = None;
|
|
||||||
match value {
|
match value {
|
||||||
serde_json::Value::String(process_name) => {
|
serde_json::Value::String(process_name) => {
|
||||||
if let Ok(parsed_process_id) = process_name.parse::<ProcessId>() {
|
if let Ok(parsed_process_id) = process_name.parse::<ProcessId>() {
|
||||||
capability = get_capability(
|
requested_capabilities.push(kt::Capability {
|
||||||
&Address {
|
issuer: Address {
|
||||||
node: our.node.clone(),
|
node: our.node.clone(),
|
||||||
process: parsed_process_id.clone(),
|
process: parsed_process_id.clone(),
|
||||||
},
|
},
|
||||||
"\"messaging\"".into(),
|
params: "\"messaging\"".into(),
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
println!(
|
||||||
|
"app-store: invalid cap: {} for {} to request!",
|
||||||
|
value.to_string(),
|
||||||
|
package
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -521,12 +534,18 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> {
|
|||||||
.parse::<ProcessId>()
|
.parse::<ProcessId>()
|
||||||
{
|
{
|
||||||
if let Some(params) = map.get("params") {
|
if let Some(params) = map.get("params") {
|
||||||
capability = get_capability(
|
requested_capabilities.push(kt::Capability {
|
||||||
&Address {
|
issuer: Address {
|
||||||
node: our.node.clone(),
|
node: our.node.clone(),
|
||||||
process: parsed_process_id.clone(),
|
process: parsed_process_id.clone(),
|
||||||
},
|
},
|
||||||
¶ms.to_string(),
|
params: params.to_string(),
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
println!(
|
||||||
|
"app-store: invalid cap: {} for {} to request!",
|
||||||
|
value.to_string(),
|
||||||
|
package
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -536,27 +555,18 @@ fn handle_install(our: &Address, package: &PackageId) -> anyhow::Result<()> {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if let Some(cap) = capability {
|
|
||||||
initial_capabilities.insert(kt::de_wit_capability(cap));
|
|
||||||
} else {
|
|
||||||
println!(
|
|
||||||
"app-store: no cap: {} for {} to request!",
|
|
||||||
value.to_string(),
|
|
||||||
package
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
if entry.request_networking {
|
||||||
|
requested_capabilities.push(kt::de_wit_capability(networking_cap.clone()));
|
||||||
|
}
|
||||||
|
requested_capabilities.push(kt::de_wit_capability(read_cap.clone()));
|
||||||
|
requested_capabilities.push(kt::de_wit_capability(write_cap.clone()));
|
||||||
Request::new()
|
Request::new()
|
||||||
.target(("our", "kernel", "distro", "sys"))
|
.target(("our", "kernel", "distro", "sys"))
|
||||||
.body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess {
|
.body(serde_json::to_vec(&kt::KernelCommand::GrantCapabilities {
|
||||||
id: parsed_new_process_id.clone(),
|
target: parsed_new_process_id.clone(),
|
||||||
wasm_bytes_handle: wasm_path,
|
capabilities: requested_capabilities,
|
||||||
wit_version: None,
|
|
||||||
on_exit: entry.on_exit.clone(),
|
|
||||||
initial_capabilities,
|
|
||||||
public: entry.public,
|
|
||||||
})?)
|
})?)
|
||||||
.inherit(true)
|
|
||||||
.send_and_await_response(5)??;
|
.send_and_await_response(5)??;
|
||||||
}
|
}
|
||||||
// THEN, *after* all processes have been initialized, grant caps in manifest
|
// THEN, *after* all processes have been initialized, grant caps in manifest
|
||||||
|
@ -52,7 +52,7 @@
|
|||||||
},
|
},
|
||||||
"m.wasm": {
|
"m.wasm": {
|
||||||
"root": true,
|
"root": true,
|
||||||
"public": false,
|
"public": true,
|
||||||
"request_networking": true
|
"request_networking": true
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -2,8 +2,8 @@ use anyhow::anyhow;
|
|||||||
use kinode_process_lib::kernel_types as kt;
|
use kinode_process_lib::kernel_types as kt;
|
||||||
use kinode_process_lib::kinode::process::standard as wit;
|
use kinode_process_lib::kinode::process::standard as wit;
|
||||||
use kinode_process_lib::{
|
use kinode_process_lib::{
|
||||||
get_blob, get_capability, get_typed_state, our_capabilities, println, set_state, vfs, Address,
|
get_blob, get_typed_state, our_capabilities, print_to_terminal, println, set_state, vfs,
|
||||||
Capability, PackageId, ProcessId, Request,
|
Address, Capability, PackageId, ProcessId, Request,
|
||||||
};
|
};
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
@ -205,13 +205,6 @@ fn handle_run(
|
|||||||
};
|
};
|
||||||
let wasm_path = format!("{}{}", drive_path, wasm_path);
|
let wasm_path = format!("{}{}", drive_path, wasm_path);
|
||||||
// build initial caps
|
// build initial caps
|
||||||
let mut initial_capabilities: HashSet<kt::Capability> = HashSet::new();
|
|
||||||
if entry.request_networking {
|
|
||||||
initial_capabilities.insert(kt::de_wit_capability(Capability {
|
|
||||||
issuer: Address::new(&our.node, ("kernel", "distro", "sys")),
|
|
||||||
params: "\"network\"".to_string(),
|
|
||||||
}));
|
|
||||||
}
|
|
||||||
let process_id = format!("{}:{}", rand::random::<u64>(), package); // all scripts are given random process IDs
|
let process_id = format!("{}:{}", rand::random::<u64>(), package); // all scripts are given random process IDs
|
||||||
let Ok(parsed_new_process_id) = process_id.parse::<ProcessId>() else {
|
let Ok(parsed_new_process_id) = process_id.parse::<ProcessId>() else {
|
||||||
return Err(anyhow::anyhow!("app store: invalid process id!"));
|
return Err(anyhow::anyhow!("app store: invalid process id!"));
|
||||||
@ -224,19 +217,31 @@ fn handle_run(
|
|||||||
action: vfs::VfsAction::Read,
|
action: vfs::VfsAction::Read,
|
||||||
})?)
|
})?)
|
||||||
.send_and_await_response(5)??;
|
.send_and_await_response(5)??;
|
||||||
|
Request::new()
|
||||||
|
.target(("our", "kernel", "distro", "sys"))
|
||||||
|
.body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess {
|
||||||
|
id: parsed_new_process_id.clone(),
|
||||||
|
wasm_bytes_handle: wasm_path.clone(),
|
||||||
|
wit_version: None,
|
||||||
|
on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities
|
||||||
|
initial_capabilities: HashSet::new(),
|
||||||
|
public: entry.public,
|
||||||
|
})?)
|
||||||
|
.inherit(true)
|
||||||
|
.send_and_await_response(5)??;
|
||||||
|
let mut requested_caps: Vec<kt::Capability> = vec![];
|
||||||
if let Some(to_request) = &entry.request_capabilities {
|
if let Some(to_request) = &entry.request_capabilities {
|
||||||
for value in to_request {
|
for value in to_request {
|
||||||
let mut capability = None;
|
|
||||||
match value {
|
match value {
|
||||||
serde_json::Value::String(process_name) => {
|
serde_json::Value::String(process_name) => {
|
||||||
if let Ok(parsed_process_id) = process_name.parse::<ProcessId>() {
|
if let Ok(parsed_process_id) = process_name.parse::<ProcessId>() {
|
||||||
capability = get_capability(
|
requested_caps.push(kt::Capability {
|
||||||
&Address {
|
issuer: Address {
|
||||||
node: our.node.clone(),
|
node: our.node.clone(),
|
||||||
process: parsed_process_id.clone(),
|
process: parsed_process_id.clone(),
|
||||||
},
|
},
|
||||||
"\"messaging\"".into(),
|
params: "\"messaging\"".into(),
|
||||||
);
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
serde_json::Value::Object(map) => {
|
serde_json::Value::Object(map) => {
|
||||||
@ -247,13 +252,13 @@ fn handle_run(
|
|||||||
.parse::<ProcessId>()
|
.parse::<ProcessId>()
|
||||||
{
|
{
|
||||||
if let Some(params) = map.get("params") {
|
if let Some(params) = map.get("params") {
|
||||||
capability = get_capability(
|
requested_caps.push(kt::Capability {
|
||||||
&Address {
|
issuer: Address {
|
||||||
node: our.node.clone(),
|
node: our.node.clone(),
|
||||||
process: parsed_process_id.clone(),
|
process: parsed_process_id.clone(),
|
||||||
},
|
},
|
||||||
¶ms.to_string(),
|
params: params.to_string(),
|
||||||
);
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -262,36 +267,44 @@ fn handle_run(
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if let Some(cap) = capability {
|
|
||||||
initial_capabilities.insert(kt::de_wit_capability(cap));
|
|
||||||
} else {
|
|
||||||
println!(
|
|
||||||
"runner: no cap: {}, for {} to request!",
|
|
||||||
value.to_string(),
|
|
||||||
package
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if entry.request_networking {
|
||||||
|
requested_caps.push(kt::de_wit_capability(Capability {
|
||||||
|
issuer: Address::new(&our.node, ("kernel", "distro", "sys")),
|
||||||
|
params: "\"network\"".to_string(),
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
if entry.root {
|
||||||
|
for cap in our_capabilities() {
|
||||||
|
requested_caps.push(kt::de_wit_capability(cap.clone()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print_to_terminal(
|
||||||
|
1,
|
||||||
|
&format!(
|
||||||
|
"{}: Process {{\n wasm_bytes_handle: {},\n wit_version: {},\n on_exit: {:?},\n public: {}\n capabilities: {}\n}}",
|
||||||
|
parsed_new_process_id.clone(),
|
||||||
|
wasm_path.clone(),
|
||||||
|
"None",
|
||||||
|
kt::OnExit::None,
|
||||||
|
entry.public,
|
||||||
|
{
|
||||||
|
let mut caps_string = "[".to_string();
|
||||||
|
for cap in requested_caps.iter() {
|
||||||
|
caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params);
|
||||||
|
}
|
||||||
|
caps_string + "\n ]"
|
||||||
|
},
|
||||||
|
),
|
||||||
|
);
|
||||||
Request::new()
|
Request::new()
|
||||||
.target(("our", "kernel", "distro", "sys"))
|
.target(("our", "kernel", "distro", "sys"))
|
||||||
.body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess {
|
.body(serde_json::to_vec(&kt::KernelCommand::GrantCapabilities {
|
||||||
id: parsed_new_process_id.clone(),
|
target: parsed_new_process_id.clone(),
|
||||||
wasm_bytes_handle: wasm_path,
|
capabilities: requested_caps,
|
||||||
wit_version: None,
|
|
||||||
on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities
|
|
||||||
initial_capabilities: if entry.root {
|
|
||||||
our_capabilities()
|
|
||||||
.iter()
|
|
||||||
.map(|wit: &kinode_process_lib::Capability| kt::de_wit_capability(wit.clone()))
|
|
||||||
.collect()
|
|
||||||
} else {
|
|
||||||
initial_capabilities
|
|
||||||
},
|
|
||||||
public: entry.public,
|
|
||||||
})?)
|
})?)
|
||||||
.inherit(true)
|
.send()?;
|
||||||
.send_and_await_response(5)??;
|
|
||||||
if let Some(to_grant) = &entry.grant_capabilities {
|
if let Some(to_grant) = &entry.grant_capabilities {
|
||||||
for value in to_grant {
|
for value in to_grant {
|
||||||
match value {
|
match value {
|
||||||
|
Loading…
Reference in New Issue
Block a user