labgrid
labgrid copied to clipboard
labgrid-project
helpers: install as setuptools scripts
Allow using e.g. labgrid-bound-connect also when installing labgrid using pip.
Description
We install labgrid using pip in a Containerfile, but need to use labgrid-bound-connect on the exporter. This isn't currently possible, as the two scripts in ./helpers/ aren't installed unless building a debian package.
To make it possible to configure the two helpers as scripts in pyproject.toml they must reside in the python package itself, so move the two files from ./helpers/ to ./labgrid/helpers.
Both scripts are also changed to configure/parse arguments in a function instead of the global scope, as the setuptools scripts configuration needs to call a function from the specified files.
Checklist
- [ ] Documentation for the feature
- [ ] Tests for the feature
- [ ] The arguments and description in doc/configuration.rst have been updated
- [ ] Add a section on how to use the feature to doc/usage.rst
- [ ] Add a section on how to use the feature to doc/development.rst
- [x] PR has been tested
- [ ] Man pages have been regenerated
The commit message contains a typo ("count").
Are there any security implications of calling the helpers via the setuptools wrappers?
Codecov Report
Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
Project coverage is 55.1%. Comparing base (
2ce9e24) to head (dde3b51). Report is 48 commits behind head on master.
:white_check_mark: All tests successful. No failed tests found.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| labgrid/helpers/bound_connect.py | 0.0% | 1 Missing :warning: |
| labgrid/helpers/raw_interface.py | 0.0% | 1 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## master #1633 +/- ##
========================================
- Coverage 55.8% 55.1% -0.7%
========================================
Files 170 172 +2
Lines 13382 13544 +162
========================================
+ Hits 7469 7472 +3
- Misses 5913 6072 +159
| Flag | Coverage Δ | |
|---|---|---|
| 3.10 | 55.1% <0.0%> (-1.0%) |
:arrow_down: |
| 3.11 | 55.1% <0.0%> (-1.0%) |
:arrow_down: |
| 3.12 | 55.1% <0.0%> (-1.0%) |
:arrow_down: |
| 3.13 | 55.1% <0.0%> (-1.0%) |
:arrow_down: |
| 3.9 | 55.1% <0.0%> (-1.0%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Are there any security implications of calling the helpers via the setuptools wrappers?
I can see a few different scenarios:
- labgrid checked out as root, installed as non-root (e.g.
pip install --editable .in python venv) Then a malicious user can change the wrapper script, which is then called as root - labgrid checked out as non-root, installed as root (
pip install --editable .) Then a malicious user can change the helper script, which is then called as root - labgrid installed as root or non-root (e.g.
pip install labgrid) Only the installing user can change both the wrapper and the helper script - labgrid installed as debian package (e.g.
dpkg -i labgrid.deb) Both wrapper and helper script are editable by root only.
Case 1 and 2 should be avoided as both helper scripts are called as root, but I don't see how that i different from today. Case 3 should take care if installing as non-root, but that is no different than calling the script directly. Case 4 dosn't change.
More or other concerns?