plainbox.impl.secure.providers.v1 – Implementation of V1 provider

class plainbox.impl.secure.providers.v1.AbsolutePathValidator[source]

A validator that checks that the value is an absolute path

class plainbox.impl.secure.providers.v1.ExistingDirectoryValidator[source]

A validator that checks that the value points to an existing directory

class plainbox.impl.secure.providers.v1.IQNValidator[source]

A validator for provider name.

Provider names use a RFC3720 IQN-like identifiers composed of the follwing parts:

  • year
  • (dot separating the next section)
  • domain name
  • (colon separating the next section)
  • identifier

Each of the fields has an informal definition below:

year:
four digit number
domain name:
identifiers separated by dots, at least one dot has to be present
identifier:
[a-z][a-z0-9-]*
class plainbox.impl.secure.providers.v1.JobDefinitionPlugIn(filename, text, provider)[source]

A specialized plainbox.impl.secure.plugins.IPlugIn that loads a list of plainbox.impl.job.JobDefinition instances from a file.

plugin_name[source]

plugin name, name of the file we loaded jobs from

plugin_object[source]

plugin object, a list of JobDefinition instances

class plainbox.impl.secure.providers.v1.Provider1(name, version, description, secure, gettext_domain, jobs_dir, whitelists_dir, data_dir, bin_dir, locale_dir)[source]

A v1 provider implementation.

A provider is a container of jobs and whitelists. It provides additional meta-data and knows about location of essential directories to both load structured data and provide runtime information for job execution.

Providers are normally loaded with Provider1PlugIn, due to the number of fields involved in basic initialization.

CHECKBOX_SHARE[source]

required value of CHECKBOX_SHARE environment variable.

Note

This variable is only required by one script. It would be nice to remove this later on.

bin_dir[source]

absolute path of the bin directory

Note

The programs in that directory may not work without setting PYTHONPATH and CHECKBOX_SHARE.

data_dir[source]

absolute path of the data directory

description[source]

description of this provider

extra_PYTHONPATH[source]

additional entry for PYTHONPATH, if needed.

This entry is required for CheckBox scripts to import the correct CheckBox python libraries.

Note

The result may be None

classmethod from_definition(definition, secure)[source]

Initialize a provider from Provider1Definition object

Parameters:
  • definition – A Provider1Definition object to use as reference
  • secure – Value of the secure flag. This cannot be expressed by a definition object.

This method simplifies initialization of a Provider1 object where the caller already has a Provider1Definition object. Depending on the value of definition.location all of the directories are either None or initialized to a good (typical) value relative to location

The only value that you may want to adjust, for working with source providers, is locale_dir, by default it would be location/locale but manage.py i18n creates location/build/mo

get_all_executables()[source]

Discover and return all executables offered by this provider

Returns:list of executable names (without the full path)
Raises IOError, OSError:
 if there were any problems accessing files or directories. Note that OSError is silently ignored when the bin_dir directory is missing.
get_builtin_jobs()[source]

Load and parse all of the job definitions of this provider.

Returns:

A sorted list of JobDefinition objects

Raises:
  • RFC822SyntaxError – if any of the loaded files was not valid RFC822
  • IOError, OSError – if there were any problems accessing files or directories. Note that OSError is silently ignored when the jobs_dir directory is missing.
..note::
This method should not be used anymore. Consider transitioning your code to load_all_jobs() which is more reliable.
get_builtin_whitelists()[source]

Load all the whitelists from whitelists_dir and return them

This method looks at the whitelist directory and loads all files ending with .whitelist as a WhiteList object.

Returns:A list of WhiteList objects sorted by plainbox.impl.secure.qualifiers.WhiteList.name.
Raises IOError, OSError:
 if there were any problems accessing files or directories. Note that OSError is silently ignored when the whitelists_dir directory is missing.
get_translated_data(msgid)[source]

Get a localized piece of data

Parameters:msgid – data to translate
Returns:translated data obtained from the provider if msgid is not False (empty string and None both are) and this provider has a gettext_domain defined for it, msgid itself otherwise.
gettext_domain[source]

the name of the gettext domain associated with this provider

This value may be empty, in such case provider data cannot be localized for the user environment.

jobs_dir[source]

absolute path of the jobs directory

load_all_jobs()[source]

Load and parse all of the job definitions of this provider.

Unlike get_builtin_jobs() this method does not stop after the first problem encountered and instead collects all of the problems into a list which is returned alongside the job list.

Returns:Pair (job_list, problem_list) where each job_list is a sorted list of JobDefinition objects and each item from problem_list is an exception.
locale_dir[source]

absolute path of the directory with locale data

The value is applicable as argument bindtextdomain()

name[source]

name of this provider

namespace[source]

namespace component of the provider name

This property defines the namespace in which all provider jobs are defined in. Jobs within one namespace do not need to be fully qualified by prefixing their partial identifier with provider namespace (so all stays ‘as-is’). Jobs that need to interact with other provider namespaces need to use the fully qualified job identifier instead.

The identifier is defined as the part of the provider name, up to the colon. This effectively gives organizations flat namespace within one year-domain pair and allows to create private namespaces by using sub-domains.

secure[source]

flag indicating that this provider was loaded from the secure portion of PROVIDERPATH and thus can be used with the plainbox-trusted-launcher-1.

tr_description()[source]

Get the translated version of description()

version[source]

version of this provider

whitelists_dir[source]

absolute path of the whitelist directory

class plainbox.impl.secure.providers.v1.Provider1Definition[source]

A Config-like class for parsing plainbox provider definition files

Note

The location attribute is special, if set, it defines the base directory of all the other directory attributes. If location is unset, then all the directory attributes default to None (that is, there is no directory of that type). This is actually a convention that is implemented in Provider1PlugIn. Here, all the attributes can be Unset and their validators only check values other than Unset.

class Meta
section_list = []
variable_list = [<Variable name:'location'>, <Variable name:'name'>, <Variable name:'version'>, <Variable name:'description'>, <Variable name:'gettext_domain'>, <Variable name:'jobs_dir'>, <Variable name:'whitelists_dir'>, <Variable name:'data_dir'>, <Variable name:'bin_dir'>, <Variable name:'locale_dir'>]
Provider1Definition.bin_dir

Pathname of the directory with provider executables

Provider1Definition.data_dir

Pathname of the directory with provider data

Provider1Definition.description

Description of the provider

Provider1Definition.effective_bin_dir[source]

effective value of bin_dir

The effective value is bin_dir() itself, unless it is Unset. If it is Unset the effective value is the implicit_bin_dir(), if that value would be valid. The effective value may be None.

Provider1Definition.effective_data_dir[source]

effective value of data_dir

The effective value is data_dir() itself, unless it is Unset. If it is Unset the effective value is the implicit_data_dir(), if that value would be valid. The effective value may be None.

Provider1Definition.effective_gettext_domain[source]

effective value of gettext_domian

The effective value is gettex_domain() itself, unless it is Unset. If it is Unset the effective value None.

Provider1Definition.effective_jobs_dir[source]

effective value of jobs_dir

The effective value is jobs_dir() itself, unless it is Unset. If it is Unset the effective value is the implicit_jobs_dir(), if that value would be valid. The effective value may be None.

Provider1Definition.effective_locale_dir[source]

effective value of locale_dir

The effective value is locale_dir() itself, unless it is Unset. If it is Unset the effective value is the implicit_locale_dir(), if that value would be valid. The effective value may be None.

Provider1Definition.effective_whitelists_dir[source]

effective value of whitelists_dir

The effective value is whitelists_dir() itself, unless it is Unset. If it is Unset the effective value is the implicit_whitelists_dir(), if that value would be valid. The effective value may be None.

Provider1Definition.gettext_domain

Name of the gettext domain for translations

Provider1Definition.implicit_bin_dir[source]

implicit value of bin_dir (if Unset)

The implicit value is only defined if location is not Unset. It is the ‘bin’ subdirectory of the directory that location points to.

Provider1Definition.implicit_build_locale_dir[source]

implicit value of locale_dir (if Unset) as laid out in the source tree

This value is only applicable to source layouts, where the built translation catalogs are in the build/mo directory.

Provider1Definition.implicit_data_dir[source]

implicit value of data_dir (if Unset)

The implicit value is only defined if location is not Unset. It is the ‘data’ subdirectory of the directory that location points to.

Provider1Definition.implicit_jobs_dir[source]

implicit value of jobs_dir (if Unset)

The implicit value is only defined if location is not Unset. It is the ‘jobs’ subdirectory of the directory that location points to.

Provider1Definition.implicit_locale_dir[source]

implicit value of locale_dir (if Unset)

The implicit value is only defined if location is not Unset. It is the ‘locale’ subdirectory of the directory that location points to.

Provider1Definition.implicit_whitelists_dir[source]

implicit value of whitelists_dir (if Unset)

The implicit value is only defined if location is not Unset. It is the ‘whitelists’ subdirectory of the directory that location points to.

Provider1Definition.jobs_dir

Pathname of the directory with job definitions

Provider1Definition.locale_dir

Pathname of the directory with locale data

Provider1Definition.location

Base directory with provider data

Provider1Definition.name

Name of the provider

Provider1Definition.name_without_colon[source]
Provider1Definition.version

Version of the provider

Provider1Definition.whitelists_dir

Pathname of the directory with whitelists definitions

class plainbox.impl.secure.providers.v1.Provider1PlugIn(filename, definition_text)[source]

A specialized IPlugIn that loads Provider1 instances from their definition files

plugin_name[source]

plugin name, the namespace of the provider

plugin_object[source]

plugin object, the actual Provider1 instance

class plainbox.impl.secure.providers.v1.SecureProvider1PlugInCollection[source]

A collection of v1 provider plugins.

This FsPlugInCollection subclass carries proper, built-in defaults, that make loading providers easier.

This particular class loads providers from the system-wide managed locations. This defines the security boundary, as if someone can compromise those locations then they already own the corresponding system. In consequence this plug in collection does not respect PROVIDERPATH, it cannot be customized to load provider definitions from any other location. This feature is supported by the plainbox.impl.providers.v1.InsecureProvider1PlugInCollection

class plainbox.impl.secure.providers.v1.VersionValidator[source]

A validator for provider provider version.

Provider version must be a sequence of non-negative numbers separated by dots. At most one version number must be present, which may be followed by any sub-versions.

class plainbox.impl.secure.providers.v1.WhiteListPlugIn(filename, text, implicit_namespace=None)[source]

A specialized plainbox.impl.secure.plugins.IPlugIn that loads plainbox.impl.secure.qualifiers.WhiteList instances from a file.

plugin_name[source]

plugin name, the name of the WhiteList

plugin_object[source]

plugin object, the actual WhiteList instance

plainbox.impl.secure.providers.v1.get_secure_PROVIDERPATH_list()[source]

Computes the secure value of PROVIDERPATH

This value is used by plainbox-trusted-launcher-1 executable to discover all secure providers.

Returns:A list of two strings: * /usr/local/share/plainbox-providers-1 * /usr/share/plainbox-providers-1

Previous topic

plainbox.impl.secure.providers – providers package

Next topic

plainbox.impl.secure.qualifiers – Job Qualifiers

This Page