| #!/bin/bash |
| # Copyright 2015 The Vanadium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style |
| # license that can be found in the LICENSE file. |
| |
| # Functions for starting the Sensor Log daemon and required services with |
| # appropriate blessings. Expected to be run with V23_CREDENTIALS or through |
| # an agent. NAME parameters are used both in service names and in blessing |
| # extensions. |
| |
| set -eu |
| |
| # Kills all child processes of the current process. |
| function kill_child_processes() { |
| kill -TERM -- -"${BASHPID}" || true |
| sleep 1 |
| kill -KILL -- -"${BASHPID}" || true |
| } |
| export -f kill_child_processes |
| |
| # Generates a hex-encoded 16-byte random UUID. |
| function gen_uuid() { |
| head -c 256 /dev/urandom | sha256sum | cut -c 1-32 |
| } |
| export -f gen_uuid |
| |
| readonly BLESSING_CHAIN_SEPARATOR='/' |
| |
| # Converts name to blessing extension. |
| # name_to_blessing NAME |
| function name_to_blessing() { |
| sed -e "s,/,${BLESSING_CHAIN_SEPARATOR},g" <<< "$@" |
| } |
| export -f name_to_blessing |
| |
| # Gets first default blessing for the principal set in the environment. |
| function get_blessing_root() { |
| "${JIRI_ROOT}"/release/go/bin/principal dump -s | cut -d ' ' -f 1 | cut -d ',' -f 1 |
| } |
| export -f get_blessing_root |
| |
| # Starts mounttabled at IPADDR:PORT. |
| # run_mounttabled NAME IPADDR:PORT |
| function run_mounttabled() { |
| local -r NAME="$1" |
| local -r IPADDR_PORT="$2" |
| # TODO(ivanpi): Lock down mounttable permissions. |
| "${JIRI_ROOT}"/release/go/bin/vbecome -name="$(name_to_blessing "${NAME}/mounttabled")" \ |
| "${JIRI_ROOT}"/release/go/bin/mounttabled -v23.tcp.address "${IPADDR_PORT}" \ |
| & |
| sleep 1 |
| } |
| export -f run_mounttabled |
| |
| # Starts syncbased with permissions other than resolve restricted to |
| # <blessing_root>:$NAME. |
| # run_syncbased MT NAME TMPDIR |
| function run_syncbased() { |
| local -r MT="$1" |
| local -r NAME="$2" |
| local -r TMPDIR="$3" |
| local -r DEF_BLESSING_RUNNER="$(name_to_blessing "$(get_blessing_root)/${NAME}")" |
| local -r PERMISSIONS_LITERAL="{\ |
| \"Admin\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \ |
| \"Read\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \ |
| \"Write\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \ |
| \"Debug\":{\"In\":[\"${DEF_BLESSING_RUNNER}\"]}, \ |
| \"Resolve\":{\"In\":[\"...\"]} \ |
| }" |
| "${JIRI_ROOT}"/release/go/bin/vbecome -name "$(name_to_blessing "${NAME}/syncbased")" \ |
| "${JIRI_ROOT}"/release/go/bin/syncbased -v23.namespace.root "${MT}" -name "${NAME}/syncbased" \ |
| -engine leveldb -root-dir "${TMPDIR}/${NAME}/syncbased" \ |
| -v23.permissions.literal "${PERMISSIONS_LITERAL}" \ |
| & |
| sleep 1 |
| } |
| export -f run_syncbased |
| |
| # Starts measured publishing the syncgroup at the local mounttable. Expects a |
| # syncbase instance to have been started at $MT with the same $NAME. |
| # run_measured MT NAME DEVID ADMIN |
| function run_measured() { |
| local -r MT="$1" |
| local -r NAME="$2" |
| local -r DEVID="$3" |
| local -r ADMIN="$4" |
| local -r DEF_BLESSING_ADMIN="$(name_to_blessing "$(get_blessing_root)/${ADMIN}")" |
| "${JIRI_ROOT}"/release/go/bin/vbecome -name="$(name_to_blessing "${NAME}")" \ |
| "${JIRI_ROOT}"/experimental/projects/sensorlog_lite/bin/measured -v23.namespace.root "${MT}" \ |
| -service "${NAME}/syncbased" -devid="${DEVID}" -admin="${DEF_BLESSING_ADMIN}" \ |
| -publish-sb "${MT}/${NAME}/syncbased" -alsologtostderr \ |
| & |
| sleep 1 |
| } |
| export -f run_measured |
