You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jg...@apache.org on 2014/02/12 15:00:31 UTC
git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Updated Branches:
refs/heads/master d2af093dd -> 36808c560
[KARAF-2753] Logging for override mechanism. Added additional logging and unit test to trigger log events
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
Branch: refs/heads/master
Commit: 36808c5607d3fc0de40861146775e10b7c248e59
Parents: d2af093
Author: jgoodyear <jg...@apache.org>
Authored: Wed Feb 12 10:29:10 2014 -0330
Committer: jgoodyear <jg...@apache.org>
Committed: Wed Feb 12 10:29:10 2014 -0330
----------------------------------------------------------------------
.../karaf/features/internal/Overrides.java | 25 ++++++++++-
.../karaf/features/internal/OverridesTest.java | 47 ++++++++++++++++++++
2 files changed, 71 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
----------------------------------------------------------------------
diff --git a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
index 655dfea..8397222 100644
--- a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
+++ b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
@@ -48,6 +48,7 @@ public class Overrides {
private static final Logger LOGGER = LoggerFactory.getLogger(Overrides.class);
private static final String OVERRIDE_RANGE = "range";
+ private static final String VENDOR_WARNING = "Malicious code possibly introduced by patch override, see log for details";
/**
* Compute a list of bundles to install, taking into account overrides.
@@ -86,6 +87,7 @@ public class Overrides {
if (manifest != null) {
String bsn = getBundleSymbolicName(manifest);
Version ver = getBundleVersion(manifest);
+ String ven = getBundleVendor(manifest);
String url = info.getLocation();
for (Clause override : overrides) {
Manifest overMan = manifests.get(override.getName());
@@ -111,10 +113,26 @@ public class Overrides {
range = VersionRange.parseVersionRange(vr);
}
+ String vendor = getBundleVendor(overMan);
+ // Before we do a replace, lets check if vendors change
+ if (ven == null) {
+ if (vendor != null) {
+ LOGGER.warn(VENDOR_WARNING);
+ }
+ } else {
+ if (vendor == null) {
+ LOGGER.warn(VENDOR_WARNING);
+ } else {
+ if (!vendor.equals(ven)) {
+ LOGGER.warn(VENDOR_WARNING);
+ }
+ }
+ }
// The resource matches, so replace it with the overridden resource
// if the override is actually a newer version than what we currently have
if (range.contains(ver) && ver.compareTo(oVer) < 0) {
+ LOGGER.info("Overriding original bundle " + url + " to " + override.getName());
ver = oVer;
url = override.getName();
}
@@ -178,6 +196,11 @@ public class Overrides {
return bsn;
}
+ private static String getBundleVendor(Manifest manifest) {
+ String ven = manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
+ return ven;
+ }
+
private static Manifest getManifest(String url) throws IOException {
InputStream is = new URL(url).openStream();
try {
@@ -205,4 +228,4 @@ public class Overrides {
}
return cs[0].getName();
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
----------------------------------------------------------------------
diff --git a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
index 46d163a..79e2015 100644
--- a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
+++ b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
@@ -42,6 +42,9 @@ public class OverridesTest {
private File b101;
private File b102;
private File b110;
+ private File c100;
+ private File c101;
+ private File c110;
@Before
public void setUp() throws IOException {
@@ -72,6 +75,50 @@ public class OverridesTest {
.set("Bundle-Version", "1.1.0")
.build(),
new FileOutputStream(b110));
+
+ c100 = File.createTempFile("karafc", "-100.jar");
+ copy(TinyBundles.bundle()
+ .set("Bundle-SymbolicName", bsn)
+ .set("Bundle-Version", "1.0.0")
+ .set("Bundle-Vendor", "Apache")
+ .build(),
+ new FileOutputStream(c100));
+
+ c101 = File.createTempFile("karafc", "-101.jar");
+ copy(TinyBundles.bundle()
+ .set("Bundle-SymbolicName", bsn)
+ .set("Bundle-Version", "1.0.1")
+ .set("Bundle-Vendor", "NotApache")
+ .build(),
+ new FileOutputStream(c101));
+
+ c110 = File.createTempFile("karafc", "-110.jar");
+ copy(TinyBundles.bundle()
+ .set("Bundle-SymbolicName", bsn)
+ .set("Bundle-Version", "1.1.0")
+ .set("Bundle-Vendor", "NotApache")
+ .build(),
+ new FileOutputStream(c110));
+ }
+
+ @Test
+ public void testDifferentVendors() throws IOException {
+ File props = File.createTempFile("karaf", "properties");
+ Writer w = new FileWriter(props);
+ w.write(c101.toURI().toString());
+ w.write("\n");
+ w.write(c110.toURI().toString());
+ w.write("\n");
+ w.close();
+
+ List<BundleInfo> res = Overrides.override(
+ Arrays.<BundleInfo>asList(new Bundle(c100.toURI().toString())),
+ props.toURI().toString());
+ assertNotNull(res);
+ assertEquals(1, res.size());
+ BundleInfo out = res.get(0);
+ assertNotNull(out);
+ assertEquals(c101.toURI().toString(), out.getLocation());
}
@Test
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Dan Tran <da...@gmail.com>.
to make sure we dont forget, the jira should be reopen until it is done. :-)
-D
On Wed, Feb 12, 2014 at 1:14 PM, Jean-Baptiste Onofré <jb...@nanthrax.net>wrote:
> Good point Dan, we will update the user/dev guides about that.
>
> Regards
> JB
>
>
> On 02/12/2014 10:08 PM, Dan Tran wrote:
>
>> Could you put this in FAQ how to turn off this logger?
>>
>> -D
>>
>>
>> On Wed, Feb 12, 2014 at 12:36 PM, Guillaume Nodet <gn...@apache.org>
>> wrote:
>>
>> 2014-02-12 21:02 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>
>>> Those updates are performed as a user console session command - one at a
>>>> time. An override file could contain many substitutions (bulk
>>>> operation),
>>>> as such Karaf here is alerting the user to a change they may not realize
>>>> has happened.
>>>>
>>>>
>>> Well, automation is usually not a bad idea, it's usually faster, more
>>> reproductible, and safer. But again, you're assuming that if someone
>>> makes
>>> a decision to put a bundle url in that override file, it's different than
>>> making the decision to update a bundle with the url of that file. I just
>>> don't get it, but I'll stop arguing and loosing time on a log statement,
>>> it's not worth it.
>>>
>>>
>>>
>>>> Having a switch that may invoke a signed bundle installation only Karaf
>>>> could be interesting.
>>>>
>>>> --jamie
>>>>
>>>>
>>>> On Wed, Feb 12, 2014 at 4:08 PM, Guillaume Nodet <gn...@apache.org>
>>>> wrote:
>>>>
>>>> 2014-02-12 17:35 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>>
>>>>> Changing vendors to me would be something i'd like to be warned
>>>>>>
>>>>> about.
>>>
>>>> I
>>>>
>>>>> have Apache Camel installed, with XYZ under the hood - lets me know
>>>>>>
>>>>> its a
>>>>
>>>>> franken-build. That being said, if i was going to fork and build my
>>>>>>
>>>>> own
>>>
>>>> camel jar to fix a local issue, why would i then need to use the
>>>>>>
>>>>> override,
>>>>>
>>>>>> i'd just deploy the library, refresh, and carry on (different work
>>>>>>
>>>>> flows
>>>>
>>>>> for different folks - I do get that that's simplifying things -
>>>>>>
>>>>> generally
>>>>
>>>>> we'd end up with a large list of bundles needing changing and the
>>>>>>
>>>>> override
>>>>>
>>>>>> would simplify managing that recipe update).
>>>>>>
>>>>>>
>>>>> It all depends on the workflow, the number of containers to modify, how
>>>>> often features are deployed or undeployed, wether the one installing
>>>>> features is the one that validates them, etc...
>>>>> At some point, manual intervention can be very painful. So that's
>>>>>
>>>> right,
>>>
>>>> it's not the usual workflow we've supported so far, but it does not
>>>>>
>>>> mean
>>>
>>>> it's less secured In all cases, things have to be tested and verified
>>>>> before put into production.
>>>>>
>>>>>
>>>>>
>>>>>> Regardless, I'm open to amending how vendors are handled, if we want
>>>>>>
>>>>> to
>>>
>>>> change the message or scrap it all together. Personally i think
>>>>>>
>>>>> something
>>>>
>>>>> should be noted since things are changing (i'd like to know I'm going
>>>>>>
>>>>> from
>>>>>
>>>>>> Land Rover parts to something made by Ford in my Range Rover).
>>>>>>
>>>>>>
>>>>> Or it could be like changing the radio in your car .... ;-)
>>>>>
>>>>> What I don't get is why that would be the only place for such a check ?
>>>>> If we consider that changing the vendor of a bundle is risky, we need
>>>>>
>>>> to
>>>
>>>> put that check in bundle:update, file install, web console, etc...
>>>>> You know that you can update camel-core with asm4 by using
>>>>>
>>>> bundle:update,
>>>
>>>> right ? We don't have any checks here, and that's much more risky than
>>>>> when you already ensured the symbolic names are the same and version
>>>>> expected to be compatible.
>>>>>
>>>>> If security is really an issue, even if not going as far as using
>>>>>
>>>> signed
>>>
>>>> bundles, one possible way would be to restrict bundle installation to
>>>>> trusted bundles. By that, I mean adding a setting which would lead to
>>>>>
>>>> only
>>>>
>>>>> accept externally signed bundles (the *.asc file uploaded to maven
>>>>>
>>>> repo)
>>>
>>>> and verify them against a trusted key store. I think this would be a
>>>>>
>>>> good
>>>>
>>>>> way to actually address the problem, if we think there's a problem.
>>>>>
>>>>> Guillaume
>>>>>
>>>>>
>>>>>
>>>>>> As to a global on/off switch for the mechanism that would be a nice
>>>>>> addition.
>>>>>>
>>>>>>
>>>>> Yeah, I can add that, though it's not as if this feature was triggered
>>>>> automatically, as you have to create this known file, so there's
>>>>>
>>>> always a
>>>
>>>> conscious decision made at some point.
>>>>>
>>>>> Guillaume
>>>>>
>>>>>
>>>>>
>>>>>> --Jamie
>>>>>>
>>>>>>
>>>>>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gnodet@apache.org
>>>>>>
>>>>>
>>>> wrote:
>>>>>>
>>>>>> I just think the check is worth nothing. If someone build a
>>>>>>>
>>>>>> customized
>>>>>
>>>>>> version of a bundle (let's say camel), he will usually build by
>>>>>>>
>>>>>> forking
>>>>
>>>>> from camel, in which case the vendor would still be the same. And
>>>>>>>
>>>>>> if
>>>
>>>> the
>>>>>
>>>>>> user wants to make things cleaner and actually change the vendor to
>>>>>>>
>>>>>> reflect
>>>>>>
>>>>>>> the fact that it does not come from Apache, then we throw at him a
>>>>>>>
>>>>>> WARNING
>>>>>>
>>>>>>> log.
>>>>>>> Again, I don't think we should assume the user does not know what
>>>>>>>
>>>>>> he
>>>
>>>> does,
>>>>>>
>>>>>>> I'd rather add a global flag to disable overrides if you think it's
>>>>>>>
>>>>>> safer,
>>>>>>
>>>>>>> but the file does not even exist by default, which means the user
>>>>>>>
>>>>>> actually
>>>>>>
>>>>>>> know what he is doing...
>>>>>>>
>>>>>>>
>>>>>>> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>>>>
>>>>>>> My interpretation is that a bundle is being updated by its
>>>>>>>>
>>>>>>> maintainer,
>>>>>
>>>>>> if a
>>>>>>>
>>>>>>>> different group is providing the replacement bundle then Karaf
>>>>>>>>
>>>>>>> should
>>>>
>>>>> be
>>>>>>
>>>>>>> making some noise about it as its masquerading as being what was
>>>>>>>>
>>>>>>> originally
>>>>>>>
>>>>>>>> intended by the feature provider. I'm up for different wordings
>>>>>>>>
>>>>>>> however.
>>>>>>
>>>>>>> What would you suggest?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
>>>>>>>>
>>>>>>> gnodet@apache.org
>>>>
>>>>>
>>>>>> wrote:
>>>>>>>>
>>>>>>>> Yes, I was going to add that I had no problems saying a bundle
>>>>>>>>>
>>>>>>>> has
>>>>
>>>>> been
>>>>>>
>>>>>>> overridden (though not sure if it has to be with a WARNING
>>>>>>>>>
>>>>>>>> level).
>>>>
>>>>> It's really the vendor check which I don't get and the log of
>>>>>>>>>
>>>>>>>> "Malicious
>>>>>>>
>>>>>>>> code possibly introduced by patch override, see log for
>>>>>>>>>
>>>>>>>> details".
>>>
>>>>
>>>>>>>>>
>>>>>>>>> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
>>>>>>>>>
>>>>>>>> bcanhome@googlemail.com
>>>>
>>>>> :
>>>>>>
>>>>>>>
>>>>>>>>> Well, I hope you didn't get distracted by my comment.
>>>>>>>>>> Though as far as I can see the change only introduced some
>>>>>>>>>>
>>>>>>>>> logging
>>>>>
>>>>>> to let the user know something changed due to adding another
>>>>>>>>>>
>>>>>>>>> feature,
>>>>>>
>>>>>>> I think this is a viable solution, especially when looking
>>>>>>>>>>
>>>>>>>>> for
>>>
>>>> failures
>>>>>>>
>>>>>>>> or unintended changes.
>>>>>>>>>> No?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <
>>>>>>>>>>
>>>>>>>>> gnodet@apache.org
>>>
>>>> :
>>>>>
>>>>>>
>>>>>>>>>> I'm tempted to -1 this change.
>>>>>>>>>>>
>>>>>>>>>>> What kind of problems are you trying to solve here ?
>>>>>>>>>>> Imho, such code is unnecessary because there are many other
>>>>>>>>>>>
>>>>>>>>>> ways
>>>>>
>>>>>> to
>>>>>>
>>>>>>> introduce so called "malicious" code.
>>>>>>>>>>> If one wants to be safe, there is already an existing way
>>>>>>>>>>>
>>>>>>>>>> to
>>>
>>>> solve
>>>>>>
>>>>>>> the
>>>>>>>>
>>>>>>>>> problem which is signed bundles.
>>>>>>>>>>>
>>>>>>>>>>> Now, an example on how to introduce "malicious" code : if
>>>>>>>>>>>
>>>>>>>>>> such
>>>>
>>>>> a
>>>>>
>>>>>> bundle
>>>>>>>>
>>>>>>>>> is
>>>>>>>>>>
>>>>>>>>>>> installed first, the features service will think the
>>>>>>>>>>>
>>>>>>>>>> "correct"
>>>>
>>>>> bundle
>>>>>>>
>>>>>>>> is
>>>>>>>>>
>>>>>>>>>> already installed and will not install the "safe" bundle.
>>>>>>>>>>>
>>>>>>>>>> This
>>>>
>>>>> can
>>>>>>
>>>>>>> be
>>>>>>>>
>>>>>>>>> done
>>>>>>>>>>
>>>>>>>>>>> by manually installing the bundle before installing
>>>>>>>>>>>
>>>>>>>>>> features,
>>>
>>>> or
>>>>>
>>>>>> by
>>>>>>
>>>>>>> adding
>>>>>>>>>>
>>>>>>>>>>> it to the etc/startup.properties.
>>>>>>>>>>> Another option is just to hack the features file manually
>>>>>>>>>>>
>>>>>>>>>> and
>>>
>>>> change
>>>>>>>
>>>>>>>> the
>>>>>>>>>
>>>>>>>>>> url of the bundle, it will have exactly the same effect.
>>>>>>>>>>>
>>>>>>>>>>> In addition, checking the vendor is not a guarantee, as if
>>>>>>>>>>>
>>>>>>>>>> someone
>>>>>>
>>>>>>> wanted
>>>>>>>>>
>>>>>>>>>> to "fake" a bundle, setting that header is not more
>>>>>>>>>>>
>>>>>>>>>> difficult
>>>
>>>> than
>>>>>>
>>>>>>> changing
>>>>>>>>>>
>>>>>>>>>>> the symbolic name or version.
>>>>>>>>>>>
>>>>>>>>>>> I've had a use case where the user wanted to make sure that
>>>>>>>>>>>
>>>>>>>>>> no
>>>>
>>>>> "malicious"
>>>>>>>>>>
>>>>>>>>>>> code is introduced or used. In such a case, there is
>>>>>>>>>>>
>>>>>>>>>> already
>>>
>>>> an
>>>>>
>>>>>> existing
>>>>>>>>>
>>>>>>>>>> solution which is fully supported by OSGi (and Karaf) which
>>>>>>>>>>>
>>>>>>>>>> is
>>>>
>>>>> signed
>>>>>>>
>>>>>>>> bundles. It works well and it's secured. Well, secured to
>>>>>>>>>>>
>>>>>>>>>> the
>>>>
>>>>> point
>>>>>>>
>>>>>>>> that
>>>>>>>>>>
>>>>>>>>>>> you control the file system. In all cases, if you don't
>>>>>>>>>>>
>>>>>>>>>> trust
>>>>
>>>>> the
>>>>>>
>>>>>>> file
>>>>>>>>
>>>>>>>>> system, there's no possible way to secure the OSGi
>>>>>>>>>>>
>>>>>>>>>> framework
>>>
>>>> (just
>>>>>>
>>>>>>> because
>>>>>>>>>>
>>>>>>>>>>> classes are read from the file system).
>>>>>>>>>>>
>>>>>>>>>>> Last, there is no possible misuse of the overrides really.
>>>>>>>>>>>
>>>>>>>>>> If
>>>>
>>>>> you
>>>>>>
>>>>>>> add
>>>>>>>>
>>>>>>>>> random bundles, it will most of the case have no effects,
>>>>>>>>>>>
>>>>>>>>>> or
>>>
>>>> at
>>>>
>>>>> least,
>>>>>>>>
>>>>>>>>> not
>>>>>>>>>>
>>>>>>>>>>> more than if you had installed them manually before. We
>>>>>>>>>>>
>>>>>>>>>> don't
>>>>
>>>>> add
>>>>>>
>>>>>>> any
>>>>>>>>
>>>>>>>>> checks in the bundle:update command, so I don't really see
>>>>>>>>>>>
>>>>>>>>>> why
>>>>
>>>>> we'd
>>>>>>
>>>>>>> add
>>>>>>>>
>>>>>>>>> those here.
>>>>>>>>>>>
>>>>>>>>>>> On a side note, I was wondering about starting a slightly
>>>>>>>>>>>
>>>>>>>>>> broader
>>>>>
>>>>>> discussion about patching, which is related to this
>>>>>>>>>>>
>>>>>>>>>> particular
>>>>
>>>>> feature
>>>>>>>>
>>>>>>>>> and
>>>>>>>>>>
>>>>>>>>>>> I hope to do so this week or the next.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>>>>>>>>>>>
>>>>>>>>>>> Updated Branches:
>>>>>>>>>>>> refs/heads/master d2af093dd -> 36808c560
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> [KARAF-2753] Logging for override mechanism. Added
>>>>>>>>>>>>
>>>>>>>>>>> additional
>>>>
>>>>> logging
>>>>>>>>
>>>>>>>>> and
>>>>>>>>>>
>>>>>>>>>>> unit test to trigger log events
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Project:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/repo
>>>
>>>> Commit:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>>>>>>>>
>>>>>>>>> Tree:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>>>>>>
>>>>>>> Diff:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>>>>>>
>>>>>>>
>>>>>>>>>>>> Branch: refs/heads/master
>>>>>>>>>>>> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>>>>>>>>>>>> Parents: d2af093
>>>>>>>>>>>> Author: jgoodyear <jg...@apache.org>
>>>>>>>>>>>> Authored: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>>> Committer: jgoodyear <jg...@apache.org>
>>>>>>>>>>>> Committed: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>
>>>>>> ------------------------------------------------------------
>>> ----------
>>>
>>>> .../karaf/features/internal/Overrides.java | 25
>>>>>>>>>>>>
>>>>>>>>>>> ++++++++++-
>>>>>>
>>>>>>> .../karaf/features/internal/OverridesTest.java | 47
>>>>>>>>>>>>
>>>>>>>>>>> ++++++++++++++++++++
>>>>>>>>>>>
>>>>>>>>>>>> 2 files changed, 71 insertions(+), 1 deletion(-)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>
>>>>>> ------------------------------------------------------------
>>> ----------
>>>
>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/
>>> features/core/src/main/java/org/apache/karaf/features/
>>> internal/Overrides.java
>>>
>>>>
>>>>>>>>>>>>
>>>>>>>>>
>>>>>> ------------------------------------------------------------
>>> ----------
>>>
>>>> diff --git
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> a/features/core/src/main/java/org/apache/karaf/features/
>>> internal/Overrides.java
>>>
>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> b/features/core/src/main/java/org/apache/karaf/features/
>>> internal/Overrides.java
>>>
>>>> index 655dfea..8397222 100644
>>>>>>>>>>>> ---
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> a/features/core/src/main/java/org/apache/karaf/features/
>>> internal/Overrides.java
>>>
>>>> +++
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> b/features/core/src/main/java/org/apache/karaf/features/
>>> internal/Overrides.java
>>>
>>>> @@ -48,6 +48,7 @@ public class Overrides {
>>>>>>>>>>>> private static final Logger LOGGER =
>>>>>>>>>>>> LoggerFactory.getLogger(Overrides.class);
>>>>>>>>>>>>
>>>>>>>>>>>> private static final String OVERRIDE_RANGE =
>>>>>>>>>>>>
>>>>>>>>>>> "range";
>>>
>>>> + private static final String VENDOR_WARNING =
>>>>>>>>>>>>
>>>>>>>>>>> "Malicious
>>>>
>>>>> code
>>>>>>
>>>>>>> possibly
>>>>>>>>>>>
>>>>>>>>>>>> introduced by patch override, see log for details";
>>>>>>>>>>>>
>>>>>>>>>>>> /**
>>>>>>>>>>>> * Compute a list of bundles to install, taking into
>>>>>>>>>>>>
>>>>>>>>>>> account
>>>>>>
>>>>>>> overrides.
>>>>>>>>>>>> @@ -86,6 +87,7 @@ public class Overrides {
>>>>>>>>>>>> if (manifest != null) {
>>>>>>>>>>>> String bsn =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleSymbolicName(manifest);
>>>>>>>
>>>>>>>> Version ver =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleVersion(manifest);
>>>>>
>>>>>> + String ven =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleVendor(manifest);
>>>>
>>>>> String url = info.getLocation();
>>>>>>>>>>>> for (Clause override : overrides) {
>>>>>>>>>>>> Manifest overMan =
>>>>>>>>>>>> manifests.get(override.getName());
>>>>>>>>>>>> @@ -111,10 +113,26 @@ public class Overrides {
>>>>>>>>>>>> range =
>>>>>>>>>>>>
>>>>>>>>>>> VersionRange.parseVersionRange(vr);
>>>>>>>>>>
>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> + String vendor =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleVendor(overMan);
>>>>>>>
>>>>>>>>
>>>>>>>>>>>> + // Before we do a replace, lets
>>>>>>>>>>>>
>>>>>>>>>>> check
>>>>>
>>>>>> if
>>>>>>
>>>>>>> vendors
>>>>>>>>>>
>>>>>>>>>>> change
>>>>>>>>>>>> + if (ven == null) {
>>>>>>>>>>>> + if (vendor != null) {
>>>>>>>>>>>> +
>>>>>>>>>>>>
>>>>>>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>
>>>>>> + }
>>>>>>>>>>>> + } else {
>>>>>>>>>>>> + if (vendor == null) {
>>>>>>>>>>>> +
>>>>>>>>>>>>
>>>>>>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>
>>>>>> + } else {
>>>>>>>>>>>> + if
>>>>>>>>>>>>
>>>>>>>>>>> (!vendor.equals(ven)) {
>>>>
>>>>> +
>>>>>>>>>>>>
>>>>>>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>
>>>>>>>> + }
>>>>>>>>>>>> + }
>>>>>>>>>>>> + }
>>>>>>>>>>>> // The resource matches, so
>>>>>>>>>>>>
>>>>>>>>>>> replace
>>>>
>>>>> it
>>>>>
>>>>>> with
>>>>>>>>
>>>>>>>>> the
>>>>>>>>>>
>>>>>>>>>>> overridden resource
>>>>>>>>>>>> // if the override is actually a
>>>>>>>>>>>>
>>>>>>>>>>> newer
>>>>>
>>>>>> version
>>>>>>>>>
>>>>>>>>>> than what we currently have
>>>>>>>>>>>> if (range.contains(ver) &&
>>>>>>>>>>>>
>>>>>>>>>>> ver.compareTo(oVer) <
>>>>>>>>>>
>>>>>>>>>>> 0) {
>>>>>>>>>>>> + LOGGER.info("Overriding
>>>>>>>>>>>>
>>>>>>>>>>> original
>>>>
>>>>> bundle
>>>>>>>>
>>>>>>>>> "
>>>>>>>>>
>>>>>>>>>> +
>>>>>>>>>>
>>>>>>>>>>> url + " to " + override.getName());
>>>>>>>>>>>> ver = oVer;
>>>>>>>>>>>> url = override.getName();
>>>>>>>>>>>> }
>>>>>>>>>>>> @@ -178,6 +196,11 @@ public class Overrides {
>>>>>>>>>>>> return bsn;
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> + private static String getBundleVendor(Manifest
>>>>>>>>>>>>
>>>>>>>>>>> manifest) {
>>>>>
>>>>>> + String ven =
>>>>>>>>>>>>
>>>>>>>>>>>> manifest.getMainAttributes().getValue(Constants.BUNDLE_
>>>>> VENDOR);
>>>>>
>>>>>> + return ven;
>>>>>>>>>>>> + }
>>>>>>>>>>>> +
>>>>>>>>>>>> private static Manifest getManifest(String url)
>>>>>>>>>>>>
>>>>>>>>>>> throws
>>>
>>>> IOException {
>>>>>>>>>>
>>>>>>>>>>> InputStream is = new URL(url).openStream();
>>>>>>>>>>>> try {
>>>>>>>>>>>> @@ -205,4 +228,4 @@ public class Overrides {
>>>>>>>>>>>> }
>>>>>>>>>>>> return cs[0].getName();
>>>>>>>>>>>> }
>>>>>>>>>>>> -}
>>>>>>>>>>>> \ No newline at end of file
>>>>>>>>>>>> +}
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/
>>> features/core/src/test/java/org/apache/karaf/features/
>>> internal/OverridesTest.java
>>>
>>>>
>>>>>>>>>>>>
>>>>>>>>>
>>>>>> ------------------------------------------------------------
>>> ----------
>>>
>>>> diff --git
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> a/features/core/src/test/java/org/apache/karaf/features/
>>> internal/OverridesTest.java
>>>
>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> b/features/core/src/test/java/org/apache/karaf/features/
>>> internal/OverridesTest.java
>>>
>>>> index 46d163a..79e2015 100644
>>>>>>>>>>>> ---
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> a/features/core/src/test/java/org/apache/karaf/features/
>>> internal/OverridesTest.java
>>>
>>>> +++
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> b/features/core/src/test/java/org/apache/karaf/features/
>>> internal/OverridesTest.java
>>>
>>>> @@ -42,6 +42,9 @@ public class OverridesTest {
>>>>>>>>>>>> private File b101;
>>>>>>>>>>>> private File b102;
>>>>>>>>>>>> private File b110;
>>>>>>>>>>>> + private File c100;
>>>>>>>>>>>> + private File c101;
>>>>>>>>>>>> + private File c110;
>>>>>>>>>>>>
>>>>>>>>>>>> @Before
>>>>>>>>>>>> public void setUp() throws IOException {
>>>>>>>>>>>> @@ -72,6 +75,50 @@ public class OverridesTest {
>>>>>>>>>>>> .set("Bundle-Version", "1.1.0")
>>>>>>>>>>>> .build(),
>>>>>>>>>>>> new FileOutputStream(b110));
>>>>>>>>>>>> +
>>>>>>>>>>>> + c100 = File.createTempFile("karafc",
>>>>>>>>>>>>
>>>>>>>>>>> "-100.jar");
>>>
>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>>> + .set("Bundle-Version", "1.0.0")
>>>>>>>>>>>> + .set("Bundle-Vendor", "Apache")
>>>>>>>>>>>> + .build(),
>>>>>>>>>>>> + new FileOutputStream(c100));
>>>>>>>>>>>> +
>>>>>>>>>>>> + c101 = File.createTempFile("karafc",
>>>>>>>>>>>>
>>>>>>>>>>> "-101.jar");
>>>
>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>>> + .set("Bundle-Version", "1.0.1")
>>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>>> + .build(),
>>>>>>>>>>>> + new FileOutputStream(c101));
>>>>>>>>>>>> +
>>>>>>>>>>>> + c110 = File.createTempFile("karafc",
>>>>>>>>>>>>
>>>>>>>>>>> "-110.jar");
>>>
>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>>> + .set("Bundle-Version", "1.1.0")
>>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>>> + .build(),
>>>>>>>>>>>> + new FileOutputStream(c110));
>>>>>>>>>>>> + }
>>>>>>>>>>>> +
>>>>>>>>>>>> + @Test
>>>>>>>>>>>> + public void testDifferentVendors() throws
>>>>>>>>>>>>
>>>>>>>>>>> IOException
>>>
>>>> {
>>>>
>>>>> + File props = File.createTempFile("karaf",
>>>>>>>>>>>>
>>>>>>>>>>> "properties");
>>>>>>
>>>>>>> + Writer w = new FileWriter(props);
>>>>>>>>>>>> + w.write(c101.toURI().toString());
>>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>>> + w.write(c110.toURI().toString());
>>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>>> + w.close();
>>>>>>>>>>>> +
>>>>>>>>>>>> + List<BundleInfo> res = Overrides.override(
>>>>>>>>>>>> + Arrays.<BundleInfo>asList(new
>>>>>>>>>>>> Bundle(c100.toURI().toString())),
>>>>>>>>>>>> + props.toURI().toString());
>>>>>>>>>>>> + assertNotNull(res);
>>>>>>>>>>>> + assertEquals(1, res.size());
>>>>>>>>>>>> + BundleInfo out = res.get(0);
>>>>>>>>>>>> + assertNotNull(out);
>>>>>>>>>>>> + assertEquals(c101.toURI().toString(),
>>>>>>>>>>>>
>>>>>>>>>>> out.getLocation());
>>>>>>>
>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> @Test
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
>>>>>>>>>>
>>>>>>>>>
>>>> Committer
>>>>>>>>
>>>>>>>>> &
>>>>>>>>>
>>>>>>>>>> Project Lead
>>>>>>>>>> OPS4J Pax for Vaadin <
>>>>>>>>>>
>>>>>>>>> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>>>>>>>>
>>>>>>>>> Commiter & Project Lead
>>>>>>>>>> blog <http://notizblog.nierbeck.de/>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Good point Dan, we will update the user/dev guides about that.
Regards
JB
On 02/12/2014 10:08 PM, Dan Tran wrote:
> Could you put this in FAQ how to turn off this logger?
>
> -D
>
>
> On Wed, Feb 12, 2014 at 12:36 PM, Guillaume Nodet <gn...@apache.org> wrote:
>
>> 2014-02-12 21:02 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>
>>> Those updates are performed as a user console session command - one at a
>>> time. An override file could contain many substitutions (bulk operation),
>>> as such Karaf here is alerting the user to a change they may not realize
>>> has happened.
>>>
>>
>> Well, automation is usually not a bad idea, it's usually faster, more
>> reproductible, and safer. But again, you're assuming that if someone makes
>> a decision to put a bundle url in that override file, it's different than
>> making the decision to update a bundle with the url of that file. I just
>> don't get it, but I'll stop arguing and loosing time on a log statement,
>> it's not worth it.
>>
>>
>>>
>>> Having a switch that may invoke a signed bundle installation only Karaf
>>> could be interesting.
>>>
>>> --jamie
>>>
>>>
>>> On Wed, Feb 12, 2014 at 4:08 PM, Guillaume Nodet <gn...@apache.org>
>>> wrote:
>>>
>>>> 2014-02-12 17:35 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>
>>>>> Changing vendors to me would be something i'd like to be warned
>> about.
>>> I
>>>>> have Apache Camel installed, with XYZ under the hood - lets me know
>>> its a
>>>>> franken-build. That being said, if i was going to fork and build my
>> own
>>>>> camel jar to fix a local issue, why would i then need to use the
>>>> override,
>>>>> i'd just deploy the library, refresh, and carry on (different work
>>> flows
>>>>> for different folks - I do get that that's simplifying things -
>>> generally
>>>>> we'd end up with a large list of bundles needing changing and the
>>>> override
>>>>> would simplify managing that recipe update).
>>>>>
>>>>
>>>> It all depends on the workflow, the number of containers to modify, how
>>>> often features are deployed or undeployed, wether the one installing
>>>> features is the one that validates them, etc...
>>>> At some point, manual intervention can be very painful. So that's
>> right,
>>>> it's not the usual workflow we've supported so far, but it does not
>> mean
>>>> it's less secured In all cases, things have to be tested and verified
>>>> before put into production.
>>>>
>>>>
>>>>>
>>>>> Regardless, I'm open to amending how vendors are handled, if we want
>> to
>>>>> change the message or scrap it all together. Personally i think
>>> something
>>>>> should be noted since things are changing (i'd like to know I'm going
>>>> from
>>>>> Land Rover parts to something made by Ford in my Range Rover).
>>>>>
>>>>
>>>> Or it could be like changing the radio in your car .... ;-)
>>>>
>>>> What I don't get is why that would be the only place for such a check ?
>>>> If we consider that changing the vendor of a bundle is risky, we need
>> to
>>>> put that check in bundle:update, file install, web console, etc...
>>>> You know that you can update camel-core with asm4 by using
>> bundle:update,
>>>> right ? We don't have any checks here, and that's much more risky than
>>>> when you already ensured the symbolic names are the same and version
>>>> expected to be compatible.
>>>>
>>>> If security is really an issue, even if not going as far as using
>> signed
>>>> bundles, one possible way would be to restrict bundle installation to
>>>> trusted bundles. By that, I mean adding a setting which would lead to
>>> only
>>>> accept externally signed bundles (the *.asc file uploaded to maven
>> repo)
>>>> and verify them against a trusted key store. I think this would be a
>>> good
>>>> way to actually address the problem, if we think there's a problem.
>>>>
>>>> Guillaume
>>>>
>>>>
>>>>>
>>>>> As to a global on/off switch for the mechanism that would be a nice
>>>>> addition.
>>>>>
>>>>
>>>> Yeah, I can add that, though it's not as if this feature was triggered
>>>> automatically, as you have to create this known file, so there's
>> always a
>>>> conscious decision made at some point.
>>>>
>>>> Guillaume
>>>>
>>>>
>>>>>
>>>>> --Jamie
>>>>>
>>>>>
>>>>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gnodet@apache.org
>>>
>>>>> wrote:
>>>>>
>>>>>> I just think the check is worth nothing. If someone build a
>>>> customized
>>>>>> version of a bundle (let's say camel), he will usually build by
>>> forking
>>>>>> from camel, in which case the vendor would still be the same. And
>> if
>>>> the
>>>>>> user wants to make things cleaner and actually change the vendor to
>>>>> reflect
>>>>>> the fact that it does not come from Apache, then we throw at him a
>>>>> WARNING
>>>>>> log.
>>>>>> Again, I don't think we should assume the user does not know what
>> he
>>>>> does,
>>>>>> I'd rather add a global flag to disable overrides if you think it's
>>>>> safer,
>>>>>> but the file does not even exist by default, which means the user
>>>>> actually
>>>>>> know what he is doing...
>>>>>>
>>>>>>
>>>>>> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>>>
>>>>>>> My interpretation is that a bundle is being updated by its
>>>> maintainer,
>>>>>> if a
>>>>>>> different group is providing the replacement bundle then Karaf
>>> should
>>>>> be
>>>>>>> making some noise about it as its masquerading as being what was
>>>>>> originally
>>>>>>> intended by the feature provider. I'm up for different wordings
>>>>> however.
>>>>>>> What would you suggest?
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
>>> gnodet@apache.org
>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Yes, I was going to add that I had no problems saying a bundle
>>> has
>>>>> been
>>>>>>>> overridden (though not sure if it has to be with a WARNING
>>> level).
>>>>>>>> It's really the vendor check which I don't get and the log of
>>>>>> "Malicious
>>>>>>>> code possibly introduced by patch override, see log for
>> details".
>>>>>>>>
>>>>>>>>
>>>>>>>> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
>>> bcanhome@googlemail.com
>>>>> :
>>>>>>>>
>>>>>>>>> Well, I hope you didn't get distracted by my comment.
>>>>>>>>> Though as far as I can see the change only introduced some
>>>> logging
>>>>>>>>> to let the user know something changed due to adding another
>>>>> feature,
>>>>>>>>> I think this is a viable solution, especially when looking
>> for
>>>>>> failures
>>>>>>>>> or unintended changes.
>>>>>>>>> No?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <
>> gnodet@apache.org
>>>> :
>>>>>>>>>
>>>>>>>>>> I'm tempted to -1 this change.
>>>>>>>>>>
>>>>>>>>>> What kind of problems are you trying to solve here ?
>>>>>>>>>> Imho, such code is unnecessary because there are many other
>>>> ways
>>>>> to
>>>>>>>>>> introduce so called "malicious" code.
>>>>>>>>>> If one wants to be safe, there is already an existing way
>> to
>>>>> solve
>>>>>>> the
>>>>>>>>>> problem which is signed bundles.
>>>>>>>>>>
>>>>>>>>>> Now, an example on how to introduce "malicious" code : if
>>> such
>>>> a
>>>>>>> bundle
>>>>>>>>> is
>>>>>>>>>> installed first, the features service will think the
>>> "correct"
>>>>>> bundle
>>>>>>>> is
>>>>>>>>>> already installed and will not install the "safe" bundle.
>>> This
>>>>> can
>>>>>>> be
>>>>>>>>> done
>>>>>>>>>> by manually installing the bundle before installing
>> features,
>>>> or
>>>>> by
>>>>>>>>> adding
>>>>>>>>>> it to the etc/startup.properties.
>>>>>>>>>> Another option is just to hack the features file manually
>> and
>>>>>> change
>>>>>>>> the
>>>>>>>>>> url of the bundle, it will have exactly the same effect.
>>>>>>>>>>
>>>>>>>>>> In addition, checking the vendor is not a guarantee, as if
>>>>> someone
>>>>>>>> wanted
>>>>>>>>>> to "fake" a bundle, setting that header is not more
>> difficult
>>>>> than
>>>>>>>>> changing
>>>>>>>>>> the symbolic name or version.
>>>>>>>>>>
>>>>>>>>>> I've had a use case where the user wanted to make sure that
>>> no
>>>>>>>>> "malicious"
>>>>>>>>>> code is introduced or used. In such a case, there is
>> already
>>>> an
>>>>>>>> existing
>>>>>>>>>> solution which is fully supported by OSGi (and Karaf) which
>>> is
>>>>>> signed
>>>>>>>>>> bundles. It works well and it's secured. Well, secured to
>>> the
>>>>>> point
>>>>>>>>> that
>>>>>>>>>> you control the file system. In all cases, if you don't
>>> trust
>>>>> the
>>>>>>> file
>>>>>>>>>> system, there's no possible way to secure the OSGi
>> framework
>>>>> (just
>>>>>>>>> because
>>>>>>>>>> classes are read from the file system).
>>>>>>>>>>
>>>>>>>>>> Last, there is no possible misuse of the overrides really.
>>> If
>>>>> you
>>>>>>> add
>>>>>>>>>> random bundles, it will most of the case have no effects,
>> or
>>> at
>>>>>>> least,
>>>>>>>>> not
>>>>>>>>>> more than if you had installed them manually before. We
>>> don't
>>>>> add
>>>>>>> any
>>>>>>>>>> checks in the bundle:update command, so I don't really see
>>> why
>>>>> we'd
>>>>>>> add
>>>>>>>>>> those here.
>>>>>>>>>>
>>>>>>>>>> On a side note, I was wondering about starting a slightly
>>>> broader
>>>>>>>>>> discussion about patching, which is related to this
>>> particular
>>>>>>> feature
>>>>>>>>> and
>>>>>>>>>> I hope to do so this week or the next.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>>>>>>>>>>
>>>>>>>>>>> Updated Branches:
>>>>>>>>>>> refs/heads/master d2af093dd -> 36808c560
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> [KARAF-2753] Logging for override mechanism. Added
>>> additional
>>>>>>> logging
>>>>>>>>> and
>>>>>>>>>>> unit test to trigger log events
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Project:
>> http://git-wip-us.apache.org/repos/asf/karaf/repo
>>>>>>>>>>> Commit:
>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>>>>>>>>>>> Tree:
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>>>>>>>>>>> Diff:
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>>>>>>>>>>>
>>>>>>>>>>> Branch: refs/heads/master
>>>>>>>>>>> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>>>>>>>>>>> Parents: d2af093
>>>>>>>>>>> Author: jgoodyear <jg...@apache.org>
>>>>>>>>>>> Authored: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>> Committer: jgoodyear <jg...@apache.org>
>>>>>>>>>>> Committed: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>
>> ----------------------------------------------------------------------
>>>>>>>>>>> .../karaf/features/internal/Overrides.java | 25
>>>>> ++++++++++-
>>>>>>>>>>> .../karaf/features/internal/OverridesTest.java | 47
>>>>>>>>>> ++++++++++++++++++++
>>>>>>>>>>> 2 files changed, 71 insertions(+), 1 deletion(-)
>>>>>>>>>>>
>>>>>>>>
>>>>>
>> ----------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>>
>>>>>>>>
>>>>>
>> ----------------------------------------------------------------------
>>>>>>>>>>> diff --git
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>> index 655dfea..8397222 100644
>>>>>>>>>>> ---
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>> +++
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>> @@ -48,6 +48,7 @@ public class Overrides {
>>>>>>>>>>> private static final Logger LOGGER =
>>>>>>>>>>> LoggerFactory.getLogger(Overrides.class);
>>>>>>>>>>>
>>>>>>>>>>> private static final String OVERRIDE_RANGE =
>> "range";
>>>>>>>>>>> + private static final String VENDOR_WARNING =
>>> "Malicious
>>>>> code
>>>>>>>>>> possibly
>>>>>>>>>>> introduced by patch override, see log for details";
>>>>>>>>>>>
>>>>>>>>>>> /**
>>>>>>>>>>> * Compute a list of bundles to install, taking into
>>>>> account
>>>>>>>>>>> overrides.
>>>>>>>>>>> @@ -86,6 +87,7 @@ public class Overrides {
>>>>>>>>>>> if (manifest != null) {
>>>>>>>>>>> String bsn =
>>>>>> getBundleSymbolicName(manifest);
>>>>>>>>>>> Version ver =
>>>> getBundleVersion(manifest);
>>>>>>>>>>> + String ven =
>>> getBundleVendor(manifest);
>>>>>>>>>>> String url = info.getLocation();
>>>>>>>>>>> for (Clause override : overrides) {
>>>>>>>>>>> Manifest overMan =
>>>>>>>>>>> manifests.get(override.getName());
>>>>>>>>>>> @@ -111,10 +113,26 @@ public class Overrides {
>>>>>>>>>>> range =
>>>>>>>>> VersionRange.parseVersionRange(vr);
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> + String vendor =
>>>>>> getBundleVendor(overMan);
>>>>>>>>>>>
>>>>>>>>>>> + // Before we do a replace, lets
>>>> check
>>>>> if
>>>>>>>>> vendors
>>>>>>>>>>> change
>>>>>>>>>>> + if (ven == null) {
>>>>>>>>>>> + if (vendor != null) {
>>>>>>>>>>> +
>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>>>> + }
>>>>>>>>>>> + } else {
>>>>>>>>>>> + if (vendor == null) {
>>>>>>>>>>> +
>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>>>> + } else {
>>>>>>>>>>> + if
>>> (!vendor.equals(ven)) {
>>>>>>>>>>> +
>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>>>> + }
>>>>>>>>>>> + }
>>>>>>>>>>> + }
>>>>>>>>>>> // The resource matches, so
>>> replace
>>>> it
>>>>>>> with
>>>>>>>>> the
>>>>>>>>>>> overridden resource
>>>>>>>>>>> // if the override is actually a
>>>> newer
>>>>>>>> version
>>>>>>>>>>> than what we currently have
>>>>>>>>>>> if (range.contains(ver) &&
>>>>>>>>> ver.compareTo(oVer) <
>>>>>>>>>>> 0) {
>>>>>>>>>>> + LOGGER.info("Overriding
>>> original
>>>>>>> bundle
>>>>>>>> "
>>>>>>>>> +
>>>>>>>>>>> url + " to " + override.getName());
>>>>>>>>>>> ver = oVer;
>>>>>>>>>>> url = override.getName();
>>>>>>>>>>> }
>>>>>>>>>>> @@ -178,6 +196,11 @@ public class Overrides {
>>>>>>>>>>> return bsn;
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> + private static String getBundleVendor(Manifest
>>>> manifest) {
>>>>>>>>>>> + String ven =
>>>>>>>>>>>
>>>> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
>>>>>>>>>>> + return ven;
>>>>>>>>>>> + }
>>>>>>>>>>> +
>>>>>>>>>>> private static Manifest getManifest(String url)
>> throws
>>>>>>>>> IOException {
>>>>>>>>>>> InputStream is = new URL(url).openStream();
>>>>>>>>>>> try {
>>>>>>>>>>> @@ -205,4 +228,4 @@ public class Overrides {
>>>>>>>>>>> }
>>>>>>>>>>> return cs[0].getName();
>>>>>>>>>>> }
>>>>>>>>>>> -}
>>>>>>>>>>> \ No newline at end of file
>>>>>>>>>>> +}
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>>
>>>>>>>>
>>>>>
>> ----------------------------------------------------------------------
>>>>>>>>>>> diff --git
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>> index 46d163a..79e2015 100644
>>>>>>>>>>> ---
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>> +++
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>> @@ -42,6 +42,9 @@ public class OverridesTest {
>>>>>>>>>>> private File b101;
>>>>>>>>>>> private File b102;
>>>>>>>>>>> private File b110;
>>>>>>>>>>> + private File c100;
>>>>>>>>>>> + private File c101;
>>>>>>>>>>> + private File c110;
>>>>>>>>>>>
>>>>>>>>>>> @Before
>>>>>>>>>>> public void setUp() throws IOException {
>>>>>>>>>>> @@ -72,6 +75,50 @@ public class OverridesTest {
>>>>>>>>>>> .set("Bundle-Version", "1.1.0")
>>>>>>>>>>> .build(),
>>>>>>>>>>> new FileOutputStream(b110));
>>>>>>>>>>> +
>>>>>>>>>>> + c100 = File.createTempFile("karafc",
>> "-100.jar");
>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>> + .set("Bundle-Version", "1.0.0")
>>>>>>>>>>> + .set("Bundle-Vendor", "Apache")
>>>>>>>>>>> + .build(),
>>>>>>>>>>> + new FileOutputStream(c100));
>>>>>>>>>>> +
>>>>>>>>>>> + c101 = File.createTempFile("karafc",
>> "-101.jar");
>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>> + .set("Bundle-Version", "1.0.1")
>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>> + .build(),
>>>>>>>>>>> + new FileOutputStream(c101));
>>>>>>>>>>> +
>>>>>>>>>>> + c110 = File.createTempFile("karafc",
>> "-110.jar");
>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>> + .set("Bundle-Version", "1.1.0")
>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>> + .build(),
>>>>>>>>>>> + new FileOutputStream(c110));
>>>>>>>>>>> + }
>>>>>>>>>>> +
>>>>>>>>>>> + @Test
>>>>>>>>>>> + public void testDifferentVendors() throws
>> IOException
>>> {
>>>>>>>>>>> + File props = File.createTempFile("karaf",
>>>>> "properties");
>>>>>>>>>>> + Writer w = new FileWriter(props);
>>>>>>>>>>> + w.write(c101.toURI().toString());
>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>> + w.write(c110.toURI().toString());
>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>> + w.close();
>>>>>>>>>>> +
>>>>>>>>>>> + List<BundleInfo> res = Overrides.override(
>>>>>>>>>>> + Arrays.<BundleInfo>asList(new
>>>>>>>>>>> Bundle(c100.toURI().toString())),
>>>>>>>>>>> + props.toURI().toString());
>>>>>>>>>>> + assertNotNull(res);
>>>>>>>>>>> + assertEquals(1, res.size());
>>>>>>>>>>> + BundleInfo out = res.get(0);
>>>>>>>>>>> + assertNotNull(out);
>>>>>>>>>>> + assertEquals(c101.toURI().toString(),
>>>>>> out.getLocation());
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> @Test
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
>>>
>>>>>>> Committer
>>>>>>>> &
>>>>>>>>> Project Lead
>>>>>>>>> OPS4J Pax for Vaadin <
>>>>>>> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>>>>>>>>> Commiter & Project Lead
>>>>>>>>> blog <http://notizblog.nierbeck.de/>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Dan Tran <da...@gmail.com>.
Could you put this in FAQ how to turn off this logger?
-D
On Wed, Feb 12, 2014 at 12:36 PM, Guillaume Nodet <gn...@apache.org> wrote:
> 2014-02-12 21:02 GMT+01:00 Jamie G. <ja...@gmail.com>:
>
> > Those updates are performed as a user console session command - one at a
> > time. An override file could contain many substitutions (bulk operation),
> > as such Karaf here is alerting the user to a change they may not realize
> > has happened.
> >
>
> Well, automation is usually not a bad idea, it's usually faster, more
> reproductible, and safer. But again, you're assuming that if someone makes
> a decision to put a bundle url in that override file, it's different than
> making the decision to update a bundle with the url of that file. I just
> don't get it, but I'll stop arguing and loosing time on a log statement,
> it's not worth it.
>
>
> >
> > Having a switch that may invoke a signed bundle installation only Karaf
> > could be interesting.
> >
> > --jamie
> >
> >
> > On Wed, Feb 12, 2014 at 4:08 PM, Guillaume Nodet <gn...@apache.org>
> > wrote:
> >
> > > 2014-02-12 17:35 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > >
> > > > Changing vendors to me would be something i'd like to be warned
> about.
> > I
> > > > have Apache Camel installed, with XYZ under the hood - lets me know
> > its a
> > > > franken-build. That being said, if i was going to fork and build my
> own
> > > > camel jar to fix a local issue, why would i then need to use the
> > > override,
> > > > i'd just deploy the library, refresh, and carry on (different work
> > flows
> > > > for different folks - I do get that that's simplifying things -
> > generally
> > > > we'd end up with a large list of bundles needing changing and the
> > > override
> > > > would simplify managing that recipe update).
> > > >
> > >
> > > It all depends on the workflow, the number of containers to modify, how
> > > often features are deployed or undeployed, wether the one installing
> > > features is the one that validates them, etc...
> > > At some point, manual intervention can be very painful. So that's
> right,
> > > it's not the usual workflow we've supported so far, but it does not
> mean
> > > it's less secured In all cases, things have to be tested and verified
> > > before put into production.
> > >
> > >
> > > >
> > > > Regardless, I'm open to amending how vendors are handled, if we want
> to
> > > > change the message or scrap it all together. Personally i think
> > something
> > > > should be noted since things are changing (i'd like to know I'm going
> > > from
> > > > Land Rover parts to something made by Ford in my Range Rover).
> > > >
> > >
> > > Or it could be like changing the radio in your car .... ;-)
> > >
> > > What I don't get is why that would be the only place for such a check ?
> > > If we consider that changing the vendor of a bundle is risky, we need
> to
> > > put that check in bundle:update, file install, web console, etc...
> > > You know that you can update camel-core with asm4 by using
> bundle:update,
> > > right ? We don't have any checks here, and that's much more risky than
> > > when you already ensured the symbolic names are the same and version
> > > expected to be compatible.
> > >
> > > If security is really an issue, even if not going as far as using
> signed
> > > bundles, one possible way would be to restrict bundle installation to
> > > trusted bundles. By that, I mean adding a setting which would lead to
> > only
> > > accept externally signed bundles (the *.asc file uploaded to maven
> repo)
> > > and verify them against a trusted key store. I think this would be a
> > good
> > > way to actually address the problem, if we think there's a problem.
> > >
> > > Guillaume
> > >
> > >
> > > >
> > > > As to a global on/off switch for the mechanism that would be a nice
> > > > addition.
> > > >
> > >
> > > Yeah, I can add that, though it's not as if this feature was triggered
> > > automatically, as you have to create this known file, so there's
> always a
> > > conscious decision made at some point.
> > >
> > > Guillaume
> > >
> > >
> > > >
> > > > --Jamie
> > > >
> > > >
> > > > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gnodet@apache.org
> >
> > > > wrote:
> > > >
> > > > > I just think the check is worth nothing. If someone build a
> > > customized
> > > > > version of a bundle (let's say camel), he will usually build by
> > forking
> > > > > from camel, in which case the vendor would still be the same. And
> if
> > > the
> > > > > user wants to make things cleaner and actually change the vendor to
> > > > reflect
> > > > > the fact that it does not come from Apache, then we throw at him a
> > > > WARNING
> > > > > log.
> > > > > Again, I don't think we should assume the user does not know what
> he
> > > > does,
> > > > > I'd rather add a global flag to disable overrides if you think it's
> > > > safer,
> > > > > but the file does not even exist by default, which means the user
> > > > actually
> > > > > know what he is doing...
> > > > >
> > > > >
> > > > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > > > >
> > > > > > My interpretation is that a bundle is being updated by its
> > > maintainer,
> > > > > if a
> > > > > > different group is providing the replacement bundle then Karaf
> > should
> > > > be
> > > > > > making some noise about it as its masquerading as being what was
> > > > > originally
> > > > > > intended by the feature provider. I'm up for different wordings
> > > > however.
> > > > > > What would you suggest?
> > > > > >
> > > > > >
> > > > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
> > gnodet@apache.org
> > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Yes, I was going to add that I had no problems saying a bundle
> > has
> > > > been
> > > > > > > overridden (though not sure if it has to be with a WARNING
> > level).
> > > > > > > It's really the vendor check which I don't get and the log of
> > > > > "Malicious
> > > > > > > code possibly introduced by patch override, see log for
> details".
> > > > > > >
> > > > > > >
> > > > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
> > bcanhome@googlemail.com
> > > >:
> > > > > > >
> > > > > > > > Well, I hope you didn't get distracted by my comment.
> > > > > > > > Though as far as I can see the change only introduced some
> > > logging
> > > > > > > > to let the user know something changed due to adding another
> > > > feature,
> > > > > > > > I think this is a viable solution, especially when looking
> for
> > > > > failures
> > > > > > > > or unintended changes.
> > > > > > > > No?
> > > > > > > >
> > > > > > > >
> > > > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <
> gnodet@apache.org
> > >:
> > > > > > > >
> > > > > > > > > I'm tempted to -1 this change.
> > > > > > > > >
> > > > > > > > > What kind of problems are you trying to solve here ?
> > > > > > > > > Imho, such code is unnecessary because there are many other
> > > ways
> > > > to
> > > > > > > > > introduce so called "malicious" code.
> > > > > > > > > If one wants to be safe, there is already an existing way
> to
> > > > solve
> > > > > > the
> > > > > > > > > problem which is signed bundles.
> > > > > > > > >
> > > > > > > > > Now, an example on how to introduce "malicious" code : if
> > such
> > > a
> > > > > > bundle
> > > > > > > > is
> > > > > > > > > installed first, the features service will think the
> > "correct"
> > > > > bundle
> > > > > > > is
> > > > > > > > > already installed and will not install the "safe" bundle.
> > This
> > > > can
> > > > > > be
> > > > > > > > done
> > > > > > > > > by manually installing the bundle before installing
> features,
> > > or
> > > > by
> > > > > > > > adding
> > > > > > > > > it to the etc/startup.properties.
> > > > > > > > > Another option is just to hack the features file manually
> and
> > > > > change
> > > > > > > the
> > > > > > > > > url of the bundle, it will have exactly the same effect.
> > > > > > > > >
> > > > > > > > > In addition, checking the vendor is not a guarantee, as if
> > > > someone
> > > > > > > wanted
> > > > > > > > > to "fake" a bundle, setting that header is not more
> difficult
> > > > than
> > > > > > > > changing
> > > > > > > > > the symbolic name or version.
> > > > > > > > >
> > > > > > > > > I've had a use case where the user wanted to make sure that
> > no
> > > > > > > > "malicious"
> > > > > > > > > code is introduced or used. In such a case, there is
> already
> > > an
> > > > > > > existing
> > > > > > > > > solution which is fully supported by OSGi (and Karaf) which
> > is
> > > > > signed
> > > > > > > > > bundles. It works well and it's secured. Well, secured to
> > the
> > > > > point
> > > > > > > > that
> > > > > > > > > you control the file system. In all cases, if you don't
> > trust
> > > > the
> > > > > > file
> > > > > > > > > system, there's no possible way to secure the OSGi
> framework
> > > > (just
> > > > > > > > because
> > > > > > > > > classes are read from the file system).
> > > > > > > > >
> > > > > > > > > Last, there is no possible misuse of the overrides really.
> > If
> > > > you
> > > > > > add
> > > > > > > > > random bundles, it will most of the case have no effects,
> or
> > at
> > > > > > least,
> > > > > > > > not
> > > > > > > > > more than if you had installed them manually before. We
> > don't
> > > > add
> > > > > > any
> > > > > > > > > checks in the bundle:update command, so I don't really see
> > why
> > > > we'd
> > > > > > add
> > > > > > > > > those here.
> > > > > > > > >
> > > > > > > > > On a side note, I was wondering about starting a slightly
> > > broader
> > > > > > > > > discussion about patching, which is related to this
> > particular
> > > > > > feature
> > > > > > > > and
> > > > > > > > > I hope to do so this week or the next.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > > > > >
> > > > > > > > > > Updated Branches:
> > > > > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > [KARAF-2753] Logging for override mechanism. Added
> > additional
> > > > > > logging
> > > > > > > > and
> > > > > > > > > > unit test to trigger log events
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Project:
> http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > > > > Commit:
> > > > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > > > > Tree:
> > > > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > > > > Diff:
> > > > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > > > > >
> > > > > > > > > > Branch: refs/heads/master
> > > > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > > > > Parents: d2af093
> > > > > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > > >
> > > > > > > > > >
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > > > > .../karaf/features/internal/Overrides.java | 25
> > > > ++++++++++-
> > > > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > > > > ++++++++++++++++++++
> > > > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > > > > >
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > >
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > > > > diff --git
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > > index 655dfea..8397222 100644
> > > > > > > > > > ---
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > > +++
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > > > > private static final Logger LOGGER =
> > > > > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > > > > >
> > > > > > > > > > private static final String OVERRIDE_RANGE =
> "range";
> > > > > > > > > > + private static final String VENDOR_WARNING =
> > "Malicious
> > > > code
> > > > > > > > > possibly
> > > > > > > > > > introduced by patch override, see log for details";
> > > > > > > > > >
> > > > > > > > > > /**
> > > > > > > > > > * Compute a list of bundles to install, taking into
> > > > account
> > > > > > > > > > overrides.
> > > > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > > > > if (manifest != null) {
> > > > > > > > > > String bsn =
> > > > > getBundleSymbolicName(manifest);
> > > > > > > > > > Version ver =
> > > getBundleVersion(manifest);
> > > > > > > > > > + String ven =
> > getBundleVendor(manifest);
> > > > > > > > > > String url = info.getLocation();
> > > > > > > > > > for (Clause override : overrides) {
> > > > > > > > > > Manifest overMan =
> > > > > > > > > > manifests.get(override.getName());
> > > > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > > > > range =
> > > > > > > > VersionRange.parseVersionRange(vr);
> > > > > > > > > > }
> > > > > > > > > >
> > > > > > > > > > + String vendor =
> > > > > getBundleVendor(overMan);
> > > > > > > > > >
> > > > > > > > > > + // Before we do a replace, lets
> > > check
> > > > if
> > > > > > > > vendors
> > > > > > > > > > change
> > > > > > > > > > + if (ven == null) {
> > > > > > > > > > + if (vendor != null) {
> > > > > > > > > > +
> > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > > + }
> > > > > > > > > > + } else {
> > > > > > > > > > + if (vendor == null) {
> > > > > > > > > > +
> > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > > + } else {
> > > > > > > > > > + if
> > (!vendor.equals(ven)) {
> > > > > > > > > > +
> > > > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > > + }
> > > > > > > > > > + }
> > > > > > > > > > + }
> > > > > > > > > > // The resource matches, so
> > replace
> > > it
> > > > > > with
> > > > > > > > the
> > > > > > > > > > overridden resource
> > > > > > > > > > // if the override is actually a
> > > newer
> > > > > > > version
> > > > > > > > > > than what we currently have
> > > > > > > > > > if (range.contains(ver) &&
> > > > > > > > ver.compareTo(oVer) <
> > > > > > > > > > 0) {
> > > > > > > > > > + LOGGER.info("Overriding
> > original
> > > > > > bundle
> > > > > > > "
> > > > > > > > +
> > > > > > > > > > url + " to " + override.getName());
> > > > > > > > > > ver = oVer;
> > > > > > > > > > url = override.getName();
> > > > > > > > > > }
> > > > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > > > > return bsn;
> > > > > > > > > > }
> > > > > > > > > >
> > > > > > > > > > + private static String getBundleVendor(Manifest
> > > manifest) {
> > > > > > > > > > + String ven =
> > > > > > > > > >
> > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > > > > + return ven;
> > > > > > > > > > + }
> > > > > > > > > > +
> > > > > > > > > > private static Manifest getManifest(String url)
> throws
> > > > > > > > IOException {
> > > > > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > > > > try {
> > > > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > > > > }
> > > > > > > > > > return cs[0].getName();
> > > > > > > > > > }
> > > > > > > > > > -}
> > > > > > > > > > \ No newline at end of file
> > > > > > > > > > +}
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > >
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > > > > diff --git
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > > index 46d163a..79e2015 100644
> > > > > > > > > > ---
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > > +++
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > > > > private File b101;
> > > > > > > > > > private File b102;
> > > > > > > > > > private File b110;
> > > > > > > > > > + private File c100;
> > > > > > > > > > + private File c101;
> > > > > > > > > > + private File c110;
> > > > > > > > > >
> > > > > > > > > > @Before
> > > > > > > > > > public void setUp() throws IOException {
> > > > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > > > > .build(),
> > > > > > > > > > new FileOutputStream(b110));
> > > > > > > > > > +
> > > > > > > > > > + c100 = File.createTempFile("karafc",
> "-100.jar");
> > > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > > > > + .build(),
> > > > > > > > > > + new FileOutputStream(c100));
> > > > > > > > > > +
> > > > > > > > > > + c101 = File.createTempFile("karafc",
> "-101.jar");
> > > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > > > + .build(),
> > > > > > > > > > + new FileOutputStream(c101));
> > > > > > > > > > +
> > > > > > > > > > + c110 = File.createTempFile("karafc",
> "-110.jar");
> > > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > > > + .build(),
> > > > > > > > > > + new FileOutputStream(c110));
> > > > > > > > > > + }
> > > > > > > > > > +
> > > > > > > > > > + @Test
> > > > > > > > > > + public void testDifferentVendors() throws
> IOException
> > {
> > > > > > > > > > + File props = File.createTempFile("karaf",
> > > > "properties");
> > > > > > > > > > + Writer w = new FileWriter(props);
> > > > > > > > > > + w.write(c101.toURI().toString());
> > > > > > > > > > + w.write("\n");
> > > > > > > > > > + w.write(c110.toURI().toString());
> > > > > > > > > > + w.write("\n");
> > > > > > > > > > + w.close();
> > > > > > > > > > +
> > > > > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > > > > + props.toURI().toString());
> > > > > > > > > > + assertNotNull(res);
> > > > > > > > > > + assertEquals(1, res.size());
> > > > > > > > > > + BundleInfo out = res.get(0);
> > > > > > > > > > + assertNotNull(out);
> > > > > > > > > > + assertEquals(c101.toURI().toString(),
> > > > > out.getLocation());
> > > > > > > > > > }
> > > > > > > > > >
> > > > > > > > > > @Test
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
> >
> > > > > > Committer
> > > > > > > &
> > > > > > > > Project Lead
> > > > > > > > OPS4J Pax for Vaadin <
> > > > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > > > > Commiter & Project Lead
> > > > > > > > blog <http://notizblog.nierbeck.de/>
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Guillaume Nodet <gn...@apache.org>.
2014-02-12 21:02 GMT+01:00 Jamie G. <ja...@gmail.com>:
> Those updates are performed as a user console session command - one at a
> time. An override file could contain many substitutions (bulk operation),
> as such Karaf here is alerting the user to a change they may not realize
> has happened.
>
Well, automation is usually not a bad idea, it's usually faster, more
reproductible, and safer. But again, you're assuming that if someone makes
a decision to put a bundle url in that override file, it's different than
making the decision to update a bundle with the url of that file. I just
don't get it, but I'll stop arguing and loosing time on a log statement,
it's not worth it.
>
> Having a switch that may invoke a signed bundle installation only Karaf
> could be interesting.
>
> --jamie
>
>
> On Wed, Feb 12, 2014 at 4:08 PM, Guillaume Nodet <gn...@apache.org>
> wrote:
>
> > 2014-02-12 17:35 GMT+01:00 Jamie G. <ja...@gmail.com>:
> >
> > > Changing vendors to me would be something i'd like to be warned about.
> I
> > > have Apache Camel installed, with XYZ under the hood - lets me know
> its a
> > > franken-build. That being said, if i was going to fork and build my own
> > > camel jar to fix a local issue, why would i then need to use the
> > override,
> > > i'd just deploy the library, refresh, and carry on (different work
> flows
> > > for different folks - I do get that that's simplifying things -
> generally
> > > we'd end up with a large list of bundles needing changing and the
> > override
> > > would simplify managing that recipe update).
> > >
> >
> > It all depends on the workflow, the number of containers to modify, how
> > often features are deployed or undeployed, wether the one installing
> > features is the one that validates them, etc...
> > At some point, manual intervention can be very painful. So that's right,
> > it's not the usual workflow we've supported so far, but it does not mean
> > it's less secured In all cases, things have to be tested and verified
> > before put into production.
> >
> >
> > >
> > > Regardless, I'm open to amending how vendors are handled, if we want to
> > > change the message or scrap it all together. Personally i think
> something
> > > should be noted since things are changing (i'd like to know I'm going
> > from
> > > Land Rover parts to something made by Ford in my Range Rover).
> > >
> >
> > Or it could be like changing the radio in your car .... ;-)
> >
> > What I don't get is why that would be the only place for such a check ?
> > If we consider that changing the vendor of a bundle is risky, we need to
> > put that check in bundle:update, file install, web console, etc...
> > You know that you can update camel-core with asm4 by using bundle:update,
> > right ? We don't have any checks here, and that's much more risky than
> > when you already ensured the symbolic names are the same and version
> > expected to be compatible.
> >
> > If security is really an issue, even if not going as far as using signed
> > bundles, one possible way would be to restrict bundle installation to
> > trusted bundles. By that, I mean adding a setting which would lead to
> only
> > accept externally signed bundles (the *.asc file uploaded to maven repo)
> > and verify them against a trusted key store. I think this would be a
> good
> > way to actually address the problem, if we think there's a problem.
> >
> > Guillaume
> >
> >
> > >
> > > As to a global on/off switch for the mechanism that would be a nice
> > > addition.
> > >
> >
> > Yeah, I can add that, though it's not as if this feature was triggered
> > automatically, as you have to create this known file, so there's always a
> > conscious decision made at some point.
> >
> > Guillaume
> >
> >
> > >
> > > --Jamie
> > >
> > >
> > > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
> > > wrote:
> > >
> > > > I just think the check is worth nothing. If someone build a
> > customized
> > > > version of a bundle (let's say camel), he will usually build by
> forking
> > > > from camel, in which case the vendor would still be the same. And if
> > the
> > > > user wants to make things cleaner and actually change the vendor to
> > > reflect
> > > > the fact that it does not come from Apache, then we throw at him a
> > > WARNING
> > > > log.
> > > > Again, I don't think we should assume the user does not know what he
> > > does,
> > > > I'd rather add a global flag to disable overrides if you think it's
> > > safer,
> > > > but the file does not even exist by default, which means the user
> > > actually
> > > > know what he is doing...
> > > >
> > > >
> > > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > > >
> > > > > My interpretation is that a bundle is being updated by its
> > maintainer,
> > > > if a
> > > > > different group is providing the replacement bundle then Karaf
> should
> > > be
> > > > > making some noise about it as its masquerading as being what was
> > > > originally
> > > > > intended by the feature provider. I'm up for different wordings
> > > however.
> > > > > What would you suggest?
> > > > >
> > > > >
> > > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
> gnodet@apache.org
> > >
> > > > > wrote:
> > > > >
> > > > > > Yes, I was going to add that I had no problems saying a bundle
> has
> > > been
> > > > > > overridden (though not sure if it has to be with a WARNING
> level).
> > > > > > It's really the vendor check which I don't get and the log of
> > > > "Malicious
> > > > > > code possibly introduced by patch override, see log for details".
> > > > > >
> > > > > >
> > > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
> bcanhome@googlemail.com
> > >:
> > > > > >
> > > > > > > Well, I hope you didn't get distracted by my comment.
> > > > > > > Though as far as I can see the change only introduced some
> > logging
> > > > > > > to let the user know something changed due to adding another
> > > feature,
> > > > > > > I think this is a viable solution, especially when looking for
> > > > failures
> > > > > > > or unintended changes.
> > > > > > > No?
> > > > > > >
> > > > > > >
> > > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gnodet@apache.org
> >:
> > > > > > >
> > > > > > > > I'm tempted to -1 this change.
> > > > > > > >
> > > > > > > > What kind of problems are you trying to solve here ?
> > > > > > > > Imho, such code is unnecessary because there are many other
> > ways
> > > to
> > > > > > > > introduce so called "malicious" code.
> > > > > > > > If one wants to be safe, there is already an existing way to
> > > solve
> > > > > the
> > > > > > > > problem which is signed bundles.
> > > > > > > >
> > > > > > > > Now, an example on how to introduce "malicious" code : if
> such
> > a
> > > > > bundle
> > > > > > > is
> > > > > > > > installed first, the features service will think the
> "correct"
> > > > bundle
> > > > > > is
> > > > > > > > already installed and will not install the "safe" bundle.
> This
> > > can
> > > > > be
> > > > > > > done
> > > > > > > > by manually installing the bundle before installing features,
> > or
> > > by
> > > > > > > adding
> > > > > > > > it to the etc/startup.properties.
> > > > > > > > Another option is just to hack the features file manually and
> > > > change
> > > > > > the
> > > > > > > > url of the bundle, it will have exactly the same effect.
> > > > > > > >
> > > > > > > > In addition, checking the vendor is not a guarantee, as if
> > > someone
> > > > > > wanted
> > > > > > > > to "fake" a bundle, setting that header is not more difficult
> > > than
> > > > > > > changing
> > > > > > > > the symbolic name or version.
> > > > > > > >
> > > > > > > > I've had a use case where the user wanted to make sure that
> no
> > > > > > > "malicious"
> > > > > > > > code is introduced or used. In such a case, there is already
> > an
> > > > > > existing
> > > > > > > > solution which is fully supported by OSGi (and Karaf) which
> is
> > > > signed
> > > > > > > > bundles. It works well and it's secured. Well, secured to
> the
> > > > point
> > > > > > > that
> > > > > > > > you control the file system. In all cases, if you don't
> trust
> > > the
> > > > > file
> > > > > > > > system, there's no possible way to secure the OSGi framework
> > > (just
> > > > > > > because
> > > > > > > > classes are read from the file system).
> > > > > > > >
> > > > > > > > Last, there is no possible misuse of the overrides really.
> If
> > > you
> > > > > add
> > > > > > > > random bundles, it will most of the case have no effects, or
> at
> > > > > least,
> > > > > > > not
> > > > > > > > more than if you had installed them manually before. We
> don't
> > > add
> > > > > any
> > > > > > > > checks in the bundle:update command, so I don't really see
> why
> > > we'd
> > > > > add
> > > > > > > > those here.
> > > > > > > >
> > > > > > > > On a side note, I was wondering about starting a slightly
> > broader
> > > > > > > > discussion about patching, which is related to this
> particular
> > > > > feature
> > > > > > > and
> > > > > > > > I hope to do so this week or the next.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > > > >
> > > > > > > > > Updated Branches:
> > > > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > [KARAF-2753] Logging for override mechanism. Added
> additional
> > > > > logging
> > > > > > > and
> > > > > > > > > unit test to trigger log events
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > > > Commit:
> > > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > > > Tree:
> > > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > > > Diff:
> > > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > > > >
> > > > > > > > > Branch: refs/heads/master
> > > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > > > Parents: d2af093
> > > > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > >
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > > .../karaf/features/internal/Overrides.java | 25
> > > ++++++++++-
> > > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > > > ++++++++++++++++++++
> > > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > index 655dfea..8397222 100644
> > > > > > > > > ---
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > +++
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > > > private static final Logger LOGGER =
> > > > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > > > >
> > > > > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > > > > + private static final String VENDOR_WARNING =
> "Malicious
> > > code
> > > > > > > > possibly
> > > > > > > > > introduced by patch override, see log for details";
> > > > > > > > >
> > > > > > > > > /**
> > > > > > > > > * Compute a list of bundles to install, taking into
> > > account
> > > > > > > > > overrides.
> > > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > > > if (manifest != null) {
> > > > > > > > > String bsn =
> > > > getBundleSymbolicName(manifest);
> > > > > > > > > Version ver =
> > getBundleVersion(manifest);
> > > > > > > > > + String ven =
> getBundleVendor(manifest);
> > > > > > > > > String url = info.getLocation();
> > > > > > > > > for (Clause override : overrides) {
> > > > > > > > > Manifest overMan =
> > > > > > > > > manifests.get(override.getName());
> > > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > > > range =
> > > > > > > VersionRange.parseVersionRange(vr);
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > + String vendor =
> > > > getBundleVendor(overMan);
> > > > > > > > >
> > > > > > > > > + // Before we do a replace, lets
> > check
> > > if
> > > > > > > vendors
> > > > > > > > > change
> > > > > > > > > + if (ven == null) {
> > > > > > > > > + if (vendor != null) {
> > > > > > > > > +
> > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > + }
> > > > > > > > > + } else {
> > > > > > > > > + if (vendor == null) {
> > > > > > > > > +
> > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > + } else {
> > > > > > > > > + if
> (!vendor.equals(ven)) {
> > > > > > > > > +
> > > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > + }
> > > > > > > > > + }
> > > > > > > > > + }
> > > > > > > > > // The resource matches, so
> replace
> > it
> > > > > with
> > > > > > > the
> > > > > > > > > overridden resource
> > > > > > > > > // if the override is actually a
> > newer
> > > > > > version
> > > > > > > > > than what we currently have
> > > > > > > > > if (range.contains(ver) &&
> > > > > > > ver.compareTo(oVer) <
> > > > > > > > > 0) {
> > > > > > > > > + LOGGER.info("Overriding
> original
> > > > > bundle
> > > > > > "
> > > > > > > +
> > > > > > > > > url + " to " + override.getName());
> > > > > > > > > ver = oVer;
> > > > > > > > > url = override.getName();
> > > > > > > > > }
> > > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > > > return bsn;
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > + private static String getBundleVendor(Manifest
> > manifest) {
> > > > > > > > > + String ven =
> > > > > > > > >
> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > > > + return ven;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > private static Manifest getManifest(String url) throws
> > > > > > > IOException {
> > > > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > > > try {
> > > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > > > }
> > > > > > > > > return cs[0].getName();
> > > > > > > > > }
> > > > > > > > > -}
> > > > > > > > > \ No newline at end of file
> > > > > > > > > +}
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > index 46d163a..79e2015 100644
> > > > > > > > > ---
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > +++
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > > > private File b101;
> > > > > > > > > private File b102;
> > > > > > > > > private File b110;
> > > > > > > > > + private File c100;
> > > > > > > > > + private File c101;
> > > > > > > > > + private File c110;
> > > > > > > > >
> > > > > > > > > @Before
> > > > > > > > > public void setUp() throws IOException {
> > > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > > > .build(),
> > > > > > > > > new FileOutputStream(b110));
> > > > > > > > > +
> > > > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > > > + .build(),
> > > > > > > > > + new FileOutputStream(c100));
> > > > > > > > > +
> > > > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > > + .build(),
> > > > > > > > > + new FileOutputStream(c101));
> > > > > > > > > +
> > > > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > > + .build(),
> > > > > > > > > + new FileOutputStream(c110));
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + @Test
> > > > > > > > > + public void testDifferentVendors() throws IOException
> {
> > > > > > > > > + File props = File.createTempFile("karaf",
> > > "properties");
> > > > > > > > > + Writer w = new FileWriter(props);
> > > > > > > > > + w.write(c101.toURI().toString());
> > > > > > > > > + w.write("\n");
> > > > > > > > > + w.write(c110.toURI().toString());
> > > > > > > > > + w.write("\n");
> > > > > > > > > + w.close();
> > > > > > > > > +
> > > > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > > > + props.toURI().toString());
> > > > > > > > > + assertNotNull(res);
> > > > > > > > > + assertEquals(1, res.size());
> > > > > > > > > + BundleInfo out = res.get(0);
> > > > > > > > > + assertNotNull(out);
> > > > > > > > > + assertEquals(c101.toURI().toString(),
> > > > out.getLocation());
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > @Test
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > > > > Committer
> > > > > > &
> > > > > > > Project Lead
> > > > > > > OPS4J Pax for Vaadin <
> > > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > > > Commiter & Project Lead
> > > > > > > blog <http://notizblog.nierbeck.de/>
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
Those updates are performed as a user console session command - one at a
time. An override file could contain many substitutions (bulk operation),
as such Karaf here is alerting the user to a change they may not realize
has happened.
Having a switch that may invoke a signed bundle installation only Karaf
could be interesting.
--jamie
On Wed, Feb 12, 2014 at 4:08 PM, Guillaume Nodet <gn...@apache.org> wrote:
> 2014-02-12 17:35 GMT+01:00 Jamie G. <ja...@gmail.com>:
>
> > Changing vendors to me would be something i'd like to be warned about. I
> > have Apache Camel installed, with XYZ under the hood - lets me know its a
> > franken-build. That being said, if i was going to fork and build my own
> > camel jar to fix a local issue, why would i then need to use the
> override,
> > i'd just deploy the library, refresh, and carry on (different work flows
> > for different folks - I do get that that's simplifying things - generally
> > we'd end up with a large list of bundles needing changing and the
> override
> > would simplify managing that recipe update).
> >
>
> It all depends on the workflow, the number of containers to modify, how
> often features are deployed or undeployed, wether the one installing
> features is the one that validates them, etc...
> At some point, manual intervention can be very painful. So that's right,
> it's not the usual workflow we've supported so far, but it does not mean
> it's less secured In all cases, things have to be tested and verified
> before put into production.
>
>
> >
> > Regardless, I'm open to amending how vendors are handled, if we want to
> > change the message or scrap it all together. Personally i think something
> > should be noted since things are changing (i'd like to know I'm going
> from
> > Land Rover parts to something made by Ford in my Range Rover).
> >
>
> Or it could be like changing the radio in your car .... ;-)
>
> What I don't get is why that would be the only place for such a check ?
> If we consider that changing the vendor of a bundle is risky, we need to
> put that check in bundle:update, file install, web console, etc...
> You know that you can update camel-core with asm4 by using bundle:update,
> right ? We don't have any checks here, and that's much more risky than
> when you already ensured the symbolic names are the same and version
> expected to be compatible.
>
> If security is really an issue, even if not going as far as using signed
> bundles, one possible way would be to restrict bundle installation to
> trusted bundles. By that, I mean adding a setting which would lead to only
> accept externally signed bundles (the *.asc file uploaded to maven repo)
> and verify them against a trusted key store. I think this would be a good
> way to actually address the problem, if we think there's a problem.
>
> Guillaume
>
>
> >
> > As to a global on/off switch for the mechanism that would be a nice
> > addition.
> >
>
> Yeah, I can add that, though it's not as if this feature was triggered
> automatically, as you have to create this known file, so there's always a
> conscious decision made at some point.
>
> Guillaume
>
>
> >
> > --Jamie
> >
> >
> > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
> > wrote:
> >
> > > I just think the check is worth nothing. If someone build a
> customized
> > > version of a bundle (let's say camel), he will usually build by forking
> > > from camel, in which case the vendor would still be the same. And if
> the
> > > user wants to make things cleaner and actually change the vendor to
> > reflect
> > > the fact that it does not come from Apache, then we throw at him a
> > WARNING
> > > log.
> > > Again, I don't think we should assume the user does not know what he
> > does,
> > > I'd rather add a global flag to disable overrides if you think it's
> > safer,
> > > but the file does not even exist by default, which means the user
> > actually
> > > know what he is doing...
> > >
> > >
> > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > >
> > > > My interpretation is that a bundle is being updated by its
> maintainer,
> > > if a
> > > > different group is providing the replacement bundle then Karaf should
> > be
> > > > making some noise about it as its masquerading as being what was
> > > originally
> > > > intended by the feature provider. I'm up for different wordings
> > however.
> > > > What would you suggest?
> > > >
> > > >
> > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gnodet@apache.org
> >
> > > > wrote:
> > > >
> > > > > Yes, I was going to add that I had no problems saying a bundle has
> > been
> > > > > overridden (though not sure if it has to be with a WARNING level).
> > > > > It's really the vendor check which I don't get and the log of
> > > "Malicious
> > > > > code possibly introduced by patch override, see log for details".
> > > > >
> > > > >
> > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bcanhome@googlemail.com
> >:
> > > > >
> > > > > > Well, I hope you didn't get distracted by my comment.
> > > > > > Though as far as I can see the change only introduced some
> logging
> > > > > > to let the user know something changed due to adding another
> > feature,
> > > > > > I think this is a viable solution, especially when looking for
> > > failures
> > > > > > or unintended changes.
> > > > > > No?
> > > > > >
> > > > > >
> > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> > > > > >
> > > > > > > I'm tempted to -1 this change.
> > > > > > >
> > > > > > > What kind of problems are you trying to solve here ?
> > > > > > > Imho, such code is unnecessary because there are many other
> ways
> > to
> > > > > > > introduce so called "malicious" code.
> > > > > > > If one wants to be safe, there is already an existing way to
> > solve
> > > > the
> > > > > > > problem which is signed bundles.
> > > > > > >
> > > > > > > Now, an example on how to introduce "malicious" code : if such
> a
> > > > bundle
> > > > > > is
> > > > > > > installed first, the features service will think the "correct"
> > > bundle
> > > > > is
> > > > > > > already installed and will not install the "safe" bundle. This
> > can
> > > > be
> > > > > > done
> > > > > > > by manually installing the bundle before installing features,
> or
> > by
> > > > > > adding
> > > > > > > it to the etc/startup.properties.
> > > > > > > Another option is just to hack the features file manually and
> > > change
> > > > > the
> > > > > > > url of the bundle, it will have exactly the same effect.
> > > > > > >
> > > > > > > In addition, checking the vendor is not a guarantee, as if
> > someone
> > > > > wanted
> > > > > > > to "fake" a bundle, setting that header is not more difficult
> > than
> > > > > > changing
> > > > > > > the symbolic name or version.
> > > > > > >
> > > > > > > I've had a use case where the user wanted to make sure that no
> > > > > > "malicious"
> > > > > > > code is introduced or used. In such a case, there is already
> an
> > > > > existing
> > > > > > > solution which is fully supported by OSGi (and Karaf) which is
> > > signed
> > > > > > > bundles. It works well and it's secured. Well, secured to the
> > > point
> > > > > > that
> > > > > > > you control the file system. In all cases, if you don't trust
> > the
> > > > file
> > > > > > > system, there's no possible way to secure the OSGi framework
> > (just
> > > > > > because
> > > > > > > classes are read from the file system).
> > > > > > >
> > > > > > > Last, there is no possible misuse of the overrides really. If
> > you
> > > > add
> > > > > > > random bundles, it will most of the case have no effects, or at
> > > > least,
> > > > > > not
> > > > > > > more than if you had installed them manually before. We don't
> > add
> > > > any
> > > > > > > checks in the bundle:update command, so I don't really see why
> > we'd
> > > > add
> > > > > > > those here.
> > > > > > >
> > > > > > > On a side note, I was wondering about starting a slightly
> broader
> > > > > > > discussion about patching, which is related to this particular
> > > > feature
> > > > > > and
> > > > > > > I hope to do so this week or the next.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > > >
> > > > > > > > Updated Branches:
> > > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > > >
> > > > > > > >
> > > > > > > > [KARAF-2753] Logging for override mechanism. Added additional
> > > > logging
> > > > > > and
> > > > > > > > unit test to trigger log events
> > > > > > > >
> > > > > > > >
> > > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > > Commit:
> > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > > Tree:
> > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > > Diff:
> > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > > >
> > > > > > > > Branch: refs/heads/master
> > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > > Parents: d2af093
> > > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > >
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > > .../karaf/features/internal/Overrides.java | 25
> > ++++++++++-
> > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > > ++++++++++++++++++++
> > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > > diff --git
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > index 655dfea..8397222 100644
> > > > > > > > ---
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > +++
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > > private static final Logger LOGGER =
> > > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > > >
> > > > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > > > + private static final String VENDOR_WARNING = "Malicious
> > code
> > > > > > > possibly
> > > > > > > > introduced by patch override, see log for details";
> > > > > > > >
> > > > > > > > /**
> > > > > > > > * Compute a list of bundles to install, taking into
> > account
> > > > > > > > overrides.
> > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > > if (manifest != null) {
> > > > > > > > String bsn =
> > > getBundleSymbolicName(manifest);
> > > > > > > > Version ver =
> getBundleVersion(manifest);
> > > > > > > > + String ven = getBundleVendor(manifest);
> > > > > > > > String url = info.getLocation();
> > > > > > > > for (Clause override : overrides) {
> > > > > > > > Manifest overMan =
> > > > > > > > manifests.get(override.getName());
> > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > > range =
> > > > > > VersionRange.parseVersionRange(vr);
> > > > > > > > }
> > > > > > > >
> > > > > > > > + String vendor =
> > > getBundleVendor(overMan);
> > > > > > > >
> > > > > > > > + // Before we do a replace, lets
> check
> > if
> > > > > > vendors
> > > > > > > > change
> > > > > > > > + if (ven == null) {
> > > > > > > > + if (vendor != null) {
> > > > > > > > +
> LOGGER.warn(VENDOR_WARNING);
> > > > > > > > + }
> > > > > > > > + } else {
> > > > > > > > + if (vendor == null) {
> > > > > > > > +
> LOGGER.warn(VENDOR_WARNING);
> > > > > > > > + } else {
> > > > > > > > + if (!vendor.equals(ven)) {
> > > > > > > > +
> > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > + }
> > > > > > > > + }
> > > > > > > > + }
> > > > > > > > // The resource matches, so replace
> it
> > > > with
> > > > > > the
> > > > > > > > overridden resource
> > > > > > > > // if the override is actually a
> newer
> > > > > version
> > > > > > > > than what we currently have
> > > > > > > > if (range.contains(ver) &&
> > > > > > ver.compareTo(oVer) <
> > > > > > > > 0) {
> > > > > > > > + LOGGER.info("Overriding original
> > > > bundle
> > > > > "
> > > > > > +
> > > > > > > > url + " to " + override.getName());
> > > > > > > > ver = oVer;
> > > > > > > > url = override.getName();
> > > > > > > > }
> > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > > return bsn;
> > > > > > > > }
> > > > > > > >
> > > > > > > > + private static String getBundleVendor(Manifest
> manifest) {
> > > > > > > > + String ven =
> > > > > > > >
> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > > + return ven;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > private static Manifest getManifest(String url) throws
> > > > > > IOException {
> > > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > > try {
> > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > > }
> > > > > > > > return cs[0].getName();
> > > > > > > > }
> > > > > > > > -}
> > > > > > > > \ No newline at end of file
> > > > > > > > +}
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > > diff --git
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > index 46d163a..79e2015 100644
> > > > > > > > ---
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > +++
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > > private File b101;
> > > > > > > > private File b102;
> > > > > > > > private File b110;
> > > > > > > > + private File c100;
> > > > > > > > + private File c101;
> > > > > > > > + private File c110;
> > > > > > > >
> > > > > > > > @Before
> > > > > > > > public void setUp() throws IOException {
> > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > > .build(),
> > > > > > > > new FileOutputStream(b110));
> > > > > > > > +
> > > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > > + .build(),
> > > > > > > > + new FileOutputStream(c100));
> > > > > > > > +
> > > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > + .build(),
> > > > > > > > + new FileOutputStream(c101));
> > > > > > > > +
> > > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > + .build(),
> > > > > > > > + new FileOutputStream(c110));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + @Test
> > > > > > > > + public void testDifferentVendors() throws IOException {
> > > > > > > > + File props = File.createTempFile("karaf",
> > "properties");
> > > > > > > > + Writer w = new FileWriter(props);
> > > > > > > > + w.write(c101.toURI().toString());
> > > > > > > > + w.write("\n");
> > > > > > > > + w.write(c110.toURI().toString());
> > > > > > > > + w.write("\n");
> > > > > > > > + w.close();
> > > > > > > > +
> > > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > > + props.toURI().toString());
> > > > > > > > + assertNotNull(res);
> > > > > > > > + assertEquals(1, res.size());
> > > > > > > > + BundleInfo out = res.get(0);
> > > > > > > > + assertNotNull(out);
> > > > > > > > + assertEquals(c101.toURI().toString(),
> > > out.getLocation());
> > > > > > > > }
> > > > > > > >
> > > > > > > > @Test
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > > > Committer
> > > > > &
> > > > > > Project Lead
> > > > > > OPS4J Pax for Vaadin <
> > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > > Commiter & Project Lead
> > > > > > blog <http://notizblog.nierbeck.de/>
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Guillaume Nodet <gn...@apache.org>.
2014-02-12 17:35 GMT+01:00 Jamie G. <ja...@gmail.com>:
> Changing vendors to me would be something i'd like to be warned about. I
> have Apache Camel installed, with XYZ under the hood - lets me know its a
> franken-build. That being said, if i was going to fork and build my own
> camel jar to fix a local issue, why would i then need to use the override,
> i'd just deploy the library, refresh, and carry on (different work flows
> for different folks - I do get that that's simplifying things - generally
> we'd end up with a large list of bundles needing changing and the override
> would simplify managing that recipe update).
>
It all depends on the workflow, the number of containers to modify, how
often features are deployed or undeployed, wether the one installing
features is the one that validates them, etc...
At some point, manual intervention can be very painful. So that's right,
it's not the usual workflow we've supported so far, but it does not mean
it's less secured In all cases, things have to be tested and verified
before put into production.
>
> Regardless, I'm open to amending how vendors are handled, if we want to
> change the message or scrap it all together. Personally i think something
> should be noted since things are changing (i'd like to know I'm going from
> Land Rover parts to something made by Ford in my Range Rover).
>
Or it could be like changing the radio in your car .... ;-)
What I don't get is why that would be the only place for such a check ?
If we consider that changing the vendor of a bundle is risky, we need to
put that check in bundle:update, file install, web console, etc...
You know that you can update camel-core with asm4 by using bundle:update,
right ? We don't have any checks here, and that's much more risky than
when you already ensured the symbolic names are the same and version
expected to be compatible.
If security is really an issue, even if not going as far as using signed
bundles, one possible way would be to restrict bundle installation to
trusted bundles. By that, I mean adding a setting which would lead to only
accept externally signed bundles (the *.asc file uploaded to maven repo)
and verify them against a trusted key store. I think this would be a good
way to actually address the problem, if we think there's a problem.
Guillaume
>
> As to a global on/off switch for the mechanism that would be a nice
> addition.
>
Yeah, I can add that, though it's not as if this feature was triggered
automatically, as you have to create this known file, so there's always a
conscious decision made at some point.
Guillaume
>
> --Jamie
>
>
> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
> wrote:
>
> > I just think the check is worth nothing. If someone build a customized
> > version of a bundle (let's say camel), he will usually build by forking
> > from camel, in which case the vendor would still be the same. And if the
> > user wants to make things cleaner and actually change the vendor to
> reflect
> > the fact that it does not come from Apache, then we throw at him a
> WARNING
> > log.
> > Again, I don't think we should assume the user does not know what he
> does,
> > I'd rather add a global flag to disable overrides if you think it's
> safer,
> > but the file does not even exist by default, which means the user
> actually
> > know what he is doing...
> >
> >
> > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> >
> > > My interpretation is that a bundle is being updated by its maintainer,
> > if a
> > > different group is providing the replacement bundle then Karaf should
> be
> > > making some noise about it as its masquerading as being what was
> > originally
> > > intended by the feature provider. I'm up for different wordings
> however.
> > > What would you suggest?
> > >
> > >
> > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org>
> > > wrote:
> > >
> > > > Yes, I was going to add that I had no problems saying a bundle has
> been
> > > > overridden (though not sure if it has to be with a WARNING level).
> > > > It's really the vendor check which I don't get and the log of
> > "Malicious
> > > > code possibly introduced by patch override, see log for details".
> > > >
> > > >
> > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
> > > >
> > > > > Well, I hope you didn't get distracted by my comment.
> > > > > Though as far as I can see the change only introduced some logging
> > > > > to let the user know something changed due to adding another
> feature,
> > > > > I think this is a viable solution, especially when looking for
> > failures
> > > > > or unintended changes.
> > > > > No?
> > > > >
> > > > >
> > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> > > > >
> > > > > > I'm tempted to -1 this change.
> > > > > >
> > > > > > What kind of problems are you trying to solve here ?
> > > > > > Imho, such code is unnecessary because there are many other ways
> to
> > > > > > introduce so called "malicious" code.
> > > > > > If one wants to be safe, there is already an existing way to
> solve
> > > the
> > > > > > problem which is signed bundles.
> > > > > >
> > > > > > Now, an example on how to introduce "malicious" code : if such a
> > > bundle
> > > > > is
> > > > > > installed first, the features service will think the "correct"
> > bundle
> > > > is
> > > > > > already installed and will not install the "safe" bundle. This
> can
> > > be
> > > > > done
> > > > > > by manually installing the bundle before installing features, or
> by
> > > > > adding
> > > > > > it to the etc/startup.properties.
> > > > > > Another option is just to hack the features file manually and
> > change
> > > > the
> > > > > > url of the bundle, it will have exactly the same effect.
> > > > > >
> > > > > > In addition, checking the vendor is not a guarantee, as if
> someone
> > > > wanted
> > > > > > to "fake" a bundle, setting that header is not more difficult
> than
> > > > > changing
> > > > > > the symbolic name or version.
> > > > > >
> > > > > > I've had a use case where the user wanted to make sure that no
> > > > > "malicious"
> > > > > > code is introduced or used. In such a case, there is already an
> > > > existing
> > > > > > solution which is fully supported by OSGi (and Karaf) which is
> > signed
> > > > > > bundles. It works well and it's secured. Well, secured to the
> > point
> > > > > that
> > > > > > you control the file system. In all cases, if you don't trust
> the
> > > file
> > > > > > system, there's no possible way to secure the OSGi framework
> (just
> > > > > because
> > > > > > classes are read from the file system).
> > > > > >
> > > > > > Last, there is no possible misuse of the overrides really. If
> you
> > > add
> > > > > > random bundles, it will most of the case have no effects, or at
> > > least,
> > > > > not
> > > > > > more than if you had installed them manually before. We don't
> add
> > > any
> > > > > > checks in the bundle:update command, so I don't really see why
> we'd
> > > add
> > > > > > those here.
> > > > > >
> > > > > > On a side note, I was wondering about starting a slightly broader
> > > > > > discussion about patching, which is related to this particular
> > > feature
> > > > > and
> > > > > > I hope to do so this week or the next.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > >
> > > > > > > Updated Branches:
> > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > >
> > > > > > >
> > > > > > > [KARAF-2753] Logging for override mechanism. Added additional
> > > logging
> > > > > and
> > > > > > > unit test to trigger log events
> > > > > > >
> > > > > > >
> > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > Commit:
> > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > Tree:
> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > Diff:
> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > >
> > > > > > > Branch: refs/heads/master
> > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > Parents: d2af093
> > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > >
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > .../karaf/features/internal/Overrides.java | 25
> ++++++++++-
> > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > ++++++++++++++++++++
> > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > diff --git
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > index 655dfea..8397222 100644
> > > > > > > ---
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > +++
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > private static final Logger LOGGER =
> > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > >
> > > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > > + private static final String VENDOR_WARNING = "Malicious
> code
> > > > > > possibly
> > > > > > > introduced by patch override, see log for details";
> > > > > > >
> > > > > > > /**
> > > > > > > * Compute a list of bundles to install, taking into
> account
> > > > > > > overrides.
> > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > if (manifest != null) {
> > > > > > > String bsn =
> > getBundleSymbolicName(manifest);
> > > > > > > Version ver = getBundleVersion(manifest);
> > > > > > > + String ven = getBundleVendor(manifest);
> > > > > > > String url = info.getLocation();
> > > > > > > for (Clause override : overrides) {
> > > > > > > Manifest overMan =
> > > > > > > manifests.get(override.getName());
> > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > range =
> > > > > VersionRange.parseVersionRange(vr);
> > > > > > > }
> > > > > > >
> > > > > > > + String vendor =
> > getBundleVendor(overMan);
> > > > > > >
> > > > > > > + // Before we do a replace, lets check
> if
> > > > > vendors
> > > > > > > change
> > > > > > > + if (ven == null) {
> > > > > > > + if (vendor != null) {
> > > > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > > > + }
> > > > > > > + } else {
> > > > > > > + if (vendor == null) {
> > > > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > > > + } else {
> > > > > > > + if (!vendor.equals(ven)) {
> > > > > > > +
> > LOGGER.warn(VENDOR_WARNING);
> > > > > > > + }
> > > > > > > + }
> > > > > > > + }
> > > > > > > // The resource matches, so replace it
> > > with
> > > > > the
> > > > > > > overridden resource
> > > > > > > // if the override is actually a newer
> > > > version
> > > > > > > than what we currently have
> > > > > > > if (range.contains(ver) &&
> > > > > ver.compareTo(oVer) <
> > > > > > > 0) {
> > > > > > > + LOGGER.info("Overriding original
> > > bundle
> > > > "
> > > > > +
> > > > > > > url + " to " + override.getName());
> > > > > > > ver = oVer;
> > > > > > > url = override.getName();
> > > > > > > }
> > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > return bsn;
> > > > > > > }
> > > > > > >
> > > > > > > + private static String getBundleVendor(Manifest manifest) {
> > > > > > > + String ven =
> > > > > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > + return ven;
> > > > > > > + }
> > > > > > > +
> > > > > > > private static Manifest getManifest(String url) throws
> > > > > IOException {
> > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > try {
> > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > }
> > > > > > > return cs[0].getName();
> > > > > > > }
> > > > > > > -}
> > > > > > > \ No newline at end of file
> > > > > > > +}
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > diff --git
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > index 46d163a..79e2015 100644
> > > > > > > ---
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > +++
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > private File b101;
> > > > > > > private File b102;
> > > > > > > private File b110;
> > > > > > > + private File c100;
> > > > > > > + private File c101;
> > > > > > > + private File c110;
> > > > > > >
> > > > > > > @Before
> > > > > > > public void setUp() throws IOException {
> > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > .build(),
> > > > > > > new FileOutputStream(b110));
> > > > > > > +
> > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > > + copy(TinyBundles.bundle()
> > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > + .build(),
> > > > > > > + new FileOutputStream(c100));
> > > > > > > +
> > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > > + copy(TinyBundles.bundle()
> > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > + .build(),
> > > > > > > + new FileOutputStream(c101));
> > > > > > > +
> > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > > + copy(TinyBundles.bundle()
> > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > + .build(),
> > > > > > > + new FileOutputStream(c110));
> > > > > > > + }
> > > > > > > +
> > > > > > > + @Test
> > > > > > > + public void testDifferentVendors() throws IOException {
> > > > > > > + File props = File.createTempFile("karaf",
> "properties");
> > > > > > > + Writer w = new FileWriter(props);
> > > > > > > + w.write(c101.toURI().toString());
> > > > > > > + w.write("\n");
> > > > > > > + w.write(c110.toURI().toString());
> > > > > > > + w.write("\n");
> > > > > > > + w.close();
> > > > > > > +
> > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > + props.toURI().toString());
> > > > > > > + assertNotNull(res);
> > > > > > > + assertEquals(1, res.size());
> > > > > > > + BundleInfo out = res.get(0);
> > > > > > > + assertNotNull(out);
> > > > > > > + assertEquals(c101.toURI().toString(),
> > out.getLocation());
> > > > > > > }
> > > > > > >
> > > > > > > @Test
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > > Committer
> > > > &
> > > > > Project Lead
> > > > > OPS4J Pax for Vaadin <
> > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > Commiter & Project Lead
> > > > > blog <http://notizblog.nierbeck.de/>
> > > > >
> > > >
> > >
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Claus,
good point, I will do this minor change in Pax URL ;)
Regards
JB
On 02/13/2014 09:57 AM, Claus Ibsen wrote:
> Hi
>
> Talking about wording. It would be lovely if the wording of this WARN
> from pax could be improved as well.
> eg this text
> "This is deprecated & discouraged & just evil."
> maybe tone that down a bit, for example to
> "This is deprecated & discouraged. See more details at TODO link here"
>
>
> This is from Karaf 2.3.3 with Camel.
>
> 2014-02-13 09:55:18,255 | WARN | l Console Thread |
> MavenRepositoryURL | maven.commons.MavenRepositoryURL
> 116 | 1 - org.ops4j.pax.url.mvn - 1.3.6 | Repository spec
> http://scriptengines.googlecode.com/svn/m2-repo/ does not contain an
> identifier. This is deprecated & discouraged & just evil.
> 2014-02-13 09:55:22,551 | WARN | l Console Thread |
> MavenRepositoryURL | maven.commons.MavenRepositoryURL
> 116 | 1 - org.ops4j.pax.url.mvn - 1.3.6 | Repository spec
> http://maven.restlet.org/ does not contain an identifier. This is
> deprecated & discouraged & just evil.
>
> On Wed, Feb 12, 2014 at 6:50 PM, Jon Anstey <ja...@gmail.com> wrote:
>> No need to revert this completely IMO. The wording is too strong though. I
>> know of many companies (can't say names here) that have rebranded
>> customized versions of Karaf that would not be able to ship with a message
>> like that in the logs. Or they would just not be able to use this feature.
>> Looks really bad if your product always spits out that it may have
>> malicious code even if you know you put it there :-)
>>
>>
>> On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com> wrote:
>>
>>> Changing vendors to me would be something i'd like to be warned about. I
>>> have Apache Camel installed, with XYZ under the hood - lets me know its a
>>> franken-build. That being said, if i was going to fork and build my own
>>> camel jar to fix a local issue, why would i then need to use the override,
>>> i'd just deploy the library, refresh, and carry on (different work flows
>>> for different folks - I do get that that's simplifying things - generally
>>> we'd end up with a large list of bundles needing changing and the override
>>> would simplify managing that recipe update).
>>>
>>> Regardless, I'm open to amending how vendors are handled, if we want to
>>> change the message or scrap it all together. Personally i think something
>>> should be noted since things are changing (i'd like to know I'm going from
>>> Land Rover parts to something made by Ford in my Range Rover).
>>>
>>> As to a global on/off switch for the mechanism that would be a nice
>>> addition.
>>>
>>> --Jamie
>>>
>>>
>>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
>>> wrote:
>>>
>>>> I just think the check is worth nothing. If someone build a customized
>>>> version of a bundle (let's say camel), he will usually build by forking
>>>> from camel, in which case the vendor would still be the same. And if the
>>>> user wants to make things cleaner and actually change the vendor to
>>> reflect
>>>> the fact that it does not come from Apache, then we throw at him a
>>> WARNING
>>>> log.
>>>> Again, I don't think we should assume the user does not know what he
>>> does,
>>>> I'd rather add a global flag to disable overrides if you think it's
>>> safer,
>>>> but the file does not even exist by default, which means the user
>>> actually
>>>> know what he is doing...
>>>>
>>>>
>>>> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>
>>>>> My interpretation is that a bundle is being updated by its maintainer,
>>>> if a
>>>>> different group is providing the replacement bundle then Karaf should
>>> be
>>>>> making some noise about it as its masquerading as being what was
>>>> originally
>>>>> intended by the feature provider. I'm up for different wordings
>>> however.
>>>>> What would you suggest?
>>>>>
>>>>>
>>>>> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org>
>>>>> wrote:
>>>>>
>>>>>> Yes, I was going to add that I had no problems saying a bundle has
>>> been
>>>>>> overridden (though not sure if it has to be with a WARNING level).
>>>>>> It's really the vendor check which I don't get and the log of
>>>> "Malicious
>>>>>> code possibly introduced by patch override, see log for details".
>>>>>>
>>>>>>
>>>>>> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
>>>>>>
>>>>>>> Well, I hope you didn't get distracted by my comment.
>>>>>>> Though as far as I can see the change only introduced some logging
>>>>>>> to let the user know something changed due to adding another
>>> feature,
>>>>>>> I think this is a viable solution, especially when looking for
>>>> failures
>>>>>>> or unintended changes.
>>>>>>> No?
>>>>>>>
>>>>>>>
>>>>>>> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
>>>>>>>
>>>>>>>> I'm tempted to -1 this change.
>>>>>>>>
>>>>>>>> What kind of problems are you trying to solve here ?
>>>>>>>> Imho, such code is unnecessary because there are many other ways
>>> to
>>>>>>>> introduce so called "malicious" code.
>>>>>>>> If one wants to be safe, there is already an existing way to
>>> solve
>>>>> the
>>>>>>>> problem which is signed bundles.
>>>>>>>>
>>>>>>>> Now, an example on how to introduce "malicious" code : if such a
>>>>> bundle
>>>>>>> is
>>>>>>>> installed first, the features service will think the "correct"
>>>> bundle
>>>>>> is
>>>>>>>> already installed and will not install the "safe" bundle. This
>>> can
>>>>> be
>>>>>>> done
>>>>>>>> by manually installing the bundle before installing features, or
>>> by
>>>>>>> adding
>>>>>>>> it to the etc/startup.properties.
>>>>>>>> Another option is just to hack the features file manually and
>>>> change
>>>>>> the
>>>>>>>> url of the bundle, it will have exactly the same effect.
>>>>>>>>
>>>>>>>> In addition, checking the vendor is not a guarantee, as if
>>> someone
>>>>>> wanted
>>>>>>>> to "fake" a bundle, setting that header is not more difficult
>>> than
>>>>>>> changing
>>>>>>>> the symbolic name or version.
>>>>>>>>
>>>>>>>> I've had a use case where the user wanted to make sure that no
>>>>>>> "malicious"
>>>>>>>> code is introduced or used. In such a case, there is already an
>>>>>> existing
>>>>>>>> solution which is fully supported by OSGi (and Karaf) which is
>>>> signed
>>>>>>>> bundles. It works well and it's secured. Well, secured to the
>>>> point
>>>>>>> that
>>>>>>>> you control the file system. In all cases, if you don't trust
>>> the
>>>>> file
>>>>>>>> system, there's no possible way to secure the OSGi framework
>>> (just
>>>>>>> because
>>>>>>>> classes are read from the file system).
>>>>>>>>
>>>>>>>> Last, there is no possible misuse of the overrides really. If
>>> you
>>>>> add
>>>>>>>> random bundles, it will most of the case have no effects, or at
>>>>> least,
>>>>>>> not
>>>>>>>> more than if you had installed them manually before. We don't
>>> add
>>>>> any
>>>>>>>> checks in the bundle:update command, so I don't really see why
>>> we'd
>>>>> add
>>>>>>>> those here.
>>>>>>>>
>>>>>>>> On a side note, I was wondering about starting a slightly broader
>>>>>>>> discussion about patching, which is related to this particular
>>>>> feature
>>>>>>> and
>>>>>>>> I hope to do so this week or the next.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>>>>>>>>
>>>>>>>>> Updated Branches:
>>>>>>>>> refs/heads/master d2af093dd -> 36808c560
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> [KARAF-2753] Logging for override mechanism. Added additional
>>>>> logging
>>>>>>> and
>>>>>>>>> unit test to trigger log events
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
>>>>>>>>> Commit:
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>>>>>>>>> Tree:
>>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>>>>>>>>> Diff:
>>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>>>>>>>>>
>>>>>>>>> Branch: refs/heads/master
>>>>>>>>> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>>>>>>>>> Parents: d2af093
>>>>>>>>> Author: jgoodyear <jg...@apache.org>
>>>>>>>>> Authored: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>> Committer: jgoodyear <jg...@apache.org>
>>>>>>>>> Committed: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>> .../karaf/features/internal/Overrides.java | 25
>>> ++++++++++-
>>>>>>>>> .../karaf/features/internal/OverridesTest.java | 47
>>>>>>>> ++++++++++++++++++++
>>>>>>>>> 2 files changed, 71 insertions(+), 1 deletion(-)
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>> diff --git
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>> index 655dfea..8397222 100644
>>>>>>>>> ---
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>> +++
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>> @@ -48,6 +48,7 @@ public class Overrides {
>>>>>>>>> private static final Logger LOGGER =
>>>>>>>>> LoggerFactory.getLogger(Overrides.class);
>>>>>>>>>
>>>>>>>>> private static final String OVERRIDE_RANGE = "range";
>>>>>>>>> + private static final String VENDOR_WARNING = "Malicious
>>> code
>>>>>>>> possibly
>>>>>>>>> introduced by patch override, see log for details";
>>>>>>>>>
>>>>>>>>> /**
>>>>>>>>> * Compute a list of bundles to install, taking into
>>> account
>>>>>>>>> overrides.
>>>>>>>>> @@ -86,6 +87,7 @@ public class Overrides {
>>>>>>>>> if (manifest != null) {
>>>>>>>>> String bsn =
>>>> getBundleSymbolicName(manifest);
>>>>>>>>> Version ver = getBundleVersion(manifest);
>>>>>>>>> + String ven = getBundleVendor(manifest);
>>>>>>>>> String url = info.getLocation();
>>>>>>>>> for (Clause override : overrides) {
>>>>>>>>> Manifest overMan =
>>>>>>>>> manifests.get(override.getName());
>>>>>>>>> @@ -111,10 +113,26 @@ public class Overrides {
>>>>>>>>> range =
>>>>>>> VersionRange.parseVersionRange(vr);
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> + String vendor =
>>>> getBundleVendor(overMan);
>>>>>>>>>
>>>>>>>>> + // Before we do a replace, lets check
>>> if
>>>>>>> vendors
>>>>>>>>> change
>>>>>>>>> + if (ven == null) {
>>>>>>>>> + if (vendor != null) {
>>>>>>>>> + LOGGER.warn(VENDOR_WARNING);
>>>>>>>>> + }
>>>>>>>>> + } else {
>>>>>>>>> + if (vendor == null) {
>>>>>>>>> + LOGGER.warn(VENDOR_WARNING);
>>>>>>>>> + } else {
>>>>>>>>> + if (!vendor.equals(ven)) {
>>>>>>>>> +
>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>> + }
>>>>>>>>> + }
>>>>>>>>> + }
>>>>>>>>> // The resource matches, so replace it
>>>>> with
>>>>>>> the
>>>>>>>>> overridden resource
>>>>>>>>> // if the override is actually a newer
>>>>>> version
>>>>>>>>> than what we currently have
>>>>>>>>> if (range.contains(ver) &&
>>>>>>> ver.compareTo(oVer) <
>>>>>>>>> 0) {
>>>>>>>>> + LOGGER.info("Overriding original
>>>>> bundle
>>>>>> "
>>>>>>> +
>>>>>>>>> url + " to " + override.getName());
>>>>>>>>> ver = oVer;
>>>>>>>>> url = override.getName();
>>>>>>>>> }
>>>>>>>>> @@ -178,6 +196,11 @@ public class Overrides {
>>>>>>>>> return bsn;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> + private static String getBundleVendor(Manifest manifest) {
>>>>>>>>> + String ven =
>>>>>>>>> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
>>>>>>>>> + return ven;
>>>>>>>>> + }
>>>>>>>>> +
>>>>>>>>> private static Manifest getManifest(String url) throws
>>>>>>> IOException {
>>>>>>>>> InputStream is = new URL(url).openStream();
>>>>>>>>> try {
>>>>>>>>> @@ -205,4 +228,4 @@ public class Overrides {
>>>>>>>>> }
>>>>>>>>> return cs[0].getName();
>>>>>>>>> }
>>>>>>>>> -}
>>>>>>>>> \ No newline at end of file
>>>>>>>>> +}
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>> diff --git
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>> index 46d163a..79e2015 100644
>>>>>>>>> ---
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>> +++
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>> @@ -42,6 +42,9 @@ public class OverridesTest {
>>>>>>>>> private File b101;
>>>>>>>>> private File b102;
>>>>>>>>> private File b110;
>>>>>>>>> + private File c100;
>>>>>>>>> + private File c101;
>>>>>>>>> + private File c110;
>>>>>>>>>
>>>>>>>>> @Before
>>>>>>>>> public void setUp() throws IOException {
>>>>>>>>> @@ -72,6 +75,50 @@ public class OverridesTest {
>>>>>>>>> .set("Bundle-Version", "1.1.0")
>>>>>>>>> .build(),
>>>>>>>>> new FileOutputStream(b110));
>>>>>>>>> +
>>>>>>>>> + c100 = File.createTempFile("karafc", "-100.jar");
>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>> + .set("Bundle-Version", "1.0.0")
>>>>>>>>> + .set("Bundle-Vendor", "Apache")
>>>>>>>>> + .build(),
>>>>>>>>> + new FileOutputStream(c100));
>>>>>>>>> +
>>>>>>>>> + c101 = File.createTempFile("karafc", "-101.jar");
>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>> + .set("Bundle-Version", "1.0.1")
>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>> + .build(),
>>>>>>>>> + new FileOutputStream(c101));
>>>>>>>>> +
>>>>>>>>> + c110 = File.createTempFile("karafc", "-110.jar");
>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>> + .set("Bundle-Version", "1.1.0")
>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>> + .build(),
>>>>>>>>> + new FileOutputStream(c110));
>>>>>>>>> + }
>>>>>>>>> +
>>>>>>>>> + @Test
>>>>>>>>> + public void testDifferentVendors() throws IOException {
>>>>>>>>> + File props = File.createTempFile("karaf",
>>> "properties");
>>>>>>>>> + Writer w = new FileWriter(props);
>>>>>>>>> + w.write(c101.toURI().toString());
>>>>>>>>> + w.write("\n");
>>>>>>>>> + w.write(c110.toURI().toString());
>>>>>>>>> + w.write("\n");
>>>>>>>>> + w.close();
>>>>>>>>> +
>>>>>>>>> + List<BundleInfo> res = Overrides.override(
>>>>>>>>> + Arrays.<BundleInfo>asList(new
>>>>>>>>> Bundle(c100.toURI().toString())),
>>>>>>>>> + props.toURI().toString());
>>>>>>>>> + assertNotNull(res);
>>>>>>>>> + assertEquals(1, res.size());
>>>>>>>>> + BundleInfo out = res.get(0);
>>>>>>>>> + assertNotNull(out);
>>>>>>>>> + assertEquals(c101.toURI().toString(),
>>>> out.getLocation());
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> @Test
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>>>>> Committer
>>>>>> &
>>>>>>> Project Lead
>>>>>>> OPS4J Pax for Vaadin <
>>>>> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>>>>>>> Commiter & Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>>
>>
>> --
>> Cheers,
>> Jon
>> ---------------
>> Red Hat, Inc.
>> Email: janstey@redhat.com
>> Web: http://redhat.com
>> Twitter: jon_anstey
>> Blog: http://janstey.blogspot.com
>> Author of Camel in Action: http://manning.com/ibsen
>
>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
Talking about wording. It would be lovely if the wording of this WARN
from pax could be improved as well.
eg this text
"This is deprecated & discouraged & just evil."
maybe tone that down a bit, for example to
"This is deprecated & discouraged. See more details at TODO link here"
This is from Karaf 2.3.3 with Camel.
2014-02-13 09:55:18,255 | WARN | l Console Thread |
MavenRepositoryURL | maven.commons.MavenRepositoryURL
116 | 1 - org.ops4j.pax.url.mvn - 1.3.6 | Repository spec
http://scriptengines.googlecode.com/svn/m2-repo/ does not contain an
identifier. This is deprecated & discouraged & just evil.
2014-02-13 09:55:22,551 | WARN | l Console Thread |
MavenRepositoryURL | maven.commons.MavenRepositoryURL
116 | 1 - org.ops4j.pax.url.mvn - 1.3.6 | Repository spec
http://maven.restlet.org/ does not contain an identifier. This is
deprecated & discouraged & just evil.
On Wed, Feb 12, 2014 at 6:50 PM, Jon Anstey <ja...@gmail.com> wrote:
> No need to revert this completely IMO. The wording is too strong though. I
> know of many companies (can't say names here) that have rebranded
> customized versions of Karaf that would not be able to ship with a message
> like that in the logs. Or they would just not be able to use this feature.
> Looks really bad if your product always spits out that it may have
> malicious code even if you know you put it there :-)
>
>
> On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com> wrote:
>
>> Changing vendors to me would be something i'd like to be warned about. I
>> have Apache Camel installed, with XYZ under the hood - lets me know its a
>> franken-build. That being said, if i was going to fork and build my own
>> camel jar to fix a local issue, why would i then need to use the override,
>> i'd just deploy the library, refresh, and carry on (different work flows
>> for different folks - I do get that that's simplifying things - generally
>> we'd end up with a large list of bundles needing changing and the override
>> would simplify managing that recipe update).
>>
>> Regardless, I'm open to amending how vendors are handled, if we want to
>> change the message or scrap it all together. Personally i think something
>> should be noted since things are changing (i'd like to know I'm going from
>> Land Rover parts to something made by Ford in my Range Rover).
>>
>> As to a global on/off switch for the mechanism that would be a nice
>> addition.
>>
>> --Jamie
>>
>>
>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
>> wrote:
>>
>> > I just think the check is worth nothing. If someone build a customized
>> > version of a bundle (let's say camel), he will usually build by forking
>> > from camel, in which case the vendor would still be the same. And if the
>> > user wants to make things cleaner and actually change the vendor to
>> reflect
>> > the fact that it does not come from Apache, then we throw at him a
>> WARNING
>> > log.
>> > Again, I don't think we should assume the user does not know what he
>> does,
>> > I'd rather add a global flag to disable overrides if you think it's
>> safer,
>> > but the file does not even exist by default, which means the user
>> actually
>> > know what he is doing...
>> >
>> >
>> > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>> >
>> > > My interpretation is that a bundle is being updated by its maintainer,
>> > if a
>> > > different group is providing the replacement bundle then Karaf should
>> be
>> > > making some noise about it as its masquerading as being what was
>> > originally
>> > > intended by the feature provider. I'm up for different wordings
>> however.
>> > > What would you suggest?
>> > >
>> > >
>> > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org>
>> > > wrote:
>> > >
>> > > > Yes, I was going to add that I had no problems saying a bundle has
>> been
>> > > > overridden (though not sure if it has to be with a WARNING level).
>> > > > It's really the vendor check which I don't get and the log of
>> > "Malicious
>> > > > code possibly introduced by patch override, see log for details".
>> > > >
>> > > >
>> > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
>> > > >
>> > > > > Well, I hope you didn't get distracted by my comment.
>> > > > > Though as far as I can see the change only introduced some logging
>> > > > > to let the user know something changed due to adding another
>> feature,
>> > > > > I think this is a viable solution, especially when looking for
>> > failures
>> > > > > or unintended changes.
>> > > > > No?
>> > > > >
>> > > > >
>> > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
>> > > > >
>> > > > > > I'm tempted to -1 this change.
>> > > > > >
>> > > > > > What kind of problems are you trying to solve here ?
>> > > > > > Imho, such code is unnecessary because there are many other ways
>> to
>> > > > > > introduce so called "malicious" code.
>> > > > > > If one wants to be safe, there is already an existing way to
>> solve
>> > > the
>> > > > > > problem which is signed bundles.
>> > > > > >
>> > > > > > Now, an example on how to introduce "malicious" code : if such a
>> > > bundle
>> > > > > is
>> > > > > > installed first, the features service will think the "correct"
>> > bundle
>> > > > is
>> > > > > > already installed and will not install the "safe" bundle. This
>> can
>> > > be
>> > > > > done
>> > > > > > by manually installing the bundle before installing features, or
>> by
>> > > > > adding
>> > > > > > it to the etc/startup.properties.
>> > > > > > Another option is just to hack the features file manually and
>> > change
>> > > > the
>> > > > > > url of the bundle, it will have exactly the same effect.
>> > > > > >
>> > > > > > In addition, checking the vendor is not a guarantee, as if
>> someone
>> > > > wanted
>> > > > > > to "fake" a bundle, setting that header is not more difficult
>> than
>> > > > > changing
>> > > > > > the symbolic name or version.
>> > > > > >
>> > > > > > I've had a use case where the user wanted to make sure that no
>> > > > > "malicious"
>> > > > > > code is introduced or used. In such a case, there is already an
>> > > > existing
>> > > > > > solution which is fully supported by OSGi (and Karaf) which is
>> > signed
>> > > > > > bundles. It works well and it's secured. Well, secured to the
>> > point
>> > > > > that
>> > > > > > you control the file system. In all cases, if you don't trust
>> the
>> > > file
>> > > > > > system, there's no possible way to secure the OSGi framework
>> (just
>> > > > > because
>> > > > > > classes are read from the file system).
>> > > > > >
>> > > > > > Last, there is no possible misuse of the overrides really. If
>> you
>> > > add
>> > > > > > random bundles, it will most of the case have no effects, or at
>> > > least,
>> > > > > not
>> > > > > > more than if you had installed them manually before. We don't
>> add
>> > > any
>> > > > > > checks in the bundle:update command, so I don't really see why
>> we'd
>> > > add
>> > > > > > those here.
>> > > > > >
>> > > > > > On a side note, I was wondering about starting a slightly broader
>> > > > > > discussion about patching, which is related to this particular
>> > > feature
>> > > > > and
>> > > > > > I hope to do so this week or the next.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>> > > > > >
>> > > > > > > Updated Branches:
>> > > > > > > refs/heads/master d2af093dd -> 36808c560
>> > > > > > >
>> > > > > > >
>> > > > > > > [KARAF-2753] Logging for override mechanism. Added additional
>> > > logging
>> > > > > and
>> > > > > > > unit test to trigger log events
>> > > > > > >
>> > > > > > >
>> > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
>> > > > > > > Commit:
>> > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>> > > > > > > Tree:
>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>> > > > > > > Diff:
>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>> > > > > > >
>> > > > > > > Branch: refs/heads/master
>> > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>> > > > > > > Parents: d2af093
>> > > > > > > Author: jgoodyear <jg...@apache.org>
>> > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
>> > > > > > > Committer: jgoodyear <jg...@apache.org>
>> > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
>> > > > > > >
>> > > > > > >
>> > > >
>> ----------------------------------------------------------------------
>> > > > > > > .../karaf/features/internal/Overrides.java | 25
>> ++++++++++-
>> > > > > > > .../karaf/features/internal/OverridesTest.java | 47
>> > > > > > ++++++++++++++++++++
>> > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
>> > > > > > >
>> > > >
>> ----------------------------------------------------------------------
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > >
>> > > >
>> ----------------------------------------------------------------------
>> > > > > > > diff --git
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > index 655dfea..8397222 100644
>> > > > > > > ---
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > +++
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
>> > > > > > > private static final Logger LOGGER =
>> > > > > > > LoggerFactory.getLogger(Overrides.class);
>> > > > > > >
>> > > > > > > private static final String OVERRIDE_RANGE = "range";
>> > > > > > > + private static final String VENDOR_WARNING = "Malicious
>> code
>> > > > > > possibly
>> > > > > > > introduced by patch override, see log for details";
>> > > > > > >
>> > > > > > > /**
>> > > > > > > * Compute a list of bundles to install, taking into
>> account
>> > > > > > > overrides.
>> > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
>> > > > > > > if (manifest != null) {
>> > > > > > > String bsn =
>> > getBundleSymbolicName(manifest);
>> > > > > > > Version ver = getBundleVersion(manifest);
>> > > > > > > + String ven = getBundleVendor(manifest);
>> > > > > > > String url = info.getLocation();
>> > > > > > > for (Clause override : overrides) {
>> > > > > > > Manifest overMan =
>> > > > > > > manifests.get(override.getName());
>> > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
>> > > > > > > range =
>> > > > > VersionRange.parseVersionRange(vr);
>> > > > > > > }
>> > > > > > >
>> > > > > > > + String vendor =
>> > getBundleVendor(overMan);
>> > > > > > >
>> > > > > > > + // Before we do a replace, lets check
>> if
>> > > > > vendors
>> > > > > > > change
>> > > > > > > + if (ven == null) {
>> > > > > > > + if (vendor != null) {
>> > > > > > > + LOGGER.warn(VENDOR_WARNING);
>> > > > > > > + }
>> > > > > > > + } else {
>> > > > > > > + if (vendor == null) {
>> > > > > > > + LOGGER.warn(VENDOR_WARNING);
>> > > > > > > + } else {
>> > > > > > > + if (!vendor.equals(ven)) {
>> > > > > > > +
>> > LOGGER.warn(VENDOR_WARNING);
>> > > > > > > + }
>> > > > > > > + }
>> > > > > > > + }
>> > > > > > > // The resource matches, so replace it
>> > > with
>> > > > > the
>> > > > > > > overridden resource
>> > > > > > > // if the override is actually a newer
>> > > > version
>> > > > > > > than what we currently have
>> > > > > > > if (range.contains(ver) &&
>> > > > > ver.compareTo(oVer) <
>> > > > > > > 0) {
>> > > > > > > + LOGGER.info("Overriding original
>> > > bundle
>> > > > "
>> > > > > +
>> > > > > > > url + " to " + override.getName());
>> > > > > > > ver = oVer;
>> > > > > > > url = override.getName();
>> > > > > > > }
>> > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
>> > > > > > > return bsn;
>> > > > > > > }
>> > > > > > >
>> > > > > > > + private static String getBundleVendor(Manifest manifest) {
>> > > > > > > + String ven =
>> > > > > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
>> > > > > > > + return ven;
>> > > > > > > + }
>> > > > > > > +
>> > > > > > > private static Manifest getManifest(String url) throws
>> > > > > IOException {
>> > > > > > > InputStream is = new URL(url).openStream();
>> > > > > > > try {
>> > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
>> > > > > > > }
>> > > > > > > return cs[0].getName();
>> > > > > > > }
>> > > > > > > -}
>> > > > > > > \ No newline at end of file
>> > > > > > > +}
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > >
>> > > >
>> ----------------------------------------------------------------------
>> > > > > > > diff --git
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > index 46d163a..79e2015 100644
>> > > > > > > ---
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > +++
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
>> > > > > > > private File b101;
>> > > > > > > private File b102;
>> > > > > > > private File b110;
>> > > > > > > + private File c100;
>> > > > > > > + private File c101;
>> > > > > > > + private File c110;
>> > > > > > >
>> > > > > > > @Before
>> > > > > > > public void setUp() throws IOException {
>> > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
>> > > > > > > .set("Bundle-Version", "1.1.0")
>> > > > > > > .build(),
>> > > > > > > new FileOutputStream(b110));
>> > > > > > > +
>> > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
>> > > > > > > + copy(TinyBundles.bundle()
>> > > > > > > + .set("Bundle-SymbolicName", bsn)
>> > > > > > > + .set("Bundle-Version", "1.0.0")
>> > > > > > > + .set("Bundle-Vendor", "Apache")
>> > > > > > > + .build(),
>> > > > > > > + new FileOutputStream(c100));
>> > > > > > > +
>> > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
>> > > > > > > + copy(TinyBundles.bundle()
>> > > > > > > + .set("Bundle-SymbolicName", bsn)
>> > > > > > > + .set("Bundle-Version", "1.0.1")
>> > > > > > > + .set("Bundle-Vendor", "NotApache")
>> > > > > > > + .build(),
>> > > > > > > + new FileOutputStream(c101));
>> > > > > > > +
>> > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
>> > > > > > > + copy(TinyBundles.bundle()
>> > > > > > > + .set("Bundle-SymbolicName", bsn)
>> > > > > > > + .set("Bundle-Version", "1.1.0")
>> > > > > > > + .set("Bundle-Vendor", "NotApache")
>> > > > > > > + .build(),
>> > > > > > > + new FileOutputStream(c110));
>> > > > > > > + }
>> > > > > > > +
>> > > > > > > + @Test
>> > > > > > > + public void testDifferentVendors() throws IOException {
>> > > > > > > + File props = File.createTempFile("karaf",
>> "properties");
>> > > > > > > + Writer w = new FileWriter(props);
>> > > > > > > + w.write(c101.toURI().toString());
>> > > > > > > + w.write("\n");
>> > > > > > > + w.write(c110.toURI().toString());
>> > > > > > > + w.write("\n");
>> > > > > > > + w.close();
>> > > > > > > +
>> > > > > > > + List<BundleInfo> res = Overrides.override(
>> > > > > > > + Arrays.<BundleInfo>asList(new
>> > > > > > > Bundle(c100.toURI().toString())),
>> > > > > > > + props.toURI().toString());
>> > > > > > > + assertNotNull(res);
>> > > > > > > + assertEquals(1, res.size());
>> > > > > > > + BundleInfo out = res.get(0);
>> > > > > > > + assertNotNull(out);
>> > > > > > > + assertEquals(c101.toURI().toString(),
>> > out.getLocation());
>> > > > > > > }
>> > > > > > >
>> > > > > > > @Test
>> > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > >
>> > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> > > Committer
>> > > > &
>> > > > > Project Lead
>> > > > > OPS4J Pax for Vaadin <
>> > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>> > > > > Commiter & Project Lead
>> > > > > blog <http://notizblog.nierbeck.de/>
>> > > > >
>> > > >
>> > >
>> >
>>
>
>
>
> --
> Cheers,
> Jon
> ---------------
> Red Hat, Inc.
> Email: janstey@redhat.com
> Web: http://redhat.com
> Twitter: jon_anstey
> Blog: http://janstey.blogspot.com
> Author of Camel in Action: http://manning.com/ibsen
--
Claus Ibsen
-----------------
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
Make your Camel applications look hawt, try: http://hawt.io
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jon Anstey <ja...@gmail.com>.
Awesome. Thanks!
On Wed, Feb 12, 2014 at 3:46 PM, Jamie G. <ja...@gmail.com> wrote:
> That would be acceptable to me - gives users a head's up that something
> more than a simple minor bump has occurred, and spurs them to action.
>
> --Jamie
>
>
> On Wed, Feb 12, 2014 at 3:44 PM, Jon Anstey <ja...@gmail.com> wrote:
>
> > How about "WARNING: Bundle Vendor for X has changed, please check if this
> > is intentional." where X is the bundle name?
> >
> >
> > On Wed, Feb 12, 2014 at 3:39 PM, Jon Anstey <ja...@gmail.com> wrote:
> >
> > > Yeah, I get that it only pops up when the vendor changes. I was just
> > > concerned about the "malicious" code implication as that would cause
> > alarm
> > > to admins in most deployments.
> > >
> > > BTW its not a problem in the custom Karaf distro that I work on ;-)
> but I
> > > know of other Karaf users that may have this problem...
> > >
> > >
> > > On Wed, Feb 12, 2014 at 3:14 PM, Jamie G. <jamie.goodyear@gmail.com
> > >wrote:
> > >
> > >> To be fare that only happens when vendors switch. Perhaps "WARNING:
> > Bundle
> > >> Vendor has changed, please review your feature, unexpected behaviours
> > may
> > >> occur". Using the car part analogy if my BMW's alternator belt was
> > >> replaced
> > >> with a FIAT part then I'd expect to be told by the mechanic - I have
> an
> > >> expected behaviour from the brand. Note, this does not prevent the
> > >> installation and use of the part, it just makes sure the user is aware
> > of
> > >> the switch.
> > >>
> > >> --Jamie
> > >>
> > >>
> > >> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com>
> wrote:
> > >>
> > >> > No need to revert this completely IMO. The wording is too strong
> > >> though. I
> > >> > know of many companies (can't say names here) that have rebranded
> > >> > customized versions of Karaf that would not be able to ship with a
> > >> message
> > >> > like that in the logs. Or they would just not be able to use this
> > >> feature.
> > >> > Looks really bad if your product always spits out that it may have
> > >> > malicious code even if you know you put it there :-)
> > >> >
> > >> >
> > >> > On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <jamie.goodyear@gmail.com
> >
> > >> > wrote:
> > >> >
> > >> > > Changing vendors to me would be something i'd like to be warned
> > >> about. I
> > >> > > have Apache Camel installed, with XYZ under the hood - lets me
> know
> > >> its a
> > >> > > franken-build. That being said, if i was going to fork and build
> my
> > >> own
> > >> > > camel jar to fix a local issue, why would i then need to use the
> > >> > override,
> > >> > > i'd just deploy the library, refresh, and carry on (different work
> > >> flows
> > >> > > for different folks - I do get that that's simplifying things -
> > >> generally
> > >> > > we'd end up with a large list of bundles needing changing and the
> > >> > override
> > >> > > would simplify managing that recipe update).
> > >> > >
> > >> > > Regardless, I'm open to amending how vendors are handled, if we
> want
> > >> to
> > >> > > change the message or scrap it all together. Personally i think
> > >> something
> > >> > > should be noted since things are changing (i'd like to know I'm
> > going
> > >> > from
> > >> > > Land Rover parts to something made by Ford in my Range Rover).
> > >> > >
> > >> > > As to a global on/off switch for the mechanism that would be a
> nice
> > >> > > addition.
> > >> > >
> > >> > > --Jamie
> > >> > >
> > >> > >
> > >> > > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <
> > gnodet@apache.org>
> > >> > > wrote:
> > >> > >
> > >> > > > I just think the check is worth nothing. If someone build a
> > >> > customized
> > >> > > > version of a bundle (let's say camel), he will usually build by
> > >> forking
> > >> > > > from camel, in which case the vendor would still be the same.
> And
> > >> if
> > >> > the
> > >> > > > user wants to make things cleaner and actually change the vendor
> > to
> > >> > > reflect
> > >> > > > the fact that it does not come from Apache, then we throw at
> him a
> > >> > > WARNING
> > >> > > > log.
> > >> > > > Again, I don't think we should assume the user does not know
> what
> > he
> > >> > > does,
> > >> > > > I'd rather add a global flag to disable overrides if you think
> > it's
> > >> > > safer,
> > >> > > > but the file does not even exist by default, which means the
> user
> > >> > > actually
> > >> > > > know what he is doing...
> > >> > > >
> > >> > > >
> > >> > > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > >> > > >
> > >> > > > > My interpretation is that a bundle is being updated by its
> > >> > maintainer,
> > >> > > > if a
> > >> > > > > different group is providing the replacement bundle then Karaf
> > >> should
> > >> > > be
> > >> > > > > making some noise about it as its masquerading as being what
> was
> > >> > > > originally
> > >> > > > > intended by the feature provider. I'm up for different
> wordings
> > >> > > however.
> > >> > > > > What would you suggest?
> > >> > > > >
> > >> > > > >
> > >> > > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
> > >> gnodet@apache.org
> > >> > >
> > >> > > > > wrote:
> > >> > > > >
> > >> > > > > > Yes, I was going to add that I had no problems saying a
> bundle
> > >> has
> > >> > > been
> > >> > > > > > overridden (though not sure if it has to be with a WARNING
> > >> level).
> > >> > > > > > It's really the vendor check which I don't get and the log
> of
> > >> > > > "Malicious
> > >> > > > > > code possibly introduced by patch override, see log for
> > >> details".
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
> > >> bcanhome@googlemail.com
> > >> > >:
> > >> > > > > >
> > >> > > > > > > Well, I hope you didn't get distracted by my comment.
> > >> > > > > > > Though as far as I can see the change only introduced some
> > >> > logging
> > >> > > > > > > to let the user know something changed due to adding
> another
> > >> > > feature,
> > >> > > > > > > I think this is a viable solution, especially when looking
> > for
> > >> > > > failures
> > >> > > > > > > or unintended changes.
> > >> > > > > > > No?
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <
> > gnodet@apache.org
> > >> >:
> > >> > > > > > >
> > >> > > > > > > > I'm tempted to -1 this change.
> > >> > > > > > > >
> > >> > > > > > > > What kind of problems are you trying to solve here ?
> > >> > > > > > > > Imho, such code is unnecessary because there are many
> > other
> > >> > ways
> > >> > > to
> > >> > > > > > > > introduce so called "malicious" code.
> > >> > > > > > > > If one wants to be safe, there is already an existing
> way
> > to
> > >> > > solve
> > >> > > > > the
> > >> > > > > > > > problem which is signed bundles.
> > >> > > > > > > >
> > >> > > > > > > > Now, an example on how to introduce "malicious" code :
> if
> > >> such
> > >> > a
> > >> > > > > bundle
> > >> > > > > > > is
> > >> > > > > > > > installed first, the features service will think the
> > >> "correct"
> > >> > > > bundle
> > >> > > > > > is
> > >> > > > > > > > already installed and will not install the "safe"
> bundle.
> > >> This
> > >> > > can
> > >> > > > > be
> > >> > > > > > > done
> > >> > > > > > > > by manually installing the bundle before installing
> > >> features,
> > >> > or
> > >> > > by
> > >> > > > > > > adding
> > >> > > > > > > > it to the etc/startup.properties.
> > >> > > > > > > > Another option is just to hack the features file
> manually
> > >> and
> > >> > > > change
> > >> > > > > > the
> > >> > > > > > > > url of the bundle, it will have exactly the same effect.
> > >> > > > > > > >
> > >> > > > > > > > In addition, checking the vendor is not a guarantee, as
> if
> > >> > > someone
> > >> > > > > > wanted
> > >> > > > > > > > to "fake" a bundle, setting that header is not more
> > >> difficult
> > >> > > than
> > >> > > > > > > changing
> > >> > > > > > > > the symbolic name or version.
> > >> > > > > > > >
> > >> > > > > > > > I've had a use case where the user wanted to make sure
> > that
> > >> no
> > >> > > > > > > "malicious"
> > >> > > > > > > > code is introduced or used. In such a case, there is
> > >> already
> > >> > an
> > >> > > > > > existing
> > >> > > > > > > > solution which is fully supported by OSGi (and Karaf)
> > which
> > >> is
> > >> > > > signed
> > >> > > > > > > > bundles. It works well and it's secured. Well, secured
> > to
> > >> the
> > >> > > > point
> > >> > > > > > > that
> > >> > > > > > > > you control the file system. In all cases, if you don't
> > >> trust
> > >> > > the
> > >> > > > > file
> > >> > > > > > > > system, there's no possible way to secure the OSGi
> > framework
> > >> > > (just
> > >> > > > > > > because
> > >> > > > > > > > classes are read from the file system).
> > >> > > > > > > >
> > >> > > > > > > > Last, there is no possible misuse of the overrides
> really.
> > >> If
> > >> > > you
> > >> > > > > add
> > >> > > > > > > > random bundles, it will most of the case have no
> effects,
> > >> or at
> > >> > > > > least,
> > >> > > > > > > not
> > >> > > > > > > > more than if you had installed them manually before. We
> > >> don't
> > >> > > add
> > >> > > > > any
> > >> > > > > > > > checks in the bundle:update command, so I don't really
> see
> > >> why
> > >> > > we'd
> > >> > > > > add
> > >> > > > > > > > those here.
> > >> > > > > > > >
> > >> > > > > > > > On a side note, I was wondering about starting a
> slightly
> > >> > broader
> > >> > > > > > > > discussion about patching, which is related to this
> > >> particular
> > >> > > > > feature
> > >> > > > > > > and
> > >> > > > > > > > I hope to do so this week or the next.
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > >> > > > > > > >
> > >> > > > > > > > > Updated Branches:
> > >> > > > > > > > > refs/heads/master d2af093dd -> 36808c560
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > > > [KARAF-2753] Logging for override mechanism. Added
> > >> additional
> > >> > > > > logging
> > >> > > > > > > and
> > >> > > > > > > > > unit test to trigger log events
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > > > Project:
> > >> http://git-wip-us.apache.org/repos/asf/karaf/repo
> > >> > > > > > > > > Commit:
> > >> > > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > >> > > > > > > > > Tree:
> > >> > > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > >> > > > > > > > > Diff:
> > >> > > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > >> > > > > > > > >
> > >> > > > > > > > > Branch: refs/heads/master
> > >> > > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > >> > > > > > > > > Parents: d2af093
> > >> > > > > > > > > Author: jgoodyear <jg...@apache.org>
> > >> > > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > >> > > > > > > > > Committer: jgoodyear <jg...@apache.org>
> > >> > > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > >
> > >> > >
> > ----------------------------------------------------------------------
> > >> > > > > > > > > .../karaf/features/internal/Overrides.java | 25
> > >> > > ++++++++++-
> > >> > > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > >> > > > > > > > ++++++++++++++++++++
> > >> > > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > >> > > > > > > > >
> > >> > > > > >
> > >> > >
> > ----------------------------------------------------------------------
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >> > > > > > > > >
> > >> > > > > >
> > >> > >
> > ----------------------------------------------------------------------
> > >> > > > > > > > > diff --git
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >> > > > > > > > > index 655dfea..8397222 100644
> > >> > > > > > > > > ---
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >> > > > > > > > > +++
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >> > > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > >> > > > > > > > > private static final Logger LOGGER =
> > >> > > > > > > > > LoggerFactory.getLogger(Overrides.class);
> > >> > > > > > > > >
> > >> > > > > > > > > private static final String OVERRIDE_RANGE =
> > "range";
> > >> > > > > > > > > + private static final String VENDOR_WARNING =
> > >> "Malicious
> > >> > > code
> > >> > > > > > > > possibly
> > >> > > > > > > > > introduced by patch override, see log for details";
> > >> > > > > > > > >
> > >> > > > > > > > > /**
> > >> > > > > > > > > * Compute a list of bundles to install, taking
> > into
> > >> > > account
> > >> > > > > > > > > overrides.
> > >> > > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > >> > > > > > > > > if (manifest != null) {
> > >> > > > > > > > > String bsn =
> > >> > > > getBundleSymbolicName(manifest);
> > >> > > > > > > > > Version ver =
> > >> > getBundleVersion(manifest);
> > >> > > > > > > > > + String ven =
> > >> getBundleVendor(manifest);
> > >> > > > > > > > > String url = info.getLocation();
> > >> > > > > > > > > for (Clause override :
> overrides) {
> > >> > > > > > > > > Manifest overMan =
> > >> > > > > > > > > manifests.get(override.getName());
> > >> > > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > >> > > > > > > > > range =
> > >> > > > > > > VersionRange.parseVersionRange(vr);
> > >> > > > > > > > > }
> > >> > > > > > > > >
> > >> > > > > > > > > + String vendor =
> > >> > > > getBundleVendor(overMan);
> > >> > > > > > > > >
> > >> > > > > > > > > + // Before we do a replace,
> lets
> > >> > check
> > >> > > if
> > >> > > > > > > vendors
> > >> > > > > > > > > change
> > >> > > > > > > > > + if (ven == null) {
> > >> > > > > > > > > + if (vendor != null) {
> > >> > > > > > > > > +
> > >> > LOGGER.warn(VENDOR_WARNING);
> > >> > > > > > > > > + }
> > >> > > > > > > > > + } else {
> > >> > > > > > > > > + if (vendor == null) {
> > >> > > > > > > > > +
> > >> > LOGGER.warn(VENDOR_WARNING);
> > >> > > > > > > > > + } else {
> > >> > > > > > > > > + if
> > >> (!vendor.equals(ven)) {
> > >> > > > > > > > > +
> > >> > > > LOGGER.warn(VENDOR_WARNING);
> > >> > > > > > > > > + }
> > >> > > > > > > > > + }
> > >> > > > > > > > > + }
> > >> > > > > > > > > // The resource matches, so
> > >> replace
> > >> > it
> > >> > > > > with
> > >> > > > > > > the
> > >> > > > > > > > > overridden resource
> > >> > > > > > > > > // if the override is
> actually
> > a
> > >> > newer
> > >> > > > > > version
> > >> > > > > > > > > than what we currently have
> > >> > > > > > > > > if (range.contains(ver) &&
> > >> > > > > > > ver.compareTo(oVer) <
> > >> > > > > > > > > 0) {
> > >> > > > > > > > > + LOGGER.info("Overriding
> > >> original
> > >> > > > > bundle
> > >> > > > > > "
> > >> > > > > > > +
> > >> > > > > > > > > url + " to " + override.getName());
> > >> > > > > > > > > ver = oVer;
> > >> > > > > > > > > url = override.getName();
> > >> > > > > > > > > }
> > >> > > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > >> > > > > > > > > return bsn;
> > >> > > > > > > > > }
> > >> > > > > > > > >
> > >> > > > > > > > > + private static String getBundleVendor(Manifest
> > >> > manifest) {
> > >> > > > > > > > > + String ven =
> > >> > > > > > > > >
> > >> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > >> > > > > > > > > + return ven;
> > >> > > > > > > > > + }
> > >> > > > > > > > > +
> > >> > > > > > > > > private static Manifest getManifest(String url)
> > >> throws
> > >> > > > > > > IOException {
> > >> > > > > > > > > InputStream is = new URL(url).openStream();
> > >> > > > > > > > > try {
> > >> > > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > >> > > > > > > > > }
> > >> > > > > > > > > return cs[0].getName();
> > >> > > > > > > > > }
> > >> > > > > > > > > -}
> > >> > > > > > > > > \ No newline at end of file
> > >> > > > > > > > > +}
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >> > > > > > > > >
> > >> > > > > >
> > >> > >
> > ----------------------------------------------------------------------
> > >> > > > > > > > > diff --git
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >> > > > > > > > > index 46d163a..79e2015 100644
> > >> > > > > > > > > ---
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >> > > > > > > > > +++
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >> > > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > >> > > > > > > > > private File b101;
> > >> > > > > > > > > private File b102;
> > >> > > > > > > > > private File b110;
> > >> > > > > > > > > + private File c100;
> > >> > > > > > > > > + private File c101;
> > >> > > > > > > > > + private File c110;
> > >> > > > > > > > >
> > >> > > > > > > > > @Before
> > >> > > > > > > > > public void setUp() throws IOException {
> > >> > > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > >> > > > > > > > > .set("Bundle-Version", "1.1.0")
> > >> > > > > > > > > .build(),
> > >> > > > > > > > > new FileOutputStream(b110));
> > >> > > > > > > > > +
> > >> > > > > > > > > + c100 = File.createTempFile("karafc",
> > "-100.jar");
> > >> > > > > > > > > + copy(TinyBundles.bundle()
> > >> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > >> > > > > > > > > + .set("Bundle-Version", "1.0.0")
> > >> > > > > > > > > + .set("Bundle-Vendor", "Apache")
> > >> > > > > > > > > + .build(),
> > >> > > > > > > > > + new FileOutputStream(c100));
> > >> > > > > > > > > +
> > >> > > > > > > > > + c101 = File.createTempFile("karafc",
> > "-101.jar");
> > >> > > > > > > > > + copy(TinyBundles.bundle()
> > >> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > >> > > > > > > > > + .set("Bundle-Version", "1.0.1")
> > >> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > >> > > > > > > > > + .build(),
> > >> > > > > > > > > + new FileOutputStream(c101));
> > >> > > > > > > > > +
> > >> > > > > > > > > + c110 = File.createTempFile("karafc",
> > "-110.jar");
> > >> > > > > > > > > + copy(TinyBundles.bundle()
> > >> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > >> > > > > > > > > + .set("Bundle-Version", "1.1.0")
> > >> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > >> > > > > > > > > + .build(),
> > >> > > > > > > > > + new FileOutputStream(c110));
> > >> > > > > > > > > + }
> > >> > > > > > > > > +
> > >> > > > > > > > > + @Test
> > >> > > > > > > > > + public void testDifferentVendors() throws
> > >> IOException {
> > >> > > > > > > > > + File props = File.createTempFile("karaf",
> > >> > > "properties");
> > >> > > > > > > > > + Writer w = new FileWriter(props);
> > >> > > > > > > > > + w.write(c101.toURI().toString());
> > >> > > > > > > > > + w.write("\n");
> > >> > > > > > > > > + w.write(c110.toURI().toString());
> > >> > > > > > > > > + w.write("\n");
> > >> > > > > > > > > + w.close();
> > >> > > > > > > > > +
> > >> > > > > > > > > + List<BundleInfo> res = Overrides.override(
> > >> > > > > > > > > + Arrays.<BundleInfo>asList(new
> > >> > > > > > > > > Bundle(c100.toURI().toString())),
> > >> > > > > > > > > + props.toURI().toString());
> > >> > > > > > > > > + assertNotNull(res);
> > >> > > > > > > > > + assertEquals(1, res.size());
> > >> > > > > > > > > + BundleInfo out = res.get(0);
> > >> > > > > > > > > + assertNotNull(out);
> > >> > > > > > > > > + assertEquals(c101.toURI().toString(),
> > >> > > > out.getLocation());
> > >> > > > > > > > > }
> > >> > > > > > > > >
> > >> > > > > > > > > @Test
> > >> > > > > > > > >
> > >> > > > > > > > >
> > >> > > > > > > >
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > > > --
> > >> > > > > > >
> > >> > > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > >> > > > > > > OPS4J Pax Web <
> > http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > >> > > > > Committer
> > >> > > > > > &
> > >> > > > > > > Project Lead
> > >> > > > > > > OPS4J Pax for Vaadin <
> > >> > > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > >> > > > > > > Commiter & Project Lead
> > >> > > > > > > blog <http://notizblog.nierbeck.de/>
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >> >
> > >> >
> > >> > --
> > >> > Cheers,
> > >> > Jon
> > >> > ---------------
> > >> > Red Hat, Inc.
> > >> > Email: janstey@redhat.com
> > >> > Web: http://redhat.com
> > >> > Twitter: jon_anstey
> > >> > Blog: http://janstey.blogspot.com
> > >> > Author of Camel in Action: http://manning.com/ibsen
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Cheers,
> > > Jon
> > > ---------------
> > > Red Hat, Inc.
> > > Email: janstey@redhat.com
> > > Web: http://redhat.com
> > > Twitter: jon_anstey
> > > Blog: http://janstey.blogspot.com
> > > Author of Camel in Action: http://manning.com/ibsen
> > >
> >
> >
> >
> > --
> > Cheers,
> > Jon
> > ---------------
> > Red Hat, Inc.
> > Email: janstey@redhat.com
> > Web: http://redhat.com
> > Twitter: jon_anstey
> > Blog: http://janstey.blogspot.com
> > Author of Camel in Action: http://manning.com/ibsen
> >
>
--
Cheers,
Jon
---------------
Red Hat, Inc.
Email: janstey@redhat.com
Web: http://redhat.com
Twitter: jon_anstey
Blog: http://janstey.blogspot.com
Author of Camel in Action: http://manning.com/ibsen
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
That would be acceptable to me - gives users a head's up that something
more than a simple minor bump has occurred, and spurs them to action.
--Jamie
On Wed, Feb 12, 2014 at 3:44 PM, Jon Anstey <ja...@gmail.com> wrote:
> How about "WARNING: Bundle Vendor for X has changed, please check if this
> is intentional." where X is the bundle name?
>
>
> On Wed, Feb 12, 2014 at 3:39 PM, Jon Anstey <ja...@gmail.com> wrote:
>
> > Yeah, I get that it only pops up when the vendor changes. I was just
> > concerned about the "malicious" code implication as that would cause
> alarm
> > to admins in most deployments.
> >
> > BTW its not a problem in the custom Karaf distro that I work on ;-) but I
> > know of other Karaf users that may have this problem...
> >
> >
> > On Wed, Feb 12, 2014 at 3:14 PM, Jamie G. <jamie.goodyear@gmail.com
> >wrote:
> >
> >> To be fare that only happens when vendors switch. Perhaps "WARNING:
> Bundle
> >> Vendor has changed, please review your feature, unexpected behaviours
> may
> >> occur". Using the car part analogy if my BMW's alternator belt was
> >> replaced
> >> with a FIAT part then I'd expect to be told by the mechanic - I have an
> >> expected behaviour from the brand. Note, this does not prevent the
> >> installation and use of the part, it just makes sure the user is aware
> of
> >> the switch.
> >>
> >> --Jamie
> >>
> >>
> >> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
> >>
> >> > No need to revert this completely IMO. The wording is too strong
> >> though. I
> >> > know of many companies (can't say names here) that have rebranded
> >> > customized versions of Karaf that would not be able to ship with a
> >> message
> >> > like that in the logs. Or they would just not be able to use this
> >> feature.
> >> > Looks really bad if your product always spits out that it may have
> >> > malicious code even if you know you put it there :-)
> >> >
> >> >
> >> > On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
> >> > wrote:
> >> >
> >> > > Changing vendors to me would be something i'd like to be warned
> >> about. I
> >> > > have Apache Camel installed, with XYZ under the hood - lets me know
> >> its a
> >> > > franken-build. That being said, if i was going to fork and build my
> >> own
> >> > > camel jar to fix a local issue, why would i then need to use the
> >> > override,
> >> > > i'd just deploy the library, refresh, and carry on (different work
> >> flows
> >> > > for different folks - I do get that that's simplifying things -
> >> generally
> >> > > we'd end up with a large list of bundles needing changing and the
> >> > override
> >> > > would simplify managing that recipe update).
> >> > >
> >> > > Regardless, I'm open to amending how vendors are handled, if we want
> >> to
> >> > > change the message or scrap it all together. Personally i think
> >> something
> >> > > should be noted since things are changing (i'd like to know I'm
> going
> >> > from
> >> > > Land Rover parts to something made by Ford in my Range Rover).
> >> > >
> >> > > As to a global on/off switch for the mechanism that would be a nice
> >> > > addition.
> >> > >
> >> > > --Jamie
> >> > >
> >> > >
> >> > > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <
> gnodet@apache.org>
> >> > > wrote:
> >> > >
> >> > > > I just think the check is worth nothing. If someone build a
> >> > customized
> >> > > > version of a bundle (let's say camel), he will usually build by
> >> forking
> >> > > > from camel, in which case the vendor would still be the same. And
> >> if
> >> > the
> >> > > > user wants to make things cleaner and actually change the vendor
> to
> >> > > reflect
> >> > > > the fact that it does not come from Apache, then we throw at him a
> >> > > WARNING
> >> > > > log.
> >> > > > Again, I don't think we should assume the user does not know what
> he
> >> > > does,
> >> > > > I'd rather add a global flag to disable overrides if you think
> it's
> >> > > safer,
> >> > > > but the file does not even exist by default, which means the user
> >> > > actually
> >> > > > know what he is doing...
> >> > > >
> >> > > >
> >> > > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> >> > > >
> >> > > > > My interpretation is that a bundle is being updated by its
> >> > maintainer,
> >> > > > if a
> >> > > > > different group is providing the replacement bundle then Karaf
> >> should
> >> > > be
> >> > > > > making some noise about it as its masquerading as being what was
> >> > > > originally
> >> > > > > intended by the feature provider. I'm up for different wordings
> >> > > however.
> >> > > > > What would you suggest?
> >> > > > >
> >> > > > >
> >> > > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
> >> gnodet@apache.org
> >> > >
> >> > > > > wrote:
> >> > > > >
> >> > > > > > Yes, I was going to add that I had no problems saying a bundle
> >> has
> >> > > been
> >> > > > > > overridden (though not sure if it has to be with a WARNING
> >> level).
> >> > > > > > It's really the vendor check which I don't get and the log of
> >> > > > "Malicious
> >> > > > > > code possibly introduced by patch override, see log for
> >> details".
> >> > > > > >
> >> > > > > >
> >> > > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
> >> bcanhome@googlemail.com
> >> > >:
> >> > > > > >
> >> > > > > > > Well, I hope you didn't get distracted by my comment.
> >> > > > > > > Though as far as I can see the change only introduced some
> >> > logging
> >> > > > > > > to let the user know something changed due to adding another
> >> > > feature,
> >> > > > > > > I think this is a viable solution, especially when looking
> for
> >> > > > failures
> >> > > > > > > or unintended changes.
> >> > > > > > > No?
> >> > > > > > >
> >> > > > > > >
> >> > > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <
> gnodet@apache.org
> >> >:
> >> > > > > > >
> >> > > > > > > > I'm tempted to -1 this change.
> >> > > > > > > >
> >> > > > > > > > What kind of problems are you trying to solve here ?
> >> > > > > > > > Imho, such code is unnecessary because there are many
> other
> >> > ways
> >> > > to
> >> > > > > > > > introduce so called "malicious" code.
> >> > > > > > > > If one wants to be safe, there is already an existing way
> to
> >> > > solve
> >> > > > > the
> >> > > > > > > > problem which is signed bundles.
> >> > > > > > > >
> >> > > > > > > > Now, an example on how to introduce "malicious" code : if
> >> such
> >> > a
> >> > > > > bundle
> >> > > > > > > is
> >> > > > > > > > installed first, the features service will think the
> >> "correct"
> >> > > > bundle
> >> > > > > > is
> >> > > > > > > > already installed and will not install the "safe" bundle.
> >> This
> >> > > can
> >> > > > > be
> >> > > > > > > done
> >> > > > > > > > by manually installing the bundle before installing
> >> features,
> >> > or
> >> > > by
> >> > > > > > > adding
> >> > > > > > > > it to the etc/startup.properties.
> >> > > > > > > > Another option is just to hack the features file manually
> >> and
> >> > > > change
> >> > > > > > the
> >> > > > > > > > url of the bundle, it will have exactly the same effect.
> >> > > > > > > >
> >> > > > > > > > In addition, checking the vendor is not a guarantee, as if
> >> > > someone
> >> > > > > > wanted
> >> > > > > > > > to "fake" a bundle, setting that header is not more
> >> difficult
> >> > > than
> >> > > > > > > changing
> >> > > > > > > > the symbolic name or version.
> >> > > > > > > >
> >> > > > > > > > I've had a use case where the user wanted to make sure
> that
> >> no
> >> > > > > > > "malicious"
> >> > > > > > > > code is introduced or used. In such a case, there is
> >> already
> >> > an
> >> > > > > > existing
> >> > > > > > > > solution which is fully supported by OSGi (and Karaf)
> which
> >> is
> >> > > > signed
> >> > > > > > > > bundles. It works well and it's secured. Well, secured
> to
> >> the
> >> > > > point
> >> > > > > > > that
> >> > > > > > > > you control the file system. In all cases, if you don't
> >> trust
> >> > > the
> >> > > > > file
> >> > > > > > > > system, there's no possible way to secure the OSGi
> framework
> >> > > (just
> >> > > > > > > because
> >> > > > > > > > classes are read from the file system).
> >> > > > > > > >
> >> > > > > > > > Last, there is no possible misuse of the overrides really.
> >> If
> >> > > you
> >> > > > > add
> >> > > > > > > > random bundles, it will most of the case have no effects,
> >> or at
> >> > > > > least,
> >> > > > > > > not
> >> > > > > > > > more than if you had installed them manually before. We
> >> don't
> >> > > add
> >> > > > > any
> >> > > > > > > > checks in the bundle:update command, so I don't really see
> >> why
> >> > > we'd
> >> > > > > add
> >> > > > > > > > those here.
> >> > > > > > > >
> >> > > > > > > > On a side note, I was wondering about starting a slightly
> >> > broader
> >> > > > > > > > discussion about patching, which is related to this
> >> particular
> >> > > > > feature
> >> > > > > > > and
> >> > > > > > > > I hope to do so this week or the next.
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> >> > > > > > > >
> >> > > > > > > > > Updated Branches:
> >> > > > > > > > > refs/heads/master d2af093dd -> 36808c560
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > > > [KARAF-2753] Logging for override mechanism. Added
> >> additional
> >> > > > > logging
> >> > > > > > > and
> >> > > > > > > > > unit test to trigger log events
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > > > Project:
> >> http://git-wip-us.apache.org/repos/asf/karaf/repo
> >> > > > > > > > > Commit:
> >> > > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> >> > > > > > > > > Tree:
> >> > > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> >> > > > > > > > > Diff:
> >> > > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> >> > > > > > > > >
> >> > > > > > > > > Branch: refs/heads/master
> >> > > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> >> > > > > > > > > Parents: d2af093
> >> > > > > > > > > Author: jgoodyear <jg...@apache.org>
> >> > > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> >> > > > > > > > > Committer: jgoodyear <jg...@apache.org>
> >> > > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > >
> >> > >
> ----------------------------------------------------------------------
> >> > > > > > > > > .../karaf/features/internal/Overrides.java | 25
> >> > > ++++++++++-
> >> > > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> >> > > > > > > > ++++++++++++++++++++
> >> > > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> >> > > > > > > > >
> >> > > > > >
> >> > >
> ----------------------------------------------------------------------
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >> > > > > > > > >
> >> > > > > >
> >> > >
> ----------------------------------------------------------------------
> >> > > > > > > > > diff --git
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >> > > > > > > > > index 655dfea..8397222 100644
> >> > > > > > > > > ---
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >> > > > > > > > > +++
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >> > > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> >> > > > > > > > > private static final Logger LOGGER =
> >> > > > > > > > > LoggerFactory.getLogger(Overrides.class);
> >> > > > > > > > >
> >> > > > > > > > > private static final String OVERRIDE_RANGE =
> "range";
> >> > > > > > > > > + private static final String VENDOR_WARNING =
> >> "Malicious
> >> > > code
> >> > > > > > > > possibly
> >> > > > > > > > > introduced by patch override, see log for details";
> >> > > > > > > > >
> >> > > > > > > > > /**
> >> > > > > > > > > * Compute a list of bundles to install, taking
> into
> >> > > account
> >> > > > > > > > > overrides.
> >> > > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> >> > > > > > > > > if (manifest != null) {
> >> > > > > > > > > String bsn =
> >> > > > getBundleSymbolicName(manifest);
> >> > > > > > > > > Version ver =
> >> > getBundleVersion(manifest);
> >> > > > > > > > > + String ven =
> >> getBundleVendor(manifest);
> >> > > > > > > > > String url = info.getLocation();
> >> > > > > > > > > for (Clause override : overrides) {
> >> > > > > > > > > Manifest overMan =
> >> > > > > > > > > manifests.get(override.getName());
> >> > > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> >> > > > > > > > > range =
> >> > > > > > > VersionRange.parseVersionRange(vr);
> >> > > > > > > > > }
> >> > > > > > > > >
> >> > > > > > > > > + String vendor =
> >> > > > getBundleVendor(overMan);
> >> > > > > > > > >
> >> > > > > > > > > + // Before we do a replace, lets
> >> > check
> >> > > if
> >> > > > > > > vendors
> >> > > > > > > > > change
> >> > > > > > > > > + if (ven == null) {
> >> > > > > > > > > + if (vendor != null) {
> >> > > > > > > > > +
> >> > LOGGER.warn(VENDOR_WARNING);
> >> > > > > > > > > + }
> >> > > > > > > > > + } else {
> >> > > > > > > > > + if (vendor == null) {
> >> > > > > > > > > +
> >> > LOGGER.warn(VENDOR_WARNING);
> >> > > > > > > > > + } else {
> >> > > > > > > > > + if
> >> (!vendor.equals(ven)) {
> >> > > > > > > > > +
> >> > > > LOGGER.warn(VENDOR_WARNING);
> >> > > > > > > > > + }
> >> > > > > > > > > + }
> >> > > > > > > > > + }
> >> > > > > > > > > // The resource matches, so
> >> replace
> >> > it
> >> > > > > with
> >> > > > > > > the
> >> > > > > > > > > overridden resource
> >> > > > > > > > > // if the override is actually
> a
> >> > newer
> >> > > > > > version
> >> > > > > > > > > than what we currently have
> >> > > > > > > > > if (range.contains(ver) &&
> >> > > > > > > ver.compareTo(oVer) <
> >> > > > > > > > > 0) {
> >> > > > > > > > > + LOGGER.info("Overriding
> >> original
> >> > > > > bundle
> >> > > > > > "
> >> > > > > > > +
> >> > > > > > > > > url + " to " + override.getName());
> >> > > > > > > > > ver = oVer;
> >> > > > > > > > > url = override.getName();
> >> > > > > > > > > }
> >> > > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> >> > > > > > > > > return bsn;
> >> > > > > > > > > }
> >> > > > > > > > >
> >> > > > > > > > > + private static String getBundleVendor(Manifest
> >> > manifest) {
> >> > > > > > > > > + String ven =
> >> > > > > > > > >
> >> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> >> > > > > > > > > + return ven;
> >> > > > > > > > > + }
> >> > > > > > > > > +
> >> > > > > > > > > private static Manifest getManifest(String url)
> >> throws
> >> > > > > > > IOException {
> >> > > > > > > > > InputStream is = new URL(url).openStream();
> >> > > > > > > > > try {
> >> > > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> >> > > > > > > > > }
> >> > > > > > > > > return cs[0].getName();
> >> > > > > > > > > }
> >> > > > > > > > > -}
> >> > > > > > > > > \ No newline at end of file
> >> > > > > > > > > +}
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >> > > > > > > > >
> >> > > > > >
> >> > >
> ----------------------------------------------------------------------
> >> > > > > > > > > diff --git
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >> > > > > > > > > index 46d163a..79e2015 100644
> >> > > > > > > > > ---
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >> > > > > > > > > +++
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >> > > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> >> > > > > > > > > private File b101;
> >> > > > > > > > > private File b102;
> >> > > > > > > > > private File b110;
> >> > > > > > > > > + private File c100;
> >> > > > > > > > > + private File c101;
> >> > > > > > > > > + private File c110;
> >> > > > > > > > >
> >> > > > > > > > > @Before
> >> > > > > > > > > public void setUp() throws IOException {
> >> > > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> >> > > > > > > > > .set("Bundle-Version", "1.1.0")
> >> > > > > > > > > .build(),
> >> > > > > > > > > new FileOutputStream(b110));
> >> > > > > > > > > +
> >> > > > > > > > > + c100 = File.createTempFile("karafc",
> "-100.jar");
> >> > > > > > > > > + copy(TinyBundles.bundle()
> >> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> >> > > > > > > > > + .set("Bundle-Version", "1.0.0")
> >> > > > > > > > > + .set("Bundle-Vendor", "Apache")
> >> > > > > > > > > + .build(),
> >> > > > > > > > > + new FileOutputStream(c100));
> >> > > > > > > > > +
> >> > > > > > > > > + c101 = File.createTempFile("karafc",
> "-101.jar");
> >> > > > > > > > > + copy(TinyBundles.bundle()
> >> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> >> > > > > > > > > + .set("Bundle-Version", "1.0.1")
> >> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> >> > > > > > > > > + .build(),
> >> > > > > > > > > + new FileOutputStream(c101));
> >> > > > > > > > > +
> >> > > > > > > > > + c110 = File.createTempFile("karafc",
> "-110.jar");
> >> > > > > > > > > + copy(TinyBundles.bundle()
> >> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> >> > > > > > > > > + .set("Bundle-Version", "1.1.0")
> >> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> >> > > > > > > > > + .build(),
> >> > > > > > > > > + new FileOutputStream(c110));
> >> > > > > > > > > + }
> >> > > > > > > > > +
> >> > > > > > > > > + @Test
> >> > > > > > > > > + public void testDifferentVendors() throws
> >> IOException {
> >> > > > > > > > > + File props = File.createTempFile("karaf",
> >> > > "properties");
> >> > > > > > > > > + Writer w = new FileWriter(props);
> >> > > > > > > > > + w.write(c101.toURI().toString());
> >> > > > > > > > > + w.write("\n");
> >> > > > > > > > > + w.write(c110.toURI().toString());
> >> > > > > > > > > + w.write("\n");
> >> > > > > > > > > + w.close();
> >> > > > > > > > > +
> >> > > > > > > > > + List<BundleInfo> res = Overrides.override(
> >> > > > > > > > > + Arrays.<BundleInfo>asList(new
> >> > > > > > > > > Bundle(c100.toURI().toString())),
> >> > > > > > > > > + props.toURI().toString());
> >> > > > > > > > > + assertNotNull(res);
> >> > > > > > > > > + assertEquals(1, res.size());
> >> > > > > > > > > + BundleInfo out = res.get(0);
> >> > > > > > > > > + assertNotNull(out);
> >> > > > > > > > > + assertEquals(c101.toURI().toString(),
> >> > > > out.getLocation());
> >> > > > > > > > > }
> >> > > > > > > > >
> >> > > > > > > > > @Test
> >> > > > > > > > >
> >> > > > > > > > >
> >> > > > > > > >
> >> > > > > > >
> >> > > > > > >
> >> > > > > > >
> >> > > > > > > --
> >> > > > > > >
> >> > > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >> > > > > > > OPS4J Pax Web <
> http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> > > > > Committer
> >> > > > > > &
> >> > > > > > > Project Lead
> >> > > > > > > OPS4J Pax for Vaadin <
> >> > > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> >> > > > > > > Commiter & Project Lead
> >> > > > > > > blog <http://notizblog.nierbeck.de/>
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > Cheers,
> >> > Jon
> >> > ---------------
> >> > Red Hat, Inc.
> >> > Email: janstey@redhat.com
> >> > Web: http://redhat.com
> >> > Twitter: jon_anstey
> >> > Blog: http://janstey.blogspot.com
> >> > Author of Camel in Action: http://manning.com/ibsen
> >> >
> >>
> >
> >
> >
> > --
> > Cheers,
> > Jon
> > ---------------
> > Red Hat, Inc.
> > Email: janstey@redhat.com
> > Web: http://redhat.com
> > Twitter: jon_anstey
> > Blog: http://janstey.blogspot.com
> > Author of Camel in Action: http://manning.com/ibsen
> >
>
>
>
> --
> Cheers,
> Jon
> ---------------
> Red Hat, Inc.
> Email: janstey@redhat.com
> Web: http://redhat.com
> Twitter: jon_anstey
> Blog: http://janstey.blogspot.com
> Author of Camel in Action: http://manning.com/ibsen
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
Change applied.
--jamie
On Wed, Feb 12, 2014 at 3:59 PM, Jean-Baptiste Onofré <jb...@nanthrax.net>wrote:
> +1
>
> good idea.
>
> Regards
> JB
>
>
> On 02/12/2014 08:14 PM, Jon Anstey wrote:
>
>> How about "WARNING: Bundle Vendor for X has changed, please check if this
>> is intentional." where X is the bundle name?
>>
>>
>> On Wed, Feb 12, 2014 at 3:39 PM, Jon Anstey <ja...@gmail.com> wrote:
>>
>> Yeah, I get that it only pops up when the vendor changes. I was just
>>> concerned about the "malicious" code implication as that would cause
>>> alarm
>>> to admins in most deployments.
>>>
>>> BTW its not a problem in the custom Karaf distro that I work on ;-) but I
>>> know of other Karaf users that may have this problem...
>>>
>>>
>>> On Wed, Feb 12, 2014 at 3:14 PM, Jamie G. <ja...@gmail.com>
>>> wrote:
>>>
>>> To be fare that only happens when vendors switch. Perhaps "WARNING:
>>>> Bundle
>>>> Vendor has changed, please review your feature, unexpected behaviours
>>>> may
>>>> occur". Using the car part analogy if my BMW's alternator belt was
>>>> replaced
>>>> with a FIAT part then I'd expect to be told by the mechanic - I have an
>>>> expected behaviour from the brand. Note, this does not prevent the
>>>> installation and use of the part, it just makes sure the user is aware
>>>> of
>>>> the switch.
>>>>
>>>> --Jamie
>>>>
>>>>
>>>> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
>>>>
>>>> No need to revert this completely IMO. The wording is too strong
>>>>>
>>>> though. I
>>>>
>>>>> know of many companies (can't say names here) that have rebranded
>>>>> customized versions of Karaf that would not be able to ship with a
>>>>>
>>>> message
>>>>
>>>>> like that in the logs. Or they would just not be able to use this
>>>>>
>>>> feature.
>>>>
>>>>> Looks really bad if your product always spits out that it may have
>>>>> malicious code even if you know you put it there :-)
>>>>>
>>>>>
>>>>> On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Changing vendors to me would be something i'd like to be warned
>>>>>>
>>>>> about. I
>>>>
>>>>> have Apache Camel installed, with XYZ under the hood - lets me know
>>>>>>
>>>>> its a
>>>>
>>>>> franken-build. That being said, if i was going to fork and build my
>>>>>>
>>>>> own
>>>>
>>>>> camel jar to fix a local issue, why would i then need to use the
>>>>>>
>>>>> override,
>>>>>
>>>>>> i'd just deploy the library, refresh, and carry on (different work
>>>>>>
>>>>> flows
>>>>
>>>>> for different folks - I do get that that's simplifying things -
>>>>>>
>>>>> generally
>>>>
>>>>> we'd end up with a large list of bundles needing changing and the
>>>>>>
>>>>> override
>>>>>
>>>>>> would simplify managing that recipe update).
>>>>>>
>>>>>> Regardless, I'm open to amending how vendors are handled, if we want
>>>>>>
>>>>> to
>>>>
>>>>> change the message or scrap it all together. Personally i think
>>>>>>
>>>>> something
>>>>
>>>>> should be noted since things are changing (i'd like to know I'm going
>>>>>>
>>>>> from
>>>>>
>>>>>> Land Rover parts to something made by Ford in my Range Rover).
>>>>>>
>>>>>> As to a global on/off switch for the mechanism that would be a nice
>>>>>> addition.
>>>>>>
>>>>>> --Jamie
>>>>>>
>>>>>>
>>>>>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
>>>>>> wrote:
>>>>>>
>>>>>> I just think the check is worth nothing. If someone build a
>>>>>>>
>>>>>> customized
>>>>>
>>>>>> version of a bundle (let's say camel), he will usually build by
>>>>>>>
>>>>>> forking
>>>>
>>>>> from camel, in which case the vendor would still be the same. And
>>>>>>>
>>>>>> if
>>>>
>>>>> the
>>>>>
>>>>>> user wants to make things cleaner and actually change the vendor to
>>>>>>>
>>>>>> reflect
>>>>>>
>>>>>>> the fact that it does not come from Apache, then we throw at him a
>>>>>>>
>>>>>> WARNING
>>>>>>
>>>>>>> log.
>>>>>>> Again, I don't think we should assume the user does not know what he
>>>>>>>
>>>>>> does,
>>>>>>
>>>>>>> I'd rather add a global flag to disable overrides if you think it's
>>>>>>>
>>>>>> safer,
>>>>>>
>>>>>>> but the file does not even exist by default, which means the user
>>>>>>>
>>>>>> actually
>>>>>>
>>>>>>> know what he is doing...
>>>>>>>
>>>>>>>
>>>>>>> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>>>>
>>>>>>> My interpretation is that a bundle is being updated by its
>>>>>>>>
>>>>>>> maintainer,
>>>>>
>>>>>> if a
>>>>>>>
>>>>>>>> different group is providing the replacement bundle then Karaf
>>>>>>>>
>>>>>>> should
>>>>
>>>>> be
>>>>>>
>>>>>>> making some noise about it as its masquerading as being what was
>>>>>>>>
>>>>>>> originally
>>>>>>>
>>>>>>>> intended by the feature provider. I'm up for different wordings
>>>>>>>>
>>>>>>> however.
>>>>>>
>>>>>>> What would you suggest?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
>>>>>>>>
>>>>>>> gnodet@apache.org
>>>>
>>>>>
>>>>>> wrote:
>>>>>>>>
>>>>>>>> Yes, I was going to add that I had no problems saying a bundle
>>>>>>>>>
>>>>>>>> has
>>>>
>>>>> been
>>>>>>
>>>>>>> overridden (though not sure if it has to be with a WARNING
>>>>>>>>>
>>>>>>>> level).
>>>>
>>>>> It's really the vendor check which I don't get and the log of
>>>>>>>>>
>>>>>>>> "Malicious
>>>>>>>
>>>>>>>> code possibly introduced by patch override, see log for
>>>>>>>>>
>>>>>>>> details".
>>>>
>>>>>
>>>>>>>>>
>>>>>>>>> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
>>>>>>>>>
>>>>>>>> bcanhome@googlemail.com
>>>>
>>>>> :
>>>>>>
>>>>>>>
>>>>>>>>> Well, I hope you didn't get distracted by my comment.
>>>>>>>>>> Though as far as I can see the change only introduced some
>>>>>>>>>>
>>>>>>>>> logging
>>>>>
>>>>>> to let the user know something changed due to adding another
>>>>>>>>>>
>>>>>>>>> feature,
>>>>>>
>>>>>>> I think this is a viable solution, especially when looking for
>>>>>>>>>>
>>>>>>>>> failures
>>>>>>>
>>>>>>>> or unintended changes.
>>>>>>>>>> No?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gnodet@apache.org
>>>>>>>>>>
>>>>>>>>> :
>>>>>
>>>>>>
>>>>>>>>>> I'm tempted to -1 this change.
>>>>>>>>>>>
>>>>>>>>>>> What kind of problems are you trying to solve here ?
>>>>>>>>>>> Imho, such code is unnecessary because there are many other
>>>>>>>>>>>
>>>>>>>>>> ways
>>>>>
>>>>>> to
>>>>>>
>>>>>>> introduce so called "malicious" code.
>>>>>>>>>>> If one wants to be safe, there is already an existing way to
>>>>>>>>>>>
>>>>>>>>>> solve
>>>>>>
>>>>>>> the
>>>>>>>>
>>>>>>>>> problem which is signed bundles.
>>>>>>>>>>>
>>>>>>>>>>> Now, an example on how to introduce "malicious" code : if
>>>>>>>>>>>
>>>>>>>>>> such
>>>>
>>>>> a
>>>>>
>>>>>> bundle
>>>>>>>>
>>>>>>>>> is
>>>>>>>>>>
>>>>>>>>>>> installed first, the features service will think the
>>>>>>>>>>>
>>>>>>>>>> "correct"
>>>>
>>>>> bundle
>>>>>>>
>>>>>>>> is
>>>>>>>>>
>>>>>>>>>> already installed and will not install the "safe" bundle.
>>>>>>>>>>>
>>>>>>>>>> This
>>>>
>>>>> can
>>>>>>
>>>>>>> be
>>>>>>>>
>>>>>>>>> done
>>>>>>>>>>
>>>>>>>>>>> by manually installing the bundle before installing
>>>>>>>>>>>
>>>>>>>>>> features,
>>>>
>>>>> or
>>>>>
>>>>>> by
>>>>>>
>>>>>>> adding
>>>>>>>>>>
>>>>>>>>>>> it to the etc/startup.properties.
>>>>>>>>>>> Another option is just to hack the features file manually
>>>>>>>>>>>
>>>>>>>>>> and
>>>>
>>>>> change
>>>>>>>
>>>>>>>> the
>>>>>>>>>
>>>>>>>>>> url of the bundle, it will have exactly the same effect.
>>>>>>>>>>>
>>>>>>>>>>> In addition, checking the vendor is not a guarantee, as if
>>>>>>>>>>>
>>>>>>>>>> someone
>>>>>>
>>>>>>> wanted
>>>>>>>>>
>>>>>>>>>> to "fake" a bundle, setting that header is not more
>>>>>>>>>>>
>>>>>>>>>> difficult
>>>>
>>>>> than
>>>>>>
>>>>>>> changing
>>>>>>>>>>
>>>>>>>>>>> the symbolic name or version.
>>>>>>>>>>>
>>>>>>>>>>> I've had a use case where the user wanted to make sure that
>>>>>>>>>>>
>>>>>>>>>> no
>>>>
>>>>> "malicious"
>>>>>>>>>>
>>>>>>>>>>> code is introduced or used. In such a case, there is
>>>>>>>>>>>
>>>>>>>>>> already
>>>>
>>>>> an
>>>>>
>>>>>> existing
>>>>>>>>>
>>>>>>>>>> solution which is fully supported by OSGi (and Karaf) which
>>>>>>>>>>>
>>>>>>>>>> is
>>>>
>>>>> signed
>>>>>>>
>>>>>>>> bundles. It works well and it's secured. Well, secured to
>>>>>>>>>>>
>>>>>>>>>> the
>>>>
>>>>> point
>>>>>>>
>>>>>>>> that
>>>>>>>>>>
>>>>>>>>>>> you control the file system. In all cases, if you don't
>>>>>>>>>>>
>>>>>>>>>> trust
>>>>
>>>>> the
>>>>>>
>>>>>>> file
>>>>>>>>
>>>>>>>>> system, there's no possible way to secure the OSGi framework
>>>>>>>>>>>
>>>>>>>>>> (just
>>>>>>
>>>>>>> because
>>>>>>>>>>
>>>>>>>>>>> classes are read from the file system).
>>>>>>>>>>>
>>>>>>>>>>> Last, there is no possible misuse of the overrides really.
>>>>>>>>>>>
>>>>>>>>>> If
>>>>
>>>>> you
>>>>>>
>>>>>>> add
>>>>>>>>
>>>>>>>>> random bundles, it will most of the case have no effects,
>>>>>>>>>>>
>>>>>>>>>> or at
>>>>
>>>>> least,
>>>>>>>>
>>>>>>>>> not
>>>>>>>>>>
>>>>>>>>>>> more than if you had installed them manually before. We
>>>>>>>>>>>
>>>>>>>>>> don't
>>>>
>>>>> add
>>>>>>
>>>>>>> any
>>>>>>>>
>>>>>>>>> checks in the bundle:update command, so I don't really see
>>>>>>>>>>>
>>>>>>>>>> why
>>>>
>>>>> we'd
>>>>>>
>>>>>>> add
>>>>>>>>
>>>>>>>>> those here.
>>>>>>>>>>>
>>>>>>>>>>> On a side note, I was wondering about starting a slightly
>>>>>>>>>>>
>>>>>>>>>> broader
>>>>>
>>>>>> discussion about patching, which is related to this
>>>>>>>>>>>
>>>>>>>>>> particular
>>>>
>>>>> feature
>>>>>>>>
>>>>>>>>> and
>>>>>>>>>>
>>>>>>>>>>> I hope to do so this week or the next.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>>>>>>>>>>>
>>>>>>>>>>> Updated Branches:
>>>>>>>>>>>> refs/heads/master d2af093dd -> 36808c560
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> [KARAF-2753] Logging for override mechanism. Added
>>>>>>>>>>>>
>>>>>>>>>>> additional
>>>>
>>>>> logging
>>>>>>>>
>>>>>>>>> and
>>>>>>>>>>
>>>>>>>>>>> unit test to trigger log events
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Project:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/repo
>>>>
>>>>> Commit:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>>>>>>>>
>>>>>>>>> Tree:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>>>>>>
>>>>>>> Diff:
>>>>>>>>>>>>
>>>>>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>>>>>>
>>>>>>>
>>>>>>>>>>>> Branch: refs/heads/master
>>>>>>>>>>>> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>>>>>>>>>>>> Parents: d2af093
>>>>>>>>>>>> Author: jgoodyear <jg...@apache.org>
>>>>>>>>>>>> Authored: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>>> Committer: jgoodyear <jg...@apache.org>
>>>>>>>>>>>> Committed: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------
>>>>>> ----------
>>>>>>
>>>>>>> .../karaf/features/internal/Overrides.java | 25
>>>>>>>>>>>>
>>>>>>>>>>> ++++++++++-
>>>>>>
>>>>>>> .../karaf/features/internal/OverridesTest.java | 47
>>>>>>>>>>>>
>>>>>>>>>>> ++++++++++++++++++++
>>>>>>>>>>>
>>>>>>>>>>>> 2 files changed, 71 insertions(+), 1 deletion(-)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------
>>>>>> ----------
>>>>>>
>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/
>>>> features/core/src/main/java/org/apache/karaf/features/
>>>> internal/Overrides.java
>>>>
>>>>>
>>>>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------
>>>>>> ----------
>>>>>>
>>>>>>> diff --git
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> a/features/core/src/main/java/org/apache/karaf/features/
>>>> internal/Overrides.java
>>>>
>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> b/features/core/src/main/java/org/apache/karaf/features/
>>>> internal/Overrides.java
>>>>
>>>>> index 655dfea..8397222 100644
>>>>>>>>>>>> ---
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> a/features/core/src/main/java/org/apache/karaf/features/
>>>> internal/Overrides.java
>>>>
>>>>> +++
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> b/features/core/src/main/java/org/apache/karaf/features/
>>>> internal/Overrides.java
>>>>
>>>>> @@ -48,6 +48,7 @@ public class Overrides {
>>>>>>>>>>>> private static final Logger LOGGER =
>>>>>>>>>>>> LoggerFactory.getLogger(Overrides.class);
>>>>>>>>>>>>
>>>>>>>>>>>> private static final String OVERRIDE_RANGE = "range";
>>>>>>>>>>>> + private static final String VENDOR_WARNING =
>>>>>>>>>>>>
>>>>>>>>>>> "Malicious
>>>>
>>>>> code
>>>>>>
>>>>>>> possibly
>>>>>>>>>>>
>>>>>>>>>>>> introduced by patch override, see log for details";
>>>>>>>>>>>>
>>>>>>>>>>>> /**
>>>>>>>>>>>> * Compute a list of bundles to install, taking into
>>>>>>>>>>>>
>>>>>>>>>>> account
>>>>>>
>>>>>>> overrides.
>>>>>>>>>>>> @@ -86,6 +87,7 @@ public class Overrides {
>>>>>>>>>>>> if (manifest != null) {
>>>>>>>>>>>> String bsn =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleSymbolicName(manifest);
>>>>>>>
>>>>>>>> Version ver =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleVersion(manifest);
>>>>>
>>>>>> + String ven =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleVendor(manifest);
>>>>
>>>>> String url = info.getLocation();
>>>>>>>>>>>> for (Clause override : overrides) {
>>>>>>>>>>>> Manifest overMan =
>>>>>>>>>>>> manifests.get(override.getName());
>>>>>>>>>>>> @@ -111,10 +113,26 @@ public class Overrides {
>>>>>>>>>>>> range =
>>>>>>>>>>>>
>>>>>>>>>>> VersionRange.parseVersionRange(vr);
>>>>>>>>>>
>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> + String vendor =
>>>>>>>>>>>>
>>>>>>>>>>> getBundleVendor(overMan);
>>>>>>>
>>>>>>>>
>>>>>>>>>>>> + // Before we do a replace, lets
>>>>>>>>>>>>
>>>>>>>>>>> check
>>>>>
>>>>>> if
>>>>>>
>>>>>>> vendors
>>>>>>>>>>
>>>>>>>>>>> change
>>>>>>>>>>>> + if (ven == null) {
>>>>>>>>>>>> + if (vendor != null) {
>>>>>>>>>>>> +
>>>>>>>>>>>>
>>>>>>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>
>>>>>> + }
>>>>>>>>>>>> + } else {
>>>>>>>>>>>> + if (vendor == null) {
>>>>>>>>>>>> +
>>>>>>>>>>>>
>>>>>>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>
>>>>>> + } else {
>>>>>>>>>>>> + if
>>>>>>>>>>>>
>>>>>>>>>>> (!vendor.equals(ven)) {
>>>>
>>>>> +
>>>>>>>>>>>>
>>>>>>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>
>>>>>>>> + }
>>>>>>>>>>>> + }
>>>>>>>>>>>> + }
>>>>>>>>>>>> // The resource matches, so
>>>>>>>>>>>>
>>>>>>>>>>> replace
>>>>
>>>>> it
>>>>>
>>>>>> with
>>>>>>>>
>>>>>>>>> the
>>>>>>>>>>
>>>>>>>>>>> overridden resource
>>>>>>>>>>>> // if the override is actually a
>>>>>>>>>>>>
>>>>>>>>>>> newer
>>>>>
>>>>>> version
>>>>>>>>>
>>>>>>>>>> than what we currently have
>>>>>>>>>>>> if (range.contains(ver) &&
>>>>>>>>>>>>
>>>>>>>>>>> ver.compareTo(oVer) <
>>>>>>>>>>
>>>>>>>>>>> 0) {
>>>>>>>>>>>> + LOGGER.info("Overriding
>>>>>>>>>>>>
>>>>>>>>>>> original
>>>>
>>>>> bundle
>>>>>>>>
>>>>>>>>> "
>>>>>>>>>
>>>>>>>>>> +
>>>>>>>>>>
>>>>>>>>>>> url + " to " + override.getName());
>>>>>>>>>>>> ver = oVer;
>>>>>>>>>>>> url = override.getName();
>>>>>>>>>>>> }
>>>>>>>>>>>> @@ -178,6 +196,11 @@ public class Overrides {
>>>>>>>>>>>> return bsn;
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> + private static String getBundleVendor(Manifest
>>>>>>>>>>>>
>>>>>>>>>>> manifest) {
>>>>>
>>>>>> + String ven =
>>>>>>>>>>>>
>>>>>>>>>>>> manifest.getMainAttributes().getValue(Constants.BUNDLE_
>>>>> VENDOR);
>>>>>
>>>>>> + return ven;
>>>>>>>>>>>> + }
>>>>>>>>>>>> +
>>>>>>>>>>>> private static Manifest getManifest(String url)
>>>>>>>>>>>>
>>>>>>>>>>> throws
>>>>
>>>>> IOException {
>>>>>>>>>>
>>>>>>>>>>> InputStream is = new URL(url).openStream();
>>>>>>>>>>>> try {
>>>>>>>>>>>> @@ -205,4 +228,4 @@ public class Overrides {
>>>>>>>>>>>> }
>>>>>>>>>>>> return cs[0].getName();
>>>>>>>>>>>> }
>>>>>>>>>>>> -}
>>>>>>>>>>>> \ No newline at end of file
>>>>>>>>>>>> +}
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/
>>>> features/core/src/test/java/org/apache/karaf/features/
>>>> internal/OverridesTest.java
>>>>
>>>>>
>>>>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------
>>>>>> ----------
>>>>>>
>>>>>>> diff --git
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> a/features/core/src/test/java/org/apache/karaf/features/
>>>> internal/OverridesTest.java
>>>>
>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> b/features/core/src/test/java/org/apache/karaf/features/
>>>> internal/OverridesTest.java
>>>>
>>>>> index 46d163a..79e2015 100644
>>>>>>>>>>>> ---
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> a/features/core/src/test/java/org/apache/karaf/features/
>>>> internal/OverridesTest.java
>>>>
>>>>> +++
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> b/features/core/src/test/java/org/apache/karaf/features/
>>>> internal/OverridesTest.java
>>>>
>>>>> @@ -42,6 +42,9 @@ public class OverridesTest {
>>>>>>>>>>>> private File b101;
>>>>>>>>>>>> private File b102;
>>>>>>>>>>>> private File b110;
>>>>>>>>>>>> + private File c100;
>>>>>>>>>>>> + private File c101;
>>>>>>>>>>>> + private File c110;
>>>>>>>>>>>>
>>>>>>>>>>>> @Before
>>>>>>>>>>>> public void setUp() throws IOException {
>>>>>>>>>>>> @@ -72,6 +75,50 @@ public class OverridesTest {
>>>>>>>>>>>> .set("Bundle-Version", "1.1.0")
>>>>>>>>>>>> .build(),
>>>>>>>>>>>> new FileOutputStream(b110));
>>>>>>>>>>>> +
>>>>>>>>>>>> + c100 = File.createTempFile("karafc", "-100.jar");
>>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>>> + .set("Bundle-Version", "1.0.0")
>>>>>>>>>>>> + .set("Bundle-Vendor", "Apache")
>>>>>>>>>>>> + .build(),
>>>>>>>>>>>> + new FileOutputStream(c100));
>>>>>>>>>>>> +
>>>>>>>>>>>> + c101 = File.createTempFile("karafc", "-101.jar");
>>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>>> + .set("Bundle-Version", "1.0.1")
>>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>>> + .build(),
>>>>>>>>>>>> + new FileOutputStream(c101));
>>>>>>>>>>>> +
>>>>>>>>>>>> + c110 = File.createTempFile("karafc", "-110.jar");
>>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>>> + .set("Bundle-Version", "1.1.0")
>>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>>> + .build(),
>>>>>>>>>>>> + new FileOutputStream(c110));
>>>>>>>>>>>> + }
>>>>>>>>>>>> +
>>>>>>>>>>>> + @Test
>>>>>>>>>>>> + public void testDifferentVendors() throws
>>>>>>>>>>>>
>>>>>>>>>>> IOException {
>>>>
>>>>> + File props = File.createTempFile("karaf",
>>>>>>>>>>>>
>>>>>>>>>>> "properties");
>>>>>>
>>>>>>> + Writer w = new FileWriter(props);
>>>>>>>>>>>> + w.write(c101.toURI().toString());
>>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>>> + w.write(c110.toURI().toString());
>>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>>> + w.close();
>>>>>>>>>>>> +
>>>>>>>>>>>> + List<BundleInfo> res = Overrides.override(
>>>>>>>>>>>> + Arrays.<BundleInfo>asList(new
>>>>>>>>>>>> Bundle(c100.toURI().toString())),
>>>>>>>>>>>> + props.toURI().toString());
>>>>>>>>>>>> + assertNotNull(res);
>>>>>>>>>>>> + assertEquals(1, res.size());
>>>>>>>>>>>> + BundleInfo out = res.get(0);
>>>>>>>>>>>> + assertNotNull(out);
>>>>>>>>>>>> + assertEquals(c101.toURI().toString(),
>>>>>>>>>>>>
>>>>>>>>>>> out.getLocation());
>>>>>>>
>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> @Test
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>>>>>>>>>>
>>>>>>>>> Committer
>>>>>>>>
>>>>>>>>> &
>>>>>>>>>
>>>>>>>>>> Project Lead
>>>>>>>>>> OPS4J Pax for Vaadin <
>>>>>>>>>>
>>>>>>>>> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>>>>>>>>
>>>>>>>>> Commiter & Project Lead
>>>>>>>>>> blog <http://notizblog.nierbeck.de/>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Jon
>>>>> ---------------
>>>>> Red Hat, Inc.
>>>>> Email: janstey@redhat.com
>>>>> Web: http://redhat.com
>>>>> Twitter: jon_anstey
>>>>> Blog: http://janstey.blogspot.com
>>>>> Author of Camel in Action: http://manning.com/ibsen
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Jon
>>> ---------------
>>> Red Hat, Inc.
>>> Email: janstey@redhat.com
>>> Web: http://redhat.com
>>> Twitter: jon_anstey
>>> Blog: http://janstey.blogspot.com
>>> Author of Camel in Action: http://manning.com/ibsen
>>>
>>>
>>
>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
+1
good idea.
Regards
JB
On 02/12/2014 08:14 PM, Jon Anstey wrote:
> How about "WARNING: Bundle Vendor for X has changed, please check if this
> is intentional." where X is the bundle name?
>
>
> On Wed, Feb 12, 2014 at 3:39 PM, Jon Anstey <ja...@gmail.com> wrote:
>
>> Yeah, I get that it only pops up when the vendor changes. I was just
>> concerned about the "malicious" code implication as that would cause alarm
>> to admins in most deployments.
>>
>> BTW its not a problem in the custom Karaf distro that I work on ;-) but I
>> know of other Karaf users that may have this problem...
>>
>>
>> On Wed, Feb 12, 2014 at 3:14 PM, Jamie G. <ja...@gmail.com>wrote:
>>
>>> To be fare that only happens when vendors switch. Perhaps "WARNING: Bundle
>>> Vendor has changed, please review your feature, unexpected behaviours may
>>> occur". Using the car part analogy if my BMW's alternator belt was
>>> replaced
>>> with a FIAT part then I'd expect to be told by the mechanic - I have an
>>> expected behaviour from the brand. Note, this does not prevent the
>>> installation and use of the part, it just makes sure the user is aware of
>>> the switch.
>>>
>>> --Jamie
>>>
>>>
>>> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
>>>
>>>> No need to revert this completely IMO. The wording is too strong
>>> though. I
>>>> know of many companies (can't say names here) that have rebranded
>>>> customized versions of Karaf that would not be able to ship with a
>>> message
>>>> like that in the logs. Or they would just not be able to use this
>>> feature.
>>>> Looks really bad if your product always spits out that it may have
>>>> malicious code even if you know you put it there :-)
>>>>
>>>>
>>>> On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
>>>> wrote:
>>>>
>>>>> Changing vendors to me would be something i'd like to be warned
>>> about. I
>>>>> have Apache Camel installed, with XYZ under the hood - lets me know
>>> its a
>>>>> franken-build. That being said, if i was going to fork and build my
>>> own
>>>>> camel jar to fix a local issue, why would i then need to use the
>>>> override,
>>>>> i'd just deploy the library, refresh, and carry on (different work
>>> flows
>>>>> for different folks - I do get that that's simplifying things -
>>> generally
>>>>> we'd end up with a large list of bundles needing changing and the
>>>> override
>>>>> would simplify managing that recipe update).
>>>>>
>>>>> Regardless, I'm open to amending how vendors are handled, if we want
>>> to
>>>>> change the message or scrap it all together. Personally i think
>>> something
>>>>> should be noted since things are changing (i'd like to know I'm going
>>>> from
>>>>> Land Rover parts to something made by Ford in my Range Rover).
>>>>>
>>>>> As to a global on/off switch for the mechanism that would be a nice
>>>>> addition.
>>>>>
>>>>> --Jamie
>>>>>
>>>>>
>>>>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
>>>>> wrote:
>>>>>
>>>>>> I just think the check is worth nothing. If someone build a
>>>> customized
>>>>>> version of a bundle (let's say camel), he will usually build by
>>> forking
>>>>>> from camel, in which case the vendor would still be the same. And
>>> if
>>>> the
>>>>>> user wants to make things cleaner and actually change the vendor to
>>>>> reflect
>>>>>> the fact that it does not come from Apache, then we throw at him a
>>>>> WARNING
>>>>>> log.
>>>>>> Again, I don't think we should assume the user does not know what he
>>>>> does,
>>>>>> I'd rather add a global flag to disable overrides if you think it's
>>>>> safer,
>>>>>> but the file does not even exist by default, which means the user
>>>>> actually
>>>>>> know what he is doing...
>>>>>>
>>>>>>
>>>>>> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>>>
>>>>>>> My interpretation is that a bundle is being updated by its
>>>> maintainer,
>>>>>> if a
>>>>>>> different group is providing the replacement bundle then Karaf
>>> should
>>>>> be
>>>>>>> making some noise about it as its masquerading as being what was
>>>>>> originally
>>>>>>> intended by the feature provider. I'm up for different wordings
>>>>> however.
>>>>>>> What would you suggest?
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
>>> gnodet@apache.org
>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Yes, I was going to add that I had no problems saying a bundle
>>> has
>>>>> been
>>>>>>>> overridden (though not sure if it has to be with a WARNING
>>> level).
>>>>>>>> It's really the vendor check which I don't get and the log of
>>>>>> "Malicious
>>>>>>>> code possibly introduced by patch override, see log for
>>> details".
>>>>>>>>
>>>>>>>>
>>>>>>>> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
>>> bcanhome@googlemail.com
>>>>> :
>>>>>>>>
>>>>>>>>> Well, I hope you didn't get distracted by my comment.
>>>>>>>>> Though as far as I can see the change only introduced some
>>>> logging
>>>>>>>>> to let the user know something changed due to adding another
>>>>> feature,
>>>>>>>>> I think this is a viable solution, especially when looking for
>>>>>> failures
>>>>>>>>> or unintended changes.
>>>>>>>>> No?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gnodet@apache.org
>>>> :
>>>>>>>>>
>>>>>>>>>> I'm tempted to -1 this change.
>>>>>>>>>>
>>>>>>>>>> What kind of problems are you trying to solve here ?
>>>>>>>>>> Imho, such code is unnecessary because there are many other
>>>> ways
>>>>> to
>>>>>>>>>> introduce so called "malicious" code.
>>>>>>>>>> If one wants to be safe, there is already an existing way to
>>>>> solve
>>>>>>> the
>>>>>>>>>> problem which is signed bundles.
>>>>>>>>>>
>>>>>>>>>> Now, an example on how to introduce "malicious" code : if
>>> such
>>>> a
>>>>>>> bundle
>>>>>>>>> is
>>>>>>>>>> installed first, the features service will think the
>>> "correct"
>>>>>> bundle
>>>>>>>> is
>>>>>>>>>> already installed and will not install the "safe" bundle.
>>> This
>>>>> can
>>>>>>> be
>>>>>>>>> done
>>>>>>>>>> by manually installing the bundle before installing
>>> features,
>>>> or
>>>>> by
>>>>>>>>> adding
>>>>>>>>>> it to the etc/startup.properties.
>>>>>>>>>> Another option is just to hack the features file manually
>>> and
>>>>>> change
>>>>>>>> the
>>>>>>>>>> url of the bundle, it will have exactly the same effect.
>>>>>>>>>>
>>>>>>>>>> In addition, checking the vendor is not a guarantee, as if
>>>>> someone
>>>>>>>> wanted
>>>>>>>>>> to "fake" a bundle, setting that header is not more
>>> difficult
>>>>> than
>>>>>>>>> changing
>>>>>>>>>> the symbolic name or version.
>>>>>>>>>>
>>>>>>>>>> I've had a use case where the user wanted to make sure that
>>> no
>>>>>>>>> "malicious"
>>>>>>>>>> code is introduced or used. In such a case, there is
>>> already
>>>> an
>>>>>>>> existing
>>>>>>>>>> solution which is fully supported by OSGi (and Karaf) which
>>> is
>>>>>> signed
>>>>>>>>>> bundles. It works well and it's secured. Well, secured to
>>> the
>>>>>> point
>>>>>>>>> that
>>>>>>>>>> you control the file system. In all cases, if you don't
>>> trust
>>>>> the
>>>>>>> file
>>>>>>>>>> system, there's no possible way to secure the OSGi framework
>>>>> (just
>>>>>>>>> because
>>>>>>>>>> classes are read from the file system).
>>>>>>>>>>
>>>>>>>>>> Last, there is no possible misuse of the overrides really.
>>> If
>>>>> you
>>>>>>> add
>>>>>>>>>> random bundles, it will most of the case have no effects,
>>> or at
>>>>>>> least,
>>>>>>>>> not
>>>>>>>>>> more than if you had installed them manually before. We
>>> don't
>>>>> add
>>>>>>> any
>>>>>>>>>> checks in the bundle:update command, so I don't really see
>>> why
>>>>> we'd
>>>>>>> add
>>>>>>>>>> those here.
>>>>>>>>>>
>>>>>>>>>> On a side note, I was wondering about starting a slightly
>>>> broader
>>>>>>>>>> discussion about patching, which is related to this
>>> particular
>>>>>>> feature
>>>>>>>>> and
>>>>>>>>>> I hope to do so this week or the next.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>>>>>>>>>>
>>>>>>>>>>> Updated Branches:
>>>>>>>>>>> refs/heads/master d2af093dd -> 36808c560
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> [KARAF-2753] Logging for override mechanism. Added
>>> additional
>>>>>>> logging
>>>>>>>>> and
>>>>>>>>>>> unit test to trigger log events
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Project:
>>> http://git-wip-us.apache.org/repos/asf/karaf/repo
>>>>>>>>>>> Commit:
>>>>>>> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>>>>>>>>>>> Tree:
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>>>>>>>>>>> Diff:
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>>>>>>>>>>>
>>>>>>>>>>> Branch: refs/heads/master
>>>>>>>>>>> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>>>>>>>>>>> Parents: d2af093
>>>>>>>>>>> Author: jgoodyear <jg...@apache.org>
>>>>>>>>>>> Authored: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>> Committer: jgoodyear <jg...@apache.org>
>>>>>>>>>>> Committed: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>> ----------------------------------------------------------------------
>>>>>>>>>>> .../karaf/features/internal/Overrides.java | 25
>>>>> ++++++++++-
>>>>>>>>>>> .../karaf/features/internal/OverridesTest.java | 47
>>>>>>>>>> ++++++++++++++++++++
>>>>>>>>>>> 2 files changed, 71 insertions(+), 1 deletion(-)
>>>>>>>>>>>
>>>>>>>>
>>>>> ----------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>>
>>>>>>>>
>>>>> ----------------------------------------------------------------------
>>>>>>>>>>> diff --git
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>> index 655dfea..8397222 100644
>>>>>>>>>>> ---
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>> +++
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>>> @@ -48,6 +48,7 @@ public class Overrides {
>>>>>>>>>>> private static final Logger LOGGER =
>>>>>>>>>>> LoggerFactory.getLogger(Overrides.class);
>>>>>>>>>>>
>>>>>>>>>>> private static final String OVERRIDE_RANGE = "range";
>>>>>>>>>>> + private static final String VENDOR_WARNING =
>>> "Malicious
>>>>> code
>>>>>>>>>> possibly
>>>>>>>>>>> introduced by patch override, see log for details";
>>>>>>>>>>>
>>>>>>>>>>> /**
>>>>>>>>>>> * Compute a list of bundles to install, taking into
>>>>> account
>>>>>>>>>>> overrides.
>>>>>>>>>>> @@ -86,6 +87,7 @@ public class Overrides {
>>>>>>>>>>> if (manifest != null) {
>>>>>>>>>>> String bsn =
>>>>>> getBundleSymbolicName(manifest);
>>>>>>>>>>> Version ver =
>>>> getBundleVersion(manifest);
>>>>>>>>>>> + String ven =
>>> getBundleVendor(manifest);
>>>>>>>>>>> String url = info.getLocation();
>>>>>>>>>>> for (Clause override : overrides) {
>>>>>>>>>>> Manifest overMan =
>>>>>>>>>>> manifests.get(override.getName());
>>>>>>>>>>> @@ -111,10 +113,26 @@ public class Overrides {
>>>>>>>>>>> range =
>>>>>>>>> VersionRange.parseVersionRange(vr);
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> + String vendor =
>>>>>> getBundleVendor(overMan);
>>>>>>>>>>>
>>>>>>>>>>> + // Before we do a replace, lets
>>>> check
>>>>> if
>>>>>>>>> vendors
>>>>>>>>>>> change
>>>>>>>>>>> + if (ven == null) {
>>>>>>>>>>> + if (vendor != null) {
>>>>>>>>>>> +
>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>>>> + }
>>>>>>>>>>> + } else {
>>>>>>>>>>> + if (vendor == null) {
>>>>>>>>>>> +
>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>>>> + } else {
>>>>>>>>>>> + if
>>> (!vendor.equals(ven)) {
>>>>>>>>>>> +
>>>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>>>> + }
>>>>>>>>>>> + }
>>>>>>>>>>> + }
>>>>>>>>>>> // The resource matches, so
>>> replace
>>>> it
>>>>>>> with
>>>>>>>>> the
>>>>>>>>>>> overridden resource
>>>>>>>>>>> // if the override is actually a
>>>> newer
>>>>>>>> version
>>>>>>>>>>> than what we currently have
>>>>>>>>>>> if (range.contains(ver) &&
>>>>>>>>> ver.compareTo(oVer) <
>>>>>>>>>>> 0) {
>>>>>>>>>>> + LOGGER.info("Overriding
>>> original
>>>>>>> bundle
>>>>>>>> "
>>>>>>>>> +
>>>>>>>>>>> url + " to " + override.getName());
>>>>>>>>>>> ver = oVer;
>>>>>>>>>>> url = override.getName();
>>>>>>>>>>> }
>>>>>>>>>>> @@ -178,6 +196,11 @@ public class Overrides {
>>>>>>>>>>> return bsn;
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> + private static String getBundleVendor(Manifest
>>>> manifest) {
>>>>>>>>>>> + String ven =
>>>>>>>>>>>
>>>> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
>>>>>>>>>>> + return ven;
>>>>>>>>>>> + }
>>>>>>>>>>> +
>>>>>>>>>>> private static Manifest getManifest(String url)
>>> throws
>>>>>>>>> IOException {
>>>>>>>>>>> InputStream is = new URL(url).openStream();
>>>>>>>>>>> try {
>>>>>>>>>>> @@ -205,4 +228,4 @@ public class Overrides {
>>>>>>>>>>> }
>>>>>>>>>>> return cs[0].getName();
>>>>>>>>>>> }
>>>>>>>>>>> -}
>>>>>>>>>>> \ No newline at end of file
>>>>>>>>>>> +}
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>>
>>>>>>>>
>>>>> ----------------------------------------------------------------------
>>>>>>>>>>> diff --git
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>> index 46d163a..79e2015 100644
>>>>>>>>>>> ---
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>> +++
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>>> @@ -42,6 +42,9 @@ public class OverridesTest {
>>>>>>>>>>> private File b101;
>>>>>>>>>>> private File b102;
>>>>>>>>>>> private File b110;
>>>>>>>>>>> + private File c100;
>>>>>>>>>>> + private File c101;
>>>>>>>>>>> + private File c110;
>>>>>>>>>>>
>>>>>>>>>>> @Before
>>>>>>>>>>> public void setUp() throws IOException {
>>>>>>>>>>> @@ -72,6 +75,50 @@ public class OverridesTest {
>>>>>>>>>>> .set("Bundle-Version", "1.1.0")
>>>>>>>>>>> .build(),
>>>>>>>>>>> new FileOutputStream(b110));
>>>>>>>>>>> +
>>>>>>>>>>> + c100 = File.createTempFile("karafc", "-100.jar");
>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>> + .set("Bundle-Version", "1.0.0")
>>>>>>>>>>> + .set("Bundle-Vendor", "Apache")
>>>>>>>>>>> + .build(),
>>>>>>>>>>> + new FileOutputStream(c100));
>>>>>>>>>>> +
>>>>>>>>>>> + c101 = File.createTempFile("karafc", "-101.jar");
>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>> + .set("Bundle-Version", "1.0.1")
>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>> + .build(),
>>>>>>>>>>> + new FileOutputStream(c101));
>>>>>>>>>>> +
>>>>>>>>>>> + c110 = File.createTempFile("karafc", "-110.jar");
>>>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>>>> + .set("Bundle-Version", "1.1.0")
>>>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>>>> + .build(),
>>>>>>>>>>> + new FileOutputStream(c110));
>>>>>>>>>>> + }
>>>>>>>>>>> +
>>>>>>>>>>> + @Test
>>>>>>>>>>> + public void testDifferentVendors() throws
>>> IOException {
>>>>>>>>>>> + File props = File.createTempFile("karaf",
>>>>> "properties");
>>>>>>>>>>> + Writer w = new FileWriter(props);
>>>>>>>>>>> + w.write(c101.toURI().toString());
>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>> + w.write(c110.toURI().toString());
>>>>>>>>>>> + w.write("\n");
>>>>>>>>>>> + w.close();
>>>>>>>>>>> +
>>>>>>>>>>> + List<BundleInfo> res = Overrides.override(
>>>>>>>>>>> + Arrays.<BundleInfo>asList(new
>>>>>>>>>>> Bundle(c100.toURI().toString())),
>>>>>>>>>>> + props.toURI().toString());
>>>>>>>>>>> + assertNotNull(res);
>>>>>>>>>>> + assertEquals(1, res.size());
>>>>>>>>>>> + BundleInfo out = res.get(0);
>>>>>>>>>>> + assertNotNull(out);
>>>>>>>>>>> + assertEquals(c101.toURI().toString(),
>>>>>> out.getLocation());
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> @Test
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>>>>>>> Committer
>>>>>>>> &
>>>>>>>>> Project Lead
>>>>>>>>> OPS4J Pax for Vaadin <
>>>>>>> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>>>>>>>>> Commiter & Project Lead
>>>>>>>>> blog <http://notizblog.nierbeck.de/>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Cheers,
>>>> Jon
>>>> ---------------
>>>> Red Hat, Inc.
>>>> Email: janstey@redhat.com
>>>> Web: http://redhat.com
>>>> Twitter: jon_anstey
>>>> Blog: http://janstey.blogspot.com
>>>> Author of Camel in Action: http://manning.com/ibsen
>>>>
>>>
>>
>>
>>
>> --
>> Cheers,
>> Jon
>> ---------------
>> Red Hat, Inc.
>> Email: janstey@redhat.com
>> Web: http://redhat.com
>> Twitter: jon_anstey
>> Blog: http://janstey.blogspot.com
>> Author of Camel in Action: http://manning.com/ibsen
>>
>
>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jon Anstey <ja...@gmail.com>.
How about "WARNING: Bundle Vendor for X has changed, please check if this
is intentional." where X is the bundle name?
On Wed, Feb 12, 2014 at 3:39 PM, Jon Anstey <ja...@gmail.com> wrote:
> Yeah, I get that it only pops up when the vendor changes. I was just
> concerned about the "malicious" code implication as that would cause alarm
> to admins in most deployments.
>
> BTW its not a problem in the custom Karaf distro that I work on ;-) but I
> know of other Karaf users that may have this problem...
>
>
> On Wed, Feb 12, 2014 at 3:14 PM, Jamie G. <ja...@gmail.com>wrote:
>
>> To be fare that only happens when vendors switch. Perhaps "WARNING: Bundle
>> Vendor has changed, please review your feature, unexpected behaviours may
>> occur". Using the car part analogy if my BMW's alternator belt was
>> replaced
>> with a FIAT part then I'd expect to be told by the mechanic - I have an
>> expected behaviour from the brand. Note, this does not prevent the
>> installation and use of the part, it just makes sure the user is aware of
>> the switch.
>>
>> --Jamie
>>
>>
>> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
>>
>> > No need to revert this completely IMO. The wording is too strong
>> though. I
>> > know of many companies (can't say names here) that have rebranded
>> > customized versions of Karaf that would not be able to ship with a
>> message
>> > like that in the logs. Or they would just not be able to use this
>> feature.
>> > Looks really bad if your product always spits out that it may have
>> > malicious code even if you know you put it there :-)
>> >
>> >
>> > On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
>> > wrote:
>> >
>> > > Changing vendors to me would be something i'd like to be warned
>> about. I
>> > > have Apache Camel installed, with XYZ under the hood - lets me know
>> its a
>> > > franken-build. That being said, if i was going to fork and build my
>> own
>> > > camel jar to fix a local issue, why would i then need to use the
>> > override,
>> > > i'd just deploy the library, refresh, and carry on (different work
>> flows
>> > > for different folks - I do get that that's simplifying things -
>> generally
>> > > we'd end up with a large list of bundles needing changing and the
>> > override
>> > > would simplify managing that recipe update).
>> > >
>> > > Regardless, I'm open to amending how vendors are handled, if we want
>> to
>> > > change the message or scrap it all together. Personally i think
>> something
>> > > should be noted since things are changing (i'd like to know I'm going
>> > from
>> > > Land Rover parts to something made by Ford in my Range Rover).
>> > >
>> > > As to a global on/off switch for the mechanism that would be a nice
>> > > addition.
>> > >
>> > > --Jamie
>> > >
>> > >
>> > > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
>> > > wrote:
>> > >
>> > > > I just think the check is worth nothing. If someone build a
>> > customized
>> > > > version of a bundle (let's say camel), he will usually build by
>> forking
>> > > > from camel, in which case the vendor would still be the same. And
>> if
>> > the
>> > > > user wants to make things cleaner and actually change the vendor to
>> > > reflect
>> > > > the fact that it does not come from Apache, then we throw at him a
>> > > WARNING
>> > > > log.
>> > > > Again, I don't think we should assume the user does not know what he
>> > > does,
>> > > > I'd rather add a global flag to disable overrides if you think it's
>> > > safer,
>> > > > but the file does not even exist by default, which means the user
>> > > actually
>> > > > know what he is doing...
>> > > >
>> > > >
>> > > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>> > > >
>> > > > > My interpretation is that a bundle is being updated by its
>> > maintainer,
>> > > > if a
>> > > > > different group is providing the replacement bundle then Karaf
>> should
>> > > be
>> > > > > making some noise about it as its masquerading as being what was
>> > > > originally
>> > > > > intended by the feature provider. I'm up for different wordings
>> > > however.
>> > > > > What would you suggest?
>> > > > >
>> > > > >
>> > > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
>> gnodet@apache.org
>> > >
>> > > > > wrote:
>> > > > >
>> > > > > > Yes, I was going to add that I had no problems saying a bundle
>> has
>> > > been
>> > > > > > overridden (though not sure if it has to be with a WARNING
>> level).
>> > > > > > It's really the vendor check which I don't get and the log of
>> > > > "Malicious
>> > > > > > code possibly introduced by patch override, see log for
>> details".
>> > > > > >
>> > > > > >
>> > > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
>> bcanhome@googlemail.com
>> > >:
>> > > > > >
>> > > > > > > Well, I hope you didn't get distracted by my comment.
>> > > > > > > Though as far as I can see the change only introduced some
>> > logging
>> > > > > > > to let the user know something changed due to adding another
>> > > feature,
>> > > > > > > I think this is a viable solution, especially when looking for
>> > > > failures
>> > > > > > > or unintended changes.
>> > > > > > > No?
>> > > > > > >
>> > > > > > >
>> > > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gnodet@apache.org
>> >:
>> > > > > > >
>> > > > > > > > I'm tempted to -1 this change.
>> > > > > > > >
>> > > > > > > > What kind of problems are you trying to solve here ?
>> > > > > > > > Imho, such code is unnecessary because there are many other
>> > ways
>> > > to
>> > > > > > > > introduce so called "malicious" code.
>> > > > > > > > If one wants to be safe, there is already an existing way to
>> > > solve
>> > > > > the
>> > > > > > > > problem which is signed bundles.
>> > > > > > > >
>> > > > > > > > Now, an example on how to introduce "malicious" code : if
>> such
>> > a
>> > > > > bundle
>> > > > > > > is
>> > > > > > > > installed first, the features service will think the
>> "correct"
>> > > > bundle
>> > > > > > is
>> > > > > > > > already installed and will not install the "safe" bundle.
>> This
>> > > can
>> > > > > be
>> > > > > > > done
>> > > > > > > > by manually installing the bundle before installing
>> features,
>> > or
>> > > by
>> > > > > > > adding
>> > > > > > > > it to the etc/startup.properties.
>> > > > > > > > Another option is just to hack the features file manually
>> and
>> > > > change
>> > > > > > the
>> > > > > > > > url of the bundle, it will have exactly the same effect.
>> > > > > > > >
>> > > > > > > > In addition, checking the vendor is not a guarantee, as if
>> > > someone
>> > > > > > wanted
>> > > > > > > > to "fake" a bundle, setting that header is not more
>> difficult
>> > > than
>> > > > > > > changing
>> > > > > > > > the symbolic name or version.
>> > > > > > > >
>> > > > > > > > I've had a use case where the user wanted to make sure that
>> no
>> > > > > > > "malicious"
>> > > > > > > > code is introduced or used. In such a case, there is
>> already
>> > an
>> > > > > > existing
>> > > > > > > > solution which is fully supported by OSGi (and Karaf) which
>> is
>> > > > signed
>> > > > > > > > bundles. It works well and it's secured. Well, secured to
>> the
>> > > > point
>> > > > > > > that
>> > > > > > > > you control the file system. In all cases, if you don't
>> trust
>> > > the
>> > > > > file
>> > > > > > > > system, there's no possible way to secure the OSGi framework
>> > > (just
>> > > > > > > because
>> > > > > > > > classes are read from the file system).
>> > > > > > > >
>> > > > > > > > Last, there is no possible misuse of the overrides really.
>> If
>> > > you
>> > > > > add
>> > > > > > > > random bundles, it will most of the case have no effects,
>> or at
>> > > > > least,
>> > > > > > > not
>> > > > > > > > more than if you had installed them manually before. We
>> don't
>> > > add
>> > > > > any
>> > > > > > > > checks in the bundle:update command, so I don't really see
>> why
>> > > we'd
>> > > > > add
>> > > > > > > > those here.
>> > > > > > > >
>> > > > > > > > On a side note, I was wondering about starting a slightly
>> > broader
>> > > > > > > > discussion about patching, which is related to this
>> particular
>> > > > > feature
>> > > > > > > and
>> > > > > > > > I hope to do so this week or the next.
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>> > > > > > > >
>> > > > > > > > > Updated Branches:
>> > > > > > > > > refs/heads/master d2af093dd -> 36808c560
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > [KARAF-2753] Logging for override mechanism. Added
>> additional
>> > > > > logging
>> > > > > > > and
>> > > > > > > > > unit test to trigger log events
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > Project:
>> http://git-wip-us.apache.org/repos/asf/karaf/repo
>> > > > > > > > > Commit:
>> > > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>> > > > > > > > > Tree:
>> > > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>> > > > > > > > > Diff:
>> > > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>> > > > > > > > >
>> > > > > > > > > Branch: refs/heads/master
>> > > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>> > > > > > > > > Parents: d2af093
>> > > > > > > > > Author: jgoodyear <jg...@apache.org>
>> > > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
>> > > > > > > > > Committer: jgoodyear <jg...@apache.org>
>> > > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
>> > > > > > > > >
>> > > > > > > > >
>> > > > > >
>> > > ----------------------------------------------------------------------
>> > > > > > > > > .../karaf/features/internal/Overrides.java | 25
>> > > ++++++++++-
>> > > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
>> > > > > > > > ++++++++++++++++++++
>> > > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
>> > > > > > > > >
>> > > > > >
>> > > ----------------------------------------------------------------------
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > > >
>> > > > > >
>> > > ----------------------------------------------------------------------
>> > > > > > > > > diff --git
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > > > index 655dfea..8397222 100644
>> > > > > > > > > ---
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > > > +++
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>> > > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
>> > > > > > > > > private static final Logger LOGGER =
>> > > > > > > > > LoggerFactory.getLogger(Overrides.class);
>> > > > > > > > >
>> > > > > > > > > private static final String OVERRIDE_RANGE = "range";
>> > > > > > > > > + private static final String VENDOR_WARNING =
>> "Malicious
>> > > code
>> > > > > > > > possibly
>> > > > > > > > > introduced by patch override, see log for details";
>> > > > > > > > >
>> > > > > > > > > /**
>> > > > > > > > > * Compute a list of bundles to install, taking into
>> > > account
>> > > > > > > > > overrides.
>> > > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
>> > > > > > > > > if (manifest != null) {
>> > > > > > > > > String bsn =
>> > > > getBundleSymbolicName(manifest);
>> > > > > > > > > Version ver =
>> > getBundleVersion(manifest);
>> > > > > > > > > + String ven =
>> getBundleVendor(manifest);
>> > > > > > > > > String url = info.getLocation();
>> > > > > > > > > for (Clause override : overrides) {
>> > > > > > > > > Manifest overMan =
>> > > > > > > > > manifests.get(override.getName());
>> > > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
>> > > > > > > > > range =
>> > > > > > > VersionRange.parseVersionRange(vr);
>> > > > > > > > > }
>> > > > > > > > >
>> > > > > > > > > + String vendor =
>> > > > getBundleVendor(overMan);
>> > > > > > > > >
>> > > > > > > > > + // Before we do a replace, lets
>> > check
>> > > if
>> > > > > > > vendors
>> > > > > > > > > change
>> > > > > > > > > + if (ven == null) {
>> > > > > > > > > + if (vendor != null) {
>> > > > > > > > > +
>> > LOGGER.warn(VENDOR_WARNING);
>> > > > > > > > > + }
>> > > > > > > > > + } else {
>> > > > > > > > > + if (vendor == null) {
>> > > > > > > > > +
>> > LOGGER.warn(VENDOR_WARNING);
>> > > > > > > > > + } else {
>> > > > > > > > > + if
>> (!vendor.equals(ven)) {
>> > > > > > > > > +
>> > > > LOGGER.warn(VENDOR_WARNING);
>> > > > > > > > > + }
>> > > > > > > > > + }
>> > > > > > > > > + }
>> > > > > > > > > // The resource matches, so
>> replace
>> > it
>> > > > > with
>> > > > > > > the
>> > > > > > > > > overridden resource
>> > > > > > > > > // if the override is actually a
>> > newer
>> > > > > > version
>> > > > > > > > > than what we currently have
>> > > > > > > > > if (range.contains(ver) &&
>> > > > > > > ver.compareTo(oVer) <
>> > > > > > > > > 0) {
>> > > > > > > > > + LOGGER.info("Overriding
>> original
>> > > > > bundle
>> > > > > > "
>> > > > > > > +
>> > > > > > > > > url + " to " + override.getName());
>> > > > > > > > > ver = oVer;
>> > > > > > > > > url = override.getName();
>> > > > > > > > > }
>> > > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
>> > > > > > > > > return bsn;
>> > > > > > > > > }
>> > > > > > > > >
>> > > > > > > > > + private static String getBundleVendor(Manifest
>> > manifest) {
>> > > > > > > > > + String ven =
>> > > > > > > > >
>> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
>> > > > > > > > > + return ven;
>> > > > > > > > > + }
>> > > > > > > > > +
>> > > > > > > > > private static Manifest getManifest(String url)
>> throws
>> > > > > > > IOException {
>> > > > > > > > > InputStream is = new URL(url).openStream();
>> > > > > > > > > try {
>> > > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
>> > > > > > > > > }
>> > > > > > > > > return cs[0].getName();
>> > > > > > > > > }
>> > > > > > > > > -}
>> > > > > > > > > \ No newline at end of file
>> > > > > > > > > +}
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > > >
>> > > > > >
>> > > ----------------------------------------------------------------------
>> > > > > > > > > diff --git
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > > > index 46d163a..79e2015 100644
>> > > > > > > > > ---
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > > > +++
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>> > > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
>> > > > > > > > > private File b101;
>> > > > > > > > > private File b102;
>> > > > > > > > > private File b110;
>> > > > > > > > > + private File c100;
>> > > > > > > > > + private File c101;
>> > > > > > > > > + private File c110;
>> > > > > > > > >
>> > > > > > > > > @Before
>> > > > > > > > > public void setUp() throws IOException {
>> > > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
>> > > > > > > > > .set("Bundle-Version", "1.1.0")
>> > > > > > > > > .build(),
>> > > > > > > > > new FileOutputStream(b110));
>> > > > > > > > > +
>> > > > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
>> > > > > > > > > + copy(TinyBundles.bundle()
>> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
>> > > > > > > > > + .set("Bundle-Version", "1.0.0")
>> > > > > > > > > + .set("Bundle-Vendor", "Apache")
>> > > > > > > > > + .build(),
>> > > > > > > > > + new FileOutputStream(c100));
>> > > > > > > > > +
>> > > > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
>> > > > > > > > > + copy(TinyBundles.bundle()
>> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
>> > > > > > > > > + .set("Bundle-Version", "1.0.1")
>> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
>> > > > > > > > > + .build(),
>> > > > > > > > > + new FileOutputStream(c101));
>> > > > > > > > > +
>> > > > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
>> > > > > > > > > + copy(TinyBundles.bundle()
>> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
>> > > > > > > > > + .set("Bundle-Version", "1.1.0")
>> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
>> > > > > > > > > + .build(),
>> > > > > > > > > + new FileOutputStream(c110));
>> > > > > > > > > + }
>> > > > > > > > > +
>> > > > > > > > > + @Test
>> > > > > > > > > + public void testDifferentVendors() throws
>> IOException {
>> > > > > > > > > + File props = File.createTempFile("karaf",
>> > > "properties");
>> > > > > > > > > + Writer w = new FileWriter(props);
>> > > > > > > > > + w.write(c101.toURI().toString());
>> > > > > > > > > + w.write("\n");
>> > > > > > > > > + w.write(c110.toURI().toString());
>> > > > > > > > > + w.write("\n");
>> > > > > > > > > + w.close();
>> > > > > > > > > +
>> > > > > > > > > + List<BundleInfo> res = Overrides.override(
>> > > > > > > > > + Arrays.<BundleInfo>asList(new
>> > > > > > > > > Bundle(c100.toURI().toString())),
>> > > > > > > > > + props.toURI().toString());
>> > > > > > > > > + assertNotNull(res);
>> > > > > > > > > + assertEquals(1, res.size());
>> > > > > > > > > + BundleInfo out = res.get(0);
>> > > > > > > > > + assertNotNull(out);
>> > > > > > > > > + assertEquals(c101.toURI().toString(),
>> > > > out.getLocation());
>> > > > > > > > > }
>> > > > > > > > >
>> > > > > > > > > @Test
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > > --
>> > > > > > >
>> > > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> > > > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> > > > > Committer
>> > > > > > &
>> > > > > > > Project Lead
>> > > > > > > OPS4J Pax for Vaadin <
>> > > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>> > > > > > > Commiter & Project Lead
>> > > > > > > blog <http://notizblog.nierbeck.de/>
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> >
>> >
>> > --
>> > Cheers,
>> > Jon
>> > ---------------
>> > Red Hat, Inc.
>> > Email: janstey@redhat.com
>> > Web: http://redhat.com
>> > Twitter: jon_anstey
>> > Blog: http://janstey.blogspot.com
>> > Author of Camel in Action: http://manning.com/ibsen
>> >
>>
>
>
>
> --
> Cheers,
> Jon
> ---------------
> Red Hat, Inc.
> Email: janstey@redhat.com
> Web: http://redhat.com
> Twitter: jon_anstey
> Blog: http://janstey.blogspot.com
> Author of Camel in Action: http://manning.com/ibsen
>
--
Cheers,
Jon
---------------
Red Hat, Inc.
Email: janstey@redhat.com
Web: http://redhat.com
Twitter: jon_anstey
Blog: http://janstey.blogspot.com
Author of Camel in Action: http://manning.com/ibsen
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jon Anstey <ja...@gmail.com>.
Yeah, I get that it only pops up when the vendor changes. I was just
concerned about the "malicious" code implication as that would cause alarm
to admins in most deployments.
BTW its not a problem in the custom Karaf distro that I work on ;-) but I
know of other Karaf users that may have this problem...
On Wed, Feb 12, 2014 at 3:14 PM, Jamie G. <ja...@gmail.com> wrote:
> To be fare that only happens when vendors switch. Perhaps "WARNING: Bundle
> Vendor has changed, please review your feature, unexpected behaviours may
> occur". Using the car part analogy if my BMW's alternator belt was replaced
> with a FIAT part then I'd expect to be told by the mechanic - I have an
> expected behaviour from the brand. Note, this does not prevent the
> installation and use of the part, it just makes sure the user is aware of
> the switch.
>
> --Jamie
>
>
> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
>
> > No need to revert this completely IMO. The wording is too strong though.
> I
> > know of many companies (can't say names here) that have rebranded
> > customized versions of Karaf that would not be able to ship with a
> message
> > like that in the logs. Or they would just not be able to use this
> feature.
> > Looks really bad if your product always spits out that it may have
> > malicious code even if you know you put it there :-)
> >
> >
> > On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
> > wrote:
> >
> > > Changing vendors to me would be something i'd like to be warned about.
> I
> > > have Apache Camel installed, with XYZ under the hood - lets me know
> its a
> > > franken-build. That being said, if i was going to fork and build my own
> > > camel jar to fix a local issue, why would i then need to use the
> > override,
> > > i'd just deploy the library, refresh, and carry on (different work
> flows
> > > for different folks - I do get that that's simplifying things -
> generally
> > > we'd end up with a large list of bundles needing changing and the
> > override
> > > would simplify managing that recipe update).
> > >
> > > Regardless, I'm open to amending how vendors are handled, if we want to
> > > change the message or scrap it all together. Personally i think
> something
> > > should be noted since things are changing (i'd like to know I'm going
> > from
> > > Land Rover parts to something made by Ford in my Range Rover).
> > >
> > > As to a global on/off switch for the mechanism that would be a nice
> > > addition.
> > >
> > > --Jamie
> > >
> > >
> > > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
> > > wrote:
> > >
> > > > I just think the check is worth nothing. If someone build a
> > customized
> > > > version of a bundle (let's say camel), he will usually build by
> forking
> > > > from camel, in which case the vendor would still be the same. And if
> > the
> > > > user wants to make things cleaner and actually change the vendor to
> > > reflect
> > > > the fact that it does not come from Apache, then we throw at him a
> > > WARNING
> > > > log.
> > > > Again, I don't think we should assume the user does not know what he
> > > does,
> > > > I'd rather add a global flag to disable overrides if you think it's
> > > safer,
> > > > but the file does not even exist by default, which means the user
> > > actually
> > > > know what he is doing...
> > > >
> > > >
> > > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > > >
> > > > > My interpretation is that a bundle is being updated by its
> > maintainer,
> > > > if a
> > > > > different group is providing the replacement bundle then Karaf
> should
> > > be
> > > > > making some noise about it as its masquerading as being what was
> > > > originally
> > > > > intended by the feature provider. I'm up for different wordings
> > > however.
> > > > > What would you suggest?
> > > > >
> > > > >
> > > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <
> gnodet@apache.org
> > >
> > > > > wrote:
> > > > >
> > > > > > Yes, I was going to add that I had no problems saying a bundle
> has
> > > been
> > > > > > overridden (though not sure if it has to be with a WARNING
> level).
> > > > > > It's really the vendor check which I don't get and the log of
> > > > "Malicious
> > > > > > code possibly introduced by patch override, see log for details".
> > > > > >
> > > > > >
> > > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <
> bcanhome@googlemail.com
> > >:
> > > > > >
> > > > > > > Well, I hope you didn't get distracted by my comment.
> > > > > > > Though as far as I can see the change only introduced some
> > logging
> > > > > > > to let the user know something changed due to adding another
> > > feature,
> > > > > > > I think this is a viable solution, especially when looking for
> > > > failures
> > > > > > > or unintended changes.
> > > > > > > No?
> > > > > > >
> > > > > > >
> > > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gnodet@apache.org
> >:
> > > > > > >
> > > > > > > > I'm tempted to -1 this change.
> > > > > > > >
> > > > > > > > What kind of problems are you trying to solve here ?
> > > > > > > > Imho, such code is unnecessary because there are many other
> > ways
> > > to
> > > > > > > > introduce so called "malicious" code.
> > > > > > > > If one wants to be safe, there is already an existing way to
> > > solve
> > > > > the
> > > > > > > > problem which is signed bundles.
> > > > > > > >
> > > > > > > > Now, an example on how to introduce "malicious" code : if
> such
> > a
> > > > > bundle
> > > > > > > is
> > > > > > > > installed first, the features service will think the
> "correct"
> > > > bundle
> > > > > > is
> > > > > > > > already installed and will not install the "safe" bundle.
> This
> > > can
> > > > > be
> > > > > > > done
> > > > > > > > by manually installing the bundle before installing features,
> > or
> > > by
> > > > > > > adding
> > > > > > > > it to the etc/startup.properties.
> > > > > > > > Another option is just to hack the features file manually and
> > > > change
> > > > > > the
> > > > > > > > url of the bundle, it will have exactly the same effect.
> > > > > > > >
> > > > > > > > In addition, checking the vendor is not a guarantee, as if
> > > someone
> > > > > > wanted
> > > > > > > > to "fake" a bundle, setting that header is not more difficult
> > > than
> > > > > > > changing
> > > > > > > > the symbolic name or version.
> > > > > > > >
> > > > > > > > I've had a use case where the user wanted to make sure that
> no
> > > > > > > "malicious"
> > > > > > > > code is introduced or used. In such a case, there is already
> > an
> > > > > > existing
> > > > > > > > solution which is fully supported by OSGi (and Karaf) which
> is
> > > > signed
> > > > > > > > bundles. It works well and it's secured. Well, secured to
> the
> > > > point
> > > > > > > that
> > > > > > > > you control the file system. In all cases, if you don't
> trust
> > > the
> > > > > file
> > > > > > > > system, there's no possible way to secure the OSGi framework
> > > (just
> > > > > > > because
> > > > > > > > classes are read from the file system).
> > > > > > > >
> > > > > > > > Last, there is no possible misuse of the overrides really.
> If
> > > you
> > > > > add
> > > > > > > > random bundles, it will most of the case have no effects, or
> at
> > > > > least,
> > > > > > > not
> > > > > > > > more than if you had installed them manually before. We
> don't
> > > add
> > > > > any
> > > > > > > > checks in the bundle:update command, so I don't really see
> why
> > > we'd
> > > > > add
> > > > > > > > those here.
> > > > > > > >
> > > > > > > > On a side note, I was wondering about starting a slightly
> > broader
> > > > > > > > discussion about patching, which is related to this
> particular
> > > > > feature
> > > > > > > and
> > > > > > > > I hope to do so this week or the next.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > > > >
> > > > > > > > > Updated Branches:
> > > > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > [KARAF-2753] Logging for override mechanism. Added
> additional
> > > > > logging
> > > > > > > and
> > > > > > > > > unit test to trigger log events
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > > > Commit:
> > > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > > > Tree:
> > > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > > > Diff:
> > > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > > > >
> > > > > > > > > Branch: refs/heads/master
> > > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > > > Parents: d2af093
> > > > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > >
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > > .../karaf/features/internal/Overrides.java | 25
> > > ++++++++++-
> > > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > > > ++++++++++++++++++++
> > > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > index 655dfea..8397222 100644
> > > > > > > > > ---
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > +++
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > > > private static final Logger LOGGER =
> > > > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > > > >
> > > > > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > > > > + private static final String VENDOR_WARNING =
> "Malicious
> > > code
> > > > > > > > possibly
> > > > > > > > > introduced by patch override, see log for details";
> > > > > > > > >
> > > > > > > > > /**
> > > > > > > > > * Compute a list of bundles to install, taking into
> > > account
> > > > > > > > > overrides.
> > > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > > > if (manifest != null) {
> > > > > > > > > String bsn =
> > > > getBundleSymbolicName(manifest);
> > > > > > > > > Version ver =
> > getBundleVersion(manifest);
> > > > > > > > > + String ven =
> getBundleVendor(manifest);
> > > > > > > > > String url = info.getLocation();
> > > > > > > > > for (Clause override : overrides) {
> > > > > > > > > Manifest overMan =
> > > > > > > > > manifests.get(override.getName());
> > > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > > > range =
> > > > > > > VersionRange.parseVersionRange(vr);
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > + String vendor =
> > > > getBundleVendor(overMan);
> > > > > > > > >
> > > > > > > > > + // Before we do a replace, lets
> > check
> > > if
> > > > > > > vendors
> > > > > > > > > change
> > > > > > > > > + if (ven == null) {
> > > > > > > > > + if (vendor != null) {
> > > > > > > > > +
> > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > + }
> > > > > > > > > + } else {
> > > > > > > > > + if (vendor == null) {
> > > > > > > > > +
> > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > + } else {
> > > > > > > > > + if
> (!vendor.equals(ven)) {
> > > > > > > > > +
> > > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > > + }
> > > > > > > > > + }
> > > > > > > > > + }
> > > > > > > > > // The resource matches, so
> replace
> > it
> > > > > with
> > > > > > > the
> > > > > > > > > overridden resource
> > > > > > > > > // if the override is actually a
> > newer
> > > > > > version
> > > > > > > > > than what we currently have
> > > > > > > > > if (range.contains(ver) &&
> > > > > > > ver.compareTo(oVer) <
> > > > > > > > > 0) {
> > > > > > > > > + LOGGER.info("Overriding
> original
> > > > > bundle
> > > > > > "
> > > > > > > +
> > > > > > > > > url + " to " + override.getName());
> > > > > > > > > ver = oVer;
> > > > > > > > > url = override.getName();
> > > > > > > > > }
> > > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > > > return bsn;
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > + private static String getBundleVendor(Manifest
> > manifest) {
> > > > > > > > > + String ven =
> > > > > > > > >
> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > > > + return ven;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > private static Manifest getManifest(String url) throws
> > > > > > > IOException {
> > > > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > > > try {
> > > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > > > }
> > > > > > > > > return cs[0].getName();
> > > > > > > > > }
> > > > > > > > > -}
> > > > > > > > > \ No newline at end of file
> > > > > > > > > +}
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > index 46d163a..79e2015 100644
> > > > > > > > > ---
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > +++
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > > > private File b101;
> > > > > > > > > private File b102;
> > > > > > > > > private File b110;
> > > > > > > > > + private File c100;
> > > > > > > > > + private File c101;
> > > > > > > > > + private File c110;
> > > > > > > > >
> > > > > > > > > @Before
> > > > > > > > > public void setUp() throws IOException {
> > > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > > > .build(),
> > > > > > > > > new FileOutputStream(b110));
> > > > > > > > > +
> > > > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > > > + .build(),
> > > > > > > > > + new FileOutputStream(c100));
> > > > > > > > > +
> > > > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > > + .build(),
> > > > > > > > > + new FileOutputStream(c101));
> > > > > > > > > +
> > > > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > > + .build(),
> > > > > > > > > + new FileOutputStream(c110));
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + @Test
> > > > > > > > > + public void testDifferentVendors() throws IOException
> {
> > > > > > > > > + File props = File.createTempFile("karaf",
> > > "properties");
> > > > > > > > > + Writer w = new FileWriter(props);
> > > > > > > > > + w.write(c101.toURI().toString());
> > > > > > > > > + w.write("\n");
> > > > > > > > > + w.write(c110.toURI().toString());
> > > > > > > > > + w.write("\n");
> > > > > > > > > + w.close();
> > > > > > > > > +
> > > > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > > > + props.toURI().toString());
> > > > > > > > > + assertNotNull(res);
> > > > > > > > > + assertEquals(1, res.size());
> > > > > > > > > + BundleInfo out = res.get(0);
> > > > > > > > > + assertNotNull(out);
> > > > > > > > > + assertEquals(c101.toURI().toString(),
> > > > out.getLocation());
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > @Test
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > > > > Committer
> > > > > > &
> > > > > > > Project Lead
> > > > > > > OPS4J Pax for Vaadin <
> > > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > > > Commiter & Project Lead
> > > > > > > blog <http://notizblog.nierbeck.de/>
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
> >
> > --
> > Cheers,
> > Jon
> > ---------------
> > Red Hat, Inc.
> > Email: janstey@redhat.com
> > Web: http://redhat.com
> > Twitter: jon_anstey
> > Blog: http://janstey.blogspot.com
> > Author of Camel in Action: http://manning.com/ibsen
> >
>
--
Cheers,
Jon
---------------
Red Hat, Inc.
Email: janstey@redhat.com
Web: http://redhat.com
Twitter: jon_anstey
Blog: http://janstey.blogspot.com
Author of Camel in Action: http://manning.com/ibsen
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Jamie,
I think it's good idea to inform the users that it uses a "custom Karaf
distribution".
Your proposal sounds good as it's not too intrusive (and the users can
still change the log level to OFF if they are bored to see the message,
or even the custom distribution vendor ;)).
Regards
JB
On 02/12/2014 07:44 PM, Jamie G. wrote:
> To be fare that only happens when vendors switch. Perhaps "WARNING: Bundle
> Vendor has changed, please review your feature, unexpected behaviours may
> occur". Using the car part analogy if my BMW's alternator belt was replaced
> with a FIAT part then I'd expect to be told by the mechanic - I have an
> expected behaviour from the brand. Note, this does not prevent the
> installation and use of the part, it just makes sure the user is aware of
> the switch.
>
> --Jamie
>
>
> On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
>
>> No need to revert this completely IMO. The wording is too strong though. I
>> know of many companies (can't say names here) that have rebranded
>> customized versions of Karaf that would not be able to ship with a message
>> like that in the logs. Or they would just not be able to use this feature.
>> Looks really bad if your product always spits out that it may have
>> malicious code even if you know you put it there :-)
>>
>>
>> On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
>> wrote:
>>
>>> Changing vendors to me would be something i'd like to be warned about. I
>>> have Apache Camel installed, with XYZ under the hood - lets me know its a
>>> franken-build. That being said, if i was going to fork and build my own
>>> camel jar to fix a local issue, why would i then need to use the
>> override,
>>> i'd just deploy the library, refresh, and carry on (different work flows
>>> for different folks - I do get that that's simplifying things - generally
>>> we'd end up with a large list of bundles needing changing and the
>> override
>>> would simplify managing that recipe update).
>>>
>>> Regardless, I'm open to amending how vendors are handled, if we want to
>>> change the message or scrap it all together. Personally i think something
>>> should be noted since things are changing (i'd like to know I'm going
>> from
>>> Land Rover parts to something made by Ford in my Range Rover).
>>>
>>> As to a global on/off switch for the mechanism that would be a nice
>>> addition.
>>>
>>> --Jamie
>>>
>>>
>>> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
>>> wrote:
>>>
>>>> I just think the check is worth nothing. If someone build a
>> customized
>>>> version of a bundle (let's say camel), he will usually build by forking
>>>> from camel, in which case the vendor would still be the same. And if
>> the
>>>> user wants to make things cleaner and actually change the vendor to
>>> reflect
>>>> the fact that it does not come from Apache, then we throw at him a
>>> WARNING
>>>> log.
>>>> Again, I don't think we should assume the user does not know what he
>>> does,
>>>> I'd rather add a global flag to disable overrides if you think it's
>>> safer,
>>>> but the file does not even exist by default, which means the user
>>> actually
>>>> know what he is doing...
>>>>
>>>>
>>>> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>>>>
>>>>> My interpretation is that a bundle is being updated by its
>> maintainer,
>>>> if a
>>>>> different group is providing the replacement bundle then Karaf should
>>> be
>>>>> making some noise about it as its masquerading as being what was
>>>> originally
>>>>> intended by the feature provider. I'm up for different wordings
>>> however.
>>>>> What would you suggest?
>>>>>
>>>>>
>>>>> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gnodet@apache.org
>>>
>>>>> wrote:
>>>>>
>>>>>> Yes, I was going to add that I had no problems saying a bundle has
>>> been
>>>>>> overridden (though not sure if it has to be with a WARNING level).
>>>>>> It's really the vendor check which I don't get and the log of
>>>> "Malicious
>>>>>> code possibly introduced by patch override, see log for details".
>>>>>>
>>>>>>
>>>>>> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bcanhome@googlemail.com
>>> :
>>>>>>
>>>>>>> Well, I hope you didn't get distracted by my comment.
>>>>>>> Though as far as I can see the change only introduced some
>> logging
>>>>>>> to let the user know something changed due to adding another
>>> feature,
>>>>>>> I think this is a viable solution, especially when looking for
>>>> failures
>>>>>>> or unintended changes.
>>>>>>> No?
>>>>>>>
>>>>>>>
>>>>>>> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
>>>>>>>
>>>>>>>> I'm tempted to -1 this change.
>>>>>>>>
>>>>>>>> What kind of problems are you trying to solve here ?
>>>>>>>> Imho, such code is unnecessary because there are many other
>> ways
>>> to
>>>>>>>> introduce so called "malicious" code.
>>>>>>>> If one wants to be safe, there is already an existing way to
>>> solve
>>>>> the
>>>>>>>> problem which is signed bundles.
>>>>>>>>
>>>>>>>> Now, an example on how to introduce "malicious" code : if such
>> a
>>>>> bundle
>>>>>>> is
>>>>>>>> installed first, the features service will think the "correct"
>>>> bundle
>>>>>> is
>>>>>>>> already installed and will not install the "safe" bundle. This
>>> can
>>>>> be
>>>>>>> done
>>>>>>>> by manually installing the bundle before installing features,
>> or
>>> by
>>>>>>> adding
>>>>>>>> it to the etc/startup.properties.
>>>>>>>> Another option is just to hack the features file manually and
>>>> change
>>>>>> the
>>>>>>>> url of the bundle, it will have exactly the same effect.
>>>>>>>>
>>>>>>>> In addition, checking the vendor is not a guarantee, as if
>>> someone
>>>>>> wanted
>>>>>>>> to "fake" a bundle, setting that header is not more difficult
>>> than
>>>>>>> changing
>>>>>>>> the symbolic name or version.
>>>>>>>>
>>>>>>>> I've had a use case where the user wanted to make sure that no
>>>>>>> "malicious"
>>>>>>>> code is introduced or used. In such a case, there is already
>> an
>>>>>> existing
>>>>>>>> solution which is fully supported by OSGi (and Karaf) which is
>>>> signed
>>>>>>>> bundles. It works well and it's secured. Well, secured to the
>>>> point
>>>>>>> that
>>>>>>>> you control the file system. In all cases, if you don't trust
>>> the
>>>>> file
>>>>>>>> system, there's no possible way to secure the OSGi framework
>>> (just
>>>>>>> because
>>>>>>>> classes are read from the file system).
>>>>>>>>
>>>>>>>> Last, there is no possible misuse of the overrides really. If
>>> you
>>>>> add
>>>>>>>> random bundles, it will most of the case have no effects, or at
>>>>> least,
>>>>>>> not
>>>>>>>> more than if you had installed them manually before. We don't
>>> add
>>>>> any
>>>>>>>> checks in the bundle:update command, so I don't really see why
>>> we'd
>>>>> add
>>>>>>>> those here.
>>>>>>>>
>>>>>>>> On a side note, I was wondering about starting a slightly
>> broader
>>>>>>>> discussion about patching, which is related to this particular
>>>>> feature
>>>>>>> and
>>>>>>>> I hope to do so this week or the next.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>>>>>>>>
>>>>>>>>> Updated Branches:
>>>>>>>>> refs/heads/master d2af093dd -> 36808c560
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> [KARAF-2753] Logging for override mechanism. Added additional
>>>>> logging
>>>>>>> and
>>>>>>>>> unit test to trigger log events
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
>>>>>>>>> Commit:
>>>>> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
>>>>>>>>> Tree:
>>> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
>>>>>>>>> Diff:
>>> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>>>>>>>>>
>>>>>>>>> Branch: refs/heads/master
>>>>>>>>> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
>>>>>>>>> Parents: d2af093
>>>>>>>>> Author: jgoodyear <jg...@apache.org>
>>>>>>>>> Authored: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>> Committer: jgoodyear <jg...@apache.org>
>>>>>>>>> Committed: Wed Feb 12 10:29:10 2014 -0330
>>>>>>>>>
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>> .../karaf/features/internal/Overrides.java | 25
>>> ++++++++++-
>>>>>>>>> .../karaf/features/internal/OverridesTest.java | 47
>>>>>>>> ++++++++++++++++++++
>>>>>>>>> 2 files changed, 71 insertions(+), 1 deletion(-)
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>> diff --git
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>> index 655dfea..8397222 100644
>>>>>>>>> ---
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>> +++
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
>>>>>>>>> @@ -48,6 +48,7 @@ public class Overrides {
>>>>>>>>> private static final Logger LOGGER =
>>>>>>>>> LoggerFactory.getLogger(Overrides.class);
>>>>>>>>>
>>>>>>>>> private static final String OVERRIDE_RANGE = "range";
>>>>>>>>> + private static final String VENDOR_WARNING = "Malicious
>>> code
>>>>>>>> possibly
>>>>>>>>> introduced by patch override, see log for details";
>>>>>>>>>
>>>>>>>>> /**
>>>>>>>>> * Compute a list of bundles to install, taking into
>>> account
>>>>>>>>> overrides.
>>>>>>>>> @@ -86,6 +87,7 @@ public class Overrides {
>>>>>>>>> if (manifest != null) {
>>>>>>>>> String bsn =
>>>> getBundleSymbolicName(manifest);
>>>>>>>>> Version ver =
>> getBundleVersion(manifest);
>>>>>>>>> + String ven = getBundleVendor(manifest);
>>>>>>>>> String url = info.getLocation();
>>>>>>>>> for (Clause override : overrides) {
>>>>>>>>> Manifest overMan =
>>>>>>>>> manifests.get(override.getName());
>>>>>>>>> @@ -111,10 +113,26 @@ public class Overrides {
>>>>>>>>> range =
>>>>>>> VersionRange.parseVersionRange(vr);
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> + String vendor =
>>>> getBundleVendor(overMan);
>>>>>>>>>
>>>>>>>>> + // Before we do a replace, lets
>> check
>>> if
>>>>>>> vendors
>>>>>>>>> change
>>>>>>>>> + if (ven == null) {
>>>>>>>>> + if (vendor != null) {
>>>>>>>>> +
>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>> + }
>>>>>>>>> + } else {
>>>>>>>>> + if (vendor == null) {
>>>>>>>>> +
>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>> + } else {
>>>>>>>>> + if (!vendor.equals(ven)) {
>>>>>>>>> +
>>>> LOGGER.warn(VENDOR_WARNING);
>>>>>>>>> + }
>>>>>>>>> + }
>>>>>>>>> + }
>>>>>>>>> // The resource matches, so replace
>> it
>>>>> with
>>>>>>> the
>>>>>>>>> overridden resource
>>>>>>>>> // if the override is actually a
>> newer
>>>>>> version
>>>>>>>>> than what we currently have
>>>>>>>>> if (range.contains(ver) &&
>>>>>>> ver.compareTo(oVer) <
>>>>>>>>> 0) {
>>>>>>>>> + LOGGER.info("Overriding original
>>>>> bundle
>>>>>> "
>>>>>>> +
>>>>>>>>> url + " to " + override.getName());
>>>>>>>>> ver = oVer;
>>>>>>>>> url = override.getName();
>>>>>>>>> }
>>>>>>>>> @@ -178,6 +196,11 @@ public class Overrides {
>>>>>>>>> return bsn;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> + private static String getBundleVendor(Manifest
>> manifest) {
>>>>>>>>> + String ven =
>>>>>>>>>
>> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
>>>>>>>>> + return ven;
>>>>>>>>> + }
>>>>>>>>> +
>>>>>>>>> private static Manifest getManifest(String url) throws
>>>>>>> IOException {
>>>>>>>>> InputStream is = new URL(url).openStream();
>>>>>>>>> try {
>>>>>>>>> @@ -205,4 +228,4 @@ public class Overrides {
>>>>>>>>> }
>>>>>>>>> return cs[0].getName();
>>>>>>>>> }
>>>>>>>>> -}
>>>>>>>>> \ No newline at end of file
>>>>>>>>> +}
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>
>>>>>>
>>> ----------------------------------------------------------------------
>>>>>>>>> diff --git
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>> index 46d163a..79e2015 100644
>>>>>>>>> ---
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>> +++
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
>>>>>>>>> @@ -42,6 +42,9 @@ public class OverridesTest {
>>>>>>>>> private File b101;
>>>>>>>>> private File b102;
>>>>>>>>> private File b110;
>>>>>>>>> + private File c100;
>>>>>>>>> + private File c101;
>>>>>>>>> + private File c110;
>>>>>>>>>
>>>>>>>>> @Before
>>>>>>>>> public void setUp() throws IOException {
>>>>>>>>> @@ -72,6 +75,50 @@ public class OverridesTest {
>>>>>>>>> .set("Bundle-Version", "1.1.0")
>>>>>>>>> .build(),
>>>>>>>>> new FileOutputStream(b110));
>>>>>>>>> +
>>>>>>>>> + c100 = File.createTempFile("karafc", "-100.jar");
>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>> + .set("Bundle-Version", "1.0.0")
>>>>>>>>> + .set("Bundle-Vendor", "Apache")
>>>>>>>>> + .build(),
>>>>>>>>> + new FileOutputStream(c100));
>>>>>>>>> +
>>>>>>>>> + c101 = File.createTempFile("karafc", "-101.jar");
>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>> + .set("Bundle-Version", "1.0.1")
>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>> + .build(),
>>>>>>>>> + new FileOutputStream(c101));
>>>>>>>>> +
>>>>>>>>> + c110 = File.createTempFile("karafc", "-110.jar");
>>>>>>>>> + copy(TinyBundles.bundle()
>>>>>>>>> + .set("Bundle-SymbolicName", bsn)
>>>>>>>>> + .set("Bundle-Version", "1.1.0")
>>>>>>>>> + .set("Bundle-Vendor", "NotApache")
>>>>>>>>> + .build(),
>>>>>>>>> + new FileOutputStream(c110));
>>>>>>>>> + }
>>>>>>>>> +
>>>>>>>>> + @Test
>>>>>>>>> + public void testDifferentVendors() throws IOException {
>>>>>>>>> + File props = File.createTempFile("karaf",
>>> "properties");
>>>>>>>>> + Writer w = new FileWriter(props);
>>>>>>>>> + w.write(c101.toURI().toString());
>>>>>>>>> + w.write("\n");
>>>>>>>>> + w.write(c110.toURI().toString());
>>>>>>>>> + w.write("\n");
>>>>>>>>> + w.close();
>>>>>>>>> +
>>>>>>>>> + List<BundleInfo> res = Overrides.override(
>>>>>>>>> + Arrays.<BundleInfo>asList(new
>>>>>>>>> Bundle(c100.toURI().toString())),
>>>>>>>>> + props.toURI().toString());
>>>>>>>>> + assertNotNull(res);
>>>>>>>>> + assertEquals(1, res.size());
>>>>>>>>> + BundleInfo out = res.get(0);
>>>>>>>>> + assertNotNull(out);
>>>>>>>>> + assertEquals(c101.toURI().toString(),
>>>> out.getLocation());
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> @Test
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>>>>> Committer
>>>>>> &
>>>>>>> Project Lead
>>>>>>> OPS4J Pax for Vaadin <
>>>>> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
>>>>>>> Commiter & Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>>
>>
>> --
>> Cheers,
>> Jon
>> ---------------
>> Red Hat, Inc.
>> Email: janstey@redhat.com
>> Web: http://redhat.com
>> Twitter: jon_anstey
>> Blog: http://janstey.blogspot.com
>> Author of Camel in Action: http://manning.com/ibsen
>>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
To be fare that only happens when vendors switch. Perhaps "WARNING: Bundle
Vendor has changed, please review your feature, unexpected behaviours may
occur". Using the car part analogy if my BMW's alternator belt was replaced
with a FIAT part then I'd expect to be told by the mechanic - I have an
expected behaviour from the brand. Note, this does not prevent the
installation and use of the part, it just makes sure the user is aware of
the switch.
--Jamie
On Wed, Feb 12, 2014 at 2:20 PM, Jon Anstey <ja...@gmail.com> wrote:
> No need to revert this completely IMO. The wording is too strong though. I
> know of many companies (can't say names here) that have rebranded
> customized versions of Karaf that would not be able to ship with a message
> like that in the logs. Or they would just not be able to use this feature.
> Looks really bad if your product always spits out that it may have
> malicious code even if you know you put it there :-)
>
>
> On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com>
> wrote:
>
> > Changing vendors to me would be something i'd like to be warned about. I
> > have Apache Camel installed, with XYZ under the hood - lets me know its a
> > franken-build. That being said, if i was going to fork and build my own
> > camel jar to fix a local issue, why would i then need to use the
> override,
> > i'd just deploy the library, refresh, and carry on (different work flows
> > for different folks - I do get that that's simplifying things - generally
> > we'd end up with a large list of bundles needing changing and the
> override
> > would simplify managing that recipe update).
> >
> > Regardless, I'm open to amending how vendors are handled, if we want to
> > change the message or scrap it all together. Personally i think something
> > should be noted since things are changing (i'd like to know I'm going
> from
> > Land Rover parts to something made by Ford in my Range Rover).
> >
> > As to a global on/off switch for the mechanism that would be a nice
> > addition.
> >
> > --Jamie
> >
> >
> > On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
> > wrote:
> >
> > > I just think the check is worth nothing. If someone build a
> customized
> > > version of a bundle (let's say camel), he will usually build by forking
> > > from camel, in which case the vendor would still be the same. And if
> the
> > > user wants to make things cleaner and actually change the vendor to
> > reflect
> > > the fact that it does not come from Apache, then we throw at him a
> > WARNING
> > > log.
> > > Again, I don't think we should assume the user does not know what he
> > does,
> > > I'd rather add a global flag to disable overrides if you think it's
> > safer,
> > > but the file does not even exist by default, which means the user
> > actually
> > > know what he is doing...
> > >
> > >
> > > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> > >
> > > > My interpretation is that a bundle is being updated by its
> maintainer,
> > > if a
> > > > different group is providing the replacement bundle then Karaf should
> > be
> > > > making some noise about it as its masquerading as being what was
> > > originally
> > > > intended by the feature provider. I'm up for different wordings
> > however.
> > > > What would you suggest?
> > > >
> > > >
> > > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gnodet@apache.org
> >
> > > > wrote:
> > > >
> > > > > Yes, I was going to add that I had no problems saying a bundle has
> > been
> > > > > overridden (though not sure if it has to be with a WARNING level).
> > > > > It's really the vendor check which I don't get and the log of
> > > "Malicious
> > > > > code possibly introduced by patch override, see log for details".
> > > > >
> > > > >
> > > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bcanhome@googlemail.com
> >:
> > > > >
> > > > > > Well, I hope you didn't get distracted by my comment.
> > > > > > Though as far as I can see the change only introduced some
> logging
> > > > > > to let the user know something changed due to adding another
> > feature,
> > > > > > I think this is a viable solution, especially when looking for
> > > failures
> > > > > > or unintended changes.
> > > > > > No?
> > > > > >
> > > > > >
> > > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> > > > > >
> > > > > > > I'm tempted to -1 this change.
> > > > > > >
> > > > > > > What kind of problems are you trying to solve here ?
> > > > > > > Imho, such code is unnecessary because there are many other
> ways
> > to
> > > > > > > introduce so called "malicious" code.
> > > > > > > If one wants to be safe, there is already an existing way to
> > solve
> > > > the
> > > > > > > problem which is signed bundles.
> > > > > > >
> > > > > > > Now, an example on how to introduce "malicious" code : if such
> a
> > > > bundle
> > > > > > is
> > > > > > > installed first, the features service will think the "correct"
> > > bundle
> > > > > is
> > > > > > > already installed and will not install the "safe" bundle. This
> > can
> > > > be
> > > > > > done
> > > > > > > by manually installing the bundle before installing features,
> or
> > by
> > > > > > adding
> > > > > > > it to the etc/startup.properties.
> > > > > > > Another option is just to hack the features file manually and
> > > change
> > > > > the
> > > > > > > url of the bundle, it will have exactly the same effect.
> > > > > > >
> > > > > > > In addition, checking the vendor is not a guarantee, as if
> > someone
> > > > > wanted
> > > > > > > to "fake" a bundle, setting that header is not more difficult
> > than
> > > > > > changing
> > > > > > > the symbolic name or version.
> > > > > > >
> > > > > > > I've had a use case where the user wanted to make sure that no
> > > > > > "malicious"
> > > > > > > code is introduced or used. In such a case, there is already
> an
> > > > > existing
> > > > > > > solution which is fully supported by OSGi (and Karaf) which is
> > > signed
> > > > > > > bundles. It works well and it's secured. Well, secured to the
> > > point
> > > > > > that
> > > > > > > you control the file system. In all cases, if you don't trust
> > the
> > > > file
> > > > > > > system, there's no possible way to secure the OSGi framework
> > (just
> > > > > > because
> > > > > > > classes are read from the file system).
> > > > > > >
> > > > > > > Last, there is no possible misuse of the overrides really. If
> > you
> > > > add
> > > > > > > random bundles, it will most of the case have no effects, or at
> > > > least,
> > > > > > not
> > > > > > > more than if you had installed them manually before. We don't
> > add
> > > > any
> > > > > > > checks in the bundle:update command, so I don't really see why
> > we'd
> > > > add
> > > > > > > those here.
> > > > > > >
> > > > > > > On a side note, I was wondering about starting a slightly
> broader
> > > > > > > discussion about patching, which is related to this particular
> > > > feature
> > > > > > and
> > > > > > > I hope to do so this week or the next.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > > >
> > > > > > > > Updated Branches:
> > > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > > >
> > > > > > > >
> > > > > > > > [KARAF-2753] Logging for override mechanism. Added additional
> > > > logging
> > > > > > and
> > > > > > > > unit test to trigger log events
> > > > > > > >
> > > > > > > >
> > > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > > Commit:
> > > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > > Tree:
> > http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > > Diff:
> > http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > > >
> > > > > > > > Branch: refs/heads/master
> > > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > > Parents: d2af093
> > > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > >
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > > .../karaf/features/internal/Overrides.java | 25
> > ++++++++++-
> > > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > > ++++++++++++++++++++
> > > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > > diff --git
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > index 655dfea..8397222 100644
> > > > > > > > ---
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > +++
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > > private static final Logger LOGGER =
> > > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > > >
> > > > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > > > + private static final String VENDOR_WARNING = "Malicious
> > code
> > > > > > > possibly
> > > > > > > > introduced by patch override, see log for details";
> > > > > > > >
> > > > > > > > /**
> > > > > > > > * Compute a list of bundles to install, taking into
> > account
> > > > > > > > overrides.
> > > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > > if (manifest != null) {
> > > > > > > > String bsn =
> > > getBundleSymbolicName(manifest);
> > > > > > > > Version ver =
> getBundleVersion(manifest);
> > > > > > > > + String ven = getBundleVendor(manifest);
> > > > > > > > String url = info.getLocation();
> > > > > > > > for (Clause override : overrides) {
> > > > > > > > Manifest overMan =
> > > > > > > > manifests.get(override.getName());
> > > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > > range =
> > > > > > VersionRange.parseVersionRange(vr);
> > > > > > > > }
> > > > > > > >
> > > > > > > > + String vendor =
> > > getBundleVendor(overMan);
> > > > > > > >
> > > > > > > > + // Before we do a replace, lets
> check
> > if
> > > > > > vendors
> > > > > > > > change
> > > > > > > > + if (ven == null) {
> > > > > > > > + if (vendor != null) {
> > > > > > > > +
> LOGGER.warn(VENDOR_WARNING);
> > > > > > > > + }
> > > > > > > > + } else {
> > > > > > > > + if (vendor == null) {
> > > > > > > > +
> LOGGER.warn(VENDOR_WARNING);
> > > > > > > > + } else {
> > > > > > > > + if (!vendor.equals(ven)) {
> > > > > > > > +
> > > LOGGER.warn(VENDOR_WARNING);
> > > > > > > > + }
> > > > > > > > + }
> > > > > > > > + }
> > > > > > > > // The resource matches, so replace
> it
> > > > with
> > > > > > the
> > > > > > > > overridden resource
> > > > > > > > // if the override is actually a
> newer
> > > > > version
> > > > > > > > than what we currently have
> > > > > > > > if (range.contains(ver) &&
> > > > > > ver.compareTo(oVer) <
> > > > > > > > 0) {
> > > > > > > > + LOGGER.info("Overriding original
> > > > bundle
> > > > > "
> > > > > > +
> > > > > > > > url + " to " + override.getName());
> > > > > > > > ver = oVer;
> > > > > > > > url = override.getName();
> > > > > > > > }
> > > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > > return bsn;
> > > > > > > > }
> > > > > > > >
> > > > > > > > + private static String getBundleVendor(Manifest
> manifest) {
> > > > > > > > + String ven =
> > > > > > > >
> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > > + return ven;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > private static Manifest getManifest(String url) throws
> > > > > > IOException {
> > > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > > try {
> > > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > > }
> > > > > > > > return cs[0].getName();
> > > > > > > > }
> > > > > > > > -}
> > > > > > > > \ No newline at end of file
> > > > > > > > +}
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > > > > diff --git
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > index 46d163a..79e2015 100644
> > > > > > > > ---
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > +++
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > > private File b101;
> > > > > > > > private File b102;
> > > > > > > > private File b110;
> > > > > > > > + private File c100;
> > > > > > > > + private File c101;
> > > > > > > > + private File c110;
> > > > > > > >
> > > > > > > > @Before
> > > > > > > > public void setUp() throws IOException {
> > > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > > .build(),
> > > > > > > > new FileOutputStream(b110));
> > > > > > > > +
> > > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > > + .build(),
> > > > > > > > + new FileOutputStream(c100));
> > > > > > > > +
> > > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > + .build(),
> > > > > > > > + new FileOutputStream(c101));
> > > > > > > > +
> > > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > > > + copy(TinyBundles.bundle()
> > > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > > + .build(),
> > > > > > > > + new FileOutputStream(c110));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + @Test
> > > > > > > > + public void testDifferentVendors() throws IOException {
> > > > > > > > + File props = File.createTempFile("karaf",
> > "properties");
> > > > > > > > + Writer w = new FileWriter(props);
> > > > > > > > + w.write(c101.toURI().toString());
> > > > > > > > + w.write("\n");
> > > > > > > > + w.write(c110.toURI().toString());
> > > > > > > > + w.write("\n");
> > > > > > > > + w.close();
> > > > > > > > +
> > > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > > + props.toURI().toString());
> > > > > > > > + assertNotNull(res);
> > > > > > > > + assertEquals(1, res.size());
> > > > > > > > + BundleInfo out = res.get(0);
> > > > > > > > + assertNotNull(out);
> > > > > > > > + assertEquals(c101.toURI().toString(),
> > > out.getLocation());
> > > > > > > > }
> > > > > > > >
> > > > > > > > @Test
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > > > Committer
> > > > > &
> > > > > > Project Lead
> > > > > > OPS4J Pax for Vaadin <
> > > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > > Commiter & Project Lead
> > > > > > blog <http://notizblog.nierbeck.de/>
> > > > > >
> > > > >
> > > >
> > >
> >
>
>
>
> --
> Cheers,
> Jon
> ---------------
> Red Hat, Inc.
> Email: janstey@redhat.com
> Web: http://redhat.com
> Twitter: jon_anstey
> Blog: http://janstey.blogspot.com
> Author of Camel in Action: http://manning.com/ibsen
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Jon Anstey <ja...@gmail.com>.
No need to revert this completely IMO. The wording is too strong though. I
know of many companies (can't say names here) that have rebranded
customized versions of Karaf that would not be able to ship with a message
like that in the logs. Or they would just not be able to use this feature.
Looks really bad if your product always spits out that it may have
malicious code even if you know you put it there :-)
On Wed, Feb 12, 2014 at 1:05 PM, Jamie G. <ja...@gmail.com> wrote:
> Changing vendors to me would be something i'd like to be warned about. I
> have Apache Camel installed, with XYZ under the hood - lets me know its a
> franken-build. That being said, if i was going to fork and build my own
> camel jar to fix a local issue, why would i then need to use the override,
> i'd just deploy the library, refresh, and carry on (different work flows
> for different folks - I do get that that's simplifying things - generally
> we'd end up with a large list of bundles needing changing and the override
> would simplify managing that recipe update).
>
> Regardless, I'm open to amending how vendors are handled, if we want to
> change the message or scrap it all together. Personally i think something
> should be noted since things are changing (i'd like to know I'm going from
> Land Rover parts to something made by Ford in my Range Rover).
>
> As to a global on/off switch for the mechanism that would be a nice
> addition.
>
> --Jamie
>
>
> On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org>
> wrote:
>
> > I just think the check is worth nothing. If someone build a customized
> > version of a bundle (let's say camel), he will usually build by forking
> > from camel, in which case the vendor would still be the same. And if the
> > user wants to make things cleaner and actually change the vendor to
> reflect
> > the fact that it does not come from Apache, then we throw at him a
> WARNING
> > log.
> > Again, I don't think we should assume the user does not know what he
> does,
> > I'd rather add a global flag to disable overrides if you think it's
> safer,
> > but the file does not even exist by default, which means the user
> actually
> > know what he is doing...
> >
> >
> > 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> >
> > > My interpretation is that a bundle is being updated by its maintainer,
> > if a
> > > different group is providing the replacement bundle then Karaf should
> be
> > > making some noise about it as its masquerading as being what was
> > originally
> > > intended by the feature provider. I'm up for different wordings
> however.
> > > What would you suggest?
> > >
> > >
> > > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org>
> > > wrote:
> > >
> > > > Yes, I was going to add that I had no problems saying a bundle has
> been
> > > > overridden (though not sure if it has to be with a WARNING level).
> > > > It's really the vendor check which I don't get and the log of
> > "Malicious
> > > > code possibly introduced by patch override, see log for details".
> > > >
> > > >
> > > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
> > > >
> > > > > Well, I hope you didn't get distracted by my comment.
> > > > > Though as far as I can see the change only introduced some logging
> > > > > to let the user know something changed due to adding another
> feature,
> > > > > I think this is a viable solution, especially when looking for
> > failures
> > > > > or unintended changes.
> > > > > No?
> > > > >
> > > > >
> > > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> > > > >
> > > > > > I'm tempted to -1 this change.
> > > > > >
> > > > > > What kind of problems are you trying to solve here ?
> > > > > > Imho, such code is unnecessary because there are many other ways
> to
> > > > > > introduce so called "malicious" code.
> > > > > > If one wants to be safe, there is already an existing way to
> solve
> > > the
> > > > > > problem which is signed bundles.
> > > > > >
> > > > > > Now, an example on how to introduce "malicious" code : if such a
> > > bundle
> > > > > is
> > > > > > installed first, the features service will think the "correct"
> > bundle
> > > > is
> > > > > > already installed and will not install the "safe" bundle. This
> can
> > > be
> > > > > done
> > > > > > by manually installing the bundle before installing features, or
> by
> > > > > adding
> > > > > > it to the etc/startup.properties.
> > > > > > Another option is just to hack the features file manually and
> > change
> > > > the
> > > > > > url of the bundle, it will have exactly the same effect.
> > > > > >
> > > > > > In addition, checking the vendor is not a guarantee, as if
> someone
> > > > wanted
> > > > > > to "fake" a bundle, setting that header is not more difficult
> than
> > > > > changing
> > > > > > the symbolic name or version.
> > > > > >
> > > > > > I've had a use case where the user wanted to make sure that no
> > > > > "malicious"
> > > > > > code is introduced or used. In such a case, there is already an
> > > > existing
> > > > > > solution which is fully supported by OSGi (and Karaf) which is
> > signed
> > > > > > bundles. It works well and it's secured. Well, secured to the
> > point
> > > > > that
> > > > > > you control the file system. In all cases, if you don't trust
> the
> > > file
> > > > > > system, there's no possible way to secure the OSGi framework
> (just
> > > > > because
> > > > > > classes are read from the file system).
> > > > > >
> > > > > > Last, there is no possible misuse of the overrides really. If
> you
> > > add
> > > > > > random bundles, it will most of the case have no effects, or at
> > > least,
> > > > > not
> > > > > > more than if you had installed them manually before. We don't
> add
> > > any
> > > > > > checks in the bundle:update command, so I don't really see why
> we'd
> > > add
> > > > > > those here.
> > > > > >
> > > > > > On a side note, I was wondering about starting a slightly broader
> > > > > > discussion about patching, which is related to this particular
> > > feature
> > > > > and
> > > > > > I hope to do so this week or the next.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > > >
> > > > > > > Updated Branches:
> > > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > > >
> > > > > > >
> > > > > > > [KARAF-2753] Logging for override mechanism. Added additional
> > > logging
> > > > > and
> > > > > > > unit test to trigger log events
> > > > > > >
> > > > > > >
> > > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > > Commit:
> > > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > > Tree:
> http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > > Diff:
> http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > > >
> > > > > > > Branch: refs/heads/master
> > > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > > Parents: d2af093
> > > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > > >
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > .../karaf/features/internal/Overrides.java | 25
> ++++++++++-
> > > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > > ++++++++++++++++++++
> > > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > diff --git
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > index 655dfea..8397222 100644
> > > > > > > ---
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > +++
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > > private static final Logger LOGGER =
> > > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > > >
> > > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > > + private static final String VENDOR_WARNING = "Malicious
> code
> > > > > > possibly
> > > > > > > introduced by patch override, see log for details";
> > > > > > >
> > > > > > > /**
> > > > > > > * Compute a list of bundles to install, taking into
> account
> > > > > > > overrides.
> > > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > > if (manifest != null) {
> > > > > > > String bsn =
> > getBundleSymbolicName(manifest);
> > > > > > > Version ver = getBundleVersion(manifest);
> > > > > > > + String ven = getBundleVendor(manifest);
> > > > > > > String url = info.getLocation();
> > > > > > > for (Clause override : overrides) {
> > > > > > > Manifest overMan =
> > > > > > > manifests.get(override.getName());
> > > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > > range =
> > > > > VersionRange.parseVersionRange(vr);
> > > > > > > }
> > > > > > >
> > > > > > > + String vendor =
> > getBundleVendor(overMan);
> > > > > > >
> > > > > > > + // Before we do a replace, lets check
> if
> > > > > vendors
> > > > > > > change
> > > > > > > + if (ven == null) {
> > > > > > > + if (vendor != null) {
> > > > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > > > + }
> > > > > > > + } else {
> > > > > > > + if (vendor == null) {
> > > > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > > > + } else {
> > > > > > > + if (!vendor.equals(ven)) {
> > > > > > > +
> > LOGGER.warn(VENDOR_WARNING);
> > > > > > > + }
> > > > > > > + }
> > > > > > > + }
> > > > > > > // The resource matches, so replace it
> > > with
> > > > > the
> > > > > > > overridden resource
> > > > > > > // if the override is actually a newer
> > > > version
> > > > > > > than what we currently have
> > > > > > > if (range.contains(ver) &&
> > > > > ver.compareTo(oVer) <
> > > > > > > 0) {
> > > > > > > + LOGGER.info("Overriding original
> > > bundle
> > > > "
> > > > > +
> > > > > > > url + " to " + override.getName());
> > > > > > > ver = oVer;
> > > > > > > url = override.getName();
> > > > > > > }
> > > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > > return bsn;
> > > > > > > }
> > > > > > >
> > > > > > > + private static String getBundleVendor(Manifest manifest) {
> > > > > > > + String ven =
> > > > > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > > + return ven;
> > > > > > > + }
> > > > > > > +
> > > > > > > private static Manifest getManifest(String url) throws
> > > > > IOException {
> > > > > > > InputStream is = new URL(url).openStream();
> > > > > > > try {
> > > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > > }
> > > > > > > return cs[0].getName();
> > > > > > > }
> > > > > > > -}
> > > > > > > \ No newline at end of file
> > > > > > > +}
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > >
> > > >
> ----------------------------------------------------------------------
> > > > > > > diff --git
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > index 46d163a..79e2015 100644
> > > > > > > ---
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > +++
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > > private File b101;
> > > > > > > private File b102;
> > > > > > > private File b110;
> > > > > > > + private File c100;
> > > > > > > + private File c101;
> > > > > > > + private File c110;
> > > > > > >
> > > > > > > @Before
> > > > > > > public void setUp() throws IOException {
> > > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > > .build(),
> > > > > > > new FileOutputStream(b110));
> > > > > > > +
> > > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > > + copy(TinyBundles.bundle()
> > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > > + .build(),
> > > > > > > + new FileOutputStream(c100));
> > > > > > > +
> > > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > > + copy(TinyBundles.bundle()
> > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > + .build(),
> > > > > > > + new FileOutputStream(c101));
> > > > > > > +
> > > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > > + copy(TinyBundles.bundle()
> > > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > > + .build(),
> > > > > > > + new FileOutputStream(c110));
> > > > > > > + }
> > > > > > > +
> > > > > > > + @Test
> > > > > > > + public void testDifferentVendors() throws IOException {
> > > > > > > + File props = File.createTempFile("karaf",
> "properties");
> > > > > > > + Writer w = new FileWriter(props);
> > > > > > > + w.write(c101.toURI().toString());
> > > > > > > + w.write("\n");
> > > > > > > + w.write(c110.toURI().toString());
> > > > > > > + w.write("\n");
> > > > > > > + w.close();
> > > > > > > +
> > > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > > Bundle(c100.toURI().toString())),
> > > > > > > + props.toURI().toString());
> > > > > > > + assertNotNull(res);
> > > > > > > + assertEquals(1, res.size());
> > > > > > > + BundleInfo out = res.get(0);
> > > > > > > + assertNotNull(out);
> > > > > > > + assertEquals(c101.toURI().toString(),
> > out.getLocation());
> > > > > > > }
> > > > > > >
> > > > > > > @Test
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > > Committer
> > > > &
> > > > > Project Lead
> > > > > OPS4J Pax for Vaadin <
> > > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > > Commiter & Project Lead
> > > > > blog <http://notizblog.nierbeck.de/>
> > > > >
> > > >
> > >
> >
>
--
Cheers,
Jon
---------------
Red Hat, Inc.
Email: janstey@redhat.com
Web: http://redhat.com
Twitter: jon_anstey
Blog: http://janstey.blogspot.com
Author of Camel in Action: http://manning.com/ibsen
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
Changing vendors to me would be something i'd like to be warned about. I
have Apache Camel installed, with XYZ under the hood - lets me know its a
franken-build. That being said, if i was going to fork and build my own
camel jar to fix a local issue, why would i then need to use the override,
i'd just deploy the library, refresh, and carry on (different work flows
for different folks - I do get that that's simplifying things - generally
we'd end up with a large list of bundles needing changing and the override
would simplify managing that recipe update).
Regardless, I'm open to amending how vendors are handled, if we want to
change the message or scrap it all together. Personally i think something
should be noted since things are changing (i'd like to know I'm going from
Land Rover parts to something made by Ford in my Range Rover).
As to a global on/off switch for the mechanism that would be a nice
addition.
--Jamie
On Wed, Feb 12, 2014 at 12:23 PM, Guillaume Nodet <gn...@apache.org> wrote:
> I just think the check is worth nothing. If someone build a customized
> version of a bundle (let's say camel), he will usually build by forking
> from camel, in which case the vendor would still be the same. And if the
> user wants to make things cleaner and actually change the vendor to reflect
> the fact that it does not come from Apache, then we throw at him a WARNING
> log.
> Again, I don't think we should assume the user does not know what he does,
> I'd rather add a global flag to disable overrides if you think it's safer,
> but the file does not even exist by default, which means the user actually
> know what he is doing...
>
>
> 2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
>
> > My interpretation is that a bundle is being updated by its maintainer,
> if a
> > different group is providing the replacement bundle then Karaf should be
> > making some noise about it as its masquerading as being what was
> originally
> > intended by the feature provider. I'm up for different wordings however.
> > What would you suggest?
> >
> >
> > On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org>
> > wrote:
> >
> > > Yes, I was going to add that I had no problems saying a bundle has been
> > > overridden (though not sure if it has to be with a WARNING level).
> > > It's really the vendor check which I don't get and the log of
> "Malicious
> > > code possibly introduced by patch override, see log for details".
> > >
> > >
> > > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
> > >
> > > > Well, I hope you didn't get distracted by my comment.
> > > > Though as far as I can see the change only introduced some logging
> > > > to let the user know something changed due to adding another feature,
> > > > I think this is a viable solution, especially when looking for
> failures
> > > > or unintended changes.
> > > > No?
> > > >
> > > >
> > > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> > > >
> > > > > I'm tempted to -1 this change.
> > > > >
> > > > > What kind of problems are you trying to solve here ?
> > > > > Imho, such code is unnecessary because there are many other ways to
> > > > > introduce so called "malicious" code.
> > > > > If one wants to be safe, there is already an existing way to solve
> > the
> > > > > problem which is signed bundles.
> > > > >
> > > > > Now, an example on how to introduce "malicious" code : if such a
> > bundle
> > > > is
> > > > > installed first, the features service will think the "correct"
> bundle
> > > is
> > > > > already installed and will not install the "safe" bundle. This can
> > be
> > > > done
> > > > > by manually installing the bundle before installing features, or by
> > > > adding
> > > > > it to the etc/startup.properties.
> > > > > Another option is just to hack the features file manually and
> change
> > > the
> > > > > url of the bundle, it will have exactly the same effect.
> > > > >
> > > > > In addition, checking the vendor is not a guarantee, as if someone
> > > wanted
> > > > > to "fake" a bundle, setting that header is not more difficult than
> > > > changing
> > > > > the symbolic name or version.
> > > > >
> > > > > I've had a use case where the user wanted to make sure that no
> > > > "malicious"
> > > > > code is introduced or used. In such a case, there is already an
> > > existing
> > > > > solution which is fully supported by OSGi (and Karaf) which is
> signed
> > > > > bundles. It works well and it's secured. Well, secured to the
> point
> > > > that
> > > > > you control the file system. In all cases, if you don't trust the
> > file
> > > > > system, there's no possible way to secure the OSGi framework (just
> > > > because
> > > > > classes are read from the file system).
> > > > >
> > > > > Last, there is no possible misuse of the overrides really. If you
> > add
> > > > > random bundles, it will most of the case have no effects, or at
> > least,
> > > > not
> > > > > more than if you had installed them manually before. We don't add
> > any
> > > > > checks in the bundle:update command, so I don't really see why we'd
> > add
> > > > > those here.
> > > > >
> > > > > On a side note, I was wondering about starting a slightly broader
> > > > > discussion about patching, which is related to this particular
> > feature
> > > > and
> > > > > I hope to do so this week or the next.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > > >
> > > > > > Updated Branches:
> > > > > > refs/heads/master d2af093dd -> 36808c560
> > > > > >
> > > > > >
> > > > > > [KARAF-2753] Logging for override mechanism. Added additional
> > logging
> > > > and
> > > > > > unit test to trigger log events
> > > > > >
> > > > > >
> > > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > > Commit:
> > http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > > >
> > > > > > Branch: refs/heads/master
> > > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > > Parents: d2af093
> > > > > > Author: jgoodyear <jg...@apache.org>
> > > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > > >
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > > ++++++++++++++++++++
> > > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > diff --git
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > index 655dfea..8397222 100644
> > > > > > ---
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > +++
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > > private static final Logger LOGGER =
> > > > > > LoggerFactory.getLogger(Overrides.class);
> > > > > >
> > > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > > + private static final String VENDOR_WARNING = "Malicious code
> > > > > possibly
> > > > > > introduced by patch override, see log for details";
> > > > > >
> > > > > > /**
> > > > > > * Compute a list of bundles to install, taking into account
> > > > > > overrides.
> > > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > > if (manifest != null) {
> > > > > > String bsn =
> getBundleSymbolicName(manifest);
> > > > > > Version ver = getBundleVersion(manifest);
> > > > > > + String ven = getBundleVendor(manifest);
> > > > > > String url = info.getLocation();
> > > > > > for (Clause override : overrides) {
> > > > > > Manifest overMan =
> > > > > > manifests.get(override.getName());
> > > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > > range =
> > > > VersionRange.parseVersionRange(vr);
> > > > > > }
> > > > > >
> > > > > > + String vendor =
> getBundleVendor(overMan);
> > > > > >
> > > > > > + // Before we do a replace, lets check if
> > > > vendors
> > > > > > change
> > > > > > + if (ven == null) {
> > > > > > + if (vendor != null) {
> > > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > > + }
> > > > > > + } else {
> > > > > > + if (vendor == null) {
> > > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > > + } else {
> > > > > > + if (!vendor.equals(ven)) {
> > > > > > +
> LOGGER.warn(VENDOR_WARNING);
> > > > > > + }
> > > > > > + }
> > > > > > + }
> > > > > > // The resource matches, so replace it
> > with
> > > > the
> > > > > > overridden resource
> > > > > > // if the override is actually a newer
> > > version
> > > > > > than what we currently have
> > > > > > if (range.contains(ver) &&
> > > > ver.compareTo(oVer) <
> > > > > > 0) {
> > > > > > + LOGGER.info("Overriding original
> > bundle
> > > "
> > > > +
> > > > > > url + " to " + override.getName());
> > > > > > ver = oVer;
> > > > > > url = override.getName();
> > > > > > }
> > > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > > return bsn;
> > > > > > }
> > > > > >
> > > > > > + private static String getBundleVendor(Manifest manifest) {
> > > > > > + String ven =
> > > > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > > + return ven;
> > > > > > + }
> > > > > > +
> > > > > > private static Manifest getManifest(String url) throws
> > > > IOException {
> > > > > > InputStream is = new URL(url).openStream();
> > > > > > try {
> > > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > > }
> > > > > > return cs[0].getName();
> > > > > > }
> > > > > > -}
> > > > > > \ No newline at end of file
> > > > > > +}
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > >
> > > ----------------------------------------------------------------------
> > > > > > diff --git
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > index 46d163a..79e2015 100644
> > > > > > ---
> > > > > >
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > +++
> > > > > >
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > > private File b101;
> > > > > > private File b102;
> > > > > > private File b110;
> > > > > > + private File c100;
> > > > > > + private File c101;
> > > > > > + private File c110;
> > > > > >
> > > > > > @Before
> > > > > > public void setUp() throws IOException {
> > > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > > .set("Bundle-Version", "1.1.0")
> > > > > > .build(),
> > > > > > new FileOutputStream(b110));
> > > > > > +
> > > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > > + copy(TinyBundles.bundle()
> > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > + .set("Bundle-Version", "1.0.0")
> > > > > > + .set("Bundle-Vendor", "Apache")
> > > > > > + .build(),
> > > > > > + new FileOutputStream(c100));
> > > > > > +
> > > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > > + copy(TinyBundles.bundle()
> > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > + .set("Bundle-Version", "1.0.1")
> > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > + .build(),
> > > > > > + new FileOutputStream(c101));
> > > > > > +
> > > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > > + copy(TinyBundles.bundle()
> > > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > > + .set("Bundle-Version", "1.1.0")
> > > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > > + .build(),
> > > > > > + new FileOutputStream(c110));
> > > > > > + }
> > > > > > +
> > > > > > + @Test
> > > > > > + public void testDifferentVendors() throws IOException {
> > > > > > + File props = File.createTempFile("karaf", "properties");
> > > > > > + Writer w = new FileWriter(props);
> > > > > > + w.write(c101.toURI().toString());
> > > > > > + w.write("\n");
> > > > > > + w.write(c110.toURI().toString());
> > > > > > + w.write("\n");
> > > > > > + w.close();
> > > > > > +
> > > > > > + List<BundleInfo> res = Overrides.override(
> > > > > > + Arrays.<BundleInfo>asList(new
> > > > > > Bundle(c100.toURI().toString())),
> > > > > > + props.toURI().toString());
> > > > > > + assertNotNull(res);
> > > > > > + assertEquals(1, res.size());
> > > > > > + BundleInfo out = res.get(0);
> > > > > > + assertNotNull(out);
> > > > > > + assertEquals(c101.toURI().toString(),
> out.getLocation());
> > > > > > }
> > > > > >
> > > > > > @Test
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> > Committer
> > > &
> > > > Project Lead
> > > > OPS4J Pax for Vaadin <
> > http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > > Commiter & Project Lead
> > > > blog <http://notizblog.nierbeck.de/>
> > > >
> > >
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Guillaume Nodet <gn...@apache.org>.
I just think the check is worth nothing. If someone build a customized
version of a bundle (let's say camel), he will usually build by forking
from camel, in which case the vendor would still be the same. And if the
user wants to make things cleaner and actually change the vendor to reflect
the fact that it does not come from Apache, then we throw at him a WARNING
log.
Again, I don't think we should assume the user does not know what he does,
I'd rather add a global flag to disable overrides if you think it's safer,
but the file does not even exist by default, which means the user actually
know what he is doing...
2014-02-12 16:42 GMT+01:00 Jamie G. <ja...@gmail.com>:
> My interpretation is that a bundle is being updated by its maintainer, if a
> different group is providing the replacement bundle then Karaf should be
> making some noise about it as its masquerading as being what was originally
> intended by the feature provider. I'm up for different wordings however.
> What would you suggest?
>
>
> On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org>
> wrote:
>
> > Yes, I was going to add that I had no problems saying a bundle has been
> > overridden (though not sure if it has to be with a WARNING level).
> > It's really the vendor check which I don't get and the log of "Malicious
> > code possibly introduced by patch override, see log for details".
> >
> >
> > 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
> >
> > > Well, I hope you didn't get distracted by my comment.
> > > Though as far as I can see the change only introduced some logging
> > > to let the user know something changed due to adding another feature,
> > > I think this is a viable solution, especially when looking for failures
> > > or unintended changes.
> > > No?
> > >
> > >
> > > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> > >
> > > > I'm tempted to -1 this change.
> > > >
> > > > What kind of problems are you trying to solve here ?
> > > > Imho, such code is unnecessary because there are many other ways to
> > > > introduce so called "malicious" code.
> > > > If one wants to be safe, there is already an existing way to solve
> the
> > > > problem which is signed bundles.
> > > >
> > > > Now, an example on how to introduce "malicious" code : if such a
> bundle
> > > is
> > > > installed first, the features service will think the "correct" bundle
> > is
> > > > already installed and will not install the "safe" bundle. This can
> be
> > > done
> > > > by manually installing the bundle before installing features, or by
> > > adding
> > > > it to the etc/startup.properties.
> > > > Another option is just to hack the features file manually and change
> > the
> > > > url of the bundle, it will have exactly the same effect.
> > > >
> > > > In addition, checking the vendor is not a guarantee, as if someone
> > wanted
> > > > to "fake" a bundle, setting that header is not more difficult than
> > > changing
> > > > the symbolic name or version.
> > > >
> > > > I've had a use case where the user wanted to make sure that no
> > > "malicious"
> > > > code is introduced or used. In such a case, there is already an
> > existing
> > > > solution which is fully supported by OSGi (and Karaf) which is signed
> > > > bundles. It works well and it's secured. Well, secured to the point
> > > that
> > > > you control the file system. In all cases, if you don't trust the
> file
> > > > system, there's no possible way to secure the OSGi framework (just
> > > because
> > > > classes are read from the file system).
> > > >
> > > > Last, there is no possible misuse of the overrides really. If you
> add
> > > > random bundles, it will most of the case have no effects, or at
> least,
> > > not
> > > > more than if you had installed them manually before. We don't add
> any
> > > > checks in the bundle:update command, so I don't really see why we'd
> add
> > > > those here.
> > > >
> > > > On a side note, I was wondering about starting a slightly broader
> > > > discussion about patching, which is related to this particular
> feature
> > > and
> > > > I hope to do so this week or the next.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > > >
> > > > > Updated Branches:
> > > > > refs/heads/master d2af093dd -> 36808c560
> > > > >
> > > > >
> > > > > [KARAF-2753] Logging for override mechanism. Added additional
> logging
> > > and
> > > > > unit test to trigger log events
> > > > >
> > > > >
> > > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > > Commit:
> http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > > >
> > > > > Branch: refs/heads/master
> > > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > > Parents: d2af093
> > > > > Author: jgoodyear <jg...@apache.org>
> > > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > > Committer: jgoodyear <jg...@apache.org>
> > > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > > >
> > > > >
> > ----------------------------------------------------------------------
> > > > > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > > > > .../karaf/features/internal/OverridesTest.java | 47
> > > > ++++++++++++++++++++
> > > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > > >
> > ----------------------------------------------------------------------
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > >
> > ----------------------------------------------------------------------
> > > > > diff --git
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > index 655dfea..8397222 100644
> > > > > ---
> > > > >
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > +++
> > > > >
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > > private static final Logger LOGGER =
> > > > > LoggerFactory.getLogger(Overrides.class);
> > > > >
> > > > > private static final String OVERRIDE_RANGE = "range";
> > > > > + private static final String VENDOR_WARNING = "Malicious code
> > > > possibly
> > > > > introduced by patch override, see log for details";
> > > > >
> > > > > /**
> > > > > * Compute a list of bundles to install, taking into account
> > > > > overrides.
> > > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > > if (manifest != null) {
> > > > > String bsn = getBundleSymbolicName(manifest);
> > > > > Version ver = getBundleVersion(manifest);
> > > > > + String ven = getBundleVendor(manifest);
> > > > > String url = info.getLocation();
> > > > > for (Clause override : overrides) {
> > > > > Manifest overMan =
> > > > > manifests.get(override.getName());
> > > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > > range =
> > > VersionRange.parseVersionRange(vr);
> > > > > }
> > > > >
> > > > > + String vendor = getBundleVendor(overMan);
> > > > >
> > > > > + // Before we do a replace, lets check if
> > > vendors
> > > > > change
> > > > > + if (ven == null) {
> > > > > + if (vendor != null) {
> > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > + }
> > > > > + } else {
> > > > > + if (vendor == null) {
> > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > + } else {
> > > > > + if (!vendor.equals(ven)) {
> > > > > + LOGGER.warn(VENDOR_WARNING);
> > > > > + }
> > > > > + }
> > > > > + }
> > > > > // The resource matches, so replace it
> with
> > > the
> > > > > overridden resource
> > > > > // if the override is actually a newer
> > version
> > > > > than what we currently have
> > > > > if (range.contains(ver) &&
> > > ver.compareTo(oVer) <
> > > > > 0) {
> > > > > + LOGGER.info("Overriding original
> bundle
> > "
> > > +
> > > > > url + " to " + override.getName());
> > > > > ver = oVer;
> > > > > url = override.getName();
> > > > > }
> > > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > > return bsn;
> > > > > }
> > > > >
> > > > > + private static String getBundleVendor(Manifest manifest) {
> > > > > + String ven =
> > > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > > + return ven;
> > > > > + }
> > > > > +
> > > > > private static Manifest getManifest(String url) throws
> > > IOException {
> > > > > InputStream is = new URL(url).openStream();
> > > > > try {
> > > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > > }
> > > > > return cs[0].getName();
> > > > > }
> > > > > -}
> > > > > \ No newline at end of file
> > > > > +}
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > >
> > ----------------------------------------------------------------------
> > > > > diff --git
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > index 46d163a..79e2015 100644
> > > > > ---
> > > > >
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > +++
> > > > >
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > > private File b101;
> > > > > private File b102;
> > > > > private File b110;
> > > > > + private File c100;
> > > > > + private File c101;
> > > > > + private File c110;
> > > > >
> > > > > @Before
> > > > > public void setUp() throws IOException {
> > > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > > .set("Bundle-Version", "1.1.0")
> > > > > .build(),
> > > > > new FileOutputStream(b110));
> > > > > +
> > > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > > + copy(TinyBundles.bundle()
> > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > + .set("Bundle-Version", "1.0.0")
> > > > > + .set("Bundle-Vendor", "Apache")
> > > > > + .build(),
> > > > > + new FileOutputStream(c100));
> > > > > +
> > > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > > + copy(TinyBundles.bundle()
> > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > + .set("Bundle-Version", "1.0.1")
> > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > + .build(),
> > > > > + new FileOutputStream(c101));
> > > > > +
> > > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > > + copy(TinyBundles.bundle()
> > > > > + .set("Bundle-SymbolicName", bsn)
> > > > > + .set("Bundle-Version", "1.1.0")
> > > > > + .set("Bundle-Vendor", "NotApache")
> > > > > + .build(),
> > > > > + new FileOutputStream(c110));
> > > > > + }
> > > > > +
> > > > > + @Test
> > > > > + public void testDifferentVendors() throws IOException {
> > > > > + File props = File.createTempFile("karaf", "properties");
> > > > > + Writer w = new FileWriter(props);
> > > > > + w.write(c101.toURI().toString());
> > > > > + w.write("\n");
> > > > > + w.write(c110.toURI().toString());
> > > > > + w.write("\n");
> > > > > + w.close();
> > > > > +
> > > > > + List<BundleInfo> res = Overrides.override(
> > > > > + Arrays.<BundleInfo>asList(new
> > > > > Bundle(c100.toURI().toString())),
> > > > > + props.toURI().toString());
> > > > > + assertNotNull(res);
> > > > > + assertEquals(1, res.size());
> > > > > + BundleInfo out = res.get(0);
> > > > > + assertNotNull(out);
> > > > > + assertEquals(c101.toURI().toString(), out.getLocation());
> > > > > }
> > > > >
> > > > > @Test
> > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer
> > &
> > > Project Lead
> > > OPS4J Pax for Vaadin <
> http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > > Commiter & Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > >
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
My interpretation is that a bundle is being updated by its maintainer, if a
different group is providing the replacement bundle then Karaf should be
making some noise about it as its masquerading as being what was originally
intended by the feature provider. I'm up for different wordings however.
What would you suggest?
On Wed, Feb 12, 2014 at 12:07 PM, Guillaume Nodet <gn...@apache.org> wrote:
> Yes, I was going to add that I had no problems saying a bundle has been
> overridden (though not sure if it has to be with a WARNING level).
> It's really the vendor check which I don't get and the log of "Malicious
> code possibly introduced by patch override, see log for details".
>
>
> 2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
>
> > Well, I hope you didn't get distracted by my comment.
> > Though as far as I can see the change only introduced some logging
> > to let the user know something changed due to adding another feature,
> > I think this is a viable solution, especially when looking for failures
> > or unintended changes.
> > No?
> >
> >
> > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> >
> > > I'm tempted to -1 this change.
> > >
> > > What kind of problems are you trying to solve here ?
> > > Imho, such code is unnecessary because there are many other ways to
> > > introduce so called "malicious" code.
> > > If one wants to be safe, there is already an existing way to solve the
> > > problem which is signed bundles.
> > >
> > > Now, an example on how to introduce "malicious" code : if such a bundle
> > is
> > > installed first, the features service will think the "correct" bundle
> is
> > > already installed and will not install the "safe" bundle. This can be
> > done
> > > by manually installing the bundle before installing features, or by
> > adding
> > > it to the etc/startup.properties.
> > > Another option is just to hack the features file manually and change
> the
> > > url of the bundle, it will have exactly the same effect.
> > >
> > > In addition, checking the vendor is not a guarantee, as if someone
> wanted
> > > to "fake" a bundle, setting that header is not more difficult than
> > changing
> > > the symbolic name or version.
> > >
> > > I've had a use case where the user wanted to make sure that no
> > "malicious"
> > > code is introduced or used. In such a case, there is already an
> existing
> > > solution which is fully supported by OSGi (and Karaf) which is signed
> > > bundles. It works well and it's secured. Well, secured to the point
> > that
> > > you control the file system. In all cases, if you don't trust the file
> > > system, there's no possible way to secure the OSGi framework (just
> > because
> > > classes are read from the file system).
> > >
> > > Last, there is no possible misuse of the overrides really. If you add
> > > random bundles, it will most of the case have no effects, or at least,
> > not
> > > more than if you had installed them manually before. We don't add any
> > > checks in the bundle:update command, so I don't really see why we'd add
> > > those here.
> > >
> > > On a side note, I was wondering about starting a slightly broader
> > > discussion about patching, which is related to this particular feature
> > and
> > > I hope to do so this week or the next.
> > >
> > >
> > >
> > >
> > >
> > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > >
> > > > Updated Branches:
> > > > refs/heads/master d2af093dd -> 36808c560
> > > >
> > > >
> > > > [KARAF-2753] Logging for override mechanism. Added additional logging
> > and
> > > > unit test to trigger log events
> > > >
> > > >
> > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > >
> > > > Branch: refs/heads/master
> > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > Parents: d2af093
> > > > Author: jgoodyear <jg...@apache.org>
> > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > Committer: jgoodyear <jg...@apache.org>
> > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > >
> > > >
> ----------------------------------------------------------------------
> > > > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > > > .../karaf/features/internal/OverridesTest.java | 47
> > > ++++++++++++++++++++
> > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > >
> ----------------------------------------------------------------------
> > > >
> > > >
> > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > >
> ----------------------------------------------------------------------
> > > > diff --git
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > index 655dfea..8397222 100644
> > > > ---
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > +++
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > private static final Logger LOGGER =
> > > > LoggerFactory.getLogger(Overrides.class);
> > > >
> > > > private static final String OVERRIDE_RANGE = "range";
> > > > + private static final String VENDOR_WARNING = "Malicious code
> > > possibly
> > > > introduced by patch override, see log for details";
> > > >
> > > > /**
> > > > * Compute a list of bundles to install, taking into account
> > > > overrides.
> > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > if (manifest != null) {
> > > > String bsn = getBundleSymbolicName(manifest);
> > > > Version ver = getBundleVersion(manifest);
> > > > + String ven = getBundleVendor(manifest);
> > > > String url = info.getLocation();
> > > > for (Clause override : overrides) {
> > > > Manifest overMan =
> > > > manifests.get(override.getName());
> > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > range =
> > VersionRange.parseVersionRange(vr);
> > > > }
> > > >
> > > > + String vendor = getBundleVendor(overMan);
> > > >
> > > > + // Before we do a replace, lets check if
> > vendors
> > > > change
> > > > + if (ven == null) {
> > > > + if (vendor != null) {
> > > > + LOGGER.warn(VENDOR_WARNING);
> > > > + }
> > > > + } else {
> > > > + if (vendor == null) {
> > > > + LOGGER.warn(VENDOR_WARNING);
> > > > + } else {
> > > > + if (!vendor.equals(ven)) {
> > > > + LOGGER.warn(VENDOR_WARNING);
> > > > + }
> > > > + }
> > > > + }
> > > > // The resource matches, so replace it with
> > the
> > > > overridden resource
> > > > // if the override is actually a newer
> version
> > > > than what we currently have
> > > > if (range.contains(ver) &&
> > ver.compareTo(oVer) <
> > > > 0) {
> > > > + LOGGER.info("Overriding original bundle
> "
> > +
> > > > url + " to " + override.getName());
> > > > ver = oVer;
> > > > url = override.getName();
> > > > }
> > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > return bsn;
> > > > }
> > > >
> > > > + private static String getBundleVendor(Manifest manifest) {
> > > > + String ven =
> > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > + return ven;
> > > > + }
> > > > +
> > > > private static Manifest getManifest(String url) throws
> > IOException {
> > > > InputStream is = new URL(url).openStream();
> > > > try {
> > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > }
> > > > return cs[0].getName();
> > > > }
> > > > -}
> > > > \ No newline at end of file
> > > > +}
> > > >
> > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > >
> ----------------------------------------------------------------------
> > > > diff --git
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > index 46d163a..79e2015 100644
> > > > ---
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > +++
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > private File b101;
> > > > private File b102;
> > > > private File b110;
> > > > + private File c100;
> > > > + private File c101;
> > > > + private File c110;
> > > >
> > > > @Before
> > > > public void setUp() throws IOException {
> > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > .set("Bundle-Version", "1.1.0")
> > > > .build(),
> > > > new FileOutputStream(b110));
> > > > +
> > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > + copy(TinyBundles.bundle()
> > > > + .set("Bundle-SymbolicName", bsn)
> > > > + .set("Bundle-Version", "1.0.0")
> > > > + .set("Bundle-Vendor", "Apache")
> > > > + .build(),
> > > > + new FileOutputStream(c100));
> > > > +
> > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > + copy(TinyBundles.bundle()
> > > > + .set("Bundle-SymbolicName", bsn)
> > > > + .set("Bundle-Version", "1.0.1")
> > > > + .set("Bundle-Vendor", "NotApache")
> > > > + .build(),
> > > > + new FileOutputStream(c101));
> > > > +
> > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > + copy(TinyBundles.bundle()
> > > > + .set("Bundle-SymbolicName", bsn)
> > > > + .set("Bundle-Version", "1.1.0")
> > > > + .set("Bundle-Vendor", "NotApache")
> > > > + .build(),
> > > > + new FileOutputStream(c110));
> > > > + }
> > > > +
> > > > + @Test
> > > > + public void testDifferentVendors() throws IOException {
> > > > + File props = File.createTempFile("karaf", "properties");
> > > > + Writer w = new FileWriter(props);
> > > > + w.write(c101.toURI().toString());
> > > > + w.write("\n");
> > > > + w.write(c110.toURI().toString());
> > > > + w.write("\n");
> > > > + w.close();
> > > > +
> > > > + List<BundleInfo> res = Overrides.override(
> > > > + Arrays.<BundleInfo>asList(new
> > > > Bundle(c100.toURI().toString())),
> > > > + props.toURI().toString());
> > > > + assertNotNull(res);
> > > > + assertEquals(1, res.size());
> > > > + BundleInfo out = res.get(0);
> > > > + assertNotNull(out);
> > > > + assertEquals(c101.toURI().toString(), out.getLocation());
> > > > }
> > > >
> > > > @Test
> > > >
> > > >
> > >
> >
> >
> >
> > --
> >
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> &
> > Project Lead
> > OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > Commiter & Project Lead
> > blog <http://notizblog.nierbeck.de/>
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Guillaume Nodet <gn...@apache.org>.
Yes, I was going to add that I had no problems saying a bundle has been
overridden (though not sure if it has to be with a WARNING level).
It's really the vendor check which I don't get and the log of "Malicious
code possibly introduced by patch override, see log for details".
2014-02-12 16:30 GMT+01:00 Achim Nierbeck <bc...@googlemail.com>:
> Well, I hope you didn't get distracted by my comment.
> Though as far as I can see the change only introduced some logging
> to let the user know something changed due to adding another feature,
> I think this is a viable solution, especially when looking for failures
> or unintended changes.
> No?
>
>
> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
>
> > I'm tempted to -1 this change.
> >
> > What kind of problems are you trying to solve here ?
> > Imho, such code is unnecessary because there are many other ways to
> > introduce so called "malicious" code.
> > If one wants to be safe, there is already an existing way to solve the
> > problem which is signed bundles.
> >
> > Now, an example on how to introduce "malicious" code : if such a bundle
> is
> > installed first, the features service will think the "correct" bundle is
> > already installed and will not install the "safe" bundle. This can be
> done
> > by manually installing the bundle before installing features, or by
> adding
> > it to the etc/startup.properties.
> > Another option is just to hack the features file manually and change the
> > url of the bundle, it will have exactly the same effect.
> >
> > In addition, checking the vendor is not a guarantee, as if someone wanted
> > to "fake" a bundle, setting that header is not more difficult than
> changing
> > the symbolic name or version.
> >
> > I've had a use case where the user wanted to make sure that no
> "malicious"
> > code is introduced or used. In such a case, there is already an existing
> > solution which is fully supported by OSGi (and Karaf) which is signed
> > bundles. It works well and it's secured. Well, secured to the point
> that
> > you control the file system. In all cases, if you don't trust the file
> > system, there's no possible way to secure the OSGi framework (just
> because
> > classes are read from the file system).
> >
> > Last, there is no possible misuse of the overrides really. If you add
> > random bundles, it will most of the case have no effects, or at least,
> not
> > more than if you had installed them manually before. We don't add any
> > checks in the bundle:update command, so I don't really see why we'd add
> > those here.
> >
> > On a side note, I was wondering about starting a slightly broader
> > discussion about patching, which is related to this particular feature
> and
> > I hope to do so this week or the next.
> >
> >
> >
> >
> >
> > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> >
> > > Updated Branches:
> > > refs/heads/master d2af093dd -> 36808c560
> > >
> > >
> > > [KARAF-2753] Logging for override mechanism. Added additional logging
> and
> > > unit test to trigger log events
> > >
> > >
> > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > >
> > > Branch: refs/heads/master
> > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > Parents: d2af093
> > > Author: jgoodyear <jg...@apache.org>
> > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > Committer: jgoodyear <jg...@apache.org>
> > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > >
> > > ----------------------------------------------------------------------
> > > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > > .../karaf/features/internal/OverridesTest.java | 47
> > ++++++++++++++++++++
> > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > ----------------------------------------------------------------------
> > >
> > >
> > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > ----------------------------------------------------------------------
> > > diff --git
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > index 655dfea..8397222 100644
> > > ---
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > +++
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > @@ -48,6 +48,7 @@ public class Overrides {
> > > private static final Logger LOGGER =
> > > LoggerFactory.getLogger(Overrides.class);
> > >
> > > private static final String OVERRIDE_RANGE = "range";
> > > + private static final String VENDOR_WARNING = "Malicious code
> > possibly
> > > introduced by patch override, see log for details";
> > >
> > > /**
> > > * Compute a list of bundles to install, taking into account
> > > overrides.
> > > @@ -86,6 +87,7 @@ public class Overrides {
> > > if (manifest != null) {
> > > String bsn = getBundleSymbolicName(manifest);
> > > Version ver = getBundleVersion(manifest);
> > > + String ven = getBundleVendor(manifest);
> > > String url = info.getLocation();
> > > for (Clause override : overrides) {
> > > Manifest overMan =
> > > manifests.get(override.getName());
> > > @@ -111,10 +113,26 @@ public class Overrides {
> > > range =
> VersionRange.parseVersionRange(vr);
> > > }
> > >
> > > + String vendor = getBundleVendor(overMan);
> > >
> > > + // Before we do a replace, lets check if
> vendors
> > > change
> > > + if (ven == null) {
> > > + if (vendor != null) {
> > > + LOGGER.warn(VENDOR_WARNING);
> > > + }
> > > + } else {
> > > + if (vendor == null) {
> > > + LOGGER.warn(VENDOR_WARNING);
> > > + } else {
> > > + if (!vendor.equals(ven)) {
> > > + LOGGER.warn(VENDOR_WARNING);
> > > + }
> > > + }
> > > + }
> > > // The resource matches, so replace it with
> the
> > > overridden resource
> > > // if the override is actually a newer version
> > > than what we currently have
> > > if (range.contains(ver) &&
> ver.compareTo(oVer) <
> > > 0) {
> > > + LOGGER.info("Overriding original bundle "
> +
> > > url + " to " + override.getName());
> > > ver = oVer;
> > > url = override.getName();
> > > }
> > > @@ -178,6 +196,11 @@ public class Overrides {
> > > return bsn;
> > > }
> > >
> > > + private static String getBundleVendor(Manifest manifest) {
> > > + String ven =
> > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > + return ven;
> > > + }
> > > +
> > > private static Manifest getManifest(String url) throws
> IOException {
> > > InputStream is = new URL(url).openStream();
> > > try {
> > > @@ -205,4 +228,4 @@ public class Overrides {
> > > }
> > > return cs[0].getName();
> > > }
> > > -}
> > > \ No newline at end of file
> > > +}
> > >
> > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > ----------------------------------------------------------------------
> > > diff --git
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > index 46d163a..79e2015 100644
> > > ---
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > +++
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > private File b101;
> > > private File b102;
> > > private File b110;
> > > + private File c100;
> > > + private File c101;
> > > + private File c110;
> > >
> > > @Before
> > > public void setUp() throws IOException {
> > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > .set("Bundle-Version", "1.1.0")
> > > .build(),
> > > new FileOutputStream(b110));
> > > +
> > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > + copy(TinyBundles.bundle()
> > > + .set("Bundle-SymbolicName", bsn)
> > > + .set("Bundle-Version", "1.0.0")
> > > + .set("Bundle-Vendor", "Apache")
> > > + .build(),
> > > + new FileOutputStream(c100));
> > > +
> > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > + copy(TinyBundles.bundle()
> > > + .set("Bundle-SymbolicName", bsn)
> > > + .set("Bundle-Version", "1.0.1")
> > > + .set("Bundle-Vendor", "NotApache")
> > > + .build(),
> > > + new FileOutputStream(c101));
> > > +
> > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > + copy(TinyBundles.bundle()
> > > + .set("Bundle-SymbolicName", bsn)
> > > + .set("Bundle-Version", "1.1.0")
> > > + .set("Bundle-Vendor", "NotApache")
> > > + .build(),
> > > + new FileOutputStream(c110));
> > > + }
> > > +
> > > + @Test
> > > + public void testDifferentVendors() throws IOException {
> > > + File props = File.createTempFile("karaf", "properties");
> > > + Writer w = new FileWriter(props);
> > > + w.write(c101.toURI().toString());
> > > + w.write("\n");
> > > + w.write(c110.toURI().toString());
> > > + w.write("\n");
> > > + w.close();
> > > +
> > > + List<BundleInfo> res = Overrides.override(
> > > + Arrays.<BundleInfo>asList(new
> > > Bundle(c100.toURI().toString())),
> > > + props.toURI().toString());
> > > + assertNotNull(res);
> > > + assertEquals(1, res.size());
> > > + BundleInfo out = res.get(0);
> > > + assertNotNull(out);
> > > + assertEquals(c101.toURI().toString(), out.getLocation());
> > > }
> > >
> > > @Test
> > >
> > >
> >
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> Commiter & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Guillaume Nodet <gn...@apache.org>.
I would agree if that assumption you wrote when installing features were
true.
Let's say I have two features which both references the same bundle but
with a slightly different version. After installing both features, you
will usually (unless you use OBR resolver + flag the bundle as a
dpendency). However, the fact that both bundles are installed does not
mean that each feature will use its "intended" bundle. A simple refresh
will wire the two features to the higher version of the bundle.
In the same idea, if a bundle is pre-installed with a slightly higher
version (compatible), it will be used even if the older one will be
installed by the features service.
There is no isolation (unless you use regions, and in such a case, we may
want to improve the override feature to let user specify more information
about the regions).
So installing a bundle can actually affect other bundles if the container
is restarted or refreshed.
So when you say feature ABC has been tested with bundle M 1.0.1 but feature
XYZ does not support M 1.0.2, if that's the case, the override won't change
anything on that side, because the only way to overcome this problem is to
change XYZ bundles (either reducing the range, or upgrading the code to
support the newer bundle) or not go to 1.0.2.
Now, I assume the user also test his changes. If we don't assume that, we
also need to warn when installing new feature repositories or "untrusted"
repositories or features. That's not what we do, we usually trust the user
(we sometimes ask for a confirmation, but that's only when in interactive
mode).
2014-02-12 16:37 GMT+01:00 Jamie G. <ja...@gmail.com>:
> It's been my experience that users rarely use signed jars, until that is
> standard practice I think we should be providing some cursory checks. As
> such my additional logging was intended to provide some sort of safety net
> to catch changes in the system.
>
> I under stand that a patch would be used for feature XYZ overriding, but
> similar bundles may not require changes in feature ABC, or DEF - so noting
> to the user that things are changing there too would be appropriate.
>
> As to there being no or little effects of these overrides to a feature's
> bundle set, I'd strongly disagree -- feature ABC may have been tested with
> bundle M 1.0.1 becoming 1.0.2 but feature XYZ may get borked at this stage.
> I think the warning on XYZ's feature is requried.
>
> --Jamie
>
>
>
> On Wed, Feb 12, 2014 at 12:00 PM, Achim Nierbeck <bcanhome@googlemail.com
> >wrote:
>
> > Well, I hope you didn't get distracted by my comment.
> > Though as far as I can see the change only introduced some logging
> > to let the user know something changed due to adding another feature,
> > I think this is a viable solution, especially when looking for failures
> > or unintended changes.
> > No?
> >
> >
> > 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> >
> > > I'm tempted to -1 this change.
> > >
> > > What kind of problems are you trying to solve here ?
> > > Imho, such code is unnecessary because there are many other ways to
> > > introduce so called "malicious" code.
> > > If one wants to be safe, there is already an existing way to solve the
> > > problem which is signed bundles.
> > >
> > > Now, an example on how to introduce "malicious" code : if such a bundle
> > is
> > > installed first, the features service will think the "correct" bundle
> is
> > > already installed and will not install the "safe" bundle. This can be
> > done
> > > by manually installing the bundle before installing features, or by
> > adding
> > > it to the etc/startup.properties.
> > > Another option is just to hack the features file manually and change
> the
> > > url of the bundle, it will have exactly the same effect.
> > >
> > > In addition, checking the vendor is not a guarantee, as if someone
> wanted
> > > to "fake" a bundle, setting that header is not more difficult than
> > changing
> > > the symbolic name or version.
> > >
> > > I've had a use case where the user wanted to make sure that no
> > "malicious"
> > > code is introduced or used. In such a case, there is already an
> existing
> > > solution which is fully supported by OSGi (and Karaf) which is signed
> > > bundles. It works well and it's secured. Well, secured to the point
> > that
> > > you control the file system. In all cases, if you don't trust the file
> > > system, there's no possible way to secure the OSGi framework (just
> > because
> > > classes are read from the file system).
> > >
> > > Last, there is no possible misuse of the overrides really. If you add
> > > random bundles, it will most of the case have no effects, or at least,
> > not
> > > more than if you had installed them manually before. We don't add any
> > > checks in the bundle:update command, so I don't really see why we'd add
> > > those here.
> > >
> > > On a side note, I was wondering about starting a slightly broader
> > > discussion about patching, which is related to this particular feature
> > and
> > > I hope to do so this week or the next.
> > >
> > >
> > >
> > >
> > >
> > > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> > >
> > > > Updated Branches:
> > > > refs/heads/master d2af093dd -> 36808c560
> > > >
> > > >
> > > > [KARAF-2753] Logging for override mechanism. Added additional logging
> > and
> > > > unit test to trigger log events
> > > >
> > > >
> > > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > > Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > > >
> > > > Branch: refs/heads/master
> > > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > > Parents: d2af093
> > > > Author: jgoodyear <jg...@apache.org>
> > > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > > Committer: jgoodyear <jg...@apache.org>
> > > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > > >
> > > >
> ----------------------------------------------------------------------
> > > > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > > > .../karaf/features/internal/OverridesTest.java | 47
> > > ++++++++++++++++++++
> > > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > >
> ----------------------------------------------------------------------
> > > >
> > > >
> > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > >
> ----------------------------------------------------------------------
> > > > diff --git
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > index 655dfea..8397222 100644
> > > > ---
> > > >
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > +++
> > > >
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > > @@ -48,6 +48,7 @@ public class Overrides {
> > > > private static final Logger LOGGER =
> > > > LoggerFactory.getLogger(Overrides.class);
> > > >
> > > > private static final String OVERRIDE_RANGE = "range";
> > > > + private static final String VENDOR_WARNING = "Malicious code
> > > possibly
> > > > introduced by patch override, see log for details";
> > > >
> > > > /**
> > > > * Compute a list of bundles to install, taking into account
> > > > overrides.
> > > > @@ -86,6 +87,7 @@ public class Overrides {
> > > > if (manifest != null) {
> > > > String bsn = getBundleSymbolicName(manifest);
> > > > Version ver = getBundleVersion(manifest);
> > > > + String ven = getBundleVendor(manifest);
> > > > String url = info.getLocation();
> > > > for (Clause override : overrides) {
> > > > Manifest overMan =
> > > > manifests.get(override.getName());
> > > > @@ -111,10 +113,26 @@ public class Overrides {
> > > > range =
> > VersionRange.parseVersionRange(vr);
> > > > }
> > > >
> > > > + String vendor = getBundleVendor(overMan);
> > > >
> > > > + // Before we do a replace, lets check if
> > vendors
> > > > change
> > > > + if (ven == null) {
> > > > + if (vendor != null) {
> > > > + LOGGER.warn(VENDOR_WARNING);
> > > > + }
> > > > + } else {
> > > > + if (vendor == null) {
> > > > + LOGGER.warn(VENDOR_WARNING);
> > > > + } else {
> > > > + if (!vendor.equals(ven)) {
> > > > + LOGGER.warn(VENDOR_WARNING);
> > > > + }
> > > > + }
> > > > + }
> > > > // The resource matches, so replace it with
> > the
> > > > overridden resource
> > > > // if the override is actually a newer
> version
> > > > than what we currently have
> > > > if (range.contains(ver) &&
> > ver.compareTo(oVer) <
> > > > 0) {
> > > > + LOGGER.info("Overriding original bundle
> "
> > +
> > > > url + " to " + override.getName());
> > > > ver = oVer;
> > > > url = override.getName();
> > > > }
> > > > @@ -178,6 +196,11 @@ public class Overrides {
> > > > return bsn;
> > > > }
> > > >
> > > > + private static String getBundleVendor(Manifest manifest) {
> > > > + String ven =
> > > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > > + return ven;
> > > > + }
> > > > +
> > > > private static Manifest getManifest(String url) throws
> > IOException {
> > > > InputStream is = new URL(url).openStream();
> > > > try {
> > > > @@ -205,4 +228,4 @@ public class Overrides {
> > > > }
> > > > return cs[0].getName();
> > > > }
> > > > -}
> > > > \ No newline at end of file
> > > > +}
> > > >
> > > >
> > > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > >
> ----------------------------------------------------------------------
> > > > diff --git
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > index 46d163a..79e2015 100644
> > > > ---
> > > >
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > +++
> > > >
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > > private File b101;
> > > > private File b102;
> > > > private File b110;
> > > > + private File c100;
> > > > + private File c101;
> > > > + private File c110;
> > > >
> > > > @Before
> > > > public void setUp() throws IOException {
> > > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > > .set("Bundle-Version", "1.1.0")
> > > > .build(),
> > > > new FileOutputStream(b110));
> > > > +
> > > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > > + copy(TinyBundles.bundle()
> > > > + .set("Bundle-SymbolicName", bsn)
> > > > + .set("Bundle-Version", "1.0.0")
> > > > + .set("Bundle-Vendor", "Apache")
> > > > + .build(),
> > > > + new FileOutputStream(c100));
> > > > +
> > > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > > + copy(TinyBundles.bundle()
> > > > + .set("Bundle-SymbolicName", bsn)
> > > > + .set("Bundle-Version", "1.0.1")
> > > > + .set("Bundle-Vendor", "NotApache")
> > > > + .build(),
> > > > + new FileOutputStream(c101));
> > > > +
> > > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > > + copy(TinyBundles.bundle()
> > > > + .set("Bundle-SymbolicName", bsn)
> > > > + .set("Bundle-Version", "1.1.0")
> > > > + .set("Bundle-Vendor", "NotApache")
> > > > + .build(),
> > > > + new FileOutputStream(c110));
> > > > + }
> > > > +
> > > > + @Test
> > > > + public void testDifferentVendors() throws IOException {
> > > > + File props = File.createTempFile("karaf", "properties");
> > > > + Writer w = new FileWriter(props);
> > > > + w.write(c101.toURI().toString());
> > > > + w.write("\n");
> > > > + w.write(c110.toURI().toString());
> > > > + w.write("\n");
> > > > + w.close();
> > > > +
> > > > + List<BundleInfo> res = Overrides.override(
> > > > + Arrays.<BundleInfo>asList(new
> > > > Bundle(c100.toURI().toString())),
> > > > + props.toURI().toString());
> > > > + assertNotNull(res);
> > > > + assertEquals(1, res.size());
> > > > + BundleInfo out = res.get(0);
> > > > + assertNotNull(out);
> > > > + assertEquals(c101.toURI().toString(), out.getLocation());
> > > > }
> > > >
> > > > @Test
> > > >
> > > >
> > >
> >
> >
> >
> > --
> >
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> &
> > Project Lead
> > OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> > Commiter & Project Lead
> > blog <http://notizblog.nierbeck.de/>
> >
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
It's been my experience that users rarely use signed jars, until that is
standard practice I think we should be providing some cursory checks. As
such my additional logging was intended to provide some sort of safety net
to catch changes in the system.
I under stand that a patch would be used for feature XYZ overriding, but
similar bundles may not require changes in feature ABC, or DEF - so noting
to the user that things are changing there too would be appropriate.
As to there being no or little effects of these overrides to a feature's
bundle set, I'd strongly disagree -- feature ABC may have been tested with
bundle M 1.0.1 becoming 1.0.2 but feature XYZ may get borked at this stage.
I think the warning on XYZ's feature is requried.
--Jamie
On Wed, Feb 12, 2014 at 12:00 PM, Achim Nierbeck <bc...@googlemail.com>wrote:
> Well, I hope you didn't get distracted by my comment.
> Though as far as I can see the change only introduced some logging
> to let the user know something changed due to adding another feature,
> I think this is a viable solution, especially when looking for failures
> or unintended changes.
> No?
>
>
> 2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
>
> > I'm tempted to -1 this change.
> >
> > What kind of problems are you trying to solve here ?
> > Imho, such code is unnecessary because there are many other ways to
> > introduce so called "malicious" code.
> > If one wants to be safe, there is already an existing way to solve the
> > problem which is signed bundles.
> >
> > Now, an example on how to introduce "malicious" code : if such a bundle
> is
> > installed first, the features service will think the "correct" bundle is
> > already installed and will not install the "safe" bundle. This can be
> done
> > by manually installing the bundle before installing features, or by
> adding
> > it to the etc/startup.properties.
> > Another option is just to hack the features file manually and change the
> > url of the bundle, it will have exactly the same effect.
> >
> > In addition, checking the vendor is not a guarantee, as if someone wanted
> > to "fake" a bundle, setting that header is not more difficult than
> changing
> > the symbolic name or version.
> >
> > I've had a use case where the user wanted to make sure that no
> "malicious"
> > code is introduced or used. In such a case, there is already an existing
> > solution which is fully supported by OSGi (and Karaf) which is signed
> > bundles. It works well and it's secured. Well, secured to the point
> that
> > you control the file system. In all cases, if you don't trust the file
> > system, there's no possible way to secure the OSGi framework (just
> because
> > classes are read from the file system).
> >
> > Last, there is no possible misuse of the overrides really. If you add
> > random bundles, it will most of the case have no effects, or at least,
> not
> > more than if you had installed them manually before. We don't add any
> > checks in the bundle:update command, so I don't really see why we'd add
> > those here.
> >
> > On a side note, I was wondering about starting a slightly broader
> > discussion about patching, which is related to this particular feature
> and
> > I hope to do so this week or the next.
> >
> >
> >
> >
> >
> > 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> >
> > > Updated Branches:
> > > refs/heads/master d2af093dd -> 36808c560
> > >
> > >
> > > [KARAF-2753] Logging for override mechanism. Added additional logging
> and
> > > unit test to trigger log events
> > >
> > >
> > > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > > Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> > >
> > > Branch: refs/heads/master
> > > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > > Parents: d2af093
> > > Author: jgoodyear <jg...@apache.org>
> > > Authored: Wed Feb 12 10:29:10 2014 -0330
> > > Committer: jgoodyear <jg...@apache.org>
> > > Committed: Wed Feb 12 10:29:10 2014 -0330
> > >
> > > ----------------------------------------------------------------------
> > > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > > .../karaf/features/internal/OverridesTest.java | 47
> > ++++++++++++++++++++
> > > 2 files changed, 71 insertions(+), 1 deletion(-)
> > > ----------------------------------------------------------------------
> > >
> > >
> > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > ----------------------------------------------------------------------
> > > diff --git
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > index 655dfea..8397222 100644
> > > ---
> > >
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > +++
> > >
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > > @@ -48,6 +48,7 @@ public class Overrides {
> > > private static final Logger LOGGER =
> > > LoggerFactory.getLogger(Overrides.class);
> > >
> > > private static final String OVERRIDE_RANGE = "range";
> > > + private static final String VENDOR_WARNING = "Malicious code
> > possibly
> > > introduced by patch override, see log for details";
> > >
> > > /**
> > > * Compute a list of bundles to install, taking into account
> > > overrides.
> > > @@ -86,6 +87,7 @@ public class Overrides {
> > > if (manifest != null) {
> > > String bsn = getBundleSymbolicName(manifest);
> > > Version ver = getBundleVersion(manifest);
> > > + String ven = getBundleVendor(manifest);
> > > String url = info.getLocation();
> > > for (Clause override : overrides) {
> > > Manifest overMan =
> > > manifests.get(override.getName());
> > > @@ -111,10 +113,26 @@ public class Overrides {
> > > range =
> VersionRange.parseVersionRange(vr);
> > > }
> > >
> > > + String vendor = getBundleVendor(overMan);
> > >
> > > + // Before we do a replace, lets check if
> vendors
> > > change
> > > + if (ven == null) {
> > > + if (vendor != null) {
> > > + LOGGER.warn(VENDOR_WARNING);
> > > + }
> > > + } else {
> > > + if (vendor == null) {
> > > + LOGGER.warn(VENDOR_WARNING);
> > > + } else {
> > > + if (!vendor.equals(ven)) {
> > > + LOGGER.warn(VENDOR_WARNING);
> > > + }
> > > + }
> > > + }
> > > // The resource matches, so replace it with
> the
> > > overridden resource
> > > // if the override is actually a newer version
> > > than what we currently have
> > > if (range.contains(ver) &&
> ver.compareTo(oVer) <
> > > 0) {
> > > + LOGGER.info("Overriding original bundle "
> +
> > > url + " to " + override.getName());
> > > ver = oVer;
> > > url = override.getName();
> > > }
> > > @@ -178,6 +196,11 @@ public class Overrides {
> > > return bsn;
> > > }
> > >
> > > + private static String getBundleVendor(Manifest manifest) {
> > > + String ven =
> > > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > > + return ven;
> > > + }
> > > +
> > > private static Manifest getManifest(String url) throws
> IOException {
> > > InputStream is = new URL(url).openStream();
> > > try {
> > > @@ -205,4 +228,4 @@ public class Overrides {
> > > }
> > > return cs[0].getName();
> > > }
> > > -}
> > > \ No newline at end of file
> > > +}
> > >
> > >
> > >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > ----------------------------------------------------------------------
> > > diff --git
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > index 46d163a..79e2015 100644
> > > ---
> > >
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > +++
> > >
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > > @@ -42,6 +42,9 @@ public class OverridesTest {
> > > private File b101;
> > > private File b102;
> > > private File b110;
> > > + private File c100;
> > > + private File c101;
> > > + private File c110;
> > >
> > > @Before
> > > public void setUp() throws IOException {
> > > @@ -72,6 +75,50 @@ public class OverridesTest {
> > > .set("Bundle-Version", "1.1.0")
> > > .build(),
> > > new FileOutputStream(b110));
> > > +
> > > + c100 = File.createTempFile("karafc", "-100.jar");
> > > + copy(TinyBundles.bundle()
> > > + .set("Bundle-SymbolicName", bsn)
> > > + .set("Bundle-Version", "1.0.0")
> > > + .set("Bundle-Vendor", "Apache")
> > > + .build(),
> > > + new FileOutputStream(c100));
> > > +
> > > + c101 = File.createTempFile("karafc", "-101.jar");
> > > + copy(TinyBundles.bundle()
> > > + .set("Bundle-SymbolicName", bsn)
> > > + .set("Bundle-Version", "1.0.1")
> > > + .set("Bundle-Vendor", "NotApache")
> > > + .build(),
> > > + new FileOutputStream(c101));
> > > +
> > > + c110 = File.createTempFile("karafc", "-110.jar");
> > > + copy(TinyBundles.bundle()
> > > + .set("Bundle-SymbolicName", bsn)
> > > + .set("Bundle-Version", "1.1.0")
> > > + .set("Bundle-Vendor", "NotApache")
> > > + .build(),
> > > + new FileOutputStream(c110));
> > > + }
> > > +
> > > + @Test
> > > + public void testDifferentVendors() throws IOException {
> > > + File props = File.createTempFile("karaf", "properties");
> > > + Writer w = new FileWriter(props);
> > > + w.write(c101.toURI().toString());
> > > + w.write("\n");
> > > + w.write(c110.toURI().toString());
> > > + w.write("\n");
> > > + w.close();
> > > +
> > > + List<BundleInfo> res = Overrides.override(
> > > + Arrays.<BundleInfo>asList(new
> > > Bundle(c100.toURI().toString())),
> > > + props.toURI().toString());
> > > + assertNotNull(res);
> > > + assertEquals(1, res.size());
> > > + BundleInfo out = res.get(0);
> > > + assertNotNull(out);
> > > + assertEquals(c101.toURI().toString(), out.getLocation());
> > > }
> > >
> > > @Test
> > >
> > >
> >
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> Commiter & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Achim Nierbeck <bc...@googlemail.com>.
Well, I hope you didn't get distracted by my comment.
Though as far as I can see the change only introduced some logging
to let the user know something changed due to adding another feature,
I think this is a viable solution, especially when looking for failures
or unintended changes.
No?
2014-02-12 16:15 GMT+01:00 Guillaume Nodet <gn...@apache.org>:
> I'm tempted to -1 this change.
>
> What kind of problems are you trying to solve here ?
> Imho, such code is unnecessary because there are many other ways to
> introduce so called "malicious" code.
> If one wants to be safe, there is already an existing way to solve the
> problem which is signed bundles.
>
> Now, an example on how to introduce "malicious" code : if such a bundle is
> installed first, the features service will think the "correct" bundle is
> already installed and will not install the "safe" bundle. This can be done
> by manually installing the bundle before installing features, or by adding
> it to the etc/startup.properties.
> Another option is just to hack the features file manually and change the
> url of the bundle, it will have exactly the same effect.
>
> In addition, checking the vendor is not a guarantee, as if someone wanted
> to "fake" a bundle, setting that header is not more difficult than changing
> the symbolic name or version.
>
> I've had a use case where the user wanted to make sure that no "malicious"
> code is introduced or used. In such a case, there is already an existing
> solution which is fully supported by OSGi (and Karaf) which is signed
> bundles. It works well and it's secured. Well, secured to the point that
> you control the file system. In all cases, if you don't trust the file
> system, there's no possible way to secure the OSGi framework (just because
> classes are read from the file system).
>
> Last, there is no possible misuse of the overrides really. If you add
> random bundles, it will most of the case have no effects, or at least, not
> more than if you had installed them manually before. We don't add any
> checks in the bundle:update command, so I don't really see why we'd add
> those here.
>
> On a side note, I was wondering about starting a slightly broader
> discussion about patching, which is related to this particular feature and
> I hope to do so this week or the next.
>
>
>
>
>
> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>
> > Updated Branches:
> > refs/heads/master d2af093dd -> 36808c560
> >
> >
> > [KARAF-2753] Logging for override mechanism. Added additional logging and
> > unit test to trigger log events
> >
> >
> > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> >
> > Branch: refs/heads/master
> > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > Parents: d2af093
> > Author: jgoodyear <jg...@apache.org>
> > Authored: Wed Feb 12 10:29:10 2014 -0330
> > Committer: jgoodyear <jg...@apache.org>
> > Committed: Wed Feb 12 10:29:10 2014 -0330
> >
> > ----------------------------------------------------------------------
> > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > .../karaf/features/internal/OverridesTest.java | 47
> ++++++++++++++++++++
> > 2 files changed, 71 insertions(+), 1 deletion(-)
> > ----------------------------------------------------------------------
> >
> >
> >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > ----------------------------------------------------------------------
> > diff --git
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > index 655dfea..8397222 100644
> > ---
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > +++
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > @@ -48,6 +48,7 @@ public class Overrides {
> > private static final Logger LOGGER =
> > LoggerFactory.getLogger(Overrides.class);
> >
> > private static final String OVERRIDE_RANGE = "range";
> > + private static final String VENDOR_WARNING = "Malicious code
> possibly
> > introduced by patch override, see log for details";
> >
> > /**
> > * Compute a list of bundles to install, taking into account
> > overrides.
> > @@ -86,6 +87,7 @@ public class Overrides {
> > if (manifest != null) {
> > String bsn = getBundleSymbolicName(manifest);
> > Version ver = getBundleVersion(manifest);
> > + String ven = getBundleVendor(manifest);
> > String url = info.getLocation();
> > for (Clause override : overrides) {
> > Manifest overMan =
> > manifests.get(override.getName());
> > @@ -111,10 +113,26 @@ public class Overrides {
> > range = VersionRange.parseVersionRange(vr);
> > }
> >
> > + String vendor = getBundleVendor(overMan);
> >
> > + // Before we do a replace, lets check if vendors
> > change
> > + if (ven == null) {
> > + if (vendor != null) {
> > + LOGGER.warn(VENDOR_WARNING);
> > + }
> > + } else {
> > + if (vendor == null) {
> > + LOGGER.warn(VENDOR_WARNING);
> > + } else {
> > + if (!vendor.equals(ven)) {
> > + LOGGER.warn(VENDOR_WARNING);
> > + }
> > + }
> > + }
> > // The resource matches, so replace it with the
> > overridden resource
> > // if the override is actually a newer version
> > than what we currently have
> > if (range.contains(ver) && ver.compareTo(oVer) <
> > 0) {
> > + LOGGER.info("Overriding original bundle " +
> > url + " to " + override.getName());
> > ver = oVer;
> > url = override.getName();
> > }
> > @@ -178,6 +196,11 @@ public class Overrides {
> > return bsn;
> > }
> >
> > + private static String getBundleVendor(Manifest manifest) {
> > + String ven =
> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > + return ven;
> > + }
> > +
> > private static Manifest getManifest(String url) throws IOException {
> > InputStream is = new URL(url).openStream();
> > try {
> > @@ -205,4 +228,4 @@ public class Overrides {
> > }
> > return cs[0].getName();
> > }
> > -}
> > \ No newline at end of file
> > +}
> >
> >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > ----------------------------------------------------------------------
> > diff --git
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > index 46d163a..79e2015 100644
> > ---
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > +++
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > @@ -42,6 +42,9 @@ public class OverridesTest {
> > private File b101;
> > private File b102;
> > private File b110;
> > + private File c100;
> > + private File c101;
> > + private File c110;
> >
> > @Before
> > public void setUp() throws IOException {
> > @@ -72,6 +75,50 @@ public class OverridesTest {
> > .set("Bundle-Version", "1.1.0")
> > .build(),
> > new FileOutputStream(b110));
> > +
> > + c100 = File.createTempFile("karafc", "-100.jar");
> > + copy(TinyBundles.bundle()
> > + .set("Bundle-SymbolicName", bsn)
> > + .set("Bundle-Version", "1.0.0")
> > + .set("Bundle-Vendor", "Apache")
> > + .build(),
> > + new FileOutputStream(c100));
> > +
> > + c101 = File.createTempFile("karafc", "-101.jar");
> > + copy(TinyBundles.bundle()
> > + .set("Bundle-SymbolicName", bsn)
> > + .set("Bundle-Version", "1.0.1")
> > + .set("Bundle-Vendor", "NotApache")
> > + .build(),
> > + new FileOutputStream(c101));
> > +
> > + c110 = File.createTempFile("karafc", "-110.jar");
> > + copy(TinyBundles.bundle()
> > + .set("Bundle-SymbolicName", bsn)
> > + .set("Bundle-Version", "1.1.0")
> > + .set("Bundle-Vendor", "NotApache")
> > + .build(),
> > + new FileOutputStream(c110));
> > + }
> > +
> > + @Test
> > + public void testDifferentVendors() throws IOException {
> > + File props = File.createTempFile("karaf", "properties");
> > + Writer w = new FileWriter(props);
> > + w.write(c101.toURI().toString());
> > + w.write("\n");
> > + w.write(c110.toURI().toString());
> > + w.write("\n");
> > + w.close();
> > +
> > + List<BundleInfo> res = Overrides.override(
> > + Arrays.<BundleInfo>asList(new
> > Bundle(c100.toURI().toString())),
> > + props.toURI().toString());
> > + assertNotNull(res);
> > + assertEquals(1, res.size());
> > + BundleInfo out = res.get(0);
> > + assertNotNull(out);
> > + assertEquals(c101.toURI().toString(), out.getLocation());
> > }
> >
> > @Test
> >
> >
>
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
Commiter & Project Lead
blog <http://notizblog.nierbeck.de/>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Guillaume Nodet <gn...@apache.org>.
I'm tempted to -1 this change.
What kind of problems are you trying to solve here ?
Imho, such code is unnecessary because there are many other ways to
introduce so called "malicious" code.
If one wants to be safe, there is already an existing way to solve the
problem which is signed bundles.
Now, an example on how to introduce "malicious" code : if such a bundle is
installed first, the features service will think the "correct" bundle is
already installed and will not install the "safe" bundle. This can be done
by manually installing the bundle before installing features, or by adding
it to the etc/startup.properties.
Another option is just to hack the features file manually and change the
url of the bundle, it will have exactly the same effect.
In addition, checking the vendor is not a guarantee, as if someone wanted
to "fake" a bundle, setting that header is not more difficult than changing
the symbolic name or version.
I've had a use case where the user wanted to make sure that no "malicious"
code is introduced or used. In such a case, there is already an existing
solution which is fully supported by OSGi (and Karaf) which is signed
bundles. It works well and it's secured. Well, secured to the point that
you control the file system. In all cases, if you don't trust the file
system, there's no possible way to secure the OSGi framework (just because
classes are read from the file system).
Last, there is no possible misuse of the overrides really. If you add
random bundles, it will most of the case have no effects, or at least, not
more than if you had installed them manually before. We don't add any
checks in the bundle:update command, so I don't really see why we'd add
those here.
On a side note, I was wondering about starting a slightly broader
discussion about patching, which is related to this particular feature and
I hope to do so this week or the next.
2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> Updated Branches:
> refs/heads/master d2af093dd -> 36808c560
>
>
> [KARAF-2753] Logging for override mechanism. Added additional logging and
> unit test to trigger log events
>
>
> Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>
> Branch: refs/heads/master
> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> Parents: d2af093
> Author: jgoodyear <jg...@apache.org>
> Authored: Wed Feb 12 10:29:10 2014 -0330
> Committer: jgoodyear <jg...@apache.org>
> Committed: Wed Feb 12 10:29:10 2014 -0330
>
> ----------------------------------------------------------------------
> .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> .../karaf/features/internal/OverridesTest.java | 47 ++++++++++++++++++++
> 2 files changed, 71 insertions(+), 1 deletion(-)
> ----------------------------------------------------------------------
>
>
>
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> ----------------------------------------------------------------------
> diff --git
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> index 655dfea..8397222 100644
> ---
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> +++
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> @@ -48,6 +48,7 @@ public class Overrides {
> private static final Logger LOGGER =
> LoggerFactory.getLogger(Overrides.class);
>
> private static final String OVERRIDE_RANGE = "range";
> + private static final String VENDOR_WARNING = "Malicious code possibly
> introduced by patch override, see log for details";
>
> /**
> * Compute a list of bundles to install, taking into account
> overrides.
> @@ -86,6 +87,7 @@ public class Overrides {
> if (manifest != null) {
> String bsn = getBundleSymbolicName(manifest);
> Version ver = getBundleVersion(manifest);
> + String ven = getBundleVendor(manifest);
> String url = info.getLocation();
> for (Clause override : overrides) {
> Manifest overMan =
> manifests.get(override.getName());
> @@ -111,10 +113,26 @@ public class Overrides {
> range = VersionRange.parseVersionRange(vr);
> }
>
> + String vendor = getBundleVendor(overMan);
>
> + // Before we do a replace, lets check if vendors
> change
> + if (ven == null) {
> + if (vendor != null) {
> + LOGGER.warn(VENDOR_WARNING);
> + }
> + } else {
> + if (vendor == null) {
> + LOGGER.warn(VENDOR_WARNING);
> + } else {
> + if (!vendor.equals(ven)) {
> + LOGGER.warn(VENDOR_WARNING);
> + }
> + }
> + }
> // The resource matches, so replace it with the
> overridden resource
> // if the override is actually a newer version
> than what we currently have
> if (range.contains(ver) && ver.compareTo(oVer) <
> 0) {
> + LOGGER.info("Overriding original bundle " +
> url + " to " + override.getName());
> ver = oVer;
> url = override.getName();
> }
> @@ -178,6 +196,11 @@ public class Overrides {
> return bsn;
> }
>
> + private static String getBundleVendor(Manifest manifest) {
> + String ven =
> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> + return ven;
> + }
> +
> private static Manifest getManifest(String url) throws IOException {
> InputStream is = new URL(url).openStream();
> try {
> @@ -205,4 +228,4 @@ public class Overrides {
> }
> return cs[0].getName();
> }
> -}
> \ No newline at end of file
> +}
>
>
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> ----------------------------------------------------------------------
> diff --git
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> index 46d163a..79e2015 100644
> ---
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> +++
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> @@ -42,6 +42,9 @@ public class OverridesTest {
> private File b101;
> private File b102;
> private File b110;
> + private File c100;
> + private File c101;
> + private File c110;
>
> @Before
> public void setUp() throws IOException {
> @@ -72,6 +75,50 @@ public class OverridesTest {
> .set("Bundle-Version", "1.1.0")
> .build(),
> new FileOutputStream(b110));
> +
> + c100 = File.createTempFile("karafc", "-100.jar");
> + copy(TinyBundles.bundle()
> + .set("Bundle-SymbolicName", bsn)
> + .set("Bundle-Version", "1.0.0")
> + .set("Bundle-Vendor", "Apache")
> + .build(),
> + new FileOutputStream(c100));
> +
> + c101 = File.createTempFile("karafc", "-101.jar");
> + copy(TinyBundles.bundle()
> + .set("Bundle-SymbolicName", bsn)
> + .set("Bundle-Version", "1.0.1")
> + .set("Bundle-Vendor", "NotApache")
> + .build(),
> + new FileOutputStream(c101));
> +
> + c110 = File.createTempFile("karafc", "-110.jar");
> + copy(TinyBundles.bundle()
> + .set("Bundle-SymbolicName", bsn)
> + .set("Bundle-Version", "1.1.0")
> + .set("Bundle-Vendor", "NotApache")
> + .build(),
> + new FileOutputStream(c110));
> + }
> +
> + @Test
> + public void testDifferentVendors() throws IOException {
> + File props = File.createTempFile("karaf", "properties");
> + Writer w = new FileWriter(props);
> + w.write(c101.toURI().toString());
> + w.write("\n");
> + w.write(c110.toURI().toString());
> + w.write("\n");
> + w.close();
> +
> + List<BundleInfo> res = Overrides.override(
> + Arrays.<BundleInfo>asList(new
> Bundle(c100.toURI().toString())),
> + props.toURI().toString());
> + assertNotNull(res);
> + assertEquals(1, res.size());
> + BundleInfo out = res.get(0);
> + assertNotNull(out);
> + assertEquals(c101.toURI().toString(), out.getLocation());
> }
>
> @Test
>
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by "Jamie G." <ja...@gmail.com>.
True, I'll make the adjustment.
--jamie
On Wed, Feb 12, 2014 at 10:40 AM, Achim Nierbeck <bc...@googlemail.com>wrote:
> just one comment from my side, I'd stick to the warn level for all
> loggings, i think this is something that should show up on an Administrator
> console just in case. To make sure no "malicious" code is "injected"
> Cause from my point of view it's quite simple to replace bundle a with c by
> just "renaming" it to a.minorAdditionAndPatchFixForSomeoneSpecial_I_Love
>
> regards, Achim
>
>
> 2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
>
> > Updated Branches:
> > refs/heads/master d2af093dd -> 36808c560
> >
> >
> > [KARAF-2753] Logging for override mechanism. Added additional logging and
> > unit test to trigger log events
> >
> >
> > Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> > Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> > Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> > Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
> >
> > Branch: refs/heads/master
> > Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> > Parents: d2af093
> > Author: jgoodyear <jg...@apache.org>
> > Authored: Wed Feb 12 10:29:10 2014 -0330
> > Committer: jgoodyear <jg...@apache.org>
> > Committed: Wed Feb 12 10:29:10 2014 -0330
> >
> > ----------------------------------------------------------------------
> > .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> > .../karaf/features/internal/OverridesTest.java | 47
> ++++++++++++++++++++
> > 2 files changed, 71 insertions(+), 1 deletion(-)
> > ----------------------------------------------------------------------
> >
> >
> >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > ----------------------------------------------------------------------
> > diff --git
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > index 655dfea..8397222 100644
> > ---
> >
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > +++
> >
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> > @@ -48,6 +48,7 @@ public class Overrides {
> > private static final Logger LOGGER =
> > LoggerFactory.getLogger(Overrides.class);
> >
> > private static final String OVERRIDE_RANGE = "range";
> > + private static final String VENDOR_WARNING = "Malicious code
> possibly
> > introduced by patch override, see log for details";
> >
> > /**
> > * Compute a list of bundles to install, taking into account
> > overrides.
> > @@ -86,6 +87,7 @@ public class Overrides {
> > if (manifest != null) {
> > String bsn = getBundleSymbolicName(manifest);
> > Version ver = getBundleVersion(manifest);
> > + String ven = getBundleVendor(manifest);
> > String url = info.getLocation();
> > for (Clause override : overrides) {
> > Manifest overMan =
> > manifests.get(override.getName());
> > @@ -111,10 +113,26 @@ public class Overrides {
> > range = VersionRange.parseVersionRange(vr);
> > }
> >
> > + String vendor = getBundleVendor(overMan);
> >
> > + // Before we do a replace, lets check if vendors
> > change
> > + if (ven == null) {
> > + if (vendor != null) {
> > + LOGGER.warn(VENDOR_WARNING);
> > + }
> > + } else {
> > + if (vendor == null) {
> > + LOGGER.warn(VENDOR_WARNING);
> > + } else {
> > + if (!vendor.equals(ven)) {
> > + LOGGER.warn(VENDOR_WARNING);
> > + }
> > + }
> > + }
> > // The resource matches, so replace it with the
> > overridden resource
> > // if the override is actually a newer version
> > than what we currently have
> > if (range.contains(ver) && ver.compareTo(oVer) <
> > 0) {
> > + LOGGER.info("Overriding original bundle " +
> > url + " to " + override.getName());
> > ver = oVer;
> > url = override.getName();
> > }
> > @@ -178,6 +196,11 @@ public class Overrides {
> > return bsn;
> > }
> >
> > + private static String getBundleVendor(Manifest manifest) {
> > + String ven =
> > manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> > + return ven;
> > + }
> > +
> > private static Manifest getManifest(String url) throws IOException {
> > InputStream is = new URL(url).openStream();
> > try {
> > @@ -205,4 +228,4 @@ public class Overrides {
> > }
> > return cs[0].getName();
> > }
> > -}
> > \ No newline at end of file
> > +}
> >
> >
> >
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > ----------------------------------------------------------------------
> > diff --git
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > index 46d163a..79e2015 100644
> > ---
> >
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > +++
> >
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> > @@ -42,6 +42,9 @@ public class OverridesTest {
> > private File b101;
> > private File b102;
> > private File b110;
> > + private File c100;
> > + private File c101;
> > + private File c110;
> >
> > @Before
> > public void setUp() throws IOException {
> > @@ -72,6 +75,50 @@ public class OverridesTest {
> > .set("Bundle-Version", "1.1.0")
> > .build(),
> > new FileOutputStream(b110));
> > +
> > + c100 = File.createTempFile("karafc", "-100.jar");
> > + copy(TinyBundles.bundle()
> > + .set("Bundle-SymbolicName", bsn)
> > + .set("Bundle-Version", "1.0.0")
> > + .set("Bundle-Vendor", "Apache")
> > + .build(),
> > + new FileOutputStream(c100));
> > +
> > + c101 = File.createTempFile("karafc", "-101.jar");
> > + copy(TinyBundles.bundle()
> > + .set("Bundle-SymbolicName", bsn)
> > + .set("Bundle-Version", "1.0.1")
> > + .set("Bundle-Vendor", "NotApache")
> > + .build(),
> > + new FileOutputStream(c101));
> > +
> > + c110 = File.createTempFile("karafc", "-110.jar");
> > + copy(TinyBundles.bundle()
> > + .set("Bundle-SymbolicName", bsn)
> > + .set("Bundle-Version", "1.1.0")
> > + .set("Bundle-Vendor", "NotApache")
> > + .build(),
> > + new FileOutputStream(c110));
> > + }
> > +
> > + @Test
> > + public void testDifferentVendors() throws IOException {
> > + File props = File.createTempFile("karaf", "properties");
> > + Writer w = new FileWriter(props);
> > + w.write(c101.toURI().toString());
> > + w.write("\n");
> > + w.write(c110.toURI().toString());
> > + w.write("\n");
> > + w.close();
> > +
> > + List<BundleInfo> res = Overrides.override(
> > + Arrays.<BundleInfo>asList(new
> > Bundle(c100.toURI().toString())),
> > + props.toURI().toString());
> > + assertNotNull(res);
> > + assertEquals(1, res.size());
> > + BundleInfo out = res.get(0);
> > + assertNotNull(out);
> > + assertEquals(c101.toURI().toString(), out.getLocation());
> > }
> >
> > @Test
> >
> >
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
> Commiter & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
Re: git commit: [KARAF-2753] Logging for override mechanism. Added
additional logging and unit test to trigger log events
Posted by Achim Nierbeck <bc...@googlemail.com>.
just one comment from my side, I'd stick to the warn level for all
loggings, i think this is something that should show up on an Administrator
console just in case. To make sure no "malicious" code is "injected"
Cause from my point of view it's quite simple to replace bundle a with c by
just "renaming" it to a.minorAdditionAndPatchFixForSomeoneSpecial_I_Love
regards, Achim
2014-02-12 15:00 GMT+01:00 <jg...@apache.org>:
> Updated Branches:
> refs/heads/master d2af093dd -> 36808c560
>
>
> [KARAF-2753] Logging for override mechanism. Added additional logging and
> unit test to trigger log events
>
>
> Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
> Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/36808c56
> Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/36808c56
> Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/36808c56
>
> Branch: refs/heads/master
> Commit: 36808c5607d3fc0de40861146775e10b7c248e59
> Parents: d2af093
> Author: jgoodyear <jg...@apache.org>
> Authored: Wed Feb 12 10:29:10 2014 -0330
> Committer: jgoodyear <jg...@apache.org>
> Committed: Wed Feb 12 10:29:10 2014 -0330
>
> ----------------------------------------------------------------------
> .../karaf/features/internal/Overrides.java | 25 ++++++++++-
> .../karaf/features/internal/OverridesTest.java | 47 ++++++++++++++++++++
> 2 files changed, 71 insertions(+), 1 deletion(-)
> ----------------------------------------------------------------------
>
>
>
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> ----------------------------------------------------------------------
> diff --git
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> index 655dfea..8397222 100644
> ---
> a/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> +++
> b/features/core/src/main/java/org/apache/karaf/features/internal/Overrides.java
> @@ -48,6 +48,7 @@ public class Overrides {
> private static final Logger LOGGER =
> LoggerFactory.getLogger(Overrides.class);
>
> private static final String OVERRIDE_RANGE = "range";
> + private static final String VENDOR_WARNING = "Malicious code possibly
> introduced by patch override, see log for details";
>
> /**
> * Compute a list of bundles to install, taking into account
> overrides.
> @@ -86,6 +87,7 @@ public class Overrides {
> if (manifest != null) {
> String bsn = getBundleSymbolicName(manifest);
> Version ver = getBundleVersion(manifest);
> + String ven = getBundleVendor(manifest);
> String url = info.getLocation();
> for (Clause override : overrides) {
> Manifest overMan =
> manifests.get(override.getName());
> @@ -111,10 +113,26 @@ public class Overrides {
> range = VersionRange.parseVersionRange(vr);
> }
>
> + String vendor = getBundleVendor(overMan);
>
> + // Before we do a replace, lets check if vendors
> change
> + if (ven == null) {
> + if (vendor != null) {
> + LOGGER.warn(VENDOR_WARNING);
> + }
> + } else {
> + if (vendor == null) {
> + LOGGER.warn(VENDOR_WARNING);
> + } else {
> + if (!vendor.equals(ven)) {
> + LOGGER.warn(VENDOR_WARNING);
> + }
> + }
> + }
> // The resource matches, so replace it with the
> overridden resource
> // if the override is actually a newer version
> than what we currently have
> if (range.contains(ver) && ver.compareTo(oVer) <
> 0) {
> + LOGGER.info("Overriding original bundle " +
> url + " to " + override.getName());
> ver = oVer;
> url = override.getName();
> }
> @@ -178,6 +196,11 @@ public class Overrides {
> return bsn;
> }
>
> + private static String getBundleVendor(Manifest manifest) {
> + String ven =
> manifest.getMainAttributes().getValue(Constants.BUNDLE_VENDOR);
> + return ven;
> + }
> +
> private static Manifest getManifest(String url) throws IOException {
> InputStream is = new URL(url).openStream();
> try {
> @@ -205,4 +228,4 @@ public class Overrides {
> }
> return cs[0].getName();
> }
> -}
> \ No newline at end of file
> +}
>
>
> http://git-wip-us.apache.org/repos/asf/karaf/blob/36808c56/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> ----------------------------------------------------------------------
> diff --git
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> index 46d163a..79e2015 100644
> ---
> a/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> +++
> b/features/core/src/test/java/org/apache/karaf/features/internal/OverridesTest.java
> @@ -42,6 +42,9 @@ public class OverridesTest {
> private File b101;
> private File b102;
> private File b110;
> + private File c100;
> + private File c101;
> + private File c110;
>
> @Before
> public void setUp() throws IOException {
> @@ -72,6 +75,50 @@ public class OverridesTest {
> .set("Bundle-Version", "1.1.0")
> .build(),
> new FileOutputStream(b110));
> +
> + c100 = File.createTempFile("karafc", "-100.jar");
> + copy(TinyBundles.bundle()
> + .set("Bundle-SymbolicName", bsn)
> + .set("Bundle-Version", "1.0.0")
> + .set("Bundle-Vendor", "Apache")
> + .build(),
> + new FileOutputStream(c100));
> +
> + c101 = File.createTempFile("karafc", "-101.jar");
> + copy(TinyBundles.bundle()
> + .set("Bundle-SymbolicName", bsn)
> + .set("Bundle-Version", "1.0.1")
> + .set("Bundle-Vendor", "NotApache")
> + .build(),
> + new FileOutputStream(c101));
> +
> + c110 = File.createTempFile("karafc", "-110.jar");
> + copy(TinyBundles.bundle()
> + .set("Bundle-SymbolicName", bsn)
> + .set("Bundle-Version", "1.1.0")
> + .set("Bundle-Vendor", "NotApache")
> + .build(),
> + new FileOutputStream(c110));
> + }
> +
> + @Test
> + public void testDifferentVendors() throws IOException {
> + File props = File.createTempFile("karaf", "properties");
> + Writer w = new FileWriter(props);
> + w.write(c101.toURI().toString());
> + w.write("\n");
> + w.write(c110.toURI().toString());
> + w.write("\n");
> + w.close();
> +
> + List<BundleInfo> res = Overrides.override(
> + Arrays.<BundleInfo>asList(new
> Bundle(c100.toURI().toString())),
> + props.toURI().toString());
> + assertNotNull(res);
> + assertEquals(1, res.size());
> + BundleInfo out = res.get(0);
> + assertNotNull(out);
> + assertEquals(c101.toURI().toString(), out.getLocation());
> }
>
> @Test
>
>
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
Commiter & Project Lead
blog <http://notizblog.nierbeck.de/>