Let command plugins ask for network permissions #6114
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@swift-ci please smoke test |
neonichu
force-pushed
the
command-plugin-network-permissions
branch
2 times, most recently
from
54ccb20
to
736e565
Compare
neonichu
changed the title
|
@swift-ci please smoke test |
neonichu
commented
Feb 3, 2023
| let answer = readLine(strippingNewline: true) | ||
| // Throw an error if we didn't get permission. | ||
| if answer?.lowercased() != "yes" { | ||
| throw StringError("Plugin was denied permission to \(permissionString).") |
There was a problem hiding this comment.
Note: I changed these to StringError to avoid having usage be printed to the console which seems to be a behavior of ArgumentParser's ValidationError.
tomerd
reviewed
Feb 3, 2023
tomerd
reviewed
Feb 3, 2023
tomerd
approved these changes
Feb 3, 2023
neonichu
force-pushed
the
command-plugin-network-permissions
branch
from
736e565
to
ce08da5
Compare
|
@swift-ci please smoke test |
neonichu
force-pushed
the
command-plugin-network-permissions
branch
from
ce08da5
to
ac28899
Compare
|
@swift-ci please smoke test |
neonichu
force-pushed
the
command-plugin-network-permissions
branch
from
ac28899
to
dcf0a19
Compare
|
@swift-ci please smoke test |
tomerd
reviewed
Feb 4, 2023
tomerd
reviewed
Feb 4, 2023
| @@ -471,6 +473,7 @@ extension PackageGraph { | |||
| accessibleTools: accessibleTools, | |||
| writableDirectories: writableDirectories, | |||
| readOnlyDirectories: readOnlyDirectories, | |||
| allowNetworkConnections: [], | |||
There was a problem hiding this comment.
not sure I follow why this is empty in this call?
There was a problem hiding this comment.
This is the invocation for build tools which do not support specifying permissions.
tomerd
reviewed
Feb 4, 2023
tomerd
reviewed
Feb 4, 2023
|
cc @fabianfett |
stevapple
reviewed
Feb 5, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
force-pushed
the
command-plugin-network-permissions
branch
from
32a44a3
to
83d7b3d
Compare
|
@swift-ci please smoke test |
1 similar comment
|
@swift-ci please smoke test |
|
Windows failure looks like something in llbuild? cc @compnerd |
|
Please test with following PRs: @swift-ci please test Windows platform |
|
@swift-ci please test Windows platform |
|
Seems like There are also more follow-on errors. |
|
Hm, I guess the Windows CI re-run itself, confusing... |
I did it from the backend, sorry I should have told you about it. |
MaxDesiatov
reviewed
Feb 8, 2023
| @@ -67,7 +67,7 @@ To list the plugins that are available within the context of a package, use the | |||
| ❯ swift package plugin --list | |||
| ``` | |||
|
|
|||
| Command plugins that need to write to the file system will cause SwiftPM to ask the user for approval if `swift package` is invoked from a console, or deny the request if it is not. Passing the `--allow-writing-to-package-directory` flag to the `swift package` invocation will allow the request without questions — this is particularly useful in a Continuous Integration environment. | |||
| Command plugins that need to write to the file system will cause SwiftPM to ask the user for approval if `swift package` is invoked from a console, or deny the request if it is not. Passing the `--allow-writing-to-package-directory` flag to the `swift package` invocation will allow the request without questions — this is particularly useful in a Continuous Integration environment. Similarly, the `--allow-network-connections` flag can be used to allow network connections without showing a prompt. | |||
There was a problem hiding this comment.
Should this change also be mentioned in the changelog?
There was a problem hiding this comment.
+1 this is a great feature we should mention in chnagelog and release notes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections.
resolves #5489