Lua: option to embed Lua handler into SWUpdate binary

Message ID 20171013080155.2703-1-christian.storm@siemens.com
State Accepted
Headers show
Series
  • Lua: option to embed Lua handler into SWUpdate binary
Related show

Commit Message

Christian Storm Oct. 13, 2017, 8:01 a.m.
Lua handlers are loaded at run-time, i.e., a
    require("swupdate_handlers")
is executed at startup. Hence, the Lua handler source
code file swupdate_handlers.lua has to be deployed on
the target system respecting Lua's search path.

The new config option EMBEDDED_LUA_HANDLER allows to
embed the Lua handler's source into the SWUpdate binary.
Hence, (1) it is independent of the Lua search path on
the target system and (2) it is harder to tamper with.

Signed-off-by: Christian Storm <christian.storm@siemens.com>
---
 Makefile.flags          | 10 ++++++++++
 corelib/lua_interface.c | 14 ++++++++++++++
 handlers/Config.in      | 24 ++++++++++++++++++++++++
 3 files changed, 48 insertions(+)

Comments

Stefano Babic Oct. 18, 2017, 3:04 p.m. | #1
On 13/10/2017 10:01, Christian Storm wrote:
> Lua handlers are loaded at run-time, i.e., a
>     require("swupdate_handlers")
> is executed at startup. Hence, the Lua handler source
> code file swupdate_handlers.lua has to be deployed on
> the target system respecting Lua's search path.
> 
> The new config option EMBEDDED_LUA_HANDLER allows to
> embed the Lua handler's source into the SWUpdate binary.
> Hence, (1) it is independent of the Lua search path on
> the target system and (2) it is harder to tamper with.
> 
> Signed-off-by: Christian Storm <christian.storm@siemens.com>
> ---
>  Makefile.flags          | 10 ++++++++++
>  corelib/lua_interface.c | 14 ++++++++++++++
>  handlers/Config.in      | 24 ++++++++++++++++++++++++
>  3 files changed, 48 insertions(+)
> 
> diff --git a/Makefile.flags b/Makefile.flags
> index 3dbf379..3e3a281 100644
> --- a/Makefile.flags
> +++ b/Makefile.flags
> @@ -101,6 +101,16 @@ KBUILD_LIBS += $(LUABUILD_LIBS)
>  LDLIBS += $(LUABUILD_LDLIBS)
>  endif
>  
> +ifeq ($(CONFIG_LUA),y)
> +ifeq ($(CONFIG_HANDLER_IN_LUA),y)
> +ifeq ($(CONFIG_EMBEDDED_LUA_HANDLER),y)
> +ifneq ($(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE),)	
> +LDFLAGS_swupdate += -Wl,--format=binary -Wl,$(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE) -Wl,--format=default
> +KBUILD_CPPFLAGS += -DEMBEDDED_LUA_SRC="_binary_$(subst ",,$(subst .,_,$(subst /,_,$(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE))))_start"
> +endif
> +endif
> +endif
> +endif
>  
>  # Image downloading support
>  ifneq ($(CONFIG_DOWNLOAD),)
> diff --git a/corelib/lua_interface.c b/corelib/lua_interface.c
> index e66f9c8..8e8e077 100644
> --- a/corelib/lua_interface.c
> +++ b/corelib/lua_interface.c
> @@ -29,6 +29,10 @@
>  #include "util.h"
>  #include "handler.h"
>  
> +#if defined(CONFIG_EMBEDDED_LUA_HANDLER)
> +extern const char EMBEDDED_LUA_SRC[];
> +#endif
> +
>  #define LUA_PUSH_IMG_STRING(img, attr, field)  do { \
>  	lua_pushstring(L, attr);		\
>  	lua_pushstring(L, img->field);		\
> @@ -524,6 +528,15 @@ int lua_handlers_init(void)
>  		luaL_requiref( gL, "swupdate", luaopen_swupdate, 1 );
>  		lua_pop(gL, 1); /* remove unused copy left on stack */
>  		/* try to load lua handlers for the swupdate system */
> +#if defined(CONFIG_EMBEDDED_LUA_HANDLER)
> +		if ((ret = luaL_dostring(gL, EMBEDDED_LUA_SRC)) != 0) {
> +			INFO("No compiled-in Lua handler(s) found.");
> +			TRACE("Lua exception:\n%s", lua_tostring(gL, -1));
> +			lua_pop(gL, 1);
> +		} else {
> +			INFO("Compiled-in Lua handler(s) found.");
> +		}
> +#else
>  		if ((ret = luaL_dostring(gL, "require (\"swupdate_handlers\")")) != 0) {
>  			INFO("No Lua handler(s) found.");
>  			if (luaL_dostring(gL, "return package.path:gsub(';','\\n'):gsub('?','swupdate_handlers')") == 0) {
> @@ -534,6 +547,7 @@ int lua_handlers_init(void)
>  		} else {
>  			INFO("Lua handler(s) found.");
>  		}
> +#endif
>  	} else	{
>  		WARN("Unable to register Lua context for callbacks\n");
>  	}
> diff --git a/handlers/Config.in b/handlers/Config.in
> index 2843ae9..86a78ef 100644
> --- a/handlers/Config.in
> +++ b/handlers/Config.in
> @@ -111,6 +111,30 @@ config HANDLER_IN_LUA
>  	  Allow to write own handlers in Lua.
>  	  They are loaded at the start-up.
>  
> +config EMBEDDED_LUA_HANDLER
> +	bool "Embed Lua handler in SWUpdate binary"
> +	depends on HANDLER_IN_LUA
> +	default n
> +	help
> +	  Embed the Lua handler source code file into the
> +	  SWUpdate binary.
> +
> +	  If enabled, a swupdate_handlers.lua will *not*
> +	  be loaded from disk at SWUpdate startup.
> +
> +	  Note: Exactly one Lua source code file is embedded
> +	  into the binary, i.e., possible dependencies either
> +	  have to be deployed on the target system or put into
> +	  the one embedded Lua source code file.
> +
> +config EMBEDDED_LUA_HANDLER_SOURCE
> +	string "Lua handler file"
> +	depends on EMBEDDED_LUA_HANDLER
> +	default "swupdate_handlers.lua"
> +	help
> +	  Path to the Lua handler source code file to be
> +	  embedded into the SWUpdate binary.
> +
>  config ARCHIVE
>  	bool "archive"
>  	depends on HAVE_LIBARCHIVE
> 

Applied to -master, thanks !

Best regards,
Stefano Babic

Patch

diff --git a/Makefile.flags b/Makefile.flags
index 3dbf379..3e3a281 100644
--- a/Makefile.flags
+++ b/Makefile.flags
@@ -101,6 +101,16 @@  KBUILD_LIBS += $(LUABUILD_LIBS)
 LDLIBS += $(LUABUILD_LDLIBS)
 endif
 
+ifeq ($(CONFIG_LUA),y)
+ifeq ($(CONFIG_HANDLER_IN_LUA),y)
+ifeq ($(CONFIG_EMBEDDED_LUA_HANDLER),y)
+ifneq ($(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE),)	
+LDFLAGS_swupdate += -Wl,--format=binary -Wl,$(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE) -Wl,--format=default
+KBUILD_CPPFLAGS += -DEMBEDDED_LUA_SRC="_binary_$(subst ",,$(subst .,_,$(subst /,_,$(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE))))_start"
+endif
+endif
+endif
+endif
 
 # Image downloading support
 ifneq ($(CONFIG_DOWNLOAD),)
diff --git a/corelib/lua_interface.c b/corelib/lua_interface.c
index e66f9c8..8e8e077 100644
--- a/corelib/lua_interface.c
+++ b/corelib/lua_interface.c
@@ -29,6 +29,10 @@ 
 #include "util.h"
 #include "handler.h"
 
+#if defined(CONFIG_EMBEDDED_LUA_HANDLER)
+extern const char EMBEDDED_LUA_SRC[];
+#endif
+
 #define LUA_PUSH_IMG_STRING(img, attr, field)  do { \
 	lua_pushstring(L, attr);		\
 	lua_pushstring(L, img->field);		\
@@ -524,6 +528,15 @@  int lua_handlers_init(void)
 		luaL_requiref( gL, "swupdate", luaopen_swupdate, 1 );
 		lua_pop(gL, 1); /* remove unused copy left on stack */
 		/* try to load lua handlers for the swupdate system */
+#if defined(CONFIG_EMBEDDED_LUA_HANDLER)
+		if ((ret = luaL_dostring(gL, EMBEDDED_LUA_SRC)) != 0) {
+			INFO("No compiled-in Lua handler(s) found.");
+			TRACE("Lua exception:\n%s", lua_tostring(gL, -1));
+			lua_pop(gL, 1);
+		} else {
+			INFO("Compiled-in Lua handler(s) found.");
+		}
+#else
 		if ((ret = luaL_dostring(gL, "require (\"swupdate_handlers\")")) != 0) {
 			INFO("No Lua handler(s) found.");
 			if (luaL_dostring(gL, "return package.path:gsub(';','\\n'):gsub('?','swupdate_handlers')") == 0) {
@@ -534,6 +547,7 @@  int lua_handlers_init(void)
 		} else {
 			INFO("Lua handler(s) found.");
 		}
+#endif
 	} else	{
 		WARN("Unable to register Lua context for callbacks\n");
 	}
diff --git a/handlers/Config.in b/handlers/Config.in
index 2843ae9..86a78ef 100644
--- a/handlers/Config.in
+++ b/handlers/Config.in
@@ -111,6 +111,30 @@  config HANDLER_IN_LUA
 	  Allow to write own handlers in Lua.
 	  They are loaded at the start-up.
 
+config EMBEDDED_LUA_HANDLER
+	bool "Embed Lua handler in SWUpdate binary"
+	depends on HANDLER_IN_LUA
+	default n
+	help
+	  Embed the Lua handler source code file into the
+	  SWUpdate binary.
+
+	  If enabled, a swupdate_handlers.lua will *not*
+	  be loaded from disk at SWUpdate startup.
+
+	  Note: Exactly one Lua source code file is embedded
+	  into the binary, i.e., possible dependencies either
+	  have to be deployed on the target system or put into
+	  the one embedded Lua source code file.
+
+config EMBEDDED_LUA_HANDLER_SOURCE
+	string "Lua handler file"
+	depends on EMBEDDED_LUA_HANDLER
+	default "swupdate_handlers.lua"
+	help
+	  Path to the Lua handler source code file to be
+	  embedded into the SWUpdate binary.
+
 config ARCHIVE
 	bool "archive"
 	depends on HAVE_LIBARCHIVE