From patchwork Fri Oct 13 08:01:55 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Storm, Christian" <christian.storm@siemens.com>
X-Patchwork-Id: 825251
Return-Path: <swupdate+bncBDD6BWV65QPBBFPGQHHQKGQEI35T5TY@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=googlegroups.com
	(client-ip=2a00:1450:400c:c09::240;
	helo=mail-wm0-x240.google.com;
	envelope-from=swupdate+bncbdd6bwv65qpbbfpgqhhqkgqei35t5ty@googlegroups.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=googlegroups.com header.i=@googlegroups.com
	header.b="iLtgEWE3"; dkim-atps=neutral
Received: from mail-wm0-x240.google.com (mail-wm0-x240.google.com
	[IPv6:2a00:1450:400c:c09::240])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3yD0Z15TsDz9s5L
	for <incoming@patchwork.ozlabs.org>;
	Fri, 13 Oct 2017 19:02:32 +1100 (AEDT)
Received: by mail-wm0-x240.google.com with SMTP id i124sf5342617wmf.1
	for <incoming@patchwork.ozlabs.org>;
	Fri, 13 Oct 2017 01:02:31 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1507881749; cv=pass;
	d=google.com; s=arc-20160816;
	b=db/t47FCv+gI/UK0L7XL0eueEp/gJw0Lvj32zpy3eoDwk8Hy1U103NF/IEhs0T8mH1
	sY9L3ENSlLb5bBofGX+FBodAmSsQfmTjx2j5DGnPAekZlTot808TvXlOMLOpC5YYRx3d
	WNo3l/J6GoveeYQTiV8je9i3+lJhI7PkHiA2mwQe6xH4fQFNCIetUc5/nLjud/PpOSQO
	wwaLbT3pvpZw6LI7PnG7rmahKtRasf7rxZIhQsmzITK72N2cEA3UZArkBSrj3FRmj7Os
	S1Zsoy2i3hCaTtj6VVp5NfYdcJDD0x/pQFu+dz7VE+zk3o+6RDMJ1jKl+PiPo7fG4J12
	yCCw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
	:list-id:mailing-list:precedence:message-id:date:subject:cc:to:from
	:arc-authentication-results:arc-message-signature:mime-version
	:sender:dkim-signature:arc-authentication-results;
	bh=5YFGCQNoQZcwyA0VdJZNI5RryPSmRspOCs/XFRQogJ8=;
	b=ZLRHK2js8E7nlV+xAR3u4pW/1V812EGCMBeYfn3JbYqnIL7noSigABN8k4BA+f7vqG
	grvUyrQ32i9qU9qjAe8Kj/l4vpgY3bNxSy4PdD2K1QEfSdFmRXB+Pt+KGNj/p80fj9NY
	MFrAJWeTlG8PtsBXL/+kjRJrsuT58F6hJxPma72zauTrn835DJIEOeQPVda053OHOJSB
	AHs3Eto5Wte8Cg+sGH9FMurQHykOej8/RVbL9zTwNZXf8sls38u7b3W9je6TKn/gkKkP
	ObfT5j4hgp1kg/tgTW49p0dE8lerTY44m1NPgRTbs/lgsTCZblJ1Eyqv7NddZktmxKD+
	Ngig==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
	spf=neutral (google.com: 192.35.17.2 is neither permitted nor denied
	by domain of christian.storm@siemens.com)
	smtp.mailfrom=christian.storm@siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlegroups.com; s=20161025;
	h=sender:mime-version:from:to:cc:subject:date:message-id
	:x-original-sender:x-original-authentication-results:precedence
	:mailing-list:list-id:list-post:list-help:list-archive
	:list-subscribe:list-unsubscribe;
	bh=5YFGCQNoQZcwyA0VdJZNI5RryPSmRspOCs/XFRQogJ8=;
	b=iLtgEWE3xYERShZBzdL8Ite9AAhlK9CsyC+01T6VTAIKYiJpf1FidxduIBED3MaJtH
	jb6IA8maYFlEJDkaknNQC1eV/LfIL9nWLKY50uE9KiMpdfxSk0UpsDwKkNVJuQ0jT7df
	To9+N1iWBVJMl6hBCNhv/FV1ndt5LcXfea67IjPqebD1Ur3qDBw4q9CAoSz9OkC1qtTy
	wzj9l1e9RFL3dHhk0yz3+YGhdLQP8JufCv5Nv3myyWmFlOVvcnGqpzO6l/EnYNfNarOK
	d/QdQjAE+PJouC7ItrIM+EJ8S7ZjEtrVk4JTMyc51C5l1Sn56wFnDpe3qStmeexFeKPl
	Eu1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date
	:message-id:x-original-sender:x-original-authentication-results
	:precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
	:list-help:list-archive:list-subscribe:list-unsubscribe;
	bh=5YFGCQNoQZcwyA0VdJZNI5RryPSmRspOCs/XFRQogJ8=;
	b=NTxofXrEIwjw54UJXl3bsRlsVRirTAZxjVZpuKZI0vha8xpbvDjohbfOPLV14ifSai
	23cd2aN/YCGgYaTLimqz2G0iCt6Sn3nQB2WYdQSGU3Gn34xseziekF41RvjF9yk1zg2/
	C3JjlhmChEeR58hTG9SZcNl675GqDEkEjWhjXd532ywOUGAsBszKafOtBXYJUNSVQont
	fHs5JBsEAIGoHw3cxjcZS4pLR3sZod5nh1BoaX8igEHs/ecSO84OT7TFNV7/h5PcB+Ua
	D/UCsSBtjx3Ftwfdgz11/rScn/PIQezwZJ1iFEmYb7KMB/9lhZPvYXqFf3zMu2nTrbCZ
	azsA==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AMCzsaUrXVNGANEsEEDo2otpqrbfC8/QR1DxQEcZd1ATgQdPD/6cQRQW
	kq/bRm1p472TgqE/jLxXCic=
X-Google-Smtp-Source: 
 ABhQp+RLl/RR0XNQP7A8lmwgSwzKM11nsHbr47cjzADY29wY2DnftfTCy2E4CZl5rChMRoOSw7U2nQ==
X-Received: by 10.28.107.215 with SMTP id a84mr5202wmi.0.1507881749522;
	Fri, 13 Oct 2017 01:02:29 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: swupdate@googlegroups.com
Received: by 10.80.170.121 with SMTP id p54ls2690168edc.7.gmail; Fri, 13 Oct
	2017 01:02:29 -0700 (PDT)
X-Received: by 10.80.202.69 with SMTP id e5mr223166edi.0.1507881749033;
	Fri, 13 Oct 2017 01:02:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507881749; cv=none;
	d=google.com; s=arc-20160816;
	b=fKHmACp7SyIBpN5zLiVj4fxt5A4dqA9edhmxkjhlWLsGTTk9EJr2ERPmZ+ZP2P5Ew+
	T/ylwu5eIlrZH9crJtyD2kkJmN3jIwDDYV2VTDKFy0ZPlbi+EIjmbqFgbfiK4YEDu77Q
	8j/ldKwcksVgMiuXnoy4j/1+iJ7gh86rHJqJn7AMnV4XWBgUt9wRSO1Ylse5XRoSpcZG
	yTKQlpY2knGYXlsHF65uw0SGOua3XybYYW2kOPlowziJOrQa5WNYTDvPHOajGMb/Tj/V
	AC2Q0q3rCo8CBbAnDGWJ50xYNs3CDQaZvEkKzqly0Crop8nQa1Ifskj3EpIkCRT2JZFo
	Jl3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=message-id:date:subject:cc:to:from:arc-authentication-results;
	bh=iEpKhE54ONDPYjau8hYhx6bt096qKJUQVZKKGnEAJ7k=;
	b=NtYBf61eKX5Xnzy2keQW3igJmWz8qoCMGS70GJh0OXO0NzQQ3jplgOJe6qOOgial3+
	lcAN7BXME0Ug1wDxWJUvQSqjfNqnAS3bYPEGlkVhVTbIORdZdCQVO6hsZg7UNR2I9s1x
	8TD242cLilWXC8sz/wQAfuNbhUYxpWVDxwpM4VEhUKCaXhPgz5HzAYbyzsAv4tW6JzbF
	NnoLvzvHWC5K50bW1YhK0vlJ268ttyx0tsGLMI6jAbFFJK/mK+2kZEIIj/L+wG40S62K
	QDnO6RVY0H4VRDCGNth6Dw5gFdWXaBrt3R5Ggfuvh1Ax3NzS9L9dTceRhVUjiItJiW2M
	Cl0g==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
	spf=neutral (google.com: 192.35.17.2 is neither permitted nor denied
	by domain of christian.storm@siemens.com)
	smtp.mailfrom=christian.storm@siemens.com
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
	by gmr-mx.google.com with ESMTPS id
	f9si51492edm.1.2017.10.13.01.02.28 for <swupdate@googlegroups.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 13 Oct 2017 01:02:28 -0700 (PDT)
Received-SPF: neutral (google.com: 192.35.17.2 is neither permitted nor
	denied by domain of christian.storm@siemens.com)
	client-ip=192.35.17.2;
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id v9D82SXJ019263
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <swupdate@googlegroups.com>; Fri, 13 Oct 2017 10:02:28 +0200
Received: from MD1KR9XC.ww002.siemens.net ([139.25.69.251])
	by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id v9D82Sug013005;
	Fri, 13 Oct 2017 10:02:28 +0200
From: Christian Storm <christian.storm@siemens.com>
To: swupdate@googlegroups.com
Cc: Christian Storm <christian.storm@siemens.com>
Subject: [swupdate] [PATCH] Lua: option to embed Lua handler into SWUpdate
	binary
Date: Fri, 13 Oct 2017 10:01:55 +0200
Message-Id: <20171013080155.2703-1-christian.storm@siemens.com>
X-Mailer: git-send-email 2.14.2
X-Original-Sender: christian.storm@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       spf=neutral
	(google.com: 192.35.17.2 is neither permitted nor denied by domain of
	christian.storm@siemens.com)
	smtp.mailfrom=christian.storm@siemens.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
	contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
	<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
	<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
	<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
	<https://groups.google.com/group/swupdate/subscribe>

Lua handlers are loaded at run-time, i.e., a
    require("swupdate_handlers")
is executed at startup. Hence, the Lua handler source
code file swupdate_handlers.lua has to be deployed on
the target system respecting Lua's search path.

The new config option EMBEDDED_LUA_HANDLER allows to
embed the Lua handler's source into the SWUpdate binary.
Hence, (1) it is independent of the Lua search path on
the target system and (2) it is harder to tamper with.

Signed-off-by: Christian Storm <christian.storm@siemens.com>
---
 Makefile.flags          | 10 ++++++++++
 corelib/lua_interface.c | 14 ++++++++++++++
 handlers/Config.in      | 24 ++++++++++++++++++++++++
 3 files changed, 48 insertions(+)

diff --git a/Makefile.flags b/Makefile.flags
index 3dbf379..3e3a281 100644
--- a/Makefile.flags
+++ b/Makefile.flags
@@ -101,6 +101,16 @@ KBUILD_LIBS += $(LUABUILD_LIBS)
 LDLIBS += $(LUABUILD_LDLIBS)
 endif
 
+ifeq ($(CONFIG_LUA),y)
+ifeq ($(CONFIG_HANDLER_IN_LUA),y)
+ifeq ($(CONFIG_EMBEDDED_LUA_HANDLER),y)
+ifneq ($(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE),)	
+LDFLAGS_swupdate += -Wl,--format=binary -Wl,$(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE) -Wl,--format=default
+KBUILD_CPPFLAGS += -DEMBEDDED_LUA_SRC="_binary_$(subst ",,$(subst .,_,$(subst /,_,$(CONFIG_EMBEDDED_LUA_HANDLER_SOURCE))))_start"
+endif
+endif
+endif
+endif
 
 # Image downloading support
 ifneq ($(CONFIG_DOWNLOAD),)
diff --git a/corelib/lua_interface.c b/corelib/lua_interface.c
index e66f9c8..8e8e077 100644
--- a/corelib/lua_interface.c
+++ b/corelib/lua_interface.c
@@ -29,6 +29,10 @@
 #include "util.h"
 #include "handler.h"
 
+#if defined(CONFIG_EMBEDDED_LUA_HANDLER)
+extern const char EMBEDDED_LUA_SRC[];
+#endif
+
 #define LUA_PUSH_IMG_STRING(img, attr, field)  do { \
 	lua_pushstring(L, attr);		\
 	lua_pushstring(L, img->field);		\
@@ -524,6 +528,15 @@ int lua_handlers_init(void)
 		luaL_requiref( gL, "swupdate", luaopen_swupdate, 1 );
 		lua_pop(gL, 1); /* remove unused copy left on stack */
 		/* try to load lua handlers for the swupdate system */
+#if defined(CONFIG_EMBEDDED_LUA_HANDLER)
+		if ((ret = luaL_dostring(gL, EMBEDDED_LUA_SRC)) != 0) {
+			INFO("No compiled-in Lua handler(s) found.");
+			TRACE("Lua exception:\n%s", lua_tostring(gL, -1));
+			lua_pop(gL, 1);
+		} else {
+			INFO("Compiled-in Lua handler(s) found.");
+		}
+#else
 		if ((ret = luaL_dostring(gL, "require (\"swupdate_handlers\")")) != 0) {
 			INFO("No Lua handler(s) found.");
 			if (luaL_dostring(gL, "return package.path:gsub(';','\\n'):gsub('?','swupdate_handlers')") == 0) {
@@ -534,6 +547,7 @@ int lua_handlers_init(void)
 		} else {
 			INFO("Lua handler(s) found.");
 		}
+#endif
 	} else	{
 		WARN("Unable to register Lua context for callbacks\n");
 	}
diff --git a/handlers/Config.in b/handlers/Config.in
index 2843ae9..86a78ef 100644
--- a/handlers/Config.in
+++ b/handlers/Config.in
@@ -111,6 +111,30 @@ config HANDLER_IN_LUA
 	  Allow to write own handlers in Lua.
 	  They are loaded at the start-up.
 
+config EMBEDDED_LUA_HANDLER
+	bool "Embed Lua handler in SWUpdate binary"
+	depends on HANDLER_IN_LUA
+	default n
+	help
+	  Embed the Lua handler source code file into the
+	  SWUpdate binary.
+
+	  If enabled, a swupdate_handlers.lua will *not*
+	  be loaded from disk at SWUpdate startup.
+
+	  Note: Exactly one Lua source code file is embedded
+	  into the binary, i.e., possible dependencies either
+	  have to be deployed on the target system or put into
+	  the one embedded Lua source code file.
+
+config EMBEDDED_LUA_HANDLER_SOURCE
+	string "Lua handler file"
+	depends on EMBEDDED_LUA_HANDLER
+	default "swupdate_handlers.lua"
+	help
+	  Path to the Lua handler source code file to be
+	  embedded into the SWUpdate binary.
+
 config ARCHIVE
 	bool "archive"
 	depends on HAVE_LIBARCHIVE