aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christopher Baklid <[email protected]>2018-06-03 00:07:17 +0200
committerGravatar Christopher Baklid <[email protected]>2018-06-03 00:07:17 +0200
commit3b10896efd2f691e624e2d02848c6826ef6f5fc3 (patch)
treea797ac208bfc54b2431d01f3a12bde44d720c159
parentset dependency on rmq publish (diff)
update docs
-rw-r--r--Pipfile2
-rw-r--r--Pipfile.lock123
-rw-r--r--README.md69
-rw-r--r--snekbox.py1
4 files changed, 115 insertions, 80 deletions
diff --git a/Pipfile b/Pipfile
index 9d8abf7..1560ed3 100644
--- a/Pipfile
+++ b/Pipfile
@@ -5,9 +5,9 @@ name = "pypi"
[packages]
pika = "*"
+docker = "*"
[dev-packages]
-docker = "*"
flask = "*"
flask-sockets = "*"
gevent = "==1.2.2"
diff --git a/Pipfile.lock b/Pipfile.lock
index 70f7e24..9edba21 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
- "sha256": "56429edc3ce0dd8b29d5c50fa05e864d0a26ba9c3cc844945b116f8c52310801"
+ "sha256": "db284676e7f7232ab8e2f8dbda2319fcb62fe648209c2ff8db78c6db058b7d1e"
},
"pipfile-spec": 6,
"requires": {
@@ -16,6 +16,42 @@
]
},
"default": {
+ "certifi": {
+ "hashes": [
+ "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
+ "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
+ ],
+ "version": "==2018.4.16"
+ },
+ "chardet": {
+ "hashes": [
+ "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
+ "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
+ ],
+ "version": "==3.0.4"
+ },
+ "docker": {
+ "hashes": [
+ "sha256:43b45b92bed372161a5d4f3c7137e16b30d93845e99a00bc727938e52850694e",
+ "sha256:dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a"
+ ],
+ "index": "pypi",
+ "version": "==3.3.0"
+ },
+ "docker-pycreds": {
+ "hashes": [
+ "sha256:764a7ea2f6484bc5de5bf0c060f08b41a1118cf1acb987626b3ff45f3cc40dac",
+ "sha256:e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d"
+ ],
+ "version": "==0.2.3"
+ },
+ "idna": {
+ "hashes": [
+ "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
+ "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
+ ],
+ "version": "==2.6"
+ },
"pika": {
"hashes": [
"sha256:15f485eb68ec56b5a2673c01d518d16f7c371809ca42c72a2da42d4d8190fa4f",
@@ -23,6 +59,34 @@
],
"index": "pypi",
"version": "==0.11.2"
+ },
+ "requests": {
+ "hashes": [
+ "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
+ "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
+ ],
+ "version": "==2.18.4"
+ },
+ "six": {
+ "hashes": [
+ "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
+ "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
+ ],
+ "version": "==1.11.0"
+ },
+ "urllib3": {
+ "hashes": [
+ "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
+ "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
+ ],
+ "version": "==1.22"
+ },
+ "websocket-client": {
+ "hashes": [
+ "sha256:18f1170e6a1b5463986739d9fd45c4308b0d025c1b2f9b88788d8f69e8a5eb4a",
+ "sha256:db70953ae4a064698b27ae56dcad84d0ee68b7b43cb40940f537738f38f510c1"
+ ],
+ "version": "==0.48.0"
}
},
"develop": {
@@ -40,20 +104,6 @@
],
"version": "==18.1.0"
},
- "certifi": {
- "hashes": [
- "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
- "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
- ],
- "version": "==2018.4.16"
- },
- "chardet": {
- "hashes": [
- "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
- "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
- ],
- "version": "==3.0.4"
- },
"click": {
"hashes": [
"sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d",
@@ -102,21 +152,6 @@
],
"version": "==4.5.1"
},
- "docker": {
- "hashes": [
- "sha256:43b45b92bed372161a5d4f3c7137e16b30d93845e99a00bc727938e52850694e",
- "sha256:dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a"
- ],
- "index": "pypi",
- "version": "==3.3.0"
- },
- "docker-pycreds": {
- "hashes": [
- "sha256:764a7ea2f6484bc5de5bf0c060f08b41a1118cf1acb987626b3ff45f3cc40dac",
- "sha256:e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d"
- ],
- "version": "==0.2.3"
- },
"flake8": {
"hashes": [
"sha256:7253265f7abd8b313e3892944044a365e3f4ac3fcdcfb4298f55ee9ddf188ba0",
@@ -214,13 +249,6 @@
"index": "pypi",
"version": "==19.8.1"
},
- "idna": {
- "hashes": [
- "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
- "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
- ],
- "version": "==2.6"
- },
"itsdangerous": {
"hashes": [
"sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
@@ -307,13 +335,6 @@
"index": "pypi",
"version": "==0.3.2"
},
- "requests": {
- "hashes": [
- "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
- "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
- ],
- "version": "==2.18.4"
- },
"six": {
"hashes": [
"sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
@@ -321,20 +342,6 @@
],
"version": "==1.11.0"
},
- "urllib3": {
- "hashes": [
- "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
- "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
- ],
- "version": "==1.22"
- },
- "websocket-client": {
- "hashes": [
- "sha256:18f1170e6a1b5463986739d9fd45c4308b0d025c1b2f9b88788d8f69e8a5eb4a",
- "sha256:db70953ae4a064698b27ae56dcad84d0ee68b7b43cb40940f537738f38f510c1"
- ],
- "version": "==0.48.0"
- },
"werkzeug": {
"hashes": [
"sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c",
diff --git a/README.md b/README.md
index d4a9812..45fa887 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,9 @@ result <- | |<----------| |<--------| | <------
| pipenv | 2018.05.18 |
| docker | 18.03.1-ce |
| docker-compose | 1.21.2 |
+| nsjail | 2.5 |
+_________________________________________
## Setup local test
install python packages
@@ -43,10 +45,40 @@ apt-get install -y libprotobuf-dev #needed by nsjail
pipenv sync --dev
```
+## NSJail
+
+Copy the appropriate binary to an appropriate path
+
+```bash
+cp binaries/nsjail2.6-ubuntu-x86_64 /usr/bin/nsjail
+chmod +x /usr/bin/nsjail
+```
+
+give nsjail a test run
+
+```bash
+nsjail -Mo \
+--rlimit_as 700 \
+--chroot / \
+-E LANG=en_US.UTF-8 \
+-R/usr -R/lib -R/lib64 \
+--user nobody \
+--group nogroup \
+--time_limit 2 \
+--disable_proc \
+--iface_no_lo \
+--quiet -- \
+python3.6 -ISq -c "print('test')"
+```
+
+> if it fails, try without the `--cgroup_pids_max=1`
+
+## Development environment
+
Start a rabbitmq instance and get the container IP
```bash
-docker run -d --name rmq -p 15672:15672 -e RABBITMQ_DEFAULT_USER=guest -e RABBITMQ_DEFAULT_PASS=guest pythondiscord/rmq:latest
+docker-compose up -d pdrmq
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' rmq
# expected output with default setting: 172.17.0.2
# If not, change the config.py file to match
@@ -57,26 +89,31 @@ rabbitmq webinterface: `http://localhost:15672`
start the webserver
```bash
-docker run --name snekboxweb --network=host -d pythondiscord/snekboxweb:latest
+docker-compose up -d pdsnekboxweb
netstat -plnt
# tcp 0.0.0.0:5000 LISTEN
```
-use two terminals!
+`http://localhost:5000`
```bash
-#terminal 1
-pipenv run python snekbox.py
-
-#terminal 2
-pipenv run python snekweb.py
+pipenv run snekbox # for debugging
+# or
+docker-compose up pdsnekbox # for running the container
```
-`http://localhost:5000`
+________________________________________
+## Unit testing and lint
+
+Make sure rabbitmq is running before running tests
-_________________________________
+```bash
+pipenv run lint
+pipenv run test
+```
-# Build the containers
+________________________________________
+## Build the containers
```bash
# Build
@@ -88,14 +125,4 @@ pipenv run pushbox
pipenv run pushweb
```
-## Docker compose
-
-Start all the containers with docker-compose
-```bash
-docker-compose up
-```
-
-this boots up rabbitmq, the snekbox and a webinterface on port 5000
-
-`http://localhost:5000`
diff --git a/snekbox.py b/snekbox.py
index 63131b1..60bd06d 100644
--- a/snekbox.py
+++ b/snekbox.py
@@ -37,6 +37,7 @@ class Snekbox(object):
'--time_limit', '2',
'--disable_proc',
'--iface_no_lo',
+ # '--cgroup_pids_max=1', # This doesn't work :(
'--quiet', '--',
self.python_binary, '-ISq', '-c', cmd]