Fix install bug.

- Fix google#353 with a temporary fix. - Update Dockerfile to use pip. - Fix problem with 3.1.0rc2 deb package config context.
rusbomber · Apr 18, 2016 · 7ca13b7 · 7ca13b7
1 parent 4fc5be7
commit 7ca13b7
Show file tree

Hide file tree

Showing 10 changed files with 64 additions and 34 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -2,27 +2,33 @@
 FROM ubuntu:latest
 MAINTAINER Greg Castle [email protected]
 
-RUN mkdir -p /usr/share/grr/scripts
-COPY scripts/install_script_ubuntu.sh /usr/share/grr/scripts/install_script_ubuntu.sh
-COPY requirements.txt /usr/share/grr/requirements.txt
-ENV UPGRADE=false
-# Install our dependencies, use latest requirements.txt
-RUN bash /usr/share/grr/scripts/install_script_ubuntu.sh -dy -r /usr/share/grr/requirements.txt
-
-# Download the client templates now to get better caching from Docker.
-WORKDIR /usr/share/grr
-COPY scripts/download_client_templates.sh /usr/share/grr/scripts/download_client_templates.sh
-RUN bash /usr/share/grr/scripts/download_client_templates.sh
-
-# Copy the GRR code over
-ADD . /usr/share/grr/
-
-# Compile protos
-RUN python makefile.py
-
-# Install GRR
-WORKDIR /usr/share/grr
-RUN bash scripts/install_server_from_src.sh -d
+RUN apt-get update && \
+  apt-get install -y \
+  debhelper \
+  dpkg-dev \
+  libssl-dev \
+  python-dev \
+  python-pip \
+  rpm \
+  wget \
+  zip && \
+  pip install --upgrade pip && \
+  pip install virtualenv && \
+  pip install setuptools --upgrade && \
+  virtualenv /usr/share/grr-server
+
+# Pull dependencies and templates from pypi so docker can cache them.
+RUN . /usr/share/grr-server/bin/activate && \
+pip install --pre grr-response-server && \
+pip install -f https://storage.googleapis.com/releases.grr-response.com/index.html grr-response-templates
+
+# Copy the GRR code over.
+ADD . /usr/src/grr/
+
+# Now install the current version over the top.
+RUN . /usr/share/grr-server/bin/activate && \
+pip install --force-reinstall -e /usr/src/grr/ && \
+pip install --force-reinstall -e /usr/src/grr/grr/config/grr-response-server
 
 COPY scripts/docker-entrypoint.sh /
 

diff --git a/grr/config/contexts.py b/grr/config/contexts.py
@@ -16,6 +16,10 @@
 config_lib.CONFIG.DEFINE_context("Arch:amd64")
 config_lib.CONFIG.DEFINE_context("Arch:i386")
 
+# Global system install context - set when GRR is installed globally on the
+# system.
+config_lib.CONFIG.DEFINE_context("Global Install Context")
+
 # Different components.
 config_lib.CONFIG.DEFINE_context("AdminUI Context")
 config_lib.CONFIG.DEFINE_context("Client Context")

diff --git a/grr/config/debian/dpkg_server/changelog b/grr/config/debian/dpkg_server/changelog
@@ -1,3 +1,9 @@
+grr-server (3.1.0-2) unstable; urgency=low
+
+  * Update
+
+ -- GRR development team <[email protected]>  Thu, 14 Apr 2016 18:16:26 -0700
+
 grr-server (3.1.0-1) unstable; urgency=low
 
   * Update

diff --git a/grr/config/grr-server.yaml b/grr/config/grr-server.yaml
@@ -47,6 +47,12 @@ Arch:amd64:
 Arch:i386:
   Client.arch: i386
 
+# When GRR is installed globally, we use the following global location for the
+# configuration writeback. Otherwise the writeback is written into the
+# virtualenv.
+Global Install Context:
+  Config.writeback: /etc/grr/server.local.yaml
+
 ClientBuilder Context:
   Client.foreman_check_frequency: 600
 

diff --git a/grr/config/upstart/default/grr b/grr/config/upstart/default/grr
@@ -13,4 +13,4 @@ GRR_PREFIX=/usr/share/grr-server/
 # will write local configuration changes into a private location within the
 # virtualenv (this way you can have multiple different GRR installations running
 # at the same time).
-GRR_EXTRA_ARGS="-p Config.writeback=/etc/grr/server.local.yaml"
+GRR_EXTRA_ARGS=(--context 'Global Install Context')
diff --git a/grr/gui/static/angular-components/docs/api-docs.html b/grr/gui/static/angular-components/docs/api-docs.html
@@ -35,6 +35,14 @@ <h4>Type information</h4>
       <p>
         <samp>/api/hunts?offset=100&amp;count=20&amp;<strong>strip_type_info=1</strong></samp><br>
       </p>
+
+      <h4>XSSI protection</h4>
+      <p>
+        To prevent against Cross Site Script Inclusion (XSSI) attacks, the JSON response body starts with a magic prefix line that must be stripped before feeding the rest of the response body to a JSON parser:
+      </p>
+      <p>
+        <samp>)]}'<br>[ ... valid JSON ... ]</samp><br>
+      </p>
       <br/>
 
       <div class="panel panel-default doc-item-category"

diff --git a/grr/tools/config_updater.py b/grr/tools/config_updater.py
@@ -681,7 +681,7 @@ def ManageBinaries(config=None, token=None):
   print ("\nStep 5: Installing template package and repackaging clients with"
          " new configuration.")
 
-  if ((raw_input(
+  if flags.FLAGS.noprompt or ((raw_input(
       "Download and upgrade client templates? You can skip this if "
       "templates are already installed. [Yn]: ").upper() or "Y") == "Y"):
     InstallTemplatePackage()

diff --git a/scripts/debian_launcher b/scripts/debian_launcher
@@ -34,6 +34,5 @@ fi
 # Run the script.
 # $@ is expanded specially and should be quoted:
 # http://www.gnu.org/software/bash/manual/bash.html#Special-Parameters
-# GRR_EXTRA_ARGS needs to remain unquoted so the arguments are passed separately
-# rather than as one big string.
-"${GRR_PREFIX}/bin/${NAME}" ${GRR_EXTRA_ARGS} "${@}"
+# GRR_EXTRA_ARGS is an array of argv so it needs to be quoted too.
+"${GRR_PREFIX}/bin/${NAME}" "${GRR_EXTRA_ARGS[@]}" "${@}"
diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh
@@ -8,7 +8,7 @@ set -e
 
 run_component() {
   COMPONENT=$1; shift
-  ${DAEMON} --start_${COMPONENT} --disallow_missing_config_definitions --config=/etc/grr/grr-server.yaml "$@"
+  grr_server "--start_${COMPONENT}" --disallow_missing_config_definitions "$@"
 }
 
 initialize() {
@@ -23,9 +23,9 @@ initialize() {
 }
 
 APPLICATION=$1;
+VIRTUALENV="/usr/share/grr-server/"
 if [ ${APPLICATION} = 'grr' ]; then
-  DAEMON="/usr/bin/grr_server"
-  [ -x "${DAEMON}" ] || DAEMON="/usr/local/bin/grr_server"
+  source "${VIRTUALENV}/bin/activate"
 
   if [ "$#" -eq 1 ]; then
     # Run all components in the same container. This is only useful for

diff --git a/scripts/install_script_ubuntu.sh b/scripts/install_script_ubuntu.sh
@@ -219,11 +219,12 @@ run_cmd_confirm grr_config_updater initialize
 header "Enable grr services to start automatically on boot"
 run_cmd_confirm . /usr/share/grr/scripts/shell_helpers.sh
 
-# These lines can be replaced with grr_enable_all once we have built a new
-# server package.
-run_cmd_confirm enable_services grr-http-server
-run_cmd_confirm enable_services grr-ui
-run_cmd_confirm enable_services grr-worker
+# This is a temporary hack to workaround
+# https://github.com/google/grr/issues/353 which will go away once 3.1.0 is
+# fully released.
+enable_services grr-http-server || enable_services grr-http-server || true
+enable_services grr-ui || enable_services grr-ui || true
+enable_services grr-worker || enable_services grr-worker || true
 
 HOSTNAME=$(hostname)
 header "Install complete. Congratulations. Point your browser at http://${HOSTNAME}:8000"