Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(endomoat): policy generation implementation #969

Draft
wants to merge 1 commit into
base: endo-refactor-gutted
Choose a base branch
from
Draft

feat(endomoat): policy generation implementation #969

wants to merge 1 commit into from

Conversation

boneskull
Copy link
Contributor

@boneskull boneskull commented Jan 30, 2024
edited

This branch is for @naugtur and I to collaborate on policy-gen changes.

Setup

  1. Checkout PR feat(compartment-mapper): expose extraParsers option endojs/endo#2190 in a working copy of endojs/endo
  2. Run yarn to update deps, etc.
  3. Run this: 
    npx lerna build:types && \ 
npm link -w @endo/compartment-mapper -w ses -w @endo/env-options -w @endo/cjs-module-analyzer \
  -w @endo/static-module-record -w @endo/zip
  4. Navigate to your LavaMoat/LavaMoat working copy.
  5. Run this: 
    npm ci && \
npm link @endo/compartment-mapper ses @endo/env-options @endo/cjs-module-analyzer \
  @endo/static-module-record @endo/zip -w packages/endomoat && \
npm run rebuild:types # verify linking

The above will only work properly if all versions of @endo/compartment-mapper are the same; run npm ls @endo/compartment-mapper to verify this. If this isn't the case, deduping won't occur upon linking, and the type generation will fail.

Note

If you find linking fails because ses' prepare script doesn't work, delete the prepare script from its package.json.

@boneskull boneskull mentioned this pull request Jan 30, 2024
Open
@boneskull
Copy link
Contributor Author

boneskull commented Jan 30, 2024
edited

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @boneskull and the rest of your teammates on Graphite Graphite

@github-actions github-actions bot added dependencies Pull requests that update a dependency file documentation Docs, examples, tutorials, and associated tooling pkg:lavamoat-core Changes in package lavamoat-core labels Jan 30, 2024
@naugtur
Copy link
Member

naugtur commented Jan 31, 2024

Could we have the core/tofu changes here and rebase our work on those? Otherwise, the endomoat and webpack work will be super hard to review.

@boneskull

This comment was marked as outdated.

Sign in to view
@boneskull boneskull force-pushed the endomoat-policy-gen branch 3 times, most recently from 6252d94 to 855ab2d Compare February 3, 2024 01:10
@boneskull boneskull force-pushed the endomoat-policy-gen branch 3 times, most recently from 7552064 to fbcab3e Compare February 7, 2024 01:03
@boneskull
Copy link
Contributor Author

boneskull commented Mar 29, 2024
edited

CLI now looks like:

endomoat <entrypoint>

Run an application

Commands:
  endomoat run <entrypoint>  Run an application                        [default]
  endomoat gen <entrypoint>  Generate policy files; overwrites existing policies
                                                             [aliases: generate]

Positionals:
  entrypoint  Path to the application entry point            [string] [required]

Options:
      --help                         Show help                         [boolean]
      --version                      Show version number               [boolean]
  -p, --policy                       Filepath to a policy file
                                 [string] [default: "lavamoat/node/policy.json"]
  -o, --policy-override, --override  Filepath to a policy override file
                        [string] [default: "lavamoat/node/policy-override.json"]
      --policy-debug, --pd           Filepath to a policy debug file
                           [string] [default: "lavamoat/node/policy-debug.json"]
      --cwd                          Path to application root directory
                                         [string] [default: (current directory)]

Note that run is the default command. And so if we do endomoat gen --help:

endomoat gen <entrypoint>

Generate policy files; overwrites existing policies

Behavior Options:
      --run    Run the application after policy generated              [boolean]
      --debug  Additionally write a debug policy                       [boolean]

Positionals:
  entrypoint  Path to the application entry point            [string] [required]

Options:
      --help                         Show help                         [boolean]
      --version                      Show version number               [boolean]
  -p, --policy                       Filepath to a policy file
                                 [string] [default: "lavamoat/node/policy.json"]
  -o, --policy-override, --override  Filepath to a policy override file
                        [string] [default: "lavamoat/node/policy-override.json"]
      --policy-debug, --pd           Filepath to a policy debug file
                           [string] [default: "lavamoat/node/policy-debug.json"]
      --cwd                          Path to application root directory
                                         [string] [default: (current directory)]

Anyway. Subcommands make more sense to me than just a big bucket of options.

@socket-security Socket Security
Copy link

socket-security bot commented Apr 1, 2024
edited

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: npm/@endo/compartment-mapper@1.1.3

View full report↗︎

@boneskull
feat(endomoat): add policy generation [ci skip]
be399a5 
This adds policy generation for Endomoat.

It does not yet have support for writable globals.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legobeat legobeat Awaiting requested review from legobeat legobeat will be requested when the pull request is marked ready for review legobeat is a code owner

Assignees

@naugtur naugtur

@boneskull boneskull

Labels
dependencies Pull requests that update a dependency file documentation Docs, examples, tutorials, and associated tooling pkg:@lavamoat/webpack Changes in package @lavamoat/webpack pkg:lavamoat-browserify Changes in package lavamoat-browserify pkg:lavamoat-core Changes in package lavamoat-core pkg:lavamoat-perf Changes in package lavamoat-perf
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@boneskull @naugtur