2024: Domino Containers - The Next Step. News from the Domino Container commu...
Kiwipycon command line
1. Giving your website a command line interface Michael Hudson-Doyle michael.hudson@linaro.org
2. Linaro and its mission Linaro aims to make Linux work better on ARM processors
3. The Problem The ARM ecosystem is very fragmented, and the kernel has a lot of copy and paste code "Gaah. Guys, this whole ARM thing is a f*cking pain in the ass." — Linus Torvalds, 17 Mar 2011 https://lwn.net/Articles/437170/
4. Enter Linaro! "Linaro is a not-for-profit software engineering company investing in core Linux software and tools for ARM SoCs." Also about educating the members in how to do open source development...
8. LAVA Some scripts and tricks that can boot a board with a new kernel and run some tests. Quick Demo (ever the optimist)
9. LAVA And a website that lets you see whats going on
10. The Problem (finally!) We want to do things like trigger test runs when a kernel build finishes. This basically means some kind of Remote Procedure Call (RPC).
14. We didn't think about this very hard but it is well supported in most languages
15.
16. The great thing about standards... <bob2> kennethreitz: oauth is a font of villany and dispair -- #python, Jun 09 11:55:08
17. Also doesn't solve our problem OAuth specifies that various aspects of the request are signed, but not, crucially for us, the body of the request – an important detail, because in XML-RPC the body of the request is where all the important stuff is.
18. Transport Layer Security, here we come If you're going as far as to cryptographically sign something, it's not much further to go to actually just encrypt it!
19. And what does everyone know about encryption? Don't implement it yourself (i.e. use HTTPS)
20. Back to Basic And if you're operating over HTTPS, you might as well just just good old RFC 2617 Basic Authentication... ... but with tokens rather than passwords
21. Tokens > Passwords Because we expect the RPC to be invoked from build systems and so on, there is a moderate chance of the token being leaked – so it should not let you take over the owning user's account. In the future, a token might only let you access some APIs.
22. Also, we use SSO... In addition we use Launchpad's SSO service for authentication, so most users don't have a LAVA password!
23. Show me the code! On the server side, we've built a library that lets you add a authenticating XML-RPC to a Django project: https://launchpad.net/linaro-django-xmlrpc It includes views and models (and very very simple templates) for creating and managing tokens.
24. Server side code example/api.py: from linaro_django_xmlrpc.models import ExposedAPI from linaro_django_xmlrpc.globals import mapper class ExampleAPI(ExposedAPI): def whoami(self): if self.user: return self.user.username else: return None mapper.register(ExampleAPI) in your urlconf: url(r'', include('linaro_django_xmlrpc.urls')),
25. Client side library This isn't properly factored yet really (it's it all mashed up with our toolkit for doing command line tools), but the code is in "lava-tool": https://launchpad.net/lava-tool It uses python-keyring for token management.