forked from aptly-dev/aptly
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
support serving the API over unix domain socket
`unix://$PATH` as listen argument will bind aptly to a unix domain socket rather than TCP. This allows binding the API to a UDS rather than a port. Since aptly has no concept of authentication or any amount of high level API hardening one needs to bottle it up in some other manner. Binding to a localhost port is often a step in the right direction, ultimately is still a scary insecure setup as any user on that host getting compromised would mean that the entire archive is compromised as well. UDS on the other hand are basically files and have their access managed by regular file permission. As such, binding to a socket is in fact the least insecure way to listen as you'd have to explicitly open up the socket permissions to an access qualified group. In the most conservative scenario that means no one but the aptly user can talk to the API, in a more practical setup apache might get access as well and proxy the UDS with authentication or limited to GET operations. Using UDS allows reducing the attack surface of the API server while preserving all the flexibility.
- Loading branch information
Showing
5 changed files
with
70 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,3 +9,4 @@ | |
from .graph import * | ||
from .snapshots import * | ||
from .packages import * | ||
from .unix_socket import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import requests_unixsocket | ||
import time | ||
import urllib | ||
|
||
from lib import BaseTest | ||
|
||
class UnixSocketAPITest(BaseTest): | ||
aptly_server = None | ||
socket_path = "/tmp/_aptly_test.sock" | ||
base_url = ("unix://%s" % socket_path) | ||
|
||
def prepare(self): | ||
if self.aptly_server is None: | ||
self.aptly_server = self._start_process("aptly api serve -no-lock -listen=%s" % (self.base_url),) | ||
time.sleep(1) | ||
super(UnixSocketAPITest, self).prepare() | ||
|
||
def shutdown(self): | ||
if self.aptly_server is not None: | ||
self.aptly_server.terminate() | ||
self.aptly_server.wait() | ||
self.aptly_server = None | ||
super(UnixSocketAPITest, self).shutdown() | ||
|
||
def run(self): | ||
pass | ||
|
||
""" | ||
Verify we can listen on a unix domain socket. | ||
""" | ||
def check(self): | ||
session = requests_unixsocket.Session() | ||
r = session.get('http+unix://%s/api/version' % urllib.quote(UnixSocketAPITest.socket_path, safe='')) | ||
# Just needs to come back, we actually don't care much about the code. | ||
# Only needs to verify that the socket is actually responding. | ||
self.check_equal(r.json(), {'Version': '0.9.8~dev'}) |