Let command plugins ask for network permissions#6114
Conversation
|
@swift-ci please smoke test |
54ccb20 to
736e565
Compare
|
@swift-ci please smoke test |
| let answer = readLine(strippingNewline: true) | ||
| // Throw an error if we didn't get permission. | ||
| if answer?.lowercased() != "yes" { | ||
| throw StringError("Plugin was denied permission to \(permissionString).") |
There was a problem hiding this comment.
Note: I changed these to StringError to avoid having usage be printed to the console which seems to be a behavior of ArgumentParser's ValidationError.
tomerd
left a comment
There was a problem hiding this comment.
this is great. consider adding a few more tests for different manifest usage patterns
736e565 to
ce08da5
Compare
|
@swift-ci please smoke test |
ce08da5 to
ac28899
Compare
|
@swift-ci please smoke test |
ac28899 to
dcf0a19
Compare
|
@swift-ci please smoke test |
| accessibleTools: accessibleTools, | ||
| writableDirectories: writableDirectories, | ||
| readOnlyDirectories: readOnlyDirectories, | ||
| allowNetworkConnections: [], |
There was a problem hiding this comment.
not sure I follow why this is empty in this call?
There was a problem hiding this comment.
This is the invocation for build tools which do not support specifying permissions.
|
cc @fabianfett |
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
32a44a3 to
83d7b3d
Compare
|
@swift-ci please smoke test |
1 similar comment
|
@swift-ci please smoke test |
|
Windows failure looks like something in llbuild? cc @compnerd |
|
Please test with following PRs: @swift-ci please test Windows platform |
|
@swift-ci please test Windows platform |
|
Seems like There are also more follow-on errors. |
|
Hm, I guess the Windows CI re-run itself, confusing... |
I did it from the backend, sorry I should have told you about it. |
| ``` | ||
|
|
||
| Command plugins that need to write to the file system will cause SwiftPM to ask the user for approval if `swift package` is invoked from a console, or deny the request if it is not. Passing the `--allow-writing-to-package-directory` flag to the `swift package` invocation will allow the request without questions — this is particularly useful in a Continuous Integration environment. | ||
| Command plugins that need to write to the file system will cause SwiftPM to ask the user for approval if `swift package` is invoked from a console, or deny the request if it is not. Passing the `--allow-writing-to-package-directory` flag to the `swift package` invocation will allow the request without questions — this is particularly useful in a Continuous Integration environment. Similarly, the `--allow-network-connections` flag can be used to allow network connections without showing a prompt. |
There was a problem hiding this comment.
Should this change also be mentioned in the changelog?
There was a problem hiding this comment.
+1 this is a great feature we should mention in chnagelog and release notes
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections.
resolves #5489