Entitlement server and protected repos support
Alexander Larsson
alexl at redhat.com
Fri Jun 7 08:37:01 UTC 2019
On Fri, Jun 7, 2019 at 12:02 AM Damián Nohales <damian at endlessm.com> wrote:
> Hello Alex,
>
> So, after talking to the team at Endless, specifically about this
> situation. We are finally thinking of this approach:
>
> The repo will have in its configuration (in the summary) two new options:
> * xa.authenticator: Which can be a query string with multiple
> parameters describing the way the repo should manage the
> authentication.
> * xa.authenticator-gpg-key: The public key the repo must use to
> validate pull tokens.
>
> On the other hand, we will create a D-Bus interface called
> org.flatpak.Authenticator, anything outside Flatpak could implement
> that interface, right now, I'm thinking that interface could have only
> one method called GetToken which accepts what's inside the
> authenticator, the refs that Flatpak wants a token for and basic
> information about the remote (like URL and Collection ID), and returns
> the bearer token to be used in the pull requests.
>
> So basically Flatpak doesn't know anything about how to get the token
> at all, but it delegates that work to the available services
> implementing org.flatpak.Authenticator. It only knows what is returned
> there, must be used as Bearer token afterwards (unless we want to be
> flexible there too). Depending on the information in xa.authenticator,
> the authenticator could try to fetch the token, or ignore the request
> and return null. When Flatpak detects an authenticator returning
> something, it stops calling the rest.
I think this sounds good. But, the devil is in the details, and in
particular I think you need to be very careful when designing the
org.flatpak.Authenticator API. Your initial implementation will just
immediately return the endless entitlement data, so it is very easy
for the API to be modelled on that and become token =
send_token_request_and_wait_for_response (bus, config). However,
conceptually the authentication API can do some form of authentication
UI as well as potentially problematic network i/o. So, one has to take
into consideration that this API can:
* Block
* Take a long time
* Run into network/connectivity issue
* Be cancelled by the user
And the above issues must be taken into account when designing the
dbus API. For instance it can't be a regular single-message send
request + get response, because those typically times out in 30 sec.
Also, the flatpak library code wrapping the dbus calls will also look
different if the call is something you can expect to call
synchronously, or something that is blocking and does interaction.
I recommend that you look at the portal dbus API, as it has similar
requirements. For example, the base portal request is:
https://github.com/flatpak/xdg-desktop-portal/blob/master/data/org.freedesktop.portal.Request.xml
Which takes what is really a single portal request and makes an object
representing it that will eventually get a response as a signal, or
that can be cancelled from the caller side if the user is not
interested in the request anymore.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list