Issue 1838313002: Restart the host when the third party auth certificate changes

Yuwei

yuweih@chromium.org changed reviewers: + sergeyu@chromium.org

4 years, 8 months ago (2016-03-29 18:46:29 UTC) #1

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-03-29 18:47:41 UTC) #3

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/1

4 years, 8 months ago (2016-03-29 18:48:08 UTC) #4

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-03-29 19:29:27 UTC) #5

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-03-29 19:29:28 UTC) #6

Sergey Ulanov

I think the new code can be simplified. CertificateWatcher can be single-threaded. CertificateWatcherInhibitor doesn't need ...

4 years, 8 months ago (2016-03-29 19:40:05 UTC) #7

Yuwei

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certificate_watcher.cc#newcode91 remoting/host/linux/certificate_watcher.cc:91: base::TimeDelta::FromSeconds(suicide_delay_)); On 2016/03/29 19:40:04, Sergey Ulanov wrote: > this ...

4 years, 8 months ago (2016-03-29 19:57:03 UTC) #8

Yuwei

Description was changed from ========== Kill the host when the NSS certificate changes Will defer ...

4 years, 8 months ago (2016-03-29 19:58:12 UTC) #9

Yuwei

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2me_host.cc File remoting/host/remoting_me2me_host.cc (right): https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2me_host.cc#newcode832 remoting/host/remoting_me2me_host.cc:832: host_->AddStatusObserver(&cert_watcher_inhibitor_); On 2016/03/29 19:40:05, Sergey Ulanov wrote: > You ...

4 years, 8 months ago (2016-03-29 21:37:41 UTC) #10

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2me_host.cc File remoting/host/remoting_me2me_host.cc (right): https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2me_host.cc#newcode185 remoting/host/remoting_me2me_host.cc:185: const int kCertUpdateShutdownDelaySeconds = 30; On 2016/03/29 19:57:03, yuweih ...

4 years, 8 months ago (2016-03-29 23:09:54 UTC) #12

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2m...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2m...
remoting/host/remoting_me2me_host.cc:185: const int
kCertUpdateShutdownDelaySeconds = 30;
On 2016/03/29 19:57:03, yuweih wrote:
> Acknowledged.

Normally we use "Acknowledged." response only for optional or no-op comments.
For comments that require some action like this one please mark them as "Done"
once they are done (unless you disagree with the comment, in which case you
should click "Reply" and write your response)

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2m...
remoting/host/remoting_me2me_host.cc:832:
host_->AddStatusObserver(&cert_watcher_inhibitor_);
On 2016/03/29 21:37:41, yuweih wrote:
> On 2016/03/29 19:40:05, Sergey Ulanov wrote:
> > You also need to call RemoveStatusObserver() before host_ is destroyed. In
> some
> > cases host needs to be restarted, e.g. when system policies change. When
this
> > happens we keep the process running but destroy the old ChromotingHost
object
> > and create a new one. 
> > I think HostStatusObserver::OnShutdown() is the right place to call
> > RemoveStatusObserver()
> 
> I am a little bit confused... So the host will not clear the observer list
when
> it shuts down? It seems a little bit weird to have an observer removing itself
> from the host when the host shuts down 

In general when using the observer pattern it's necessary to make sure that if
the observer is deleted before the observable then it is removed from the list
of observers. So to ensure that usually observable objects verify in the
destructor that the observer list is empty (because if it's not empty it
indicates observable/observer are not destroyed properly). ObserverList has a
flag for that (see
https://code.google.com/p/chromium/codesearch#chromium/src/base/observer_list...),
but we don't have it enabled in ChromotingHost.
This particular case is a bit different because the observer outlives the
observable. Still as a rule of thumb there should always be one
RemoveStatusObserver() call for each AddStatusObserver()

> (the code will also look weird since you
> need to pass in a reference to the host or something)...

Actually it's more common to have observer register/unregister itself, e.g. see
remoting/host/host_status_logger.cc .
So I suggest you use the same approach here as well in CertificateWatche. It
just needs to be notified when there is a new instance of ChromotingHost being
created. So it will look something like this:
  cert_watcher_->OnHostCreated(host_.get());

and in cert_watcher.cc:

void CertWatcher::OnHostCreated(Host* host) {
  host_ = host;
  host_->AddObserver(this);
}

void CertWatcher::OnHostShutdown(Host* host) {
  host_->RemoveObserver(this);
}

This also make sense because it hides the fact that the CertWatcher is a
HostStatusObserver, which is an internal detail of its implementation.

Yuwei

Patch 2 is uploaded. PTAL https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certificate_watcher.cc#newcode91 remoting/host/linux/certificate_watcher.cc:91: base::TimeDelta::FromSeconds(suicide_delay_)); On 2016/03/29 19:40:04, ...

4 years, 8 months ago (2016-03-30 18:47:45 UTC) #13

Patch 2 is uploaded. PTAL

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.cc:91:
base::TimeDelta::FromSeconds(suicide_delay_));
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> this line is not indented correctly. Please use clang-format:
> https://chromium.googlesource.com/chromium/src/+/master/docs/clang_format.md

Done. Have run clang-format

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.cc:169: }
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
>   // namespace remoting

Done.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
File remoting/host/linux/certificate_watcher.h (right):

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:5: #ifndef
HOST_LINUX_CERTIFICATE_WATCHER_H_
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> REMOTING_

Done.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:16: class
CertificateWatcherImplInterface {
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> We normally don't use Interface suffix for interfaces. Interface name should
> generally be shorter than the name of the implementing class. But
ImplInterface
> suffix makes no sense. See my comment about impl_. I don't think you need any
of
> this at all.

Done. Removed interface and merged the impl

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:33: typedef base::Callback<void(void)>
SuicideAction;
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> this is base::Closure. You don't need this typedef.
> Also "void(void)" is better expressed as "void()"

Done.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:35:
scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> I think this class can be made single-threaded and live on the network thread.
> Then you wouldn't need to pass any threads here and will not need any of the
> impl_ stuff.

Looks like it doesn't work... There are checks in FilePathWatcher and
HostProcess to prevent being called on the wrong thread... Basically
FilePathWatcher needs IO thread and Host process needs network thread.

I changed the code a little bit so now StarOn() takes in the file runner and
there is a callback `OnNSSCertificateUpdate()` in HostProcess that dispatches
the shutdown task to the network thread.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:37: int suicide_delay, const
SuicideAction& suicide_action);
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> Don't call it "suicide". The host process is just being restarted cleanly.
It's
> not killing itself.

Done. Renamed to restart

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:60: // A flag to prevent posting
multiple suicide tasks
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> nit: here and everywhere else: please add . at the end of the comment.

Done.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher.h:66: }
On 2016/03/29 19:40:04, Sergey Ulanov wrote:
> // namespace remoting

Done.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
File remoting/host/linux/certificate_watcher_unittest.cc (right):

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher_unittest.cc:5: #include
"remoting/host/linux/certificate_watcher.h"
On 2016/03/29 19:40:05, Sergey Ulanov wrote:
> nit: emtpy line after this include

Done.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/linux/certifi...
remoting/host/linux/certificate_watcher_unittest.cc:9: class
MockCertificateWatcherImpl : public CertificateWatcherImplInterface {
On 2016/03/29 19:40:05, Sergey Ulanov wrote:
> So this test mocks the most interesting part of the code being tested.
unittests
> like this are rarely useful. I think it should be easy to test the real
> implementation without faking any of the internal behavior. Just create a temp
> directory, install the watcher and verify that it does the right thing.
> ScopedTempDir class from base/files/scoped_temp_dir.h might be useful to
> implement this.

Class rewritten to test the real situation of watching a file.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2m...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2m...
remoting/host/remoting_me2me_host.cc:185: const int
kCertUpdateShutdownDelaySeconds = 30;
On 2016/03/29 19:40:05, Sergey Ulanov wrote:
> I don't think we need delay restart that long. Currently you have timeout of
30
> seconds starting from the first change in the cert directory. I think it's
> better to have shorter delay starting at the last change. I.e. if the
directory
> keeps changing for 5 seconds then you keep the host running and restart it 2
> seconds after that 5 second interval. It should be easy to implement this
> behavior using base::DelayTimer, see
>
https://code.google.com/p/chromium/codesearch#chromium/src/base/timer/timer.h...

Done. DelayedTimer is being used.

https://codereview.chromium.org/1838313002/diff/1/remoting/host/remoting_me2m...
remoting/host/remoting_me2me_host.cc:832:
host_->AddStatusObserver(&cert_watcher_inhibitor_);
On 2016/03/29 19:40:05, Sergey Ulanov wrote:
> You also need to call RemoveStatusObserver() before host_ is destroyed. In
some
> cases host needs to be restarted, e.g. when system policies change. When this
> happens we keep the process running but destroy the old ChromotingHost object
> and create a new one. 
> I think HostStatusObserver::OnShutdown() is the right place to call
> RemoveStatusObserver()

Done. Observer will be added or removed in Start() and Stop() (Stop() is also
called in dtor).

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-03-30 18:48:21 UTC) #14

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/20001

4 years, 8 months ago (2016-03-30 18:49:04 UTC) #15

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-03-30 19:59:11 UTC) #16

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-03-30 19:59:12 UTC) #17

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/certificate_watcher.cc#newcode16 remoting/host/linux/certificate_watcher.cc:16: const char kNSSEnvironmentPrefix[] = "HOME"; Please use base::PathService with ...

4 years, 8 months ago (2016-03-30 21:02:46 UTC) #18

Yuwei

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/certificate_watcher.cc#newcode29 remoting/host/linux/certificate_watcher.cc:29: const base::Closure& restart_deferred_action, const base::FilePath& path) On 2016/03/30 21:02:44, ...

4 years, 8 months ago (2016-03-30 21:37:01 UTC) #19

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:29: const base::Closure&
restart_deferred_action, const base::FilePath& path)
On 2016/03/30 21:02:44, Sergey Ulanov wrote:
> one argument per line please (clang-format?)

Okay... In fact this file has been processed by clang-format...

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:47: if (inhibit_mode_) {
On 2016/03/30 21:02:44, Sergey Ulanov wrote:
> I think we want to always start the timer here. Then OnTimer() should check if
> there is an active client and defer restart until that client is disconnected.
> E.g. currently this code doesn't handle the case when a new client is
connected
> between OnNssUpdate() and OnTimer().

This sounds better although I don't think the client can still successfully
connect to the host after OnNSSUpdate happens...

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.h (right):

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.h:33: CertificateWatcher(int delay,
On 2016/03/30 21:02:45, Sergey Ulanov wrote:
> Does the delay really need to be passed to the constructor? If it's useful
only
> for tests then add set_delay_for_tests().

So may just have a constant inside the CertificateWatcher class?

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.h:35: const base::Closure&
restart_deferred_action,
On 2016/03/30 21:02:45, Sergey Ulanov wrote:
> This parameter is used only for tests. Do you really need it?

In fact this constructor is basically for tests only...

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.h:36: const base::FilePath& watch_path);
On 2016/03/30 21:02:45, Sergey Ulanov wrote:
> This argument is used for tests only. Replace it with set_watch_path_for_tests
> method. Then you wouldn't need overloaded constructor.

okay

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.h:48: void
StartOn(scoped_refptr<AutoThreadTaskRunner> runner,
On 2016/03/30 21:02:45, Sergey Ulanov wrote:
> Why do you need this method?

For most of the cases you can simply run watcher on the main thread... Do you
suggest that it's the caller's responsibility to run runner->PostTask(&Start...)
instead of the callee's?

https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.h:58: void Uninhibit();
On 2016/03/30 21:02:45, Sergey Ulanov wrote:
> Do you still need this?

Basically only observer's functions are calling these functions, but these
functions do exactly what their names say and doesn't take unnecessary arguments
like jid. I feel like keeping these functions may make the test code look
clearer...

Yuwei

Patch 3 is uploaded. PTAL https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/20001/remoting/host/linux/certificate_watcher.cc#newcode16 remoting/host/linux/certificate_watcher.cc:16: const char kNSSEnvironmentPrefix[] = ...

4 years, 8 months ago (2016-03-31 17:40:06 UTC) #21

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-03-31 17:46:38 UTC) #22

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/60001

4 years, 8 months ago (2016-03-31 17:47:17 UTC) #23

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-03-31 18:49:05 UTC) #24

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-03-31 18:49:06 UTC) #25

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode17 remoting/host/linux/certificate_watcher.cc:17: // This is to repeating restarts when continuous writes ...

4 years, 8 months ago (2016-03-31 22:36:16 UTC) #26

Yuwei

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode50 remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run(); On 2016/03/31 22:36:15, Sergey Ulanov wrote: > Why ...

4 years, 8 months ago (2016-03-31 23:08:33 UTC) #27

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run();
On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> Why do you need this?

For testing reason. We need some way to quit the message loop if the restart
action is deferred...

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:56: restart_timer_->Reset();
On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> I don't think you want to rest the timer here. It doesn't make sense to keep
the
> timer running while we are waiting the user to disconnect. Instead I suggest
you
> add a boolean flag that would indicate that restart is pending. So here you
will
> have
>   restart_pending_ = true;

I guess I misunderstood your last comment about always starting the timer in
inhibit mode.

So we still want to use a flag to mark a pending restart but we should defer it
at the beginning of OnTimer instead of at the end of OnUpdate, right?

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:106: void
CertificateWatcher::SetRestartDeferredAction(
On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> Why do you need this?

See above... For quitting the message loop

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:819: cert_watcher_.reset(new
CertificateWatcher(
On 2016/03/31 22:36:16, Sergey Ulanov wrote:
> CreateAuthenticatorFactory() is called every time the host is restarted, but
we
> don't want to create a new instance of CertificateWatcher every time - certs
may
> be updated while the host is being restarted and we would loose the state in
> that case.

Currently the watcher get constructed just before the authorization starts and
destructed when the host dies. Not sure why we need to care about during the
interval of (old host died, new host authorized)... We can keep using the same
watcher for the whole process then it will need to reset the host reference
anyways...

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:822:
context_->file_task_runner()->PostTask(
On 2016/03/31 22:36:16, Sergey Ulanov wrote:
> I don't think you need to use file_task_runner() here. CertificateWatcher
should
> work just fin on the network thread.

I tried this but it complained something like it's not on IO thread...

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode50 remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run(); On 2016/03/31 23:08:33, yuweih wrote: > On 2016/03/31 ...

4 years, 8 months ago (2016-04-01 17:49:23 UTC) #28

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run();
On 2016/03/31 23:08:33, yuweih wrote:
> On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> > Why do you need this?
> 
> For testing reason. We need some way to quit the message loop if the restart
> action is deferred...

Just post a delayed Quit task on that message loop with delay slightly larger
than |delay_|?

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:56: restart_timer_->Reset();
On 2016/03/31 23:08:33, yuweih wrote:
> On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> > I don't think you want to rest the timer here. It doesn't make sense to keep
> the
> > timer running while we are waiting the user to disconnect. Instead I suggest
> you
> > add a boolean flag that would indicate that restart is pending. So here you
> will
> > have
> >   restart_pending_ = true;
> 
> I guess I misunderstood your last comment about always starting the timer in
> inhibit mode.
> 
> So we still want to use a flag to mark a pending restart but we should defer
it
> at the beginning of OnTimer instead of at the end of OnUpdate, right?

Starting/resetting the timer makes sense only in response to file change
notifications. I.e. you shouldn't be calling timer_->Reset() anywhere except
from OnCertDirectoryChanged()

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:819: cert_watcher_.reset(new
CertificateWatcher(
On 2016/03/31 23:08:33, yuweih wrote:
> On 2016/03/31 22:36:16, Sergey Ulanov wrote:
> > CreateAuthenticatorFactory() is called every time the host is restarted, but
> we
> > don't want to create a new instance of CertificateWatcher every time - certs
> may
> > be updated while the host is being restarted and we would loose the state in
> > that case.
> 
> Currently the watcher get constructed just before the authorization starts and
> destructed when the host dies. 

This code also resets it every time the host is restarted (without restarting
the process), and we want to avoid that.

> Not sure why we need to care about during the
> interval of (old host died, new host authorized)... 

We need to care about it because restarting the host doesn't refresh the caches
that NSS may hold internally.

> We can keep using the same
> watcher for the whole process then it will need to reset the host reference
> anyways...

CreateAuthenticatorFactory() is called in two case:
 1. Host is being started the first time.
 2. Host is being restarted, e.g. because policies have been updated.

In the second case we don't want to create new instance of CertificateWatcher.
So I think here you want to create the object if it didn't exist before and then
then give it reference to the host, i.e.:

 if (!cert_watcher_) {
   cert_watcher_.reset(new CertificateWatcher(
       base::Bind(&HostProcess::OnHostRestartRequested, this)));
 }
 cert_watcher_->Start(host_->AsWeakPtr());

No Start() will be called every time host is restarted.

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:822:
context_->file_task_runner()->PostTask(
On 2016/03/31 23:08:33, yuweih wrote:
> On 2016/03/31 22:36:16, Sergey Ulanov wrote:
> > I don't think you need to use file_task_runner() here. CertificateWatcher
> should
> > work just fin on the network thread.
> 
> I tried this but it complained something like it's not on IO thread...

Network thread is an IO thread (see
https://code.google.com/p/chromium/codesearch#chromium/src/remoting/host/chro...),
so it should work. Could it be that you tried it on main thread, instead of the
network thread?

Yuwei

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode50 remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run(); On 2016/04/01 17:49:23, Sergey Ulanov wrote: > On ...

4 years, 8 months ago (2016-04-01 18:28:04 UTC) #29

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run();
On 2016/04/01 17:49:23, Sergey Ulanov wrote:
> On 2016/03/31 23:08:33, yuweih wrote:
> > On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> > > Why do you need this?
> > 
> > For testing reason. We need some way to quit the message loop if the restart
> > action is deferred...
> 
> Just post a delayed Quit task on that message loop with delay slightly larger
> than |delay_|?

That's time dependent and sounds a little bit flaky? I am not sure how long it
takes for the file watcher to notice the changes and how precise the delayed
timer will be... Or we can quit the message loop with delay say 2*|delay_|?

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:56: restart_timer_->Reset();
On 2016/04/01 17:49:23, Sergey Ulanov wrote:
> On 2016/03/31 23:08:33, yuweih wrote:
> > On 2016/03/31 22:36:15, Sergey Ulanov wrote:
> > > I don't think you want to rest the timer here. It doesn't make sense to
keep
> > the
> > > timer running while we are waiting the user to disconnect. Instead I
suggest
> > you
> > > add a boolean flag that would indicate that restart is pending. So here
you
> > will
> > > have
> > >   restart_pending_ = true;
> > 
> > I guess I misunderstood your last comment about always starting the timer in
> > inhibit mode.
> > 
> > So we still want to use a flag to mark a pending restart but we should defer
> it
> > at the beginning of OnTimer instead of at the end of OnUpdate, right?
> 
> Starting/resetting the timer makes sense only in response to file change
> notifications. I.e. you shouldn't be calling timer_->Reset() anywhere except
> from OnCertDirectoryChanged()

Okay...

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:819: cert_watcher_.reset(new
CertificateWatcher(
On 2016/04/01 17:49:23, Sergey Ulanov wrote:
> On 2016/03/31 23:08:33, yuweih wrote:
> > On 2016/03/31 22:36:16, Sergey Ulanov wrote:
> > > CreateAuthenticatorFactory() is called every time the host is restarted,
but
> > we
> > > don't want to create a new instance of CertificateWatcher every time -
certs
> > may
> > > be updated while the host is being restarted and we would loose the state
in
> > > that case.
> > 
> > Currently the watcher get constructed just before the authorization starts
and
> > destructed when the host dies. 
> 
> This code also resets it every time the host is restarted (without restarting
> the process), and we want to avoid that.
> 
> 
> > Not sure why we need to care about during the
> > interval of (old host died, new host authorized)... 
> 
> We need to care about it because restarting the host doesn't refresh the
caches
> that NSS may hold internally.
> 
> 
> > We can keep using the same
> > watcher for the whole process then it will need to reset the host reference
> > anyways...
> 
> CreateAuthenticatorFactory() is called in two case:
>  1. Host is being started the first time.
>  2. Host is being restarted, e.g. because policies have been updated.
> 
> In the second case we don't want to create new instance of CertificateWatcher.
> So I think here you want to create the object if it didn't exist before and
then
> then give it reference to the host, i.e.:
> 
>  if (!cert_watcher_) {
>    cert_watcher_.reset(new CertificateWatcher(
>        base::Bind(&HostProcess::OnHostRestartRequested, this)));
>  }
>  cert_watcher_->Start(host_->AsWeakPtr());
> 
> No Start() will be called every time host is restarted.

Okay. I guess I had mixed up the concept of HostProcess and the host...

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:822:
context_->file_task_runner()->PostTask(
On 2016/04/01 17:49:23, Sergey Ulanov wrote:
> On 2016/03/31 23:08:33, yuweih wrote:
> > On 2016/03/31 22:36:16, Sergey Ulanov wrote:
> > > I don't think you need to use file_task_runner() here. CertificateWatcher
> > should
> > > work just fin on the network thread.
> > 
> > I tried this but it complained something like it's not on IO thread...
> 
> Network thread is an IO thread (see
>
https://code.google.com/p/chromium/codesearch#chromium/src/remoting/host/chro...),
> so it should work. Could it be that you tried it on main thread, instead of
the
> network thread?

Interesting... I tried

    context_->network_task_runner()->PostTask(
        FROM_HERE, base::Bind(&CertificateWatcher::Start,
                              base::Unretained(cert_watcher_.get())));

Then I got

[0401/112513:FATAL:thread_restrictions.cc(38)] Function marked as IO-only was
called from a thread that disallows IO!  If this thread really should be allowed
to make IO calls, adjust the call to base::ThreadRestrictions::SetIOAllowed() in
this thread's startup.

Yuwei

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_me2me_host.cc File remoting/host/remoting_me2me_host.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_me2me_host.cc#newcode822 remoting/host/remoting_me2me_host.cc:822: context_->file_task_runner()->PostTask( On 2016/04/01 17:49:23, Sergey Ulanov wrote: > On ...

4 years, 8 months ago (2016-04-01 18:44:34 UTC) #30

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode50 remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run(); On 2016/04/01 18:28:04, yuweih wrote: > That's time ...

4 years, 8 months ago (2016-04-01 20:11:00 UTC) #31

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run();
On 2016/04/01 18:28:04, yuweih wrote:
> That's time dependent and sounds a little bit flaky? I am not sure how long it
> takes for the file watcher to notice the changes and how precise the delayed
> timer will be... Or we can quit the message loop with delay say 2*|delay_|?

The test can work something like this:
 1. OnClientConnected();
 2. Update watch path.
 3. Post quit delayed task for delay_ + 0.1s
 4. message_loop_.Run();
 5. Verify that the restart closure wasn't called.
 6. OnClientDisconnected();
 7. If the restart closure still hasn't been called then message_loop_.Run()
which quits when it's called.

I don't think this will be flaky. Even if the watcher doesn't notice the change
in step 4 it should notice it in 7. The test may sometimes still succeed when
restart is not inhibited properly, but I think that's acceptable.

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:822:
context_->file_task_runner()->PostTask(
On 2016/04/01 18:28:04, yuweih wrote:
> Interesting... I tried
> 
>     context_->network_task_runner()->PostTask(
>         FROM_HERE, base::Bind(&CertificateWatcher::Start,
>                               base::Unretained(cert_watcher_.get())));
> 
> Then I got
> 
> [0401/112513:FATAL:thread_restrictions.cc(38)] Function marked as IO-only was
> called from a thread that disallows IO!  If this thread really should be
allowed
> to make IO calls, adjust the call to base::ThreadRestrictions::SetIOAllowed()
in
> this thread's startup.

I see. This error message is somewhat wrong. Network thread is an IO thread, but
we disallow _blocking_ IO. Looks like FilePathWatcher needs to use blocking IO
and that's the reason we cannot run it on network_thread. Sorry I assumed it
doesn't require blocking IO. 

So given that FilePathWatcher needs to run on the file thread then I think it's
better if CertificateWatcher was responsible of posting the task to the file
thread. Pass the file_task_runner() and store the reference there. Then
internally it should use that task_runner to call FilePathWatcher::Watch().
Whenever it receives notification from the watcher it will need to post a task
back to the network thread to handle it there.

In the current version of this CL CertificateWatcher uses inhibit flag on two
threads and this is not safe (timer works on the file thread, while the host
notifications are handled on the network thread). Keep as much logic as possible
on the network thread and use file thread only to receive notification from the
file watcher.

Let's discuss this offline if what I wrote above doesn't make sense.

Yuwei

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode50 remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run(); On 2016/04/01 20:11:00, Sergey Ulanov wrote: > On ...

4 years, 8 months ago (2016-04-01 20:53:22 UTC) #32

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/cer...
remoting/host/linux/certificate_watcher.cc:50: restart_deferred_action_.Run();
On 2016/04/01 20:11:00, Sergey Ulanov wrote:
> On 2016/04/01 18:28:04, yuweih wrote:
> > That's time dependent and sounds a little bit flaky? I am not sure how long
it
> > takes for the file watcher to notice the changes and how precise the delayed
> > timer will be... Or we can quit the message loop with delay say 2*|delay_|?
> 
> The test can work something like this:
>  1. OnClientConnected();
>  2. Update watch path.
>  3. Post quit delayed task for delay_ + 0.1s
>  4. message_loop_.Run();
>  5. Verify that the restart closure wasn't called.
>  6. OnClientDisconnected();
>  7. If the restart closure still hasn't been called then message_loop_.Run()
> which quits when it's called.
> 
> I don't think this will be flaky. Even if the watcher doesn't notice the
change
> in step 4 it should notice it in 7. The test may sometimes still succeed when
> restart is not inhibited properly, but I think that's acceptable.

Okay... Sounds reasonable

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
File remoting/host/remoting_me2me_host.cc (right):

https://codereview.chromium.org/1838313002/diff/60001/remoting/host/remoting_...
remoting/host/remoting_me2me_host.cc:822:
context_->file_task_runner()->PostTask(
On 2016/04/01 20:11:00, Sergey Ulanov wrote:
> On 2016/04/01 18:28:04, yuweih wrote:
> > Interesting... I tried
> > 
> >     context_->network_task_runner()->PostTask(
> >         FROM_HERE, base::Bind(&CertificateWatcher::Start,
> >                               base::Unretained(cert_watcher_.get())));
> > 
> > Then I got
> > 
> > [0401/112513:FATAL:thread_restrictions.cc(38)] Function marked as IO-only
was
> > called from a thread that disallows IO!  If this thread really should be
> allowed
> > to make IO calls, adjust the call to
base::ThreadRestrictions::SetIOAllowed()
> in
> > this thread's startup.
> 
> I see. This error message is somewhat wrong. Network thread is an IO thread,
but
> we disallow _blocking_ IO. Looks like FilePathWatcher needs to use blocking IO
> and that's the reason we cannot run it on network_thread. Sorry I assumed it
> doesn't require blocking IO. 
> 
> So given that FilePathWatcher needs to run on the file thread then I think
it's
> better if CertificateWatcher was responsible of posting the task to the file
> thread. Pass the file_task_runner() and store the reference there. Then
> internally it should use that task_runner to call FilePathWatcher::Watch().
> Whenever it receives notification from the watcher it will need to post a task
> back to the network thread to handle it there.
> 
> In the current version of this CL CertificateWatcher uses inhibit flag on two
> threads and this is not safe (timer works on the file thread, while the host
> notifications are handled on the network thread). Keep as much logic as
possible
> on the network thread and use file thread only to receive notification from
the
> file watcher.
> 
> Let's discuss this offline if what I wrote above doesn't make sense.

That sounds like a problem... I think I can start the timer on the network
thread and always post task to network if we need to reset the timer, then now
the inhibit flag will only be accessed on the network thread.

Yuwei

Uploaded patch 4. PTAL https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/60001/remoting/host/linux/certificate_watcher.cc#newcode17 remoting/host/linux/certificate_watcher.cc:17: // This is to repeating ...

4 years, 8 months ago (2016-04-01 23:41:03 UTC) #34

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-01 23:41:11 UTC) #35

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/100001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/100001

4 years, 8 months ago (2016-04-01 23:42:03 UTC) #36

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-02 00:34:57 UTC) #37

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-04-02 00:34:58 UTC) #38

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode5 remoting/host/linux/certificate_watcher.cc:5: #include "certificate_watcher.h" Specify pull path here please. https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode29 remoting/host/linux/certificate_watcher.cc:29: ...

4 years, 8 months ago (2016-04-04 19:29:37 UTC) #39

Yuwei

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode5 remoting/host/linux/certificate_watcher.cc:5: #include "certificate_watcher.h" On 2016/04/04 19:29:37, Sergey Ulanov wrote: > ...

4 years, 8 months ago (2016-04-04 21:40:24 UTC) #40

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode5 remoting/host/linux/certificate_watcher.cc:5: #include "certificate_watcher.h" On 2016/04/04 21:40:24, yuweih wrote: > On ...

4 years, 8 months ago (2016-04-04 21:44:38 UTC) #41

Yuwei

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode76 remoting/host/linux/certificate_watcher.cc:76: void CertificateWatcher::Start() { On 2016/04/04 19:29:37, Sergey Ulanov wrote: ...

4 years, 8 months ago (2016-04-04 21:45:20 UTC) #42

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode76 remoting/host/linux/certificate_watcher.cc:76: void CertificateWatcher::Start() { On 2016/04/04 21:45:20, yuweih wrote: > ...

4 years, 8 months ago (2016-04-04 21:47:15 UTC) #43

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-04 23:37:51 UTC) #44

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/120001

4 years, 8 months ago (2016-04-04 23:38:43 UTC) #45

Yuwei

Patch 5 PTAL https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/certificate_watcher.cc#newcode5 remoting/host/linux/certificate_watcher.cc:5: #include "certificate_watcher.h" On 2016/04/04 19:29:37, Sergey ...

4 years, 8 months ago (2016-04-04 23:42:25 UTC) #46

Patch 5 PTAL

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
File remoting/host/linux/certificate_watcher.cc (right):

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:5: #include "certificate_watcher.h"
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> Specify pull path here please.

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:29: network_runner_(network_runner),
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> Don't need to pass it as parameter explicitly. Instead use
> base::ThreadTaskRunnerHandle::Get() to get task runner for the current thread.

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:30: io_runner_(io_runner),
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> Call this io_task_runner_.

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:36: 
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> nit: remove this empty line. Otherwise the following line looks as if it's not
> related to the code above.

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:37: cert_watch_path_ =
cert_watch_path_.AppendASCII(kCertDirectoryPath);
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> nit: incorrect indentation.

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:76: void CertificateWatcher::Start()
{
On 2016/04/04 21:47:15, Sergey Ulanov wrote:
> On 2016/04/04 21:45:20, yuweih wrote:
> > On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> > > Do you really need this separate from the constructor? I suggest moving
all
> > this
> > > code to the constructor.
> > 
> > It's basically to allow unit tests to override parameters before starting
the
> > test. If we move this to the constructor then we need to have separate
> > constructor for testing...
> 
> I see. Then maybe make it return a bool value (false in case it fails). Then
you
> can make is_started() private or remove it completely.

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:84:
&CertificateWatcher::StartWatcherOnIo, base::Unretained(this)));
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> base::Unretained() is not safe here. CertificateWatcher may be destroyed by
the
> time this task gets executed on the IO thread. Instead you can create
> FilePathWatcher here and post a task directly for the Watch() method:
> 
> file_watcher_.reset(new base::FilePathWatcher());
> io_runner_->PostTask(FROM_HERE, base::Bind(
>        &FilePathWatcher::Watch, base::Unretained(file_watcher.get()),
>        cert_watch_path_, true, base::Bind(&OnCertDirectoryChanged));
> 
> Then from the destructor post a task on io thread to delete the watcher:
>   io_runner_->DeleteSoon(FROM_HERE, file_watcher_.release());

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:87:
&CertificateWatcher::StartTimerOnNetwork, base::Unretained(this)));
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> Why do you need to post a separate task here? network_runner_ must be the same
> thread on which this code is executed.

Not posting task now

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:99: base::Unretained(this)));
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> It's not safe to use base::Unretained() here. OnCertDirectoryChanged() is
called
> on the IO thread, while CertificateWatcher is destroyed on the network thread.
I
> suggest you make OnCertDirectoryChanged a static method that gets a weak
pointer
> for the CertficateWatcher
> to post the task back to the network thread:
> 
> OnCertDirectoryChanged(scoped_refptr<TaskRunner> network_task_runner,
>                        base::WeakPtr<CertificateWatcher> cert_watcher,
>                        const base::FilePath& path,
>                        bool error) {
>   network_task_runner->PostTask(
>         FROM_HERE, 
>         base::Bind(&CertificateWatcher::DirectoryChanged, cert_watcher,
>                    path, error));
> }
> 
> You will need to bind the first two parameters for the callback passed to
> FilePathWatcher::Watch().

Done.

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.cc:117: if (monitor) {
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> I don't think this you need this condition: monitor must exist when
SetMonitor()
> is called.

Changed to DCHECK

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
File remoting/host/linux/certificate_watcher.h (right):

https://codereview.chromium.org/1838313002/diff/100001/remoting/host/linux/ce...
remoting/host/linux/certificate_watcher.h:46: bool Started() const;
On 2016/04/04 19:29:37, Sergey Ulanov wrote:
> call it is_started()

Done.

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-05 00:59:56 UTC) #47

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_asan_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/140404)

4 years, 8 months ago (2016-04-05 00:59:57 UTC) #48

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-05 01:01:38 UTC) #49

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/120001

4 years, 8 months ago (2016-04-05 01:02:31 UTC) #50

Sergey Ulanov

Almost there! I just have a few more comments about style and formatting. https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File ...

4 years, 8 months ago (2016-04-05 01:14:32 UTC) #51

Yuwei

https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode41 remoting/host/linux/certificate_watcher.cc:41: base::WeakPtr<CertificateWatcher> watcher_, const base::FilePath& path, On 2016/04/05 01:14:32, Sergey ...

4 years, 8 months ago (2016-04-05 01:25:36 UTC) #52

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-05 02:18:51 UTC) #53

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_asan_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/140498)

4 years, 8 months ago (2016-04-05 02:18:52 UTC) #54

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode41 remoting/host/linux/certificate_watcher.cc:41: base::WeakPtr<CertificateWatcher> watcher_, const base::FilePath& path, On 2016/04/05 01:25:36, yuweih ...

4 years, 8 months ago (2016-04-05 18:35:21 UTC) #55

Yuwei

On 2016/04/05 18:35:21, Sergey Ulanov wrote: > https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc > File remoting/host/linux/certificate_watcher.cc (right): > > https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode41 ...

4 years, 8 months ago (2016-04-05 18:43:50 UTC) #56

On 2016/04/05 18:35:21, Sergey Ulanov wrote:
>
https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/ce...
> File remoting/host/linux/certificate_watcher.cc (right):
> 
>
https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/ce...
> remoting/host/linux/certificate_watcher.cc:41:
base::WeakPtr<CertificateWatcher>
> watcher_, const base::FilePath& path,
> On 2016/04/05 01:25:36, yuweih wrote:
> > On 2016/04/05 01:14:32, Sergey Ulanov wrote:
> > > One argument per line please (run clang-format)
> > 
> > I think clang-format actually moved |path| to the line above...
> 
> maybe it's somehow configured incorrectly on your machine? How do you run it?
> Just running "git cl format" should do the right thing.
> 
>
https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/ce...
> remoting/host/linux/certificate_watcher.cc:78:
> DCHECK(io_task_runner_->DeleteSoon(FROM_HERE, file_watcher_.release()));
> On 2016/04/05 01:25:36, yuweih wrote:
> > On 2016/04/05 01:14:32, Sergey Ulanov wrote:
> > > Don't put any statements with side-effects in [D]CHECK(). It should be
safe
> to
> > > ignore DeleteSoon() result here.
> > 
> > Would we do `bool result = ...; DCHECK(result);` or is it just better to not
> > DCHECK code with side effect at all...
> 
> Sure you can do that. The statement _inside_ DCHECK() is executed only in
debug
> builds, as long as it doesn't have side effects you are fine. Alternatively
you
> could use LOG(DFATAL), which has the safe effect as DCHECK(false):
> if (!DeleteSoon()) {
>   LOG(DFATAL) << "DeleteSoon failed";
> }
> 
> But it's just not necessary in this case and we don't check DeleteSoon()
result
> in other places. io_task_runner_ here will normally be AutoThreadTaskRunner,
> which guarantees that the thread outlives all references, so DeleteSoon() will
> never return false here. And even if it does it means that the process is
being
> shut down and so it's safe to leak the object.

I see...

Yuwei

https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode41 remoting/host/linux/certificate_watcher.cc:41: base::WeakPtr<CertificateWatcher> watcher_, const base::FilePath& path, Tried git cl format ...

4 years, 8 months ago (2016-04-05 19:15:51 UTC) #57

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode41 remoting/host/linux/certificate_watcher.cc:41: base::WeakPtr<CertificateWatcher> watcher_, const base::FilePath& path, On 2016/04/05 19:15:51, yuweih ...

4 years, 8 months ago (2016-04-05 19:34:46 UTC) #58

Yuwei

https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode78 remoting/host/linux/certificate_watcher.cc:78: DCHECK(io_task_runner_->DeleteSoon(FROM_HERE, file_watcher_.release())); On 2016/04/05 18:35:21, Sergey Ulanov wrote: > ...

4 years, 8 months ago (2016-04-05 20:09:30 UTC) #59

Yuwei

PTAL https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode29 remoting/host/linux/certificate_watcher.cc:29: network_task_runner_(base::ThreadTaskRunnerHandle::Get()), On 2016/04/05 01:14:32, Sergey Ulanov wrote: > ...

4 years, 8 months ago (2016-04-05 20:46:22 UTC) #60

Yuwei

PTAL https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/120001/remoting/host/linux/certificate_watcher.cc#newcode29 remoting/host/linux/certificate_watcher.cc:29: network_task_runner_(base::ThreadTaskRunnerHandle::Get()), On 2016/04/05 01:14:32, Sergey Ulanov wrote: > ...

4 years, 8 months ago (2016-04-05 20:46:23 UTC) #61

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-05 20:47:00 UTC) #62

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/140001

4 years, 8 months ago (2016-04-05 20:47:15 UTC) #63

Sergey Ulanov

https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc#newcode11 remoting/host/linux/certificate_watcher.cc:11: #include "base/message_loop/message_loop.h" Don't need this include https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc#newcode42 remoting/host/linux/certificate_watcher.cc:42: bool ...

4 years, 8 months ago (2016-04-05 21:12:56 UTC) #64

Yuwei

https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc#newcode130 remoting/host/linux/certificate_watcher.cc:130: if (error || path != cert_watch_path_) { On 2016/04/05 ...

4 years, 8 months ago (2016-04-05 21:27:40 UTC) #65

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-05 21:30:25 UTC) #66

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-04-05 21:30:27 UTC) #67

Yuwei

https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.h File remoting/host/linux/certificate_watcher.h (right): https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.h#newcode39 remoting/host/linux/certificate_watcher.h:39: // network thread if necessary. On 2016/04/05 21:12:56, Sergey ...

4 years, 8 months ago (2016-04-05 21:53:01 UTC) #68

Yuwei

PTAL https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc File remoting/host/linux/certificate_watcher.cc (right): https://codereview.chromium.org/1838313002/diff/140001/remoting/host/linux/certificate_watcher.cc#newcode11 remoting/host/linux/certificate_watcher.cc:11: #include "base/message_loop/message_loop.h" On 2016/04/05 21:12:56, Sergey Ulanov wrote: ...

4 years, 8 months ago (2016-04-05 22:18:55 UTC) #69

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-05 22:19:05 UTC) #70

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/160001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/160001

4 years, 8 months ago (2016-04-05 22:19:47 UTC) #71

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-05 23:29:01 UTC) #72

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-04-05 23:29:02 UTC) #73

Sergey Ulanov

Please update CL description to provide more details about why this change is needed. Also ...

4 years, 8 months ago (2016-04-06 21:04:06 UTC) #74

Yuwei

Description was changed from ========== Kill the host when the NSS certificate changes Will defer ...

4 years, 8 months ago (2016-04-06 21:53:08 UTC) #75

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-07 00:35:01 UTC) #76

Yuwei

Thanks for reviewing my code for two weeks :) https://codereview.chromium.org/1838313002/diff/160001/remoting/host/linux/certificate_watcher.h File remoting/host/linux/certificate_watcher.h (right): https://codereview.chromium.org/1838313002/diff/160001/remoting/host/linux/certificate_watcher.h#newcode19 remoting/host/linux/certificate_watcher.h:19: ...

4 years, 8 months ago (2016-04-07 00:35:42 UTC) #77

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/180001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/180001

4 years, 8 months ago (2016-04-07 00:35:43 UTC) #78

Sergey Ulanov

lgtm https://codereview.chromium.org/1838313002/diff/180001/remoting/host/linux/certificate_watcher_unittest.cc File remoting/host/linux/certificate_watcher_unittest.cc (right): https://codereview.chromium.org/1838313002/diff/180001/remoting/host/linux/certificate_watcher_unittest.cc#newcode97 remoting/host/linux/certificate_watcher_unittest.cc:97: base::Closure quit_loop_closure; this should be quit_loop_closure with _ ...

4 years, 8 months ago (2016-04-07 00:42:20 UTC) #79

Yuwei

The CQ bit was checked by yuweih@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-07 00:45:43 UTC) #80

Yuwei

https://codereview.chromium.org/1838313002/diff/180001/remoting/host/linux/certificate_watcher_unittest.cc File remoting/host/linux/certificate_watcher_unittest.cc (right): https://codereview.chromium.org/1838313002/diff/180001/remoting/host/linux/certificate_watcher_unittest.cc#newcode97 remoting/host/linux/certificate_watcher_unittest.cc:97: base::Closure quit_loop_closure; On 2016/04/07 00:42:19, Sergey Ulanov wrote: > ...

4 years, 8 months ago (2016-04-07 00:46:25 UTC) #81

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/200001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/200001

4 years, 8 months ago (2016-04-07 00:46:43 UTC) #83

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-07 02:18:19 UTC) #84

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-04-07 02:18:20 UTC) #85

Yuwei

The patchset sent to the CQ was uploaded after l-g-t-m from sergeyu@chromium.org Link to the ...

4 years, 8 months ago (2016-04-07 17:33:56 UTC) #87

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1838313002/200001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1838313002/200001

4 years, 8 months ago (2016-04-07 17:34:28 UTC) #88

commit-bot: I haz the power

Description was changed from ========== When using third-party authentication the host may need to use ...

4 years, 8 months ago (2016-04-07 17:53:57 UTC) #89

commit-bot: I haz the power

Description was changed from ========== When using third-party authentication the host may need to use ...

4 years, 8 months ago (2016-04-07 17:56:12 UTC) #91

commit-bot: I haz the power

4 years, 8 months ago (2016-04-07 17:56:13 UTC) #92

Message was sent while issue was closed.

Patchset 9 (id:??) landed as
https://crrev.com/7821527cafe2199a3603d26daae639c621602a2f
Cr-Commit-Position: refs/heads/master@{#385801}

Issue 1838313002: Restart the host when the third party auth certificate changes (Closed)

Description

Patch Set 1 #

Patch Set 2 : Applied Feedback From sergeyu@ #

Patch Set 3 : Reviewed Feedback from sergeyu@ #

Patch Set 4 : Feedback from sergeyu@ #

Patch Set 5 : Reviewed #

Patch Set 6 : Reviewer's fb; fixed memory leak #

Patch Set 7 : Reviewer's Feedback #

Patch Set 8 : Reviewer's Feedback #

Patch Set 9 : Fix small typo #

Messages