OLD | NEW |
1 Design | 1 Design |
2 ====== | 2 ====== |
3 | 3 |
4 | 4 |
5 Overview | 5 Overview |
6 -------- | 6 -------- |
7 Allows trying out Skia code in the browser. | 7 Allows trying out Skia code in the browser. |
8 | 8 |
9 | 9 |
10 Security | 10 Security |
(...skipping 18 matching lines...) Expand all Loading... |
29 * No preprocessor use is allowed (no lines can begin with #includes). | 29 * No preprocessor use is allowed (no lines can begin with #includes). |
30 | 30 |
31 | 31 |
32 Architecture | 32 Architecture |
33 ------------ | 33 ------------ |
34 | 34 |
35 | 35 |
36 The server runs on GCE, and consists of a Go Web Server that calls out to the | 36 The server runs on GCE, and consists of a Go Web Server that calls out to the |
37 c++ compiler and executes code in a chroot jail. See the diagram below: | 37 c++ compiler and executes code in a chroot jail. See the diagram below: |
38 | 38 |
39 | 39 +–––––––––––––+ |
40 +–––––––––––––+ | 40 | | |
41 | | | 41 | Browser | |
42 | Browser | | 42 | | |
43 | | | 43 +––––––+––––––+ |
44 +––––––+––––––+ | 44 | |
45 | | 45 +––––––+––––––+ |
46 +––––––+––––––+ | 46 | | |
47 | | | 47 | | |
48 | | | 48 | Web Server | |
49 | Web Server | | 49 | | |
50 | | | 50 | (Go) | |
51 | (Go) | | 51 | | |
52 | | | 52 | | |
53 | | | 53 +–––––––+–––––+ |
54 +–––––––+–––––+ | 54 | |
55 | | 55 +–––––––+––––––––––+ |
56 +–––––––+––––––––––+ | 56 | chroot jail | |
57 | chroot jail | | 57 | +––––––––––––––+| |
58 | +––––––––––––––+| | 58 | | seccomp || |
59 | | seccomp || | 59 | | +––––––––––+|| |
60 | | +––––––––––+|| | 60 | | |User code ||| |
61 | | |User code ||| | 61 | | | ||| |
62 | | | ||| | 62 | | +––––––––––+|| |
63 | | +––––––––––+|| | 63 | +––––––––––––––+| |
64 | +––––––––––––––+| | 64 | | |
65 | | | 65 +––––––––––––––––––+ |
66 +––––––––––––––––––+ | |
67 | |
68 | 66 |
69 The user code is expanded into a simple template and linked against libskia | 67 The user code is expanded into a simple template and linked against libskia |
70 and a couple other .o files that contain main() and the code that sets up the | 68 and a couple other .o files that contain main() and the code that sets up the |
71 seccomp and rlimit restrictions. This code also sets up the SkCanvas that is | 69 seccomp and rlimit restrictions. This code also sets up the SkCanvas that is |
72 handed to the user code. Any code the user submits is restricted to running in | 70 handed to the user code. Any code the user submits is restricted to running in |
73 a single function that looks like this: | 71 a single function that looks like this: |
74 | 72 |
75 | 73 |
76 void draw(SkCanvas* canvas) { | 74 void draw(SkCanvas* canvas) { |
77 // User code goes here. | 75 // User code goes here. |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
140 | 138 |
141 // If this gets changed also update the sqlite create statement in webtry.go
. | 139 // If this gets changed also update the sqlite create statement in webtry.go
. |
142 | 140 |
143 CREATE TABLE webtry ( | 141 CREATE TABLE webtry ( |
144 code TEXT DEFAULT '' NOT NULL, | 142 code TEXT DEFAULT '' NOT NULL, |
145 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, | 143 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
146 hash CHAR(64) DEFAULT '' NOT NULL, | 144 hash CHAR(64) DEFAULT '' NOT NULL, |
147 PRIMARY KEY(hash) | 145 PRIMARY KEY(hash) |
148 ); | 146 ); |
149 | 147 |
| 148 CREATE TABLE workspace ( |
| 149 name TEXT DEFAULT '' NOT NULL, |
| 150 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
| 151 ); |
| 152 |
| 153 CREATE TABLE workspacetry ( |
| 154 name TEXT DEFAULT '' NOT NULL, |
| 155 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
| 156 hash CHAR(64) DEFAULT '' NOT NULL, |
| 157 hidden INTEGER DEFAUL 0 NOT NULL, |
| 158 |
| 159 FOREIGN KEY (name) REFERENCES workspace(name) |
| 160 ); |
| 161 |
150 Common queries webtry.go will use: | 162 Common queries webtry.go will use: |
151 | 163 |
152 INSERT INTO webtry (code, hash) VALUES('int i = 0;...', 'abcdef...'); | 164 INSERT INTO webtry (code, hash) VALUES('int i = 0;...', 'abcdef...'); |
153 | 165 |
154 SELECT code, create_ts, hash FROM webtry WHERE hash='abcdef...'; | 166 SELECT code, create_ts, hash FROM webtry WHERE hash='abcdef...'; |
155 | 167 |
156 SELECT code, create_ts, hash FROM webtry ORDER BY create_ts DESC LIMIT 2; | 168 SELECT code, create_ts, hash FROM webtry ORDER BY create_ts DESC LIMIT 2; |
157 | 169 |
158 // To change the password for the webtry sql client: | 170 // To change the password for the webtry sql client: |
159 SET PASSWORD for 'webtry'@'%' = PASSWORD('<password is in valentine>'); | 171 SET PASSWORD for 'webtry'@'%' = PASSWORD('<password is in valentine>'); |
160 | 172 |
161 // Run before and after to confirm the password changed: | 173 // Run before and after to confirm the password changed: |
162 SELECT Host, User, Password FROM mysql.user; | 174 SELECT Host, User, Password FROM mysql.user; |
163 | 175 |
| 176 Common queries for workspaces: |
| 177 |
| 178 SELECT hash, create_ts FROM workspace ORDER BY create_ts DESC; |
| 179 |
| 180 INSERT INTO workspace (name, hash) VALUES('autumn-river-12354', 'abcdef...')
; |
| 181 |
| 182 SELECT name FROM workspace GROUP BY name; |
| 183 |
164 Password for the database will be stored in the metadata instance, if the | 184 Password for the database will be stored in the metadata instance, if the |
165 metadata server can't be found, i.e. running locally, then data will not be | 185 metadata server can't be found, i.e. running locally, then a local sqlite |
166 stored. To see the current password stored in metadata and the fingerprint: | 186 database will be used. To see the current password stored in metadata and the |
| 187 fingerprint: |
167 | 188 |
168 gcutil --project=google.com:skia-buildbots getinstance skia-webtry-b | 189 gcutil --project=google.com:skia-buildbots getinstance skia-webtry-b |
169 | 190 |
170 To set the mysql password that webtry is to use: | 191 To set the mysql password that webtry is to use: |
171 | 192 |
172 gcutil --project=google.com:skia-buildbots setinstancemetadata skia-webtr
y-b --metadata=password:'[mysql client webtry password]' --fingerprint=[some fin
gerprint] | 193 gcutil --project=google.com:skia-buildbots setinstancemetadata skia-webtr
y-b --metadata=password:'[mysql client webtry password]' --fingerprint=[some fin
gerprint] |
173 | 194 |
174 To retrieve the password from the running instance just GET the right URL from | 195 To retrieve the password from the running instance just GET the right URL from |
175 the metadata server: | 196 the metadata server: |
176 | 197 |
177 curl "http://metadata/computeMetadata/v1/instance/attributes/password" -H "X
-Google-Metadata-Request: True" | 198 curl "http://metadata/computeMetadata/v1/instance/attributes/password" -H "X
-Google-Metadata-Request: True" |
178 | 199 |
179 N.B. If you need to change the MySQL password that webtry uses, you must change | 200 N.B. If you need to change the MySQL password that webtry uses, you must change |
180 it both in MySQL and the value stored in the metadata server. | 201 it both in MySQL and the value stored in the metadata server. |
181 | 202 |
182 Installation | 203 Installation |
183 ------------ | 204 ------------ |
184 See the README file. | 205 See the README file. |
185 | 206 |
186 | 207 |
OLD | NEW |