OLD | NEW |
1 Design | 1 Design |
2 ====== | 2 ====== |
3 | 3 |
4 | 4 |
5 Overview | 5 Overview |
6 -------- | 6 -------- |
7 Allows trying out Skia code in the browser. | 7 Allows trying out Skia code in the browser. |
8 | 8 |
9 | 9 |
10 Security | 10 Security |
(...skipping 18 matching lines...) Expand all Loading... |
29 * No preprocessor use is allowed (no lines can begin with #includes). | 29 * No preprocessor use is allowed (no lines can begin with #includes). |
30 | 30 |
31 | 31 |
32 Architecture | 32 Architecture |
33 ------------ | 33 ------------ |
34 | 34 |
35 | 35 |
36 The server runs on GCE, and consists of a Go Web Server that calls out to the | 36 The server runs on GCE, and consists of a Go Web Server that calls out to the |
37 c++ compiler and executes code in a chroot jail. See the diagram below: | 37 c++ compiler and executes code in a chroot jail. See the diagram below: |
38 | 38 |
39 | 39 +–––––––––––––+ |
40 +–––––––––––––+ | 40 | | |
41 | | | 41 | Browser | |
42 | Browser | | 42 | | |
43 | | | 43 +––––––+––––––+ |
44 +––––––+––––––+ | 44 | |
45 | | 45 +––––––+––––––+ |
46 +––––––+––––––+ | 46 | | |
47 | | | 47 | | |
48 | | | 48 | Web Server | |
49 | Web Server | | 49 | | |
50 | | | 50 | (Go) | |
51 | (Go) | | 51 | | |
52 | | | 52 | | |
53 | | | 53 +–––––––+–––––+ |
54 +–––––––+–––––+ | 54 | |
55 | | 55 +–––––––+––––––––––+ |
56 +–––––––+––––––––––+ | 56 | chroot jail | |
57 | chroot jail | | 57 | +––––––––––––––+| |
58 | +––––––––––––––+| | 58 | | seccomp || |
59 | | seccomp || | 59 | | +––––––––––+|| |
60 | | +––––––––––+|| | 60 | | |User code ||| |
61 | | |User code ||| | 61 | | | ||| |
62 | | | ||| | 62 | | +––––––––––+|| |
63 | | +––––––––––+|| | 63 | +––––––––––––––+| |
64 | +––––––––––––––+| | 64 | | |
65 | | | 65 +––––––––––––––––––+ |
66 +––––––––––––––––––+ | |
67 | |
68 | 66 |
69 The user code is expanded into a simple template and linked against libskia | 67 The user code is expanded into a simple template and linked against libskia |
70 and a couple other .o files that contain main() and the code that sets up the | 68 and a couple other .o files that contain main() and the code that sets up the |
71 seccomp and rlimit restrictions. This code also sets up the SkCanvas that is | 69 seccomp and rlimit restrictions. This code also sets up the SkCanvas that is |
72 handed to the user code. Any code the user submits is restricted to running in | 70 handed to the user code. Any code the user submits is restricted to running in |
73 a single function that looks like this: | 71 a single function that looks like this: |
74 | 72 |
75 | 73 |
76 void draw(SkCanvas* canvas) { | 74 void draw(SkCanvas* canvas) { |
77 // User code goes here. | 75 // User code goes here. |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
140 | 138 |
141 // If this gets changed also update the sqlite create statement in webtry.go
. | 139 // If this gets changed also update the sqlite create statement in webtry.go
. |
142 | 140 |
143 CREATE TABLE webtry ( | 141 CREATE TABLE webtry ( |
144 code TEXT DEFAULT '' NOT NULL, | 142 code TEXT DEFAULT '' NOT NULL, |
145 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, | 143 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
146 hash CHAR(64) DEFAULT '' NOT NULL, | 144 hash CHAR(64) DEFAULT '' NOT NULL, |
147 PRIMARY KEY(hash) | 145 PRIMARY KEY(hash) |
148 ); | 146 ); |
149 | 147 |
| 148 CREATE TABLE workspace ( |
| 149 name CHAR(64) DEFAULT '' NOT NULL, |
| 150 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
| 151 PRIMARY KEY(name) |
| 152 ); |
| 153 |
| 154 CREATE TABLE workspacetry ( |
| 155 name CHAR(64) DEFAULT '' NOT NULL, |
| 156 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
| 157 hash CHAR(64) DEFAULT '' NOT NULL, |
| 158 hidden INTEGER DEFAULT 0 NOT NULL, |
| 159 |
| 160 FOREIGN KEY (name) REFERENCES workspace(name) |
| 161 ); |
| 162 |
150 Common queries webtry.go will use: | 163 Common queries webtry.go will use: |
151 | 164 |
152 INSERT INTO webtry (code, hash) VALUES('int i = 0;...', 'abcdef...'); | 165 INSERT INTO webtry (code, hash) VALUES('int i = 0;...', 'abcdef...'); |
153 | 166 |
154 SELECT code, create_ts, hash FROM webtry WHERE hash='abcdef...'; | 167 SELECT code, create_ts, hash FROM webtry WHERE hash='abcdef...'; |
155 | 168 |
156 SELECT code, create_ts, hash FROM webtry ORDER BY create_ts DESC LIMIT 2; | 169 SELECT code, create_ts, hash FROM webtry ORDER BY create_ts DESC LIMIT 2; |
157 | 170 |
158 // To change the password for the webtry sql client: | 171 // To change the password for the webtry sql client: |
159 SET PASSWORD for 'webtry'@'%' = PASSWORD('<password is in valentine>'); | 172 SET PASSWORD for 'webtry'@'%' = PASSWORD('<password is in valentine>'); |
160 | 173 |
161 // Run before and after to confirm the password changed: | 174 // Run before and after to confirm the password changed: |
162 SELECT Host, User, Password FROM mysql.user; | 175 SELECT Host, User, Password FROM mysql.user; |
163 | 176 |
| 177 Common queries for workspaces: |
| 178 |
| 179 SELECT hash, create_ts FROM workspace ORDER BY create_ts DESC; |
| 180 |
| 181 INSERT INTO workspace (name, hash) VALUES('autumn-river-12354', 'abcdef...')
; |
| 182 |
| 183 SELECT name FROM workspace GROUP BY name; |
| 184 |
164 Password for the database will be stored in the metadata instance, if the | 185 Password for the database will be stored in the metadata instance, if the |
165 metadata server can't be found, i.e. running locally, then data will not be | 186 metadata server can't be found, i.e. running locally, then a local sqlite |
166 stored. To see the current password stored in metadata and the fingerprint: | 187 database will be used. To see the current password stored in metadata and the |
| 188 fingerprint: |
167 | 189 |
168 gcutil --project=google.com:skia-buildbots getinstance skia-webtry-b | 190 gcutil --project=google.com:skia-buildbots getinstance skia-webtry-b |
169 | 191 |
170 To set the mysql password that webtry is to use: | 192 To set the mysql password that webtry is to use: |
171 | 193 |
172 gcutil --project=google.com:skia-buildbots setinstancemetadata skia-webtr
y-b --metadata=password:'[mysql client webtry password]' --fingerprint=[some fin
gerprint] | 194 gcutil --project=google.com:skia-buildbots setinstancemetadata skia-webtr
y-b --metadata=password:'[mysql client webtry password]' --fingerprint=[some fin
gerprint] |
173 | 195 |
174 To retrieve the password from the running instance just GET the right URL from | 196 To retrieve the password from the running instance just GET the right URL from |
175 the metadata server: | 197 the metadata server: |
176 | 198 |
177 curl "http://metadata/computeMetadata/v1/instance/attributes/password" -H "X
-Google-Metadata-Request: True" | 199 curl "http://metadata/computeMetadata/v1/instance/attributes/password" -H "X
-Google-Metadata-Request: True" |
178 | 200 |
179 N.B. If you need to change the MySQL password that webtry uses, you must change | 201 N.B. If you need to change the MySQL password that webtry uses, you must change |
180 it both in MySQL and the value stored in the metadata server. | 202 it both in MySQL and the value stored in the metadata server. |
181 | 203 |
| 204 Workspaces |
| 205 ---------- |
| 206 |
| 207 Workspaces are implemented by the workspace and workspacetry tables. The |
| 208 workspace table keeps the unique list of all workspaces. The workspacetry table |
| 209 keeps track of all the tries that have occured in a workspace. Right now the |
| 210 hidden column of workspacetry is not used, it's for future functionality. |
| 211 |
182 Installation | 212 Installation |
183 ------------ | 213 ------------ |
184 See the README file. | 214 See the README file. |
185 | 215 |
186 | 216 |
OLD | NEW |