Fix gnome keyring token encryption

calebkiage · calebkiage · commit ecf33c2e48e5 · 2022-03-24T13:49:52.000+03:00
diff --git a/.dockerignore b/.dockerignore
@@ -1,6 +1,6 @@
-/.git/
-/.github/
-/.vs/
-/.vscode/
-/src/[Bb]in/
-/src/[Oo]bj/
+**/.git/
+**/.github/
+**/.vs/
+**/.vscode/
+**/[Bb]in/
+**/[Oo]bj/
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,9 @@
-FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
+# To get around the bug in https://github.com/moby/buildkit/issues/1366 on windows hosts, you can either:
+#   1. Enable long file path support in windows
+#   2. Use the \\?\ prefix when specifying the path in the docker build command. e.g.
+#      docker build \\?\C:\path -f .\Dockerfile
+# See https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation
+FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS build-env
 
 ARG MS_NUGET_URL=https://nuget.pkg.github.com/microsoft/index.json
 ARG MSGRAPH_NUGET_URL=https://nuget.pkg.github.com/microsoftgraph/index.json
@@ -14,19 +19,34 @@ WORKDIR /app/msgraph-cli
 RUN dotnet nuget add source ${MS_NUGET_URL} -n ms-gh -u ${NUGET_USER} -p ${NUGET_PASSWORD} --store-password-in-clear-text &&\
     dotnet nuget add source ${MSGRAPH_NUGET_URL} -n msgraph-gh -u ${NUGET_USER} -p ${NUGET_PASSWORD} --store-password-in-clear-text
 
-RUN dotnet publish ./src/msgraph-cli.csproj --configuration Release --no-self-contained -p:PublishSingleFile=false -p:PublishReadyToRun=false
+RUN dotnet publish -p:PublishSingleFile=false -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true ./src/msgraph-cli.csproj --configuration Release --no-self-contained --runtime linux-musl-x64 --output /app/output
 
-FROM mcr.microsoft.com/dotnet/runtime:6.0 as runtime
+FROM mcr.microsoft.com/dotnet/runtime:6.0-alpine as runtime
+
+# Change this password by providing a different value when running the container
+ENV KEYRING_PASSWORD="password"
+
+RUN apk add --no-cache libsecret dbus gnome-keyring libcap &&\
+    dbus-uuidgen > /var/lib/dbus/machine-id &&\
+    setcap cap_ipc_lock=+ep $(which gnome-keyring-daemon)
+
+RUN addgroup mgc &&\
+    adduser -D -G mgc -h /app mgc
 
 WORKDIR /app
 
-COPY --from=build-env /app/msgraph-cli/src/bin/Release/net6.0/ ./dist
-RUN echo 'export PATH=$PATH:/app/dist' > /app/.bash_profile
+COPY --from=build-env /app/output ./dist
+
+RUN ln -s /app/dist/mgc /usr/bin/mgc
+
+USER mgc
+
+COPY --chown=mgc:mgc ./docker/* ./dist/
 
-ENV HOME=/app
+RUN chmod +x /app/dist/init.sh
 
 # CMD ["bash", "-l"]
-ENTRYPOINT ["/app/dist/mgc"]
+ENTRYPOINT ["./dist/init.sh"]
 
 LABEL description="# Welcome to the Microsoft Graph CLI  \
 [Source dockerfile](https://github.com/microsoftgraph/msgraph-cli/blob/main/Dockerfile)"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,8 @@
+version: '2'
+services:
+  mgc:
+    image: msgraph-cli
+    cap_add:
+    # https://man7.org/linux/man-pages/man7/capabilities.7.html
+    # 
+    - IPC_LOCK # Required by gnome-keyring daemon, the dbus secret service
diff --git a/docker/app-settings.json b/docker/app-settings.json
@@ -0,0 +1,7 @@
+{
+    "Logging": {
+        "LogLevel": {
+            "Default": "Debug"
+        }
+    }
+}
diff --git a/docker/init.sh b/docker/init.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env sh
+
+script="$0"
+DIR="$(dirname $script)"
+
+if ! pgrep -x "dbus-daemon" > /dev/null
+then
+    export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --fork --print-address)
+else
+    echo "dbus-daemon already running"
+fi
+
+dbus-run-session -- echo "$KEYRING_PASSWORD" | gnome-keyring-daemon --daemonize --components=secrets --unlock && $@
diff --git a/msgraph-cli-core b/msgraph-cli-core
@@ -1 +1 @@
-Subproject commit dc6cefcce50f695bf6ac4215b983fd8b6e05ae92
+Subproject commit d851735353dba6d43c0d4ab82f291779278374bc
diff --git a/src/Program.cs b/src/Program.cs
@@ -8,20 +8,14 @@
 using Microsoft.Graph.Cli.Core.Commands.Authentication;
 using Microsoft.Graph.Cli.Core.Configuration;
 using Microsoft.Graph.Cli.Core.IO;
-using Microsoft.Graph.Cli.Core.Utils;
-using Microsoft.Kiota.Abstractions;
 using Microsoft.Kiota.Authentication.Azure;
 using Microsoft.Kiota.Cli.Commons.IO;
 using Microsoft.Kiota.Http.HttpClientLibrary;
-using Microsoft.Kiota.Http.HttpClientLibrary.Middleware;
-using Microsoft.Kiota.Http.HttpClientLibrary.Middleware.Options;
 using System.CommandLine;
 using System.CommandLine.Builder;
 using System.CommandLine.Hosting;
 using System.CommandLine.Parsing;
 using System.IO;
-using System.Linq;
-using System.Net.Http;
 using System.Reflection;
 using System.Threading.Tasks;
 using System.Collections.Generic;
diff --git a/src/app-settings.sample.json b/src/app-settings.sample.json
@@ -1,6 +1,12 @@
 {
     "AuthenticationOptions": {
         "ClientId": "client id",
-        "TenantId": "tenant id"
+        "TenantId": "tenant id",
+        "AllowUnencryptedTokenCache": false
+    },
+    "Logging": {
+        "LogLevel": {
+            "Default": "Warning"
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,12 @@`
`1`	`1`	`{`
`2`	`2`	`"AuthenticationOptions": {`
`3`	`3`	`"ClientId": "client id",`
`4`		`- "TenantId": "tenant id"`
	`4`	`+ "TenantId": "tenant id",`
	`5`	`+ "AllowUnencryptedTokenCache": false`
	`6`	`+ },`
	`7`	`+ "Logging": {`
	`8`	`+ "LogLevel": {`
	`9`	`+ "Default": "Warning"`
	`10`	`+ }`
`5`	`11`	`}`
`6`	`12`	`}`