Merge pull request #7398 from jandubois/vendor-sudo-prompt

Import sudo-prompt module into our repo

.github/actions/spelling/excludes.txt

@@ -89,6 +89,7 @@
 ^\QSECURITY.md\E$
 ^pkg/rancher-desktop/assets/scripts/logrotate-k3s$
 ^pkg/rancher-desktop/assets/scripts/logrotate-lima-guestagent$
+^pkg/rancher-desktop/sudo-prompt/
 ignore$
 /translations/(?!en)
 ^\Qpkg/rancher-desktop/router.js\E$

jest.config.js

@@ -30,5 +30,9 @@ module.exports = {
   setupFiles: [
     '<rootDir>/pkg/rancher-desktop/utils/testUtils/setupElectron.ts',
   ],
-  testEnvironment: 'jsdom',
+  testEnvironment:        'jsdom',
+  testPathIgnorePatterns: [
+    '<rootDir>/node_modules/',
+    '<rootDir>/pkg/rancher-desktop/sudo-prompt/',
+  ],
 };

package.json

@@ -76,7 +76,6 @@
     "proxy-agent": "^6.4.0",
     "rancher-icons": "rancher/icons#v2.0.21",
     "semver": "7.6.3",
-    "sudo-prompt": "9.2.1",
     "tar-stream": "3.1.7",
     "ufo": "1.5.4",
     "unfetch": "4.2.0",

pkg/rancher-desktop/backend/lima.ts

@@ -15,7 +15,6 @@ import merge from 'lodash/merge';
 import omit from 'lodash/omit';
 import zip from 'lodash/zip';
 import semver from 'semver';
-import sudo from 'sudo-prompt';
 import tar from 'tar-stream';
 import yaml from 'yaml';
 
@@ -41,6 +40,7 @@ import NGINX_CONF from '@pkg/assets/scripts/nginx.conf';
 import { ContainerEngine, MountType, VMType } from '@pkg/config/settings';
 import { getServerCredentialsPath, ServerState } from '@pkg/main/credentialServer/httpCredentialHelperServer';
 import mainEvents from '@pkg/main/mainEvents';
+import { exec as sudo } from '@pkg/sudo-prompt';
 import * as childProcess from '@pkg/utils/childProcess';
 import clone from '@pkg/utils/clone';
 import DockerDirManager from '@pkg/utils/dockerDirManager';
@@ -1383,7 +1383,7 @@ export default class LimaBackend extends events.EventEmitter implements VMBacken
     await new Promise<void>((resolve, reject) => {
       const iconPath = path.join(paths.resources, 'icons', 'logo-square-512.png');
 
-      sudo.exec(command, { name: 'Rancher Desktop', icns: iconPath }, (error, stdout, stderr) => {
+      sudo(command, { name: 'Rancher Desktop', icns: iconPath }, (error, stdout, stderr) => {
         if (stdout) {
           console.log(`Prompt for sudo: stdout: ${ stdout }`);
         }

pkg/rancher-desktop/sudo-prompt/CHANGELOG.md

@@ -0,0 +1,143 @@
+## [9.2.0] 2020-04-29
+
+### Fixed
+
+- Update TypeScript types to accommodate recent changes, see
+[#117](https://github.com/jorangreef/sudo-prompt/issues/117).
+
+## [9.1.0] 2019-11-13
+
+### Added
+
+- Add TypeScript types.
+
+## [9.0.0] 2019-06-03
+
+### Changed
+
+- Make cross-platform `stdout`, `stderr` behavior consistent, see
+[#89](https://github.com/jorangreef/sudo-prompt/issues/89).
+
+- Preserve current working directory on all platforms.
+
+- Improve kdesudo dialog appearance.
+
+### Added
+
+- Add `options.env` to set environment variables on all platforms, see
+[#91](https://github.com/jorangreef/sudo-prompt/issues/91).
+
+### Fixed
+
+- Always return PERMISSION_DENIED as an Error object.
+
+- Support multiple commands separated by semicolons on Linux, see
+[#39](https://github.com/jorangreef/sudo-prompt/issues/39).
+
+- Distinguish between elevation errors and command errors on Linux, see
+[#88](https://github.com/jorangreef/sudo-prompt/issues/88).
+
+- Fix Windows to return `PERMISSION_DENIED` Error even when Windows' error
+messages are internationalized, see 
+[#96](https://github.com/jorangreef/sudo-prompt/issues/96).
+
+## [8.2.5] 2018-12-12
+
+### Fixed
+
+- Whitelist package.json files.
+
+## [8.2.4] 2018-12-12
+
+### Added
+
+- A CHANGELOG.md file, see
+[#78](https://github.com/jorangreef/sudo-prompt/issues/78).
+
+## [8.2.3] 2018-09-11
+
+### Fixed
+
+- README: Link to concurrency discussion.
+
+## [8.2.2] 2018-09-11
+
+### Fixed
+
+- README: Details on concurrency.
+
+## [8.2.1] 2018-09-11
+
+### Fixed
+
+- A rare idempotency edge case where a command might have been run more than
+once, given a very specific OS environment setup.
+
+## [8.2.0] 2018-03-22
+
+### Added
+
+- Windows: Fix `cd` when `cwd` is on another drive, see
+[#70](https://github.com/jorangreef/sudo-prompt/issues/70).
+
+## [8.1.0] 2018-01-10
+
+### Added
+
+- Linux: Increase `maxBuffer` limit to 128 MiB, see
+[#66](https://github.com/jorangreef/sudo-prompt/issues/66).
+
+## [8.0.0] 2018-11-02
+
+### Changed
+
+- Windows: Set code page of command batch script to UTF-8.
+
+## [7.1.1] 2017-07-18
+
+### Fixed
+
+- README: Explicitly mention that no child process is returned.
+
+## [7.0.0] 2017-03-15
+
+### Changed
+
+- Add status code to errors on Windows and macOS.
+
+## [6.2.1] 2016-12-16
+
+### Fixed
+
+- README: Syntax highlighting.
+
+## [6.2.0] 2016-08-17
+
+### Fixed
+
+- README: Rename OS X to macOS.
+
+## [6.1.0] 2016-08-02
+
+### Added
+
+- Yield an error if no polkit authentication agent is found, see
+[#29](https://github.com/jorangreef/sudo-prompt/issues/29).
+
+## [6.0.2] 2016-07-21
+
+### Fixed
+
+- README: Update explanation of Linux behavior.
+
+## [6.0.1] 2016-07-15
+
+### Fixed
+
+- Update keywords in package.json.
+
+## [6.0.0] 2016-07-15
+
+### Changed
+
+- Add support for Windows.

pkg/rancher-desktop/sudo-prompt/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Joran Dirk Greef
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

pkg/rancher-desktop/sudo-prompt/README.md

@@ -0,0 +1,62 @@
+# sudo-prompt
+
+Run a non-graphical terminal command using `sudo`, prompting the user with a graphical OS dialog if necessary. Useful for background Node.js applications or native Electron apps that need `sudo`.
+
+## Cross-Platform
+`sudo-prompt` provides a native OS dialog prompt on **macOS**, **Linux** and **Windows**.
+
+![macOS](https://raw.githubusercontent.com/jorangreef/sudo-prompt/master/macos.png)
+
+![Linux](https://raw.githubusercontent.com/jorangreef/sudo-prompt/master/linux.png)
+
+![Windows](https://raw.githubusercontent.com/jorangreef/sudo-prompt/master/windows.png)
+
+## Installation
+`sudo-prompt` has no external dependencies and does not require any native bindings.
+```
+npm install sudo-prompt
+```
+
+## Usage
+Note: Your command should not start with the `sudo` prefix.
+```javascript
+var sudo = require('sudo-prompt');
+var options = {
+  name: 'Electron',
+  icns: '/Applications/Electron.app/Contents/Resources/Electron.icns', // (optional)
+};
+sudo.exec('echo hello', options,
+  function(error, stdout, stderr) {
+    if (error) throw error;
+    console.log('stdout: ' + stdout);
+  }
+);
+```
+
+`sudo-prompt` will use `process.title` as `options.name` if `options.name` is not provided. `options.name` must be alphanumeric only (spaces are supported) and at most 70 characters.
+
+`sudo-prompt` will preserve the current working directory on all platforms. Environment variables can be set explicitly using `options.env`.
+
+**`sudo-prompt.exec()` is different to `child-process.exec()` in that no child process is returned (due to platform and permissions constraints).**
+
+## Behavior
+On macOS, `sudo-prompt` should behave just like the `sudo` command in the shell. If your command does not work with the `sudo` command in the shell (perhaps because it uses `>` redirection to a restricted file), then it may not work with `sudo-prompt`. However, it is still possible to use sudo-prompt to get a privileged shell, [see this closed issue for more information](https://github.com/jorangreef/sudo-prompt/issues/1).
+
+On Linux, `sudo-prompt` will use either `pkexec` or `kdesudo` to show the password prompt and run your command. Where possible, `sudo-prompt` will try and get these to mimic `sudo`. Depending on which binary is used, and due to the limitations of some binaries, the name of your program or the command itself may be displayed to your user. `sudo-prompt` will not use `gksudo` since `gksudo` does not support concurrent prompts. Passing `options.icns` is currently not supported by `sudo-prompt` on Linux. Patches are welcome to add support for icons based on `polkit`.
+
+On Windows, `sudo-prompt` will elevate your command using User Account Control (UAC). Passing `options.name` or `options.icns` is currently not supported by `sudo-prompt` on Windows.
+
+## Non-graphical terminal commands only
+Just as you should never use `sudo` to launch any graphical applications, you should never use `sudo-prompt` to launch any graphical applications. Doing so could cause files in your home directory to become owned by root. `sudo-prompt` is explicitly designed to launch non-graphical terminal commands. For more information, [read this post](http://www.psychocats.net/ubuntu/graphicalsudo).
+
+## Concurrency
+On systems where the user has opted to have `tty-tickets` enabled (most systems), each call to `exec()` will result in a separate password prompt. Where `tty-tickets` are disabled, subsequent calls to `exec()` will still require a password prompt, even where the user's `sudo` timestamp file remains valid, due to edge cases with `sudo` itself, [see this discussion for more information](https://github.com/jorangreef/sudo-prompt/pull/76).
+
+You should never rely on `sudo-prompt` to execute your calls in order. If you need to enforce ordering of calls, then you should explicitly order your calls in your application. Where your commands are short-lived, you should always queue your calls to `exec()` to make sure your user is not overloaded with password prompts.
+
+## Invalidating the timestamp
+On macOS and Linux, you can invalidate the user's `sudo` timestamp file to force the prompt to appear by running the following command in your terminal:
+
+```sh
+$ sudo -k
+```

pkg/rancher-desktop/sudo-prompt/index.d.ts

@@ -0,0 +1,4 @@
+export function exec(cmd: string,
+        options?: ((error?: Error, stdout?: string | Buffer, stderr?: string | Buffer) => void)
+                | { name?: string, icns?: string, env?: { [key: string]: string } },
+        callback?: (error?: Error, stdout?: string | Buffer, stderr?: string | Buffer) => void): void;