From 5c99b2c3f8c1fed3f84a135d581ea83ada29d9cf Mon Sep 17 00:00:00 2001 From: Stefan Tatschner Date: Wed, 5 Mar 2025 10:24:36 +0100 Subject: [PATCH 1/4] feat: Add a dowloader for the goepel g-api MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the proprietary software world… We are not allowed to ship this thing (to create the best user experience), but we are allowed to download it… Best: Only a creepy self extracting bash script is available that requires root permissions and so on. Just run this in a container and grab the extracted files. --- contrib/.gitignore | 1 + contrib/download-g-api.sh | 77 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 contrib/.gitignore create mode 100755 contrib/download-g-api.sh diff --git a/contrib/.gitignore b/contrib/.gitignore new file mode 100644 index 000000000..e2e7327cd --- /dev/null +++ b/contrib/.gitignore @@ -0,0 +1 @@ +/out diff --git a/contrib/download-g-api.sh b/contrib/download-g-api.sh new file mode 100755 index 000000000..efbbc1dd6 --- /dev/null +++ b/contrib/download-g-api.sh @@ -0,0 +1,77 @@ +#!/usr/bin/env bash + +set -eu + +# There is no API. If the download does not work any more (or if there are updates) +# please check this page: +# +# https://www.goepel.com/automotive-test-solutions/support/software/g-api-software +# +ARCHIVE_NAME="g-api-Setup-2.2.10974_Release_Linux.run.zip" +RUN_SCRIPT_NAME="${ARCHIVE_NAME%.*}" +DOWNLOAD_URL="https://www.goepel.com/fileadmin/files/ats/software/g-api/$ARCHIVE_NAME" + +is_running_under_podman() { + if [[ -n "${container:-}" && "$container" == "podman" ]]; then + return 0 + fi + return 1 +} + +main() { + # If this script is not running under podman, then spawn podman and run + # itself within the container. + + # Outside the container. + local extractdir + extractdir="/mnt$PWD/out" + if ! is_running_under_podman; then + podman run -it -v "$PWD:/mnt/$PWD" -w "/mnt/$PWD" --rm debian:trixie "$BASH_ARGV0" "$extractdir" + + # Exit the parent script outside the container. + exit + fi + + # Inside the container. + # Catch the directory from the commandline; supplied outside the container. + extractdir="$1" + + apt-get install -U -y curl unzip make pciutils xdg-user-dirs + + local tmpdir + tmpdir="$(mktemp -d)" + + cd "$tmpdir" + curl -L -o "$ARCHIVE_NAME" "$DOWNLOAD_URL" + + unzip "$ARCHIVE_NAME" + + if [[ ! -r "$RUN_SCRIPT_NAME" ]]; then + echo "error: $ARCHIVE_NAME is not there!" + exit 1 + fi + + chmod +x "$RUN_SCRIPT_NAME" + mkdir -p "$extractdir" + + echo "The goepel installer script is going to be executed now." + echo "This scipt will break your system and we do not recommend this to be run on a production system." + echo "For reference (especially point 1.4 and 1.5):" + echo "" + echo " https://wiki.debian.org/DontBreakDebian" + echo "" + echo "For this reason, the install script is run in a podman container." + echo "The installer will fail but it extracts the library and .so files." + + "./$RUN_SCRIPT_NAME" --target "$extractdir" > "$extractdir/installer.log" 2>&1 || true + + mkdir -p "$extractdir/lib" + cd "$extractdir/lib" + tar -xvf "../bin/g_api_lib.tar.gz" + + echo "The extracted library will be available in: $extractdir" + echo "Headers are in: $extractdir/bin" + echo "Shared objects are in: $extractdir/lib" +} + +main "$@" From 4c80ea218b77f743012a994be5e0f6a96e324ae2 Mon Sep 17 00:00:00 2001 From: Stefan Tatschner Date: Thu, 6 Mar 2025 15:48:37 +0100 Subject: [PATCH 2/4] feat: Add a script to start the gapi service in a sandbox MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This runs the gapi service in a user_namespace where the service thinks it is root … but it is not. --- contrib/start-g-api.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100755 contrib/start-g-api.sh diff --git a/contrib/start-g-api.sh b/contrib/start-g-api.sh new file mode 100755 index 000000000..05cdb4a11 --- /dev/null +++ b/contrib/start-g-api.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +set -eu + +if [[ "$#" != 1 ]]; then + echo "usage: $BASH_ARGV0 GAPID_PATH" + exit 1 +fi + +GAPID_PATH="$(realpath "$1")" + +systemd-run \ + --service-type=forking \ + -p "PrivateTmp=true" \ + -p "ProtectSystem=strict" \ + -p "PrivateUsers=true" \ + --unit "gapid.service" \ + --user \ + --collect \ + unshare --map-root-user -- "$GAPID_PATH" -s 7 + +echo 'goepel gapid is running. Stop with "systemctl --user stop gapid.service"'. From fb141930b378931442e0b9f9a7302573f8e4af19 Mon Sep 17 00:00:00 2001 From: Stefan Tatschner Date: Thu, 6 Mar 2025 16:20:40 +0100 Subject: [PATCH 3/4] chore: Use REUSE.toml to specify dependencies with wildcards --- .readthedocs.yaml | 13 ------------- .readthedocs.yaml.license | 3 --- REUSE.toml | 6 ++++++ contrib/download-g-api.sh | 4 ++++ contrib/start-g-api.sh | 4 ++++ tests/bats/testfiles/log-01.json.zst.license | 3 --- uv.lock.license | 3 --- 7 files changed, 14 insertions(+), 22 deletions(-) delete mode 100644 .readthedocs.yaml delete mode 100644 .readthedocs.yaml.license create mode 100644 REUSE.toml delete mode 100644 tests/bats/testfiles/log-01.json.zst.license delete mode 100644 uv.lock.license diff --git a/.readthedocs.yaml b/.readthedocs.yaml deleted file mode 100644 index 53907816d..000000000 --- a/.readthedocs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# https://docs.readthedocs.io/en/stable/build-customization.html#install-dependencies-with-poetry -version: 2 - -build: - os: "ubuntu-22.04" - tools: - python: "3.10" - commands: - - curl -sSL https://install.python-poetry.org | python3 - - - $HOME/.local/bin/poetry install - - $HOME/.local/bin/poetry run make docs - - mkdir _readthedocs - - mv docs/_build/html _readthedocs diff --git a/.readthedocs.yaml.license b/.readthedocs.yaml.license deleted file mode 100644 index 75b05f631..000000000 --- a/.readthedocs.yaml.license +++ /dev/null @@ -1,3 +0,0 @@ -SPDX-FileCopyrightText: AISEC Pentesting Team - -SPDX-License-Identifier: CC0-1.0 diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 000000000..9e57f2b53 --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,6 @@ +version = 1 + +[[annotations]] +path = ["**/.gitignore", "**/*.lock", ".python-version", "tests/bats/testfiles/*"] +SPDX-FileCopyrightText = "AISEC Pentesting Team" +SPDX-License-Identifier = "CC0-1.0" diff --git a/contrib/download-g-api.sh b/contrib/download-g-api.sh index efbbc1dd6..34eede6d3 100755 --- a/contrib/download-g-api.sh +++ b/contrib/download-g-api.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# SPDX-FileCopyrightText: AISEC Pentesting Team +# +# SPDX-License-Identifier: Apache-2.0 +# set -eu # There is no API. If the download does not work any more (or if there are updates) diff --git a/contrib/start-g-api.sh b/contrib/start-g-api.sh index 05cdb4a11..d9f572be7 100755 --- a/contrib/start-g-api.sh +++ b/contrib/start-g-api.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# SPDX-FileCopyrightText: AISEC Pentesting Team +# +# SPDX-License-Identifier: Apache-2.0 + set -eu if [[ "$#" != 1 ]]; then diff --git a/tests/bats/testfiles/log-01.json.zst.license b/tests/bats/testfiles/log-01.json.zst.license deleted file mode 100644 index 75b05f631..000000000 --- a/tests/bats/testfiles/log-01.json.zst.license +++ /dev/null @@ -1,3 +0,0 @@ -SPDX-FileCopyrightText: AISEC Pentesting Team - -SPDX-License-Identifier: CC0-1.0 diff --git a/uv.lock.license b/uv.lock.license deleted file mode 100644 index 75b05f631..000000000 --- a/uv.lock.license +++ /dev/null @@ -1,3 +0,0 @@ -SPDX-FileCopyrightText: AISEC Pentesting Team - -SPDX-License-Identifier: CC0-1.0 From 010940f039093b7d2640918b6692ece667ef4181 Mon Sep 17 00:00:00 2001 From: Stefan Tatschner Date: Thu, 6 Mar 2025 16:29:10 +0100 Subject: [PATCH 4/4] chore: Restructure transports directory structure to separate vendors --- src/gallia/commands/script/flexray.py | 4 ++-- src/gallia/transports/__init__.py | 2 +- src/gallia/transports/vector/__init__.py | 4 ++++ src/gallia/transports/{ => vector}/_ctypes_vector_xl.py | 0 .../transports/{ => vector}/_ctypes_vector_xl_wrapper.py | 0 .../transports/{flexray_vector.py => vector/flexray.py} | 3 ++- 6 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 src/gallia/transports/vector/__init__.py rename src/gallia/transports/{ => vector}/_ctypes_vector_xl.py (100%) rename src/gallia/transports/{ => vector}/_ctypes_vector_xl_wrapper.py (100%) rename src/gallia/transports/{flexray_vector.py => vector/flexray.py} (99%) diff --git a/src/gallia/commands/script/flexray.py b/src/gallia/commands/script/flexray.py index e57a5a182..e8fc3bcda 100644 --- a/src/gallia/commands/script/flexray.py +++ b/src/gallia/commands/script/flexray.py @@ -12,8 +12,8 @@ assert sys.platform == "win32" from gallia.command import AsyncScript, Script -from gallia.transports._ctypes_vector_xl_wrapper import FlexRayCtypesBackend -from gallia.transports.flexray_vector import FlexRayFrame, RawFlexRayTransport, parse_frame_type +from gallia.transports.vector._ctypes_vector_xl_wrapper import FlexRayCtypesBackend +from gallia.transports.vector.flexray import FlexRayFrame, RawFlexRayTransport, parse_frame_type class FRDumpConfig(AsyncScriptConfig): diff --git a/src/gallia/transports/__init__.py b/src/gallia/transports/__init__.py index be50b33b3..b2c42f712 100644 --- a/src/gallia/transports/__init__.py +++ b/src/gallia/transports/__init__.py @@ -46,7 +46,7 @@ if sys.platform == "win32": - from gallia.transports.flexray_vector import FlexRayTPLegacyTransport, RawFlexRayTransport + from gallia.transports.vector.flexray import FlexRayTPLegacyTransport, RawFlexRayTransport registry.append(RawFlexRayTransport) registry.append(FlexRayTPLegacyTransport) diff --git a/src/gallia/transports/vector/__init__.py b/src/gallia/transports/vector/__init__.py new file mode 100644 index 000000000..6cda24b96 --- /dev/null +++ b/src/gallia/transports/vector/__init__.py @@ -0,0 +1,4 @@ +# SPDX-FileCopyrightText: AISEC Pentesting Team +# +# SPDX-License-Identifier: Apache-2.0 + diff --git a/src/gallia/transports/_ctypes_vector_xl.py b/src/gallia/transports/vector/_ctypes_vector_xl.py similarity index 100% rename from src/gallia/transports/_ctypes_vector_xl.py rename to src/gallia/transports/vector/_ctypes_vector_xl.py diff --git a/src/gallia/transports/_ctypes_vector_xl_wrapper.py b/src/gallia/transports/vector/_ctypes_vector_xl_wrapper.py similarity index 100% rename from src/gallia/transports/_ctypes_vector_xl_wrapper.py rename to src/gallia/transports/vector/_ctypes_vector_xl_wrapper.py diff --git a/src/gallia/transports/flexray_vector.py b/src/gallia/transports/vector/flexray.py similarity index 99% rename from src/gallia/transports/flexray_vector.py rename to src/gallia/transports/vector/flexray.py index 9248653f4..00672bee7 100644 --- a/src/gallia/transports/flexray_vector.py +++ b/src/gallia/transports/vector/flexray.py @@ -17,7 +17,8 @@ from pydantic import BaseModel, ConfigDict, field_validator from gallia.log import get_logger -from gallia.transports import BaseTransport, TargetURI, _ctypes_vector_xl, _ctypes_vector_xl_wrapper +from gallia.transports import BaseTransport, TargetURI +from gallia.transports.vector import _ctypes_vector_xl, _ctypes_vector_xl_wrapper from gallia.utils import auto_int assert sys.platform == "win32", "unsupported platform"