feat: Implement loading of extensions from config files

[guanzi008]

Implement loading of extensions from config files
实现从配置文件加载扩展

[deepin-ci-robot]

Hi @guanzi008. Thanks for your PR.

I'm waiting for a OpenAtom-Linyaps member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

❌ Patch coverage is 0.07474% with 1337 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
apps/ll-cli/src/main.cpp	0.00%	751 Missing ⚠️
libs/linglong/src/linglong/runtime/run_context.cpp	0.00%	560 Missing ⚠️
...g/src/linglong/package_manager/package_manager.cpp	3.70%	26 Missing ⚠️

Files with missing lines	Coverage Δ
...linglong/src/linglong/builder/linglong_builder.cpp	2.39% <ø> (+0.01%)	⬆️
libs/linglong/src/linglong/cli/cli.cpp	1.04% <ø> (+<0.01%)	⬆️
...ong/src/linglong/package_manager/package_manager.h	0.00% <ø> (ø)
libs/linglong/src/linglong/runtime/run_context.h	22.22% <ø> (ø)
...g/src/linglong/package_manager/package_manager.cpp	1.15% <3.70%> (-0.01%)	⬇️
libs/linglong/src/linglong/runtime/run_context.cpp	0.10% <0.00%> (-0.15%)	⬇️
apps/ll-cli/src/main.cpp	0.00% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: guanzi008

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: guanzi008

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[guanzi008]

1) 全局扩展

ll-cli config set-extensions --global org.demo.ExtA,org.demo.ExtB
cat ~/.config/linglong/config.json

2) 应用扩展覆盖

ll-cli config set-extensions org.deepin.AppX org.demo.AppXExt
cat ~/.config/linglong/apps/org.deepin.AppX/config.json

3) 环境变量

ll-cli config set-env org.deepin.AppX LANG=zh_CN.UTF-8 PATH+=/opt/appx/bin

4) 文件系统映射

ll-cli config add-fs org.deepin.AppX --host ~/Downloads --target /data --mode rw --persist
ll-cli config rm-fs org.deepin.AppX --target /data

5) 命令设置

ll-cli config set-command org.deepin.AppX myapp --entrypoint /opt/my/bin/myapp --cwd /work --args-prefix "--safe -v" --args-suffix "--log debug" QT_QPA_PLATFORM=wayland

ll-cli config 支持维护沙箱 allowlist：新增 add-fs-allow、rm-fs-allow、clear-fs-allow 子命令，

[myml]

翻译文件不要更新

[guanzi008]

好，回退了。

[myml]

建议整理一下，命令不要加Ll这种奇怪的前缀

[guanzi008]

好的。

[myml]

有一些配置项好像没用到，如果还没有实现功能，就先把配置项去掉

[guanzi008]

这个是准备把配置写到应用的linglong.yaml
就是这里也可以写配置。
这只是我的一种尝试。
都没验证有没有效果。。

[guanzi008]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: the ll-cli config command, which allows users to manage configurations for applications and bases. This enhances control over the runtime environment by enabling customization of extensions, environment variables, and filesystem mounts. The implementation includes schema updates, a dedicated parser for the new config command, and runtime logic to load and merge these configurations.

My review focuses on improving the robustness and maintainability of the new C++ code. The key suggestions include refactoring the manual command-line parsing to use the existing CLI11 framework, adding critical exception handling for user input, simplifying file I/O logic, and reducing code duplication. Addressing these points will make this valuable new feature more robust and easier to maintain.

[gemini-code-assist]

The use of std::stoul to parse an index from command-line arguments is not wrapped in a try-catch block. If the user provides an invalid number (e.g., a non-numeric string), std::stoul will throw an exception (std::invalid_argument or std::out_of_range), causing the program to terminate unexpectedly. Please add error handling to manage invalid input gracefully. For example:

try {
    index = static_cast<size_t>(std::stoul(mainArgv[++i]));
} catch (const std::exception& e) {
    fprintf(stderr, "Invalid index value: %s\n", mainArgv[i]);
    return 1;
}

[gemini-code-assist]

The use of std::stoul to parse an index from command-line arguments is not wrapped in a try-catch block. If the user provides an invalid number (e.g., a non-numeric string), std::stoul will throw an exception (std::invalid_argument or std::out_of_range), causing the program to terminate unexpectedly. Please add error handling to manage invalid input gracefully. For example:

try {
    index = static_cast<size_t>(std::stoul(mainArgv[++i]));
} catch (const std::exception& e) {
    fprintf(stderr, "Invalid index value: %s\n", mainArgv[i]);
    return 1;
}

[gemini-code-assist]

The logic for retrying rename is confusing and potentially buggy. std::filesystem::rename should atomically replace the destination file if it exists. The retry logic with remove is unnecessary for atomic file updates within the same filesystem and can mask the original error. A single rename call is sufficient and clearer.

[gemini-code-assist]

The implementation of the config subcommand and its options is done through a large block of manual argument parsing, separate from the CLI11 library used for other commands. This approach is less maintainable and more error-prone than using the features of the CLI library. It would be better to define the config command and its subcommands using CLI11 to ensure consistent behavior, better error handling, and improved maintainability. This would also centralize all command-line parsing logic.

[gemini-code-assist]

The logic to ensure the persistent directory exists is overly complicated and contains buggy error handling. std::filesystem::create_directories is recursive, so there's no need for a fallback to create parent directories. The usage of std::error_code is also incorrect, as it's not cleared before every call that can set it. The entire block can be simplified significantly.

            std::error_code ec;
            std::filesystem::create_directories(hostPath, ec);
            if (ec) {
                qWarning() << "failed to prepare persist directory for"
                           << QString::fromStdString(host) << ":" << ec.message().c_str();
                continue;
            }

[gemini-code-assist]

The logic for merging the PATH environment variable is duplicated in the common environment setup and again in the command-level settings block. This duplication makes the code harder to maintain. Consider extracting this logic into a helper function that takes the existing PATH components and the new components to be added, and returns the merged PATH string. This would improve readability and reduce redundancy.

[gemini-code-assist]

Code Review

This pull request introduces a powerful configuration system for ll-cli, allowing users to customize environments, filesystem mounts, and command behavior. The implementation is extensive, touching schema definitions, CLI argument parsing, and runtime context creation. The core logic for merging configurations from different sources (global, base, app, and package-provided) is well-thought-out. However, the manual command-line parsing for the new config command is a significant maintainability concern and should be refactored. There are also some correctness and efficiency issues that need to be addressed.

[gemini-code-assist]

std::stoul can throw std::invalid_argument or std::out_of_range if the input string is not a valid number, which will cause the program to terminate. You should wrap this call in a try-catch block to handle potential exceptions gracefully and provide a user-friendly error message.

} else if (a == "--index" && i + 1 < argc) {
    try {
        index = static_cast<size_t>(std::stoul(mainArgv[++i]));
    } catch (const std::exception &e) {
        fprintf(stderr, "Invalid index value: %s\n", mainArgv[i]);
        return 1;
    }
}

[gemini-code-assist]

std::stoul can throw an exception if the input is not a valid number, which will crash the application. This should be wrapped in a try-catch block for robust error handling.

} else if (a == "--index" && i + 1 < argc) {
    try {
        index = static_cast<size_t>(std::stoul(mainArgv[++i]));
    } catch (const std::exception &e) {
        fprintf(stderr, "Invalid index value: %s\n", mainArgv[i]);
        return 1;
    }
}

[gemini-code-assist]

The entire config subcommand and its arguments are parsed manually. This large block of code is difficult to read, maintain, and extend. It would be much better to integrate this as a subcommand within the CLI11 framework, which is already used for other commands. This would simplify argument parsing, improve readability, and make the help messages more consistent.

[gemini-code-assist]

Using std::find on a std::vector inside a loop to check for duplicates has a time complexity of O(N), making the overall loop O(N^2). For better performance, you could use a std::unordered_set to keep track of the extensions that have already been added. Also, the comment on line 76 is in Chinese and should be translated to English for consistency.

[gemini-code-assist]

Using std::find on a std::vector inside a loop to check for duplicates is inefficient (O(N^2) complexity). Using a std::unordered_set to track existing extensions would be more performant.

[gemini-code-assist]

The logic to create directories for persistent mounts is overly complex. std::filesystem::create_directories already creates all necessary parent directories, so the nested checks and attempts to create parent directories separately are redundant. This can be simplified to a single call to create_directories followed by error checking.

            std::error_code ec;
            std::filesystem::path hostPath(host);
            std::filesystem::create_directories(hostPath, ec);
            if (ec) {
                qWarning() << "failed to prepare persist directory for"
                           << QString::fromStdString(host) << ":" << ec.message().c_str();
                continue;
            }

[gemini-code-assist]

The logic for handling PATH variable concatenation is complex and is duplicated later in the file (lines 1090-1136). This should be extracted into a helper function to improve readability and reduce code duplication. The function could take the current environment maps and the key-value pairs, and return the updated environment map.

[guanzi008]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature for managing application configurations via ll-cli config commands and loading extensions from these configuration files at runtime. The implementation is extensive, adding JSON-based configuration handling, command-line interface extensions using CLI11, and runtime logic to apply these configurations. My review focuses on improving maintainability by reducing code duplication, enhancing error handling, and making the CLI more robust and user-friendly. Overall, this is a solid addition, and the feedback aims to refine the implementation.

[gemini-code-assist]

The catch (...) block is too broad. It catches all exceptions, including system errors, which can hide important issues and make debugging difficult. It's better to catch specific exceptions, like nlohmann::json::exception for JSON parsing errors, and log a more informative message.

    } catch (const json::exception& e) {
        fprintf(stderr, "JSON parsing error in %s: %s\n", p.string().c_str(), e.what());
        return std::nullopt;
    } catch (const std::exception& e) {
        fprintf(stderr, "Error reading %s: %s\n", p.string().c_str(), e.what());
        return std::nullopt;
    }

[gemini-code-assist]

The code for populating JSON arrays from vectors can be simplified. The nlohmann::json library can directly convert std::vector<std::string> to a JSON array, which makes the code more concise and readable.

    if (!a.argsPrefix.empty()) {
        node["args_prefix"] = a.argsPrefix;
    }

[gemini-code-assist]

The logic for parsing and setting environment variables from a vector of "KEY=VALUE" strings is duplicated here and in the jsonSetEnv function. This duplicated code should be extracted into a common helper function to improve maintainability and reduce redundancy.

[gemini-code-assist]

This function loadCliConfigFromPackage is a stub and always returns std::nullopt. If loading configuration from a package is a planned feature, it should be implemented. If not, this stub and its call site in openConfig should be removed to avoid dead code.

[gemini-code-assist]

This C++ file uses the C-style I/O function fprintf. For consistency with the rest of the C++ codebase, which uses std::cout, it's better to use C++ streams like std::cerr for error reporting.

        std::cerr << "invalid config path\n";

[gemini-code-assist]

This line is redundant. The default_str("ro") call on the --mode option already ensures that fs->mode will be "ro" if the option is not provided by the user. Removing this line makes the code cleaner.

[gemini-code-assist]

The --target and --index options are meant to be mutually exclusive, as suggested by the help text (--target PATH | --index N). However, the current implementation doesn't enforce this, leading to potentially confusing behavior. It's better to use CLI11's excludes() feature to enforce mutual exclusion and require_option(1) to ensure at least one is provided. This will make the command-line interface more robust and user-friendly. The manual check in the callback can then be removed.

        auto *targetOpt = sub->add_option("--target", *target, _("Target path inside container"));
        auto *indexOpt = sub->add_option("--index", *index, _("Index of entry in list"));
        targetOpt->excludes(indexOpt);
        sub->require_option(1);

[gemini-code-assist]

There is significant code duplication for configuration file handling logic between this file (e.g., configBasesUserFirst) and apps/ll-cli/src/main.cpp (e.g., getBaseConfigDir). This duplicated code for discovering configuration directories should be extracted into a shared utility function to improve maintainability and reduce redundancy.

[gemini-code-assist]

The catch (...) block is too broad. It swallows all exceptions without logging, which can hide problems like malformed JSON files. It's better to catch specific exceptions (e.g., nlohmann::json::exception) and log the error for easier debugging.

        } catch (const nlohmann::json::exception& e) {
            qWarning() << "Failed to parse JSON from " << p.c_str() << ":" << e.what();
        } catch (const std::exception& e) {
            qWarning() << "Failed to read file " << p.c_str() << ":" << e.what();
        }

[guanzi008]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: managing configurations for ll-cli via a new config subcommand and loading extensions from these configuration files. The implementation is extensive and well-structured. The new config command provides a comprehensive set of tools for managing application, base, and global settings. The logic for loading and merging configurations, and for resolving extensions, seems correct and follows a reasonable priority order.

My main feedback is about improving the robustness of the JSON file handling by using more specific exception catches instead of broad catch (...) blocks. This will make the code safer and easier to debug.

[gemini-code-assist]

The catch (...) block is too broad. It can hide unexpected errors, making debugging more difficult. It's better to catch specific exceptions, like nlohmann::json::exception for JSON errors.

    } catch (const nlohmann::json::exception&) {
        return std::nullopt;
    }

[gemini-code-assist]

Similar to the other comment, this catch (...) block is too broad. It can hide various errors during file operations (e.g., I/O errors, filesystem errors from rename). Catching const std::exception& would be more specific and safer.

    } catch (const std::exception&) {
        return false;
    }

[gemini-code-assist]

The catch (...) block is too broad and silently ignores all errors, which can make debugging very hard. It's better to catch specific exceptions, like nlohmann::json::exception, and log a warning. The code already uses qWarning for logging in this file, so it would be consistent to use it here as well. This pattern of broad, silent catches is repeated in loadExtensionsFromBase (line 151) and the readIfExists lambda (line 178).

        } catch (const nlohmann::json::exception &e) {
            // ignore parse failures or missing files, but log a warning for easier debugging.
            qWarning() << "Failed to parse JSON from" << p.c_str() << ":" << e.what();
        }

[guanzi008]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive configuration system for ll-cli, enabling fine-grained control over sandbox permissions and runtime behavior through JSON configuration files. The implementation is extensive, adding new CLI commands, modifying the runtime context to apply these configurations, and updating documentation. The code is generally well-structured, with good use of helper functions to manage the new complexity. My review has identified a potential race condition related to a change in repository locking, some inconsistencies in CLI command scope validation, and opportunities to improve exception handling by being more specific. Overall, this is a significant and valuable feature addition.

[gemini-code-assist]

Removing the repository lock from isRefBusy shifts the responsibility of locking to the callers. However, the PackageManager::Uninstall D-Bus method, which is a caller of isRefBusy, does not appear to have been updated to acquire a lock. This could introduce a race condition when checking if a reference is busy and during the uninstallation process itself, potentially leading to data corruption. Please ensure that all operations modifying the repository are properly serialized with locks.

[gemini-code-assist]

The help text and description for allow-config-home and deny-config-home imply they should only operate on the global configuration (--global). However, the current implementation also allows --app and --base scopes. This could lead to user confusion or incorrect configurations. To ensure the command behaves as documented, please add validation within the callback to restrict its use to the global scope.

sub->callback([&, scopeOpts, apps, allow]() {
    auto [scope, appId, baseId] = resolveScopeOrThrow(*scopeOpts);
    if (scope != Scope::Global) {
        throw CLI::ValidationError("scope", "allow-config-home and deny-config-home only support --global scope");
    }
    auto j = openConfig(scope, appId, baseId);
    if (!j) {
        handleConfigResult(false);
        return;
    }
    if (allow) {
        jsonAllowConfigAccess(*j, *apps);
    } else {
        if (!jsonDenyConfigAccess(*j, *apps)) {
            throw CLI::RuntimeError(_("No entries were removed"), 1);
        }
    }
    handleConfigResult(saveConfig(scope, appId, baseId, *j));
});

[gemini-code-assist]

Similar to allow-config-home, the allow-host-root and deny-host-root commands seem intended for global scope only, but the implementation doesn't enforce this. This could be misleading for users. Please add a check to ensure only Scope::Global is used for these commands.

sub->callback([&, scopeOpts, apps, allow]() {
    auto [scope, appId, baseId] = resolveScopeOrThrow(*scopeOpts);
    if (scope != Scope::Global) {
        throw CLI::ValidationError("scope", "allow-host-root and deny-host-root only support --global scope");
    }
    auto j = openConfig(scope, appId, baseId);
    if (!j) {
        handleConfigResult(false);
        return;
    }
    if (allow) {
        jsonAllowHostRoot(*j, *apps);
    } else {
        if (!jsonDenyHostRoot(*j, *apps)) {
            throw CLI::RuntimeError(_("No entries were removed"), 1);
        }
    }
    handleConfigResult(saveConfig(scope, appId, baseId, *j));
});

[gemini-code-assist]

The catch (...) block is too broad and may hide important error information during debugging. It's better to catch more specific exceptions, such as nlohmann::json::parse_error or std::ifstream::failure. At a minimum, catching const std::exception& would allow you to log the error message, providing more context on failures. This applies to other similar try-catch blocks in this file.

} catch (const std::exception &e) {
    qWarning() << "Failed to parse extensions from " << p.string().c_str() << ":" << e.what();
    // ignore parse failures or missing files
}