Build: allow to install packages with apt

[stsewd]

• All package names and forms like patters/version (package-*, package==2.x) are allowed
• We don't allow injecting extra options nor install from a path (this is validated in the config file, you'll get a nice error with the exact package that is invalid)
• Update and installation is done before the python setup and after the clone step

You can test this locally with this branch from the test-builds https://github.com/readthedocs/test-builds/blob/use-apt/.readthedocs.yaml

Implements #8060
Related: #7566

[ericholscher]

This looks great. I think we should look a bit more closely at the security aspects of it, but I think my changes will at least help:

$ sudo apt-get install --yes -- --quiet test
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package --quiet
E: Unable to locate package test

[ericholscher]

I wonder if this will spam the TOC too much -- seems fine tho?

[stsewd]

I was between 2 or 3, but wanted to have build.apt_images and sphing.builder visible instead of just having sphinx and build, but no strong opinion.

[ericholscher]

I feel like we probably can be smarter about this. Can we not call apt after a --, which is the shell way of handling the end of options?

Unless otherwise noted, each builtin command documented as accepting options preceded by ‘-’ accepts ‘--’ to signify the end of the options. The :, true, false, and test/[ builtins do not accept options and do not treat ‘--’ specially. The exit, logout, return, break, continue, let, and shift builtins accept and process arguments beginning with ‘-’ without requiring ‘--’. Other builtins that accept arguments but are not specified as accepting options interpret arguments beginning with ‘-’ as invalid options and require ‘--’ to prevent this interpretation.

We should still raise a validation error here, but I'd like to see additional restrictions for this built in.

[humitos]

Good point Eric.

Also, we need to take care of executing commands in the same line as well. Like,

apt-get install `touch /tmp/hello.txt`

[ericholscher]

I believe python's subprocess command will handle this, but we should definitely be sure and have tests for it.

[davidfischer]

Yes, subprocess should handle this as long as you don't pass shell=True. However, it's worth a test to make sure we don't ever mess that up.

[humitos]

I don't think we use subprocess, but the Docker client API (exec_create), tho.

[stsewd]

We don't use subprocess, we escape special chars in

readthedocs.org/readthedocs/doc_builder/environments.py

Lines 335 to 367 in 2435a4a

	def get_wrapped_command(self):
	"""
	Wrap command in a shell and optionally escape special bash characters.
	In order to set the current working path inside a docker container, we
	need to wrap the command in a shell call manually.
	Some characters will be interpreted as shell characters without
	escaping, such as: ``pip install requests<0.8``. When passing
	``escape_command=True`` in the init method this escapes a good majority
	of those characters.
	"""
	bash_escape_re = re.compile(
	r"([\t\ \!\"\#\$\&\'\(\)\*\:\;\<\>\?\@"
	r'\[\\\]\^\`\{\|\}\~])',
	)
	prefix = ''
	if self.bin_path:
	prefix += 'PATH={}:$PATH '.format(self.bin_path)
	command = (
	' '.join([
	bash_escape_re.sub(r'\\\1', part) if self.escape_command else part
	for part in self.command
	])
	)
	return (
	"/bin/sh -c 'cd {cwd} && {prefix}{cmd}'".format(
	cwd=self.cwd,
	prefix=prefix,
	cmd=command,
	)
	)

[humitos]

Have you tested defining packages in a malicious way? (e.g. trying to executed forbidden things). From this docstring it only happen under certain circumstances. Are we sure we are always calling this in that way?

[stsewd]

escape_command defaults to true if that's what you mean.

[ericholscher]

We should always use the long-version of arguments in code, to make it clearer what it does. Also add in the -- Ending

Suggested change

	'apt-get', 'install', '-y', '-q', *packages,
	# -- ends all command arguments to protect against users passing them
	'apt-get', 'install', '--assume-yes', '--quiet', '--', *packages,

[davidfischer]

Is there a reason we want this to be quiet? I know the output is sort of long but it might help folks debug their own problems. I tested it with --quiet and it's still fairly verbose but maybe a comment is appropriate on why.

I looked at what CircleCI does and they basically give users free reign to run arbitrary commands including apt-get install. Our system seems quite a bit more locked down than that which seems fine. There's still some risk (could a user install some docker utilities and somehow access the host?) but I think as long as we're just installing built-in Debian packages and sanitizing the inputs really well, we should be OK.

[stsewd]

Is there a reason we want this to be quiet? I know the output is sort of long but it might help folks debug their own problems. I tested it with --quiet and it's still fairly verbose but maybe a comment is appropriate on why.

-q will suppress the progress bar not the output itself, -qq will suppress everything.

[ericholscher]

This seems like a lot of patches? Seems we're trying to stop the builds from processing, but I wonder if there's a cleaner way to do this?

[stsewd]

I was able to remove one patch, but I think a cleaner way would require refactor the build task so we can mock self.build_env, self.setup_env and self.python_env

[humitos]

Looks good to me.

I also think we should take care a little deeper about security concerns here and make some extra QA for these cases.

[humitos]

Good point Eric.

Also, we need to take care of executing commands in the same line as well. Like,

apt-get install `touch /tmp/hello.txt`

[ericholscher]

Pinging @davidfischer here to chime in on the security angles of this. I think we've covered most of them (passing -- to end the argument parsing, tests for shelling out) but I feel like there's lots of terrible ways this can go wrong. In particular, we should write more about how the Python level protections work around client.exec_create in docker, and make sure we're thinking through all the various places this might break.

[stsewd]

I left this bc feels like it gives a nice error for usual mistakes, but isn't needed as the regex below already validates this.

[ericholscher]

The changes here look good. I think we can ship this soon 👍

[ericholscher]

💯

[humitos]

LGTM! 🎉 APT packages! 😻

[humitos]

Have you tested defining packages in a malicious way? (e.g. trying to executed forbidden things). From this docstring it only happen under certain circumstances. Are we sure we are always calling this in that way?

[jakirkham]

I'm probably trying this too soon (sorry am really excited about this feature 😄). Is this the right way to use it ( rapidsai/ucx-py#734 )? Is there some way to tell the package is being installed? If I just need to wait a bit, happy to wait 🙂

[stsewd]

@jakirkham this change should be live by next tuesday in the afternoon.

[stsewd]

also, this will work only with the v2 of the conig file (you are using v1) https://docs.readthedocs.io/en/stable/config-file/v2.html

version: 2
build:
  apt_packages:
    - libnuma1

[jakirkham]

Awesome! Thank you for working on this 🙏

Sorry for getting ahead of things here 😅 Will give this another try next week 🙂

[stsewd]

@jakirkham and anyone else subscribed, this change is live now! Please let us know if you find any problems!

[jakirkham]

Worked great! 😄 Thanks again 🙏