如何及在基于macOS Python的应用程序上通过本机GUI最佳地检索sudo密码的位置-(同时保持交互式输出流(stdout)) [英] How & where to best retrieve sudo password via a native GUI on a macOS Python-based app - (while maintaining an interactive output stream (stdout))
问题描述
好的,情况是这样的:我正在使用Python和wx(wxphoenix)构建macOS GUI应用程序.用户可以使用GUI(例如:script1
)启动文件删除过程(包含在script2
中).为了成功运行,script2
需要以sudo权限运行.
Ok, so the situation is this: I am building a macOS GUI App using Python and wx (wxphoenix). The user can use the GUI (say: script1
) to launch a file-deletion process (contained in script2
). In order to run successfully script2
needs to run with sudo rights.
script2
将在一长串文件中删除该文件.但是我需要它在每一回合之后与script1
中包含的GUI通信,以便script1
可以更新进度条.
script2
will itterate over a long list of files and delete them. But I need it to communicate with the GUI contained in script1
after each round so that script1
can update the progressbar.
以绝对最基本的形式,我的当前工作设置如下:
In it's absolute most basic form my current working setup looks like this:
脚本1:
import io
from threading import Thread
import subprocess
import wx
# a whole lot of wx GUI stuff
def get_password():
"""Retrieve user password via a GUI"""
# A wx solution using wx.PasswordEntryDialog()
# Store password in a variable
return variable
class run_script_with_sudo(Thread):
"""Launch a script with administrator privileges"""
def __init__(self, path_to_script, wx_pubsub_sendmessage):
"""Set variables to self"""
self.path = path_to_script
self.sender = wx_pubsub_sendmessage
self.password = get_password()
Thread.__init__(self)
self.start()
def run(self):
"""Run thread"""
prepare_script = subprocess.Popen(["echo", password], stdout=subprocess.PIPE)
prepare_script.wait()
launch_script = subprocess.Popen(['sudo', '-S', '/usr/local/bin/python3.6', '-u', self.path], stdin=prepare_script.stdout, stdout=subprocess.PIPE)
for line in io.TextIOWrapper(launch_script.stdout, encoding="utf-8"):
print("Received line: ", line.rstrip())
# Tell progressbar to add another step:
wx.CallAfter(self.sender, "update", msg="")
脚本2:
import time
# This is a test setup, just a very simple loop that produces an output.
for i in range(25):
time.sleep(1)
print(i)
以上设置的工作方式是script1
实时接收script2
的输出并对其进行操作. (因此,在给定的示例中:每秒script1
会在进度栏中添加另一步,直到达到25步为止.)
The above setup works in that script1
receives the output of script2
in real-time and acts on it. (So in the given example: after each second script1
adds another step to the progress bar until it reaches 25 steps).
我要实现的目标 =不将密码存储在变量中,而是使用macOS的本机GUI来检索密码.
What I want to achieve = not storing the password in a variable and using macOS it's native GUI to retrieve the password.
但是,当我更改时:
prepare_script = subprocess.Popen(["echo", password], stdout=subprocess.PIPE)
prepare_script.wait()
launch_script = subprocess.Popen(['sudo', '-S', '/usr/local/bin/python3.6', '-u', self.path], stdin=prepare_script.stdout, stdout=subprocess.PIPE)
for line in io.TextIOWrapper(launch_script.stdout, encoding="utf-8"):
print("Received line: ", line.rstrip())
# Tell progressbar to add another step:
wx.CallAfter(self.sender, "update", msg="")
进入:
command = r"""/usr/bin/osascript -e 'do shell script "/usr/local/bin/python3.6 -u """ + self.path + """ with prompt "Sart Deletion Process " with administrator privileges'"""
command_list = shlex.split(command)
launch_script = subprocess.Popen(command_list, stdout=subprocess.PIPE)
for line in io.TextIOWrapper(launch_script.stdout, encoding="utf-8"):
print("Received line: ", line.rstrip())
# Tell progressbar to add another step:
wx.CallAfter(self.sender, "update", msg="")
它停止工作是因为osascript显然运行在非交互式shell中.这意味着script2
在完全完成之前不会发送任何输出,从而导致script1
中的进度条停顿.
It stops working because osascript apparently runs in a non-interactive shell. This means script2
doesn't sent any output until it is fully finished, causing the progress bar in script1
to stall.
我的问题因此变成:我如何确保使用macOS本机GUI来要求sudo密码,从而避免将其存储在变量中,同时仍保持捕获密码的可能性.交互式/实时流中特权脚本的标准输出.
My question thus becomes: How can I make sure to use macOS native GUI to ask for the sudo password, thus preventing having to store it in a variable, while still maintaining the possibility to catch the stdout from the privileged script in an interactive / real-time stream.
希望如此.
将不胜感激!
推荐答案
我的问题因此变成了:我如何确保使用macOS本机GUI 要求输入sudo密码,从而避免了将其存储在 变量,同时仍保持捕获标准输出的可能性 从交互式/实时流中的特权脚本中获取.
My question thus becomes: How can I make sure to use macOS native GUI to ask for the sudo password, thus preventing having to store it in a variable, while still maintaining the possibility to catch the stdout from the privileged script in an interactive / real-time stream.
我自己找到了一个解决方案,使用了一个命名管道(os.mkfifo()
).
I have found a solution myself, using a named pipe (os.mkfifo()
).
这样,您可以让2个python脚本相互通信,而其中的1个通过osascript以特权权限启动(意味着:您将获得一个本机GUI窗口,要求用户提供sudo密码).
That way, you can have 2 python scripts communicate with each other while 1 of them is launched with privileged rights via osascript (meaning: you get a native GUI window that asks for the users sudo password).
工作解决方案:
mainscript.py
import os
from pathlib import Path
import shlex
import subprocess
import sys
from threading import Thread
import time
class LaunchDeletionProcess(Thread):
def __init__(self):
Thread.__init__(self)
def run(self):
launch_command = r"""/usr/bin/osascript -e 'do shell script "/usr/local/bin/python3.6 -u /path/to/priviliged_script.py" with prompt "Sart Deletion Process " with administrator privileges'"""
split_command = shlex.split(launch_command)
print("Thread 1 started")
testprogram = subprocess.Popen(split_command)
testprogram.wait()
print("Thread1 Finished")
class ReadStatus(Thread):
def __init__(self):
Thread.__init__(self)
def run(self):
while not os.path.exists(os.path.expanduser("~/p1")):
time.sleep(0.1)
print("Thread 2 started")
self.wfPath = os.path.expanduser("~/p1")
rp = open(self.wfPath, 'r')
response = rp.read()
self.try_pipe(response)
def try_pipe(self, response):
rp = open(self.wfPath, 'r')
response = rp.read()
print("Receiving response: ", response)
rp.close()
if response == str(self.nr_of_steps-1):
print("Got to end")
os.remove(os.path.expanduser("~/p1"))
else:
time.sleep(1)
self.try_pipe(response)
if __name__ == "__main__":
thread1 = LaunchDeletionProcess()
thread2 = ReadStatus()
thread1.start()
thread2.start()
priviliged_script.py
import os
import time
import random
wfPath = os.path.expanduser("~/p1")
try:
os.mkfifo(wfPath)
except OSError:
print("error")
pass
result = 10
nr = 0
while nr < result:
random_nr = random.random()
wp = open(wfPath, 'w')
print("writing new number: ", random_nr)
wp.write("Number: " + str(random_nr))
wp.close()
time.sleep(1)
nr += 1
wp = open(wfPath, 'w')
wp.write("end")
wp.close()
这篇关于如何及在基于macOS Python的应用程序上通过本机GUI最佳地检索sudo密码的位置-(同时保持交互式输出流(stdout))的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!