From e5e50ee02293c76b1249d91d905c3bcc870b634b Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Tue, 26 Mar 2024 11:54:59 +0000
Subject: [PATCH] Allow fetching of crash & console logs via admin HTTP port
 (#278)

---
 go.mod                 | 11 +++++------
 go.sum                 | 18 ++++++++----------
 trusted_applet/main.go | 29 +++++++++++++++++++++++------
 3 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/go.mod b/go.mod
index bd52e09..5e6c132 100644
--- a/go.mod
+++ b/go.mod
@@ -11,19 +11,17 @@ require (
 	github.com/prometheus/client_golang v1.19.0
 	github.com/transparency-dev/armored-witness-boot v0.0.0-20230904140406-e2e16c7665b7
 	github.com/transparency-dev/armored-witness-common v0.0.0-20240313170947-0b19d0fb8b95
-	github.com/transparency-dev/armored-witness-os v0.0.0-20240307124337-0836749ea681
+	github.com/transparency-dev/armored-witness-os v0.0.0-20240326114511-629ad8bc5b4b
 	github.com/transparency-dev/formats v0.0.0-20231205184308-949529efd6b3
-	github.com/transparency-dev/merkle v0.0.2
 	github.com/transparency-dev/serverless-log v0.0.0-20231215122707-66f68a7705f5
 	github.com/transparency-dev/witness v0.0.0-20240311170858-5de1177dc362
-	github.com/usbarmory/GoTEE v0.0.0-20240215171108-77a6b38432d5
+	github.com/usbarmory/GoTEE v0.0.0-20240314122327-40179239ad36
 	github.com/usbarmory/imx-enet v0.0.0-20240304151238-5b3010d57ea3
-	github.com/usbarmory/tamago v0.0.0-20240306113720-d7dd77b4ed17
+	github.com/usbarmory/tamago v0.0.0-20240321170635-3bf2d607eccb
 	go.mercari.io/go-dnscache v0.3.0
 	golang.org/x/crypto v0.21.0
 	golang.org/x/crypto/x509roots/fallback v0.0.0-20230623170555-183630ada7e0
 	golang.org/x/mod v0.16.0
-	golang.org/x/term v0.18.0
 	google.golang.org/grpc v1.62.1
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -39,13 +37,14 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/gsora/fidati v0.0.0-20220824075547-eeb0a5f7d6c3 // indirect
+	github.com/gsora/fidati v0.0.0-20230806170658-ab651720d7c3 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/matryer/is v1.4.1 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/transparency-dev/merkle v0.0.2 // indirect
 	golang.org/x/net v0.21.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
diff --git a/go.sum b/go.sum
index 714cac1..9bb9e5b 100644
--- a/go.sum
+++ b/go.sum
@@ -28,8 +28,8 @@ github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e h1:XmA6L9IP
 github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e/go.mod h1:AFIo+02s+12CEg8Gzz9kzhCbmbq6JcKNrhHffCGA9z4=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gsora/fidati v0.0.0-20220824075547-eeb0a5f7d6c3 h1:klG3scbSLaGIvJO1p9wdTaHonsCSAcvNrX8vfa8LRd4=
-github.com/gsora/fidati v0.0.0-20220824075547-eeb0a5f7d6c3/go.mod h1:pqELFmXT+lU57T8pIGwPSOODIvRv/r/lwxlJX0UupvY=
+github.com/gsora/fidati v0.0.0-20230806170658-ab651720d7c3 h1:zugXhdIprbuLMfR3ATkt5+YRx9VMBJgjPn1IDwluvJs=
+github.com/gsora/fidati v0.0.0-20230806170658-ab651720d7c3/go.mod h1:pqELFmXT+lU57T8pIGwPSOODIvRv/r/lwxlJX0UupvY=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -61,8 +61,8 @@ github.com/transparency-dev/armored-witness-boot v0.0.0-20230904140406-e2e16c766
 github.com/transparency-dev/armored-witness-boot v0.0.0-20230904140406-e2e16c7665b7/go.mod h1:GTj2zM9nwFe7G7gaXzIbkKJ/PkZfvVq4TdNiA6CBsdo=
 github.com/transparency-dev/armored-witness-common v0.0.0-20240313170947-0b19d0fb8b95 h1:qOh9vp/TLfJ1X46bk756se0wdlKHSV2TrGUMa3kz91w=
 github.com/transparency-dev/armored-witness-common v0.0.0-20240313170947-0b19d0fb8b95/go.mod h1:cb6aKsLVU2OUk8+UjD8xvzxU84miHXLMHJaxO2gHDus=
-github.com/transparency-dev/armored-witness-os v0.0.0-20240307124337-0836749ea681 h1:k8FJBNtEnUyEsMDSqjXG/4h7K/XC8xE7/rqXpacoTF8=
-github.com/transparency-dev/armored-witness-os v0.0.0-20240307124337-0836749ea681/go.mod h1:2z6ojXU2FiBRRM6t9uT9EB9RoY7CzPA3AKKiWQNxWqI=
+github.com/transparency-dev/armored-witness-os v0.0.0-20240326114511-629ad8bc5b4b h1:D0+uu/RcrL4W9k++WVM9G+wZ83MNMVhzRqEqIGou/N4=
+github.com/transparency-dev/armored-witness-os v0.0.0-20240326114511-629ad8bc5b4b/go.mod h1:PjkT/Q6oFehQTDhOWJJqTDzdAwk1IOqmJ7n/vHaPmK8=
 github.com/transparency-dev/formats v0.0.0-20231205184308-949529efd6b3 h1:Mpx9pqc7bKrx2QQxKL3SPbLIGH4gTBR1ZFrNuKq3CcY=
 github.com/transparency-dev/formats v0.0.0-20231205184308-949529efd6b3/go.mod h1:tY9Z9oBaYdQt4NWIhsFAtv0altwLk+K9Gg/2tbS0eBQ=
 github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
@@ -71,13 +71,13 @@ github.com/transparency-dev/serverless-log v0.0.0-20231215122707-66f68a7705f5 h1
 github.com/transparency-dev/serverless-log v0.0.0-20231215122707-66f68a7705f5/go.mod h1:rx4EB9NW4aZFJT5kxf6BWRWbZSThl36jv7O5o5r/qv8=
 github.com/transparency-dev/witness v0.0.0-20240311170858-5de1177dc362 h1:sA8QSScwtE1i58QP1I9j8Qd6GvwW/wHroIiXlqw6hyc=
 github.com/transparency-dev/witness v0.0.0-20240311170858-5de1177dc362/go.mod h1:U1pX35+c9CAe80wVzj3jaHfSd3RVaT0FG9ebDFg8vbw=
-github.com/usbarmory/GoTEE v0.0.0-20240215171108-77a6b38432d5 h1:XJjhY/+my6o+h4hll02s7rMJrNtI2XqQBBcrx7Lp/2U=
-github.com/usbarmory/GoTEE v0.0.0-20240215171108-77a6b38432d5/go.mod h1:YlZVucqxy/z5QWKerml3Vm5T14UOzZEs2kXfS1nilx8=
+github.com/usbarmory/GoTEE v0.0.0-20240314122327-40179239ad36 h1:rZfhjJpgKuwos6KBdHKouDJmYmpV/FJv4q34eIjtPjw=
+github.com/usbarmory/GoTEE v0.0.0-20240314122327-40179239ad36/go.mod h1:YlZVucqxy/z5QWKerml3Vm5T14UOzZEs2kXfS1nilx8=
 github.com/usbarmory/imx-enet v0.0.0-20240304151238-5b3010d57ea3 h1:o6ixndtlZMRKOXcDCc2Mw6lSu1f79jmIaSY0wyzkmq4=
 github.com/usbarmory/imx-enet v0.0.0-20240304151238-5b3010d57ea3/go.mod h1:oQC2UR2fup7IJPcIWMjOUIcGUEPhcftL4sTOcmrH63s=
 github.com/usbarmory/tamago v0.0.0-20220823080407-04f05cf2a5a3/go.mod h1:Lok79mjbJnhoBGqhX5cCUsZtSemsQF5FNZW+2R1dRr8=
-github.com/usbarmory/tamago v0.0.0-20240306113720-d7dd77b4ed17 h1:G5IsBi3MGrJG7LG/bbCSBhue3zaFvIVJ5FHtt1BQE/Y=
-github.com/usbarmory/tamago v0.0.0-20240306113720-d7dd77b4ed17/go.mod h1:uCPXcPo8SZulhZPz8irfVqzwVlPZ45w7CTJxkfxueGA=
+github.com/usbarmory/tamago v0.0.0-20240321170635-3bf2d607eccb h1:1G0RMAC/WkYlXfmf8D94bHxhN0WpavtdZ2yJhuSNJ4U=
+github.com/usbarmory/tamago v0.0.0-20240321170635-3bf2d607eccb/go.mod h1:uCPXcPo8SZulhZPz8irfVqzwVlPZ45w7CTJxkfxueGA=
 go.mercari.io/go-dnscache v0.3.0 h1:x5CLQvIHHPm7uq1A3ihAHAyynpUnEpHmj+sfbPjK7ec=
 go.mercari.io/go-dnscache v0.3.0/go.mod h1:k+iiZhIW/8Lykwr05O5Xms5tOfo42Rz8Hwnts1JUYNE=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
@@ -92,8 +92,6 @@ golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
diff --git a/trusted_applet/main.go b/trusted_applet/main.go
index dcad0f1..64b3caf 100644
--- a/trusted_applet/main.go
+++ b/trusted_applet/main.go
@@ -305,25 +305,27 @@ func runWithNetworking(ctx context.Context) error {
 
 	listenCfg := &net.ListenConfig{}
 
-	metricsListener, err := listenCfg.Listen(ctx, "tcp", ":8081")
+	adminListener, err := listenCfg.Listen(ctx, "tcp", ":8081")
 	if err != nil {
-		return fmt.Errorf("TA could not initialize metrics listener, %v", err)
+		return fmt.Errorf("TA could not initialize admin listener, %v", err)
 	}
 	defer func() {
-		klog.Info("Closing metrics port (8081)")
-		if err := metricsListener.Close(); err != nil {
-			klog.Errorf("Error closing ssh port: %v", err)
+		klog.Info("Closing admin port (8081)")
+		if err := adminListener.Close(); err != nil {
+			klog.Errorf("Error closing admin port: %v", err)
 		}
 	}()
 	go func() {
 		srvMux := http.NewServeMux()
 		srvMux.Handle("/metrics", promhttp.Handler())
+		srvMux.Handle("/crashlog", &logHandler{RPC: "RPC.CrashLog"})
+		srvMux.Handle("/consolelog", &logHandler{RPC: "RPC.ConsoleLog"})
 		srv := &http.Server{
 			ReadTimeout:  5 * time.Second,
 			WriteTimeout: 10 * time.Second,
 			Handler:      srvMux,
 		}
-		if err := srv.Serve(metricsListener); err != http.ErrServerClosed {
+		if err := srv.Serve(adminListener); err != http.ErrServerClosed {
 			klog.Errorf("Error serving metrics: %v", err)
 		}
 	}()
@@ -412,3 +414,18 @@ func openStorage() *slots.Partition {
 	}
 	return p
 }
+
+type logHandler struct {
+	RPC string
+}
+
+func (c *logHandler) ServeHTTP(res http.ResponseWriter, req *http.Request) {
+	var l []byte
+	if err := syscall.Call(c.RPC, nil, &l); err != nil {
+		klog.Errorf("Failed to fetch log from %v: %v", c.RPC, err)
+		res.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	res.Header().Add("Content-Type", "text/plain")
+	res.Write(l)
+}