===========================================================
plainbox-trusted-launcher-1 -- security elevation mechanism
===========================================================

.. toctree::
   :maxdepth: 2

Synopsis
========

usage: plainbox-trusted-launcher-1 [-h] (-w | -t CHECKSUM)
                                   [-T NAME=VALUE [NAME=VALUE ...]]
                                   [-g CHECKSUM]
                                   [-G NAME=VALUE [NAME=VALUE ...]]

Description
===========

This command is a part of the implementation of plainbox(1). It is not intended
to be invoked directly and the command line arguments and behavior may freely
change between versions.

Technically this program is used to run a command associated with a job
definition as another user (typically as root). The existing technologies such
as sudo(8) and pkexec(1) don't have enough granularity to still restrict
arbitrary commands but allow the commands that are inside system-wide installed
locations (thus safe as one needs root access to install those in the first
place). One additional restriction is that some commands are themselves
generated by other jobs.

Execution
=========

Warm-up Mode
------------

If the --warmup option is specified then nothing more happens and the program
exists immediately. This is intended to 'warm-up' the tool that executes
plainbox-trusted-launcher-1 itself (typically pkexec or sudo) 

Normal Execution
----------------

In normal execution mode, the launcher looks up the job with the checksum
specified by --target and executes the command embedded inside. Environment
passed via --target-environment is appended to the environment variables
inherited from the parent process.

Standard output, standard error and exit code of plainbox-trusted-launcher-1 is
exactly as the values from the commands embedded into the selected job itself.

Indirect Execution
------------------

In indirect execution mode, the launcher first looks up the job with the
checksum specified by --generator, executes it, discarding stderr and
re-interpreting stdout as a set of job definitions. Environment passed via the
--generator-environment is appended (but just to the generator job, the
--target job has independent environment). All of the additional job
definitions are added to the global pool of jobs the launcher knows about.

After that the launcher continues as with normal execution, returning the same
stdout, stderr and exit code.

Options
=======

Optional Arguments
------------------

  -h, --help            show this help message and exit
  -w, --warmup          return immediately, only useful when used with
                        pkexec(1)

Target job specification
------------------------

  -t CHECKSUM, --target CHECKSUM
                        run a job with this checksum
  -T NAME=VALUE [NAME=VALUE ...], --target-environment NAME=VALUE [NAME=VALUE ...]
                        environment passed to the target job

Generator job specification
---------------------------
  -g CHECKSUM, --generator CHECKSUM
                        also run a job with this checksum (assuming it is a
                        local job)
  -G NAME=VALUE [NAME=VALUE ...], --generator-environment NAME=VALUE [NAME=VALUE ...]
                        environment passed to the generator job

Environment Variables
=====================

The following environment variables *DO NOT* affect plainbox-trusted-launcher-1

``PROVIDERPATH``
    For plainbox(1) this would affect the set of directories where plainbox
    looks for provider definitions. The trusted launcher has a fixed list of
    directories that cannot be extended.

    The fixed list is composed of two system-wide locations:

    * ``/usr/local/share/plainbox-providers-1``
    * ``/usr/share/plainbox-providers-1``

All the other environment variables mentioned in plainbox(1) work the same way.
