Develop to Main Merge (#352)

* add gunicorn py files (#269)

Co-authored-by: lind <[email protected]>

* epoll test and textfile (#274)

* just the test and text file

* with .py and slight change to test

* fixing .py error

Co-authored-by: lind <[email protected]>

* add fchmod test to test suite (#275)

* add fchmod test to test suite

* fixing error message

Co-authored-by: lind <[email protected]>

* Fix Implicit Declarations warning in tests/test_cases/pread_pwrite.c (#282)

* Add test cases for truncate and ftruncate (#283)

* Add test case for truncate and ftruncate

* Fix grammar mistake in error message

* Update dettests.txt

* Add fflush(NULL) after every print statement

* Add a separate testfile for truncate.c

* Add individual testfiles for different test cases

* Fix pipepong.c and Add mutex.c (#286)

* Fix pipepong.c and Add mutex.c

* Fix indentation

* Socketpair test (#290)

* socketpair test

* Added socketpair test in to dettests

Co-authored-by: lind <[email protected]>

* LAMP Scripts (#292)

* setuptools

* init

* add setup tools

* reorg

* reorg

* pr fix

---------

Co-authored-by: lind <[email protected]>

* Nacldesc scripts (#289)

* update scripts

* update scripts

* Remove random prints from template.py and forkandopen.py (#295)

* Net shutdown test case (#294)

* [WIP]Setup threading and sockets

* Incorrect version(passes in lind)

* Add shutdown in fork test case

* Add more comments

* Add more comments and update nondet.txt

* Add 1sec delay for synchronization and more verbose error messages

* Use pthread barrier to sync up client and server in shutdown, socketselect, and socketepoll

* Destroy closebarriers and add correctness checking in shutdown.py

* small fix to epoll (#297)

Co-authored-by: lind <[email protected]>

* LAMP application and load scripts (#299)

* add flask app and config files

* Delete nginx.conf.backup

---------

Co-authored-by: lind <[email protected]>

* Simple web example (#300)

* libffi bootstrap

* Pared down webpage, trying to set up python to get ctypes working

* Made ctypes compile properly

---------

Co-authored-by: lind <[email protected]>

* Fixed #301 libfii ctypes segfaulting (#304)

* fixed #301 libfii ctypes segfaulting

Signed-off-by: lind <[email protected]>

* fix #301: update comments and load_python.sh

Signed-off-by: lind <[email protected]>

---------

Signed-off-by: lind <[email protected]>
Co-authored-by: lind <[email protected]>

* tests: IPC performance benchmark (#305)

* tests: add IPC performance benchmark tests

* tests: compilation scripts for IPC performance tests

Signed-off-by: lind <[email protected]>

* tests: userpipe test src files and compilation for IPC performance tests

Signed-off-by: lind <[email protected]>

---------

Signed-off-by: lind <[email protected]>

* create pull_request_template.md (#309)

* Tests of statfs/fstatfs (#312)

* Add statfs test

* Add fstatfs test

* Statfs test file

* fstatfs test file

* Add to test suite

* Update filepath

* Update filename

* Update

* Update

* Add new line

* Add new line

* Add check

* Change to dettests

* Make statfs/fstatfs work in test suite

* Update typo

* Update typo

* Add new line and remove extra space

* Refine format

* Test files for mknod/fchdir/poll (#313)

* Added Mknod, Fchdir and Poll Tests

* Auto Test Done

* Update fchdir.c

Updated else clauses

* Update dettests.txt

* Update mknod.c

* Update fchdir.c

* Update poll.c

* Update fchdir.c

* Update fchdir.py

* Delete mknod.c

* Update dettests.txt

* Update dettests.txt

---------

Co-authored-by: lind <[email protected]>

* Feature/new syscall tests cases (#306)

* Implementd test for pipe2 syscall.

* Implemented test for getifaddrs syscall.

* Implemented test for getppid syscall.

* Implemented test for mkdir and rmdir syscalls.

* Implemented test for access syscall.

* Updated getppid test to verify that pids match.

* Renamed access test; changed print string.

* Moved file name in creat_access test to #define clause.

* Renamed rmdir test to mkdir_rmdir; moved dir name to #define clause.

* Updated dettests.txt

* Added pipe2.py to check pipe2 test output; updated nondet.txt

* Added python script to verify getifaddrs; updated nondet.txt

* Updated pipe2 output checking; added missing newlines at the end of test files.

* Added newline characters at the end of files.

* Added fflush after printfs.

* Added fflushes.

* Add include

* Added flock test. (#315)

* Added flock test.

* Updated the flock test case to verify concurrent shared lock acquisition.

* Added newline at end of file.

* Fix Compilation Warning for flock.c

* Update flock.c

* fix: load libffi.so.5 in load_python.sh (#324)

Signed-off-by: RusherRG <[email protected]>

* Add Shared memory and semaphore tests (#323)

* tests: add shared memory and semaphores tests

Signed-off-by: RusherRG <[email protected]>

* tests: add shared sempahores with multiple cages test

Signed-off-by: RusherRG <[email protected]>

* tests: add buffer detach and removalin shm sem tests

Signed-off-by: RusherRG <[email protected]>

* tests: remove prints in shm sem tests

Signed-off-by: RusherRG <[email protected]>

* tests: update sleeps in shm sem tests

Signed-off-by: RusherRG <[email protected]>

* tests: fix exits

Signed-off-by: RusherRG <[email protected]>

* tests: add semaphore fork tests

Signed-off-by: RusherRG <[email protected]>

* tests: make shm_sem_fork_t a non-deterministic test

Signed-off-by: RusherRG <[email protected]>

---------

Signed-off-by: RusherRG <[email protected]>

* tests: update regex in forkandopen.py (#325)

Signed-off-by: RusherRG <[email protected]>

* Flask app fix (#330)

* fix: flask myproject.py sample app

Signed-off-by: RusherRG <[email protected]>

* chore: update run_lamp.sh

Signed-off-by: RusherRG <[email protected]>

---------

Signed-off-by: RusherRG <[email protected]>

* Add vscode instruction images (#334)

* feat: add fast option to build rustposix in mklind (#335)

Signed-off-by: lind <[email protected]>

* Adding fdatasync test files and fixing flock warning (#338)

Co-authored-by: lind <[email protected]>

* Test files for sync_file_range (#340)

* Adding fdatasync test files and fixing flock warning

* Adding sync_file_range

* Update dettests.txt

* Update sync_file_range.c

* Update sync_file_range.c

* Update sync_file_range.c

* Update sync_file_range.c

---------

Co-authored-by: lind <[email protected]>

* signal tests (#332)

Co-authored-by: lind <[email protected]>

* Uds tests (#333)

* tests: uds test files

Signed-off-by: RusherRG <[email protected]>

* tests: uds tests update

Signed-off-by: RusherRG <[email protected]>

* chore: update mklind script

Signed-off-by: RusherRG <[email protected]>

---------

Signed-off-by: RusherRG <[email protected]>
Co-authored-by: Nicholas Renner <[email protected]>

* Add signal handling implementation document (#351)

---------

Signed-off-by: lind <[email protected]>
Signed-off-by: RusherRG <[email protected]>
Co-authored-by: lind <[email protected]>
Co-authored-by: Justin Koe <[email protected]>
Co-authored-by: Tian(Maxwell) Yang <[email protected]>
Co-authored-by: jesings <[email protected]>
Co-authored-by: Devansh Patel <[email protected]>
Co-authored-by: Rushang Gajjal <[email protected]>
Co-authored-by: Y. W <[email protected]>
Co-authored-by: kuzeyardabulut <[email protected]>
Co-authored-by: Keyur Panchal <[email protected]>
Co-authored-by: Yaxuan-w <[email protected]>
Co-authored-by: Mayank Ramnani <[email protected]>

docs/signal-handling-implementationl.md

@@ -0,0 +1,95 @@
+# Background Context
+Native Client (NaCl) is a sandboxing technology for running untrusted code safely. Native Client did not directly support handling signals in the traditional sense like POSIX systems do.
+To support signals for the Lind project, NaCl code has been modified and extended. 
+This implementation even allows signal handling by untrusted code with custom handlers. It focuses on handling signals received by the program and determining whether they should be handled by trusted (NaCl) code or by untrusted code with custom handlers.
+The architecture ensures proper handling and restoration of context when signals are received in an untrusted environment, considering various edge cases and security implications.
+
+# Components
+### SignalCatch
+`SignalCatch` is registered to handle signals and initializes the signal context, determining whether the signal was caught in trusted or untrusted code. It is the central handler for caught signals. It also restores registers based on trusted/untrusted context.\
+`SignalCatch` restoration: Restores registers based on trusted/untrusted context. For trusted code, returns to the exact point of interruption. \
+Untrusted handler return: `NaClTrampolineRegRestore` called.
+
+### DispatchToUntrustedHandler
+Decides if the signal should be handled by untrusted code since they have different handling paths.\
+It checks whether we can dispatch the signal to an untrusted exception handler.  If we can, it modifies the register state to call the handler and writes a stack frame into untrusted address space, and returns true.  Otherwise, it returns false.\
+It prepares for executing untrusted signal handlers, handling special cases such as syscall entry/exit points and TLS fast path functions.
+
+### NaClTrampolineRegRestore
+This function is implemented for handling return from untrusted code. It restores registers after execution of signal handler.\
+It is executed upon returning from an untrusted signal handler, and does tasks like resetting signal masks and restoring registers, with special considerations for the instruction pointer's restoration and ensures secure transition back to untrusted code after a signal handler finishes execution. 
+
+# Key Facts
+### 32 Byte Alignment & Single Stepping
+NaCl's security model requires 32-byte alignment for jump targets. This serves the practical purpose of preventing the user from jumping into the middle of an instruction. Because we may, after running a signal handler, return to the point of last execution as specified by a field on the stack, and because the user can modify this at will, it is important for us security-wise to return to 32 byte aligned addresses.\
+To enforce this, a mechanism using the TRAP flag in x86 architecture is employed, allowing single-stepping until reaching a 32-byte aligned instruction.\
+**Using TRAP to force signal receiving at 32 byte boundary**: The TRAP flag in x86 (`0x100` in `EFLAGS`) is set when we receive a signal at an untrusted instruction of an offset not divisible by 32, thus causing every subsequent instruction to raise a SIGTRAP signal, allowing us to single step the processor until we reach a 32 byte aligned instruction address, at which point the TRAP flag is unset and we are able to run the untrusted signal handler as if the signal was received there.\
+Side note: If single stepping happens within the program, gdb and rr may show weird behavior and make debugging difficult.\
+
+### Stack Handling
+Registers are deposited on the stack for restoration upon return from the signal handler. Different handling is required based on whether the signal was caught in trusted or untrusted code, due to different register sets. \
+Red zone and struct sizes are also considered during stack handling.
+
+# Summarized Flow
+1. Signal Caught.
+2. Signal received by untrusted code.
+3. SignalCatch triggered.
+4. DispatchToUntrustedHandler triggered:
+5. Check for single-stepping and alignment
+6. If no untrusted handler: Signal remains unhandled
+7. If untrusted handler exists: Set up single-stepping if needed
+8. Handle special cases for trusted code.  (e.g., system calls)
+9. For untrusted, save registers on stack for restoration.
+10. Untrusted Handler Execution: Untrusted code runs the signal handler.
+11. Returning from Handler: NaClTrampolineRegRestore called.\
+    Resets signal mask and untrusted bookkeeping.\
+    Restores all registers from stack except rip.\
+    Restores rip from r14 register (reserved for this purpose).
+12. SignalCatch Restoration: \
+    For Trusted code: Restores all registers and returns to exact interruption point.\
+    For Untrusted code: Restores rip and rsp (masked to 32-byte boundaries), returns to handler start.
+
+# Diagram
+![Signal Handling Flow](SignalExecutionFlow.png)
+
+
+# Detailed Flow
+1. Signal handler `SignalCatch` registered in `NaClSignalHandlerInit`. \
+Sets a sigmask containing all NaCl handled signals on signal receipt.
+2. `SignalCatch` sets up the `sig_ctx` field and the `is_untrusted` variable.\
+`sig_ctx` contains the register state of the program when the signal was received.\
+`is_untrusted` contains information about whether the instruction pointer was in trusted or untrusted code when the signal was received.
+3. `SignalCatch` checks if the signal is user-generated.
+4. `SignalCatch` calls the `DispatchToUntrustedHandler` function.\
+This does the setup work for execution of an untrusted handler, finding the register state that we want to set to execute the untrusted handler and allow returning from it.\
+    - If we are single stepping and we’ve reached a 32 byte aligned address, stop single stepping by unsetting the TRAP flag in untrusted and bookkeeping in the `natp`.\
+    If we are single stepping but haven’t reached a 32 byte aligned address yet, return `-1` to indicate that we wish to return from `SignalCatch` immediately after copying out register state. This will cause the sigreturn syscall to be executed which restores the flags register from the copied out values including the trap flag which remains there.\
+    - If there is no untrusted handler in the signal received, return and indicate to `SignalCatch` to treat the signal as unhandled which for us means terminate. \
+    This should change in the future when we actually handle signal disposition. This untrusted handler is stored as an address in Rust.\
+    - If we're in untrusted code, we need to check if we need to activate single stepping mode which is handled by setting the `SIGTRAP` flag in the user space registers, and doing some `natp` bookkeeping and then returning.\
+    - Special cases: Signal received while executing trusted code needs to be handled carefully due to a large number of edge cases.
+        + The first is simply if we receive a signal in the first few instructions of a syscall, we can not rely on the `natp` being properly populated. 
+        + Second, if we receive a signal in the last few instructions of a syscall, we may have already made some decisions on what to spit out to untrusted which may have been made differently had the signal occurred already so we need to rerun the system call exit code.
+        + The other two special cases involve the functions `NaClGetTlsFastPath1` and `NaClGetTlsFastPath2`. 
+        These functions have a special pathway into trusted code from any other syscall, and thus must be handled separately. Additionally, they modify the stack pointer halfway through so we must account for that as well. All of these special cases are signified by the lack of the `natp->signatpflag` which is a flag that is set whenever the `natp` in a normal syscall is prepared for a signal receive and has not yet had any parts of it copied out. \
+        We determine which case is which of the four aforementioned special cases by statically checking the address of the instruction pointer against the known bounds of these functions.\
+        For all but the tls syscall cases we must set the `natp->signalpending` flag which signifies that we must be aware that a signal handler is the next untrusted code to be executed on exit from trusted code, and decisions are made based on it in `NaClSwitchToApp`.
+        + After we handle those special cases we must deposit the untrusted registers on the stack for restoration upon return from the signal handler. However, we must respect the red zone of the stack as well as allocate enough space to store these registers in the struct `NaClExceptionFrame`. 
+When the signal is caught in untrusted code the registers we want to restore are in the `regs` variable copied out from the `ucontext` field. However, when the signal is caught in trusted code, we only want to restore the callee save registers in the `natp`. We may also want to send the return value of the syscall in `rax` back to untrusted upon signal handler return. After this, practically all the relevant information is set up for signal handling, and we return to `SignalCatch`
+5. `SignalCatch` then does the restoration to the previous point of execution.\
+If the `DispatchToUntrustedHandler` returned successfully, it does different things for untrusted and trusted code and for tls fast path function cases.\
+For the TLS fast path function cases, it just puts the untrusted handler address into the register whose value is the address returned to at the end of the tls fast path functions and restores all relevant registers' values to what they are in the regs field and return execution to where the signal was received by restoring the callee saved registers and rip. \
+For untrusted code, we restore only the registers relevant to the handler - these being `rip` and `rsp` for obvious reasons and `rdi` to store the first argument, the signal number. We don't support the extended signal return arguments in lind yet so we don't need to handle a `siginfo_t` or anything. 
+For trusted code we restore every single register and then return execution to the point in trust we were stopped at.
+6. In trusted execution, when the syscall a signal was received in wishes to return, it calls `NaClSwitchToApp` which in turn calls `NaClmaskRestore` which in case the `pendingsignal` flag is set unsets it and modifies the `rax` value to be restored on signal handler return based on the syscall return value.
+7. Returning from an untrusted signal handler:
+This function's address is put onto the stack immediately under the signal handler's stack frame such that it is called as soon as the untrusted signal handler returns. This function is loaded into the trampoline at `NaClPatchRegTrampolineCall` called from `sel_ldr.c`, and lives in cage memory. First it calls into another trampoline entry for `NaClSysSigmaskSigreturn` which resets the `sigprocmask` of the thread which was set by `sigaction`, and also unsets some `natp` bookkeeping.\
+After that it restores all registers to the values they should be in untrusted. However this created an issue – when we wanted to restore to the previous untrusted state we had to be at a point where every register contains the correct value for the untrusted state except for the instruction pointer. The question then arises, where is the instruction pointer to be restored from? The answer is either a static address, on the untrusted stack, a fixed trusted address, or nowhere. It may be possible to store some sort of protected thread local stack data structure for address of received signals but as the fixed trusted address can't handle multiple signals called on top of each other and the untrusted address leaves us very vulnerable to TOCTTOUs, we decided that we had little choice but to reserve the `r14` register expressly for this purpose – any use of it within untrusted code is undefined.\
+The `rip` and `rsp` values are importantly masked to 32 byte aligned addresses, and the flags register is masked on the stack (although this is pretty useless). We make sure to restore the flags as it's crucial that things like `OF` and `SF` are restored.
+
+# Important Files
+- `native_client/src/trusted/service_runtime/linux/nacl_signal.c`
+- `native_client/src/trusted/service_runtime/arch/x86_64/nacl_syscall_64.S`
+
+------
+*Authored by Mayank Ramnani, with the help of documentation from Jonathan Singer*

src/docker/lind-full/Dockerfile

@@ -33,8 +33,8 @@ RUN ./src/mklind rustposix
 RUN ./src/mklind nacl
 RUN ./src/mklind install
 
-RUN ./src/scripts/load_bash.sh
-RUN ./src/scripts/load_coreutils.sh
+RUN ./src/scripts/base/load_bash.sh
+RUN ./src/scripts/base/load_coreutils.sh
 
 WORKDIR /home/lind/lind_project/
 

src/mklind

@@ -331,6 +331,7 @@ function install_to_path() {
 
 	print "Copying glibc into lindenv virtual filesytem"
 	cd "$LIND_ENV_PATH/fs"
+	cp "$LIND_ENV_PATH_SDK/toolchain/${OS_SUBDIR}_x86_glibc/x86_64-nacl/lib/runnable-ld.so" runnable-ld.so
 	$LIND_BASE/src/safeposix-rust/gen_netdevs.sh
 	"$LIND_ENV_PATH_BIN/lind_fs_utils" mkdir "/lib"
 	"$LIND_ENV_PATH_BIN/lind_fs_utils" update "$NACL_TOOLCHAIN_BASE/out/nacl-sdk/x86_64-nacl/lib/"  "/lib/glibc"
@@ -386,10 +387,14 @@ function build_rustposix() {
 
 	print "Building RustPOSIX"
     cd "$LIND_BASE/src/safeposix-rust"
-    if [[ "$DEBUG_RUSTPOSIX" == "true" ]]; then 
+	if [[ "$DEBUG_RUSTPOSIX" == "true" ]]; then 
         cargo build
         cp "target/debug/librustposix.so"  "$LIND_ENV_PATH/librustposix.so"
         cp "target/debug/lind_fs_utils"  "$LIND_ENV_PATH_BIN/lind_fs_utils"
+    elif [[ "$DEBUG_RUSTPOSIX" == "fast" ]]; then 
+        RUSTFLAGS="-g" cargo build --release
+        cp "target/release/librustposix.so"  "$LIND_ENV_PATH/librustposix.so"
+        cp "target/release/lind_fs_utils"  "$LIND_ENV_PATH_BIN/lind_fs_utils"
     else
         cargo build --release
         cp "target/release/librustposix.so"  "$LIND_ENV_PATH/librustposix.so"

src/scripts/base/compile_bash.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Builds and loads bash into lind.
+cd /home/lind/lind_project/tests/applications/bash/
+./bootstrap_nacl;
+
+echo "Bash has been installed. Usage: lind /bin/bash /script.sh"

src/scripts/base/compile_coreutils.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# Builds and loads coreutils executables into lind.
+cd /home/lind/lind_project/tests/applications/coreutils;
+./bootstrap_nacl;

src/scripts/load_bash.sh → src/scripts/base/load_bash.sh

@@ -1,10 +1,7 @@
 #!/bin/bash
 # Builds and loads bash into lind.
 cd /home/lind/lind_project/tests/applications/bash/
-./bootstrap_nacl;
 lindfs cp /home/lind/lind_project/tests/applications/bash/bash /bin/bash
 lindfs cp /home/lind/lind_project/tests/applications/bash/bash /bin/sh
 
-./load_confs.sh
-
 echo "Bash has been installed. Usage: lind /bin/bash /script.sh"

src/scripts/load_confs.sh → src/scripts/base/load_confs.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 cp /etc/hosts /home/lind/lind_project/hosts
-sed -i '/ip6/d' hostsi # remove inet6 addresses
+sed -i '/ip6/d' /home/lind/lind_project/hosts # remove inet6 addresses
 echo -e "127.0.0.1\tLind" >> /home/lind/lind_project/hosts
 lindfs cp /home/lind/lind_project/hosts /etc/hosts # Adjusted as we also need Lind's ip as 127.0.0.1 in the list.
 rm /home/lind/lind_project/hosts

src/scripts/load_coreutils.sh → src/scripts/base/load_coreutils.sh

@@ -1,7 +1,5 @@
 #!/bin/bash
 # Builds and loads coreutils executables into lind.
-cd /home/lind/lind_project/tests/applications/coreutils;
-./bootstrap_nacl;
-cd src;
+cd /home/lind/lind_project/tests/applications/coreutils/src;
 find . -perm /a+x -type f -exec lindfs cp /home/lind/lind_project/tests/applications/coreutils/src/{} /bin/{} \;
 echo "Coreutils has been installed. Usage: lind /bin/(anycoretuil)"

src/scripts/lamp/compile_lamp.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+/home/lind/lind_project/src/scripts/base/compile_bash.sh
+/home/lind/lind_project/src/scripts/base/compile_coreutils.sh
+/home/lind/lind_project/src/scripts/base/compile_confs.sh
+
+/home/lind/lind_project/src/scripts/python/compile_python.sh
+/home/lind/lind_project/src/scripts/nginx/compile_nginx.sh
+/home/lind/lind_project/src/scripts/postgres/compile_postgres.sh
+/home/lind/lind_project/src/scripts/psycopg2/compile_psycopg2.sh
+

src/scripts/lamp/flask-app-nopg/gunicornexec.py

@@ -0,0 +1,7 @@
+import re
+import sys
+from gunicorn.app.wsgiapp import run
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    print(sys.argv[0])
+    sys.exit(run())

src/scripts/lamp/flask-app-nopg/load_app.sh

@@ -0,0 +1,5 @@
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app-nopg/gunicornexec.py /gunicornexec.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app-nopg/wsgi.py /wsgi.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app-nopg/myproject.py /myproject.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app-nopg/runscript.sh /runscript.sh
+

src/scripts/lamp/flask-app-nopg/myproject.py

@@ -0,0 +1,9 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route("/")
+def hello():
+    return "<h1 style='color:blue'>Hello There!</h1>"
+
+if __name__ == "__main__":
+    app.run(host = "0.0.0.0", debug=True)

src/scripts/lamp/flask-app-nopg/runscript.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf -p /usr/local/nginx/
+sleep 5
+echo "nginx ready"
+/bin/python gunicornexec.py --bind 0.0.0.0:8000 wsgi:app 2>&1
+echo "system ready"

src/scripts/lamp/flask-app-nopg/wsgi.py

@@ -0,0 +1,4 @@
+from myproject import app
+
+if __name__ == "__main__":
+    app.run()

src/scripts/lamp/flask-app/add_table.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+/usr/local/pgsql/bin/postgres -F -d 5 -c listen_addresses='' -D /usr/local/pgsql/data/ &
+sleep 90
+echo "POSTGRES READY"
+/bin/python /init_table.py
+sleep 3
+echo "system ready"

src/scripts/lamp/flask-app/gunicornexec.py

@@ -0,0 +1,7 @@
+import re
+import sys
+from gunicorn.app.wsgiapp import run
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    print(sys.argv[0])
+    sys.exit(run())

src/scripts/lamp/flask-app/init_table.py

@@ -0,0 +1,45 @@
+import os
+import psycopg2
+
+
+conn=psycopg2.connect(
+  database="postgres",
+  user="lind",
+  host="/tmp")
+
+# Open a cursor to perform database operations
+cur = conn.cursor()
+
+# Execute a command: this creates a new table
+cur.execute('DROP TABLE IF EXISTS books;')
+cur.execute('CREATE TABLE books (id serial PRIMARY KEY,'
+                                 'title varchar (150) NOT NULL,'
+                                 'author varchar (50) NOT NULL,'
+                                 'pages_num integer NOT NULL,'
+                                 'review text,'
+                                 'date_added date DEFAULT CURRENT_TIMESTAMP);'
+                                 )
+
+# Insert data into the table
+
+cur.execute('INSERT INTO books (title, author, pages_num, review)'
+            'VALUES (%s, %s, %s, %s)',
+            ('A Tale of Two Cities',
+             'Charles Dickens',
+             489,
+             'A great classic!')
+            )
+
+
+cur.execute('INSERT INTO books (title, author, pages_num, review)'
+            'VALUES (%s, %s, %s, %s)',
+            ('Anna Karenina',
+             'Leo Tolstoy',
+             864,
+             'Another great classic!')
+            )
+
+conn.commit()
+
+cur.close()
+conn.close()

src/scripts/lamp/flask-app/load_app.sh

@@ -0,0 +1,10 @@
+lindfs mkdir /templates
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/gunicornexec.py /gunicornexec.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/wsgi.py /wsgi.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/myproject.py /myproject.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/init_table.py /init_table.py
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/add_table.sh /add_table.sh
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/templates/base.html /templates/base.html
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/templates/create.html /templates/create.html
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/templates/index.html /templates/index.html
+lindfs cp /home/lind/lind_project/src/scripts/lamp/flask-app/run_lamp.sh /run_lamp.sh