Beispiel #1
0
	
	# get the keystore location
	if not options.KEYSTORE_LOCATION:
		options.KEYSTORE_LOCATION = get_keystore_location()

	# build the keystore
	key_db = keystore.KeyStore(options.KEYSTORE_LOCATION)
	key_ids = {}
	for k in ["root", "targets", "release", "timestamp"]:
		threshold = getattr(options, k.upper() + "_THRESHOLD")
		if not threshold and not options.DEFAULT_THRESHOLD: 
			threshold = get_threshold(k)
		elif options.DEFAULT_THRESHOLD:
			threshold = options.DEFAULT_THRESHOLD
		for i in range(threshold):
			key = signerlib.generate_key(options.DEFAULT_KEY_SIZE)
			if TEST: password = '******'
			else: password = signercli._get_password()
			key_db.add_key(key, password)
			try:
				key_ids[k][0].append(key.get_key_id())
			except KeyError:
				key_ids[k] = ([key.get_key_id()], threshold)
	key_db.save()

	# get the server root
	if not options.SERVER_ROOT_LOCATION:
		options.SERVER_ROOT_LOCATION = get_server_root()
	# build the server root
	metadata_loc = options.SERVER_ROOT_LOCATION + pathsep + "meta"
	print metadata_loc
Beispiel #2
0
def genkey(args):
    options, args = getopt.getopt(args, "", ["keystore="])
    keystore = _get_keystore(options)
    # TODO: Allow specifying key length.
    signerlib.generate_key(bits=None, keystore=keystore)
Beispiel #3
0
def update_metadata(keystore_path, project_root, root_cfg_path, server_dir, add_keys, remove_keys, thresholds, keysize, state=BUILD_ROOT):
	logger.info(state)
	# normalize the paths
	metadata_root = os.path.join(server_dir, "meta")
	targets_root = os.path.join(server_dir, "targets")

	# build the keydb
	key_db = keystore.KeyStore(keystore_path)
	if TEST: key_db.load(['test'])
	while True:
		if TEST: break
		line = signercli._get_password("Please input a decryption password for the keystore, or -- to stop: ")
		if line != '--':
			key_db.load([line])
		else:
			break

	# these are the keys we'll sign with and those that will wind up in the
	# root.cfg when we're done
	fuzzy_keys = {'root': set(), 'targets': set(), 'release': set(), 'timestamp': set()}
	if not thresholds:
		thresholds = {	'root': 1, 
				'targets': 1, 
				'release': 1, 
				'timestamp': 1}

	# generate any new keys
	for role, add in add_keys.items():
		if add:
			key = signerlib.generate_key(keysize)
			pw = signercli._get_password()
			key_db.add_key(key, pw)
			fuzzy_keys[role].add(key.get_key_id())
			key_db.save()
			
	# get the config data
	root_cfg = ConfigParser()
	root_cfg.read(root_cfg_path)
	
	# read the config data
	known_keys = list(key_db._keys)
	for role in fuzzy_keys:
		for key_id in root_cfg.get(role, "keyids").split(","):
			if key_id in known_keys:
				fuzzy_keys[role].add(key_id)
		if not thresholds[role]:
			thresholds[role] = root_cfg.get(role, 'threshold')

	# remove any removed keys
	for role in fuzzy_keys:
		fuzzy_keys[role].discard(remove_keys[role])

	# write the results back to the root.cfg
	expiration = root_cfg.get('expiration', 'days')
	keydata = {}
	for role in fuzzy_keys:
		previous_keys = set(root_cfg.get(role, 'keyids').split(','))
		previous_keys.discard(remove_keys[role])
		previous_keys |= set(fuzzy_keys[role])
		if len(previous_keys) < thresholds[role]:
			msg = "Number of keys for %s is less then threshold."
			msg += "Threshold set: %s, keys provided: %s" 
			msg = msg % (role, thresholds[role], previous_keys)
			log.error(msg)
			return
		keydata[role] = (previous_keys, thresholds[role])
	build_root_cfg(server_dir, expiration, keydata)

	# copy the project over to the targets root
	if project_root != targets_root:
		rmtree(targets_root)
		logger.info("removed the tree")
		copytree(project_root, targets_root)
		logger.info("copied the tree")

	# started
	if state == BUILD_ROOT:
		try:
			build_root_txt(root_cfg_path, fuzzy_keys['root'], key_db, metadata_root)
			state += 1
		except Exception, e:
			print e
			logger.info('Quickstart was unable to build root.txt. Please send the incomplete update to your root key holder.')
			logger.info('They can continue the update process by running quickstart with the \'-step build_root\' argument')
			state = FINISH
Beispiel #4
0
def genkey(args):
    options, args = getopt.getopt(args, "", ["keystore="])
    keystore = _get_keystore(options)
    # TODO: Allow specifying key length.
    signerlib.generate_key(bits=None, keystore=keystore)