Ejemplo n.º 1
0
    def archive_finalize(self, arc, metadata):

        # get settings
        settings = _get_settings('info_readme')
        if settings['info_readme_enable'] != 'enabled':
            return None
        if not settings['info_readme_filename']:
            raise PluginError('No filename set')
        if not settings['info_readme_template']:
            raise PluginError('No template set')

        # does the readme file already exist?
        if _archive_get_files_from_glob(arc, settings['info_readme_filename']):
            print("archive already has %s" % settings['info_readme_filename'])
            return

        # read in the file and do substititons
        try:
            template = open(settings['info_readme_template'], 'rb').read()
        except IOError as e:
            raise PluginError(e)
        for key in metadata:
            template = template.replace(key, metadata[key])

        # add it to the archive
        _archive_add(arc, settings['info_readme_filename'],
                     template.encode('utf-8'))
Ejemplo n.º 2
0
    def file_modified(self, fn):

        # is the file in the whitelist
        settings = _get_settings('cdn_sync')
        if settings['cdn_sync_enable'] != 'enabled':
            return
        fns = settings['cdn_sync_files']
        if not fns:
            raise PluginError('No file whitelist set')
        basename = os.path.basename(fn)
        if basename not in fns.split(','):
            print('%s not in %s' % (basename, fns))
            return

        # bucket not set
        if not settings['cdn_sync_bucket']:
            raise PluginError('No bucket set')

        # upload
        try:
            key = os.path.join(settings['cdn_sync_folder'],
                               os.path.basename(fn))
            session = boto3.Session(
                aws_access_key_id=settings['cdn_sync_username'],
                aws_secret_access_key=settings['cdn_sync_password'],
                region_name=settings['cdn_sync_region'])
            s3 = session.resource('s3')
            bucket = s3.Bucket(settings['cdn_sync_bucket'])
            bucket.Acl().put(ACL='public-read')
            print("uploading %s as %s" % (fn, key))
            blob = open(fn, 'rb').read()
            obj = bucket.put_object(Key=key, Body=blob)
            obj.Acl().put(ACL='public-read')
        except BaseException as e:
            raise PluginError(e)
Ejemplo n.º 3
0
    def archive_copy(self, arc, firmware_cff):

        settings = _get_settings('wu_copy')
        fn = _get_basename_safe(firmware_cff.get_name())
        if fn.endswith('.inf') and settings['wu_copy_inf'] == 'enabled':
            _archive_add(arc, fn, firmware_cff.get_bytes().get_data())
        if fn.endswith('.cat') and settings['wu_copy_cat'] == 'enabled':
            _archive_add(arc, fn, firmware_cff.get_bytes().get_data())
Ejemplo n.º 4
0
    def _metadata_modified(self, fn):

        # plugin not enabled
        settings = _get_settings('sign_sigul')
        if settings['sign_sigul_enable'] != 'enabled':
            return

        # generate
        blob_asc = _sigul_detached_sign_data(open(fn, 'rb').read(),
                                             settings['sign_sigul_config_file'],
                                             settings['sign_sigul_metadata_key'])
        fn_asc = fn + '.asc'
        with open(fn_asc, 'w') as f:
            f.write(blob_asc)

        # inform the plugin loader
        ploader.file_modified(fn_asc)
Ejemplo n.º 5
0
    def archive_sign(self, arc, firmware_cff):

        # plugin not enabled
        settings = _get_settings('sign_sigul')
        if settings['sign_sigul_enable'] != 'enabled':
            return

        # already signed
        detached_fn = _get_basename_safe(firmware_cff.get_name() + '.asc')
        if _archive_get_files_from_glob(arc, detached_fn):
            return

        # create the detached signature
        blob_asc = _sigul_detached_sign_data(firmware_cff.get_bytes().get_data(),
                                             settings['sign_sigul_config_file'],
                                             settings['sign_sigul_firmware_key'])

        # add it to the archive
        _archive_add(arc, detached_fn, blob_asc.encode('utf-8'))
Ejemplo n.º 6
0
    def _sign_blob(self, contents):

        # get settings
        settings = _get_settings('sign_pkcs7')
        if settings['sign_pkcs7_enable'] != 'enabled':
            return None
        if not settings['sign_pkcs7_privkey']:
            raise PluginError('No private key set')
        if not settings['sign_pkcs7_certificate']:
            raise PluginError('No certificate set')

        # write firmware to temp file
        src = tempfile.NamedTemporaryFile(mode='wb',
                                          prefix='pkcs7_',
                                          suffix=".bin",
                                          dir=None,
                                          delete=True)
        src.write(contents)
        src.flush()

        # get p7b file from temp file
        dst = tempfile.NamedTemporaryFile(mode='wb',
                                          prefix='pkcs7_',
                                          suffix=".p7b",
                                          dir=None,
                                          delete=True)

        # sign
        argv = [
            'certtool', '--p7-detached-sign', '--p7-time', '--load-privkey',
            settings['sign_pkcs7_privkey'], '--load-certificate',
            settings['sign_pkcs7_certificate'], '--infile', src.name,
            '--outfile', dst.name
        ]
        ps = subprocess.Popen(argv,
                              stdout=subprocess.PIPE,
                              stderr=subprocess.PIPE)
        if ps.wait() != 0:
            raise PluginError('Failed to sign: %s' % ps.stderr.read())

        # read back the temp file
        return open(dst.name, 'rb').read()
Ejemplo n.º 7
0
    def file_modified(self, fn):

        # is the file in the whitelist
        settings = _get_settings('cdn_purge')
        if settings['cdn_purge_enable'] != 'enabled':
            return
        fns = settings['cdn_purge_files']
        if not fns:
            raise PluginError('No file whitelist set')
        basename = os.path.basename(fn)
        if not _basename_matches_globs(basename, fns.split(',')):
            print('%s not in %s' % (basename, fns))
            return

        # URI not set
        if not settings['cdn_purge_uri']:
            raise PluginError('No URI set')
        if not settings['cdn_purge_method']:
            raise PluginError('No request method set')

        # purge
        url = settings['cdn_purge_uri'] + basename
        headers = {}
        if settings['cdn_purge_accesskey']:
            headers['AccessKey'] = settings['cdn_purge_accesskey']
        r = requests.request(settings['cdn_purge_method'],
                             url,
                             headers=headers)
        if r.text:
            try:
                response = json.loads(r.text)
                if response['status'] != 'ok':
                    raise PluginError('Failed to purge metadata on CDN: ' +
                                      r.text)
            except ValueError as e:
                # BunnyCDN doesn't sent a JSON blob
                raise PluginError('Failed to purge metadata on CDN: %s: %s' %
                                  (r.text, str(e)))
Ejemplo n.º 8
0
    def _metadata_modified(self, fn):

        # plugin not enabled
        settings = _get_settings('sign_gpg')
        if settings['sign_gpg_enable'] != 'enabled':
            return

        # generate
        if not settings['sign_gpg_keyring_dir']:
            raise PluginError('No keyring directory set')
        if not settings['sign_gpg_metadata_uid']:
            raise PluginError('No metadata signing UID set')
        affidavit = Affidavit(settings['sign_gpg_metadata_uid'],
                              settings['sign_gpg_keyring_dir'])
        if not affidavit:
            return
        blob = open(fn, 'rb').read()
        blob_asc = affidavit.create(blob)
        fn_asc = fn + '.asc'
        with open(fn_asc, 'w') as f:
            f.write(blob_asc)

        # inform the plugin loader
        ploader.file_modified(fn_asc)
Ejemplo n.º 9
0
    def archive_sign(self, arc, firmware_cff):

        # plugin not enabled
        settings = _get_settings('sign_gpg')
        if settings['sign_gpg_enable'] != 'enabled':
            return

        # already signed
        detached_fn = _get_basename_safe(firmware_cff.get_name() + '.asc')
        if _archive_get_files_from_glob(arc, detached_fn):
            return

        # create the detached signature
        if not settings['sign_gpg_keyring_dir']:
            raise PluginError('No keyring directory set')
        if not settings['sign_gpg_firmware_uid']:
            raise PluginError('No firmware signing UID set')
        affidavit = Affidavit(settings['sign_gpg_firmware_uid'],
                              settings['sign_gpg_keyring_dir'])
        contents = firmware_cff.get_bytes().get_data()
        contents_asc = affidavit.create(contents)

        # add it to the archive
        _archive_add(arc, detached_fn, contents_asc.encode('utf-8'))
Ejemplo n.º 10
0
    def file_modified(self, fn):

        # is the file in the whitelist
        settings = _get_settings('cdn_purge')
        if settings['cdn_purge_enable'] != 'enabled':
            return
        fns = settings['cdn_purge_files']
        if not fns:
            raise PluginError('No file whitelist set')
        basename = os.path.basename(fn)
        if not _basename_matches_globs(basename, fns.split(',')):
            print('%s not in %s' % (basename, fns))
            return

        # URI not set
        if not settings['cdn_purge_uri']:
            raise PluginError('No URI set')

        # purge
        url = settings['cdn_purge_uri'] + basename
        headers = {'AccessKey': settings['cdn_purge_accesskey']}
        r = requests.get(url, headers=headers)
        if r.text:
            raise PluginError('Failed to purge metadata on CDN: ' + r.text)
Ejemplo n.º 11
0
#
# Copyright (C) 2018 Richard Hughes <*****@*****.**>
# Licensed under the GNU General Public License Version 2
#
# pylint: disable=no-self-use,no-member,unexpected-keyword-arg

import uuid

from flask import session, request
from flask_oauthlib.client import OAuth, OAuthException

from app import oauth
from app.pluginloader import PluginBase, PluginSettingBool, PluginSettingText, PluginError
from app.util import _get_settings

settings = _get_settings('auth_azure')
if 'auth_azure_consumer_key' in settings and settings['auth_azure_consumer_key']:
    remote_app = oauth.remote_app(
        'microsoft',
        consumer_key=settings['auth_azure_consumer_key'],
        consumer_secret=settings['auth_azure_consumer_secret'],
        request_token_params={'scope': 'offline_access User.Read'},
        base_url='https://graph.microsoft.com/v1.0/',
        request_token_url=None,
        access_token_method='POST',
        access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
        authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
    )

    @remote_app.tokengetter
    def get_auth_azure_token():