def main():
# shutil.rmtree("/tmp/users_failed.txt", ignore_errors=True)
# shutil.rmtree("/tmp/users_done.txt", ignore_errors=True)
users_done_old = set()
try:
with open("/tmp/users_done.txt") as handle:
for line in handle:
users_done_old.add(line.strip())
except Exception as err:
log.exception(err)
log.debug("error during read old users done")
opts = BackendConfigReader().read()
log.info("Starting pubkey fill, destdir: {}".format(opts.destdir))
log.debug("list dir: {}".format(os.listdir(opts.destdir)))
for user_name in os.listdir(opts.destdir):
if user_name in users_done_old:
log.info("skipping user: {}".format(user_name))
continue
failed = False
log.info("Started processing user dir: {}".format(user_name))
user_dir = os.path.join(opts.destdir, user_name)
for project_name in os.listdir(user_dir):
log.info("Checking project dir: {}".format(project_name))
try:
get_pubkey(user_name, project_name)
log.info("Key-pair exists for {}/{}".format(
user_name, project_name))
except CoprSignNoKeyError:
create_user_keys(user_name, project_name, opts)
log.info("Created new key-pair for {}/{}".format(
user_name, project_name))
except Exception as err:
log.error(
"Failed to get pubkey for {}/{}, mark as failed, skipping")
log.exception(err)
failed = True
continue
project_dir = os.path.join(user_dir, project_name)
pubkey_path = os.path.join(project_dir, "pubkey.gpg")
if not check_signed_rpms(project_dir, user_name, project_name,
opts):
failed = False
if not check_pubkey(pubkey_path, user_name, project_name, opts):
failed = False
if failed:
with open("/tmp/users_failed.txt", "a") as handle:
handle.write("{}\n".format(user_name))
else:
with open("/tmp/users_done.txt", "a") as handle:
handle.write("{}\n".format(user_name))
def test_get_pubkey_unknown_key(self, mc_popen):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, "unknown key: foobar")
mc_handle.returncode = 1
mc_popen.return_value = mc_handle
with pytest.raises(CoprSignNoKeyError) as err:
get_pubkey(self.username, self.projectname)
assert "There are no gpg keys for user foo in keyring" in str(err)
def test_get_pubkey_unknown_error(self, mc_popen):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, STDERR)
mc_handle.returncode = 1
mc_popen.return_value = mc_handle
with pytest.raises(CoprSignError) as err:
get_pubkey(self.username, self.projectname)
assert "Failed to get user pubkey" in str(err)
def test_get_pubkey_unknown_key(self, mc_popen):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, "unknown key: foobar")
mc_handle.returncode = 1
mc_popen.return_value = mc_handle
with pytest.raises(CoprSignNoKeyError) as err:
get_pubkey(self.username, self.projectname)
assert "There are no gpg keys for user foo in keyring" in str(err)
def test_get_pubkey_unknown_error(self, mc_popen):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, STDERR)
mc_handle.returncode = 1
mc_popen.return_value = mc_handle
with pytest.raises(CoprSignError) as err:
get_pubkey(self.username, self.projectname)
assert "Failed to get user pubkey" in str(err)
def main():
# shutil.rmtree("/tmp/users_failed.txt", ignore_errors=True)
# shutil.rmtree("/tmp/users_done.txt", ignore_errors=True)
users_done_old = set()
try:
with open("/tmp/users_done.txt") as handle:
for line in handle:
users_done_old.add(line.strip())
except Exception as err:
log.exception(err)
log.debug("error during read old users done")
opts = BackendConfigReader().read()
log.info("Starting pubkey fill, destdir: {}".format(opts.destdir))
log.debug("list dir: {}".format(os.listdir(opts.destdir)))
for user_name in os.listdir(opts.destdir):
if user_name in users_done_old:
log.info("skipping user: {}".format(user_name))
continue
failed = False
log.info("Started processing user dir: {}".format(user_name))
user_dir = os.path.join(opts.destdir, user_name)
for project_name in os.listdir(user_dir):
log.info("Checking project dir: {}".format(project_name))
try:
get_pubkey(user_name, project_name)
log.info("Key-pair exists for {}/{}".format(user_name, project_name))
except CoprSignNoKeyError:
create_user_keys(user_name, project_name, opts)
log.info("Created new key-pair for {}/{}".format(user_name, project_name))
except Exception as err:
log.error("Failed to get pubkey for {}/{}, mark as failed, skipping")
log.exception(err)
failed = True
continue
project_dir = os.path.join(user_dir, project_name)
pubkey_path = os.path.join(project_dir, "pubkey.gpg")
if not check_signed_rpms(project_dir, user_name, project_name, opts):
failed = False
if not check_pubkey(pubkey_path, user_name, project_name, opts):
failed = False
if failed:
with open("/tmp/users_failed.txt", "a") as handle:
handle.write("{}\n".format(user_name))
else:
with open("/tmp/users_done.txt", "a") as handle:
handle.write("{}\n".format(user_name))
def check_pubkey(pubkey_path, user, project, opts):
"""
Ensure that pubkey.gpg presented in project/dir
"""
if os.path.exists(pubkey_path):
log.info("Pubkey for {}/{} exists: {}".format(user, project, pubkey_path))
return True
else:
log.info("Missing pubkey for {}/{}".format(user, project))
try:
get_pubkey(user, project, pubkey_path)
return True
except Exception as err:
log.exception(err)
return False
def check_pubkey(pubkey_path, user, project, opts):
"""
Ensure that pubkey.gpg presented in project/dir
"""
if os.path.exists(pubkey_path):
log.info("Pubkey for {}/{} exists: {}".format(user, project, pubkey_path))
return True
else:
log.info("Missing pubkey for {}/{}".format(user, project))
try:
get_pubkey(user, project, pubkey_path)
return True
except Exception as err:
log.exception(err)
return False
def fix_copr(opts, copr_full_name):
log.info('Going to fix {}:'.format(copr_full_name))
owner, coprname = tuple(copr_full_name.split('/'))
copr_path = os.path.abspath(os.path.join(opts.destdir, owner, coprname))
if not os.path.isdir(copr_path):
log.info('Ignoring {}. Directory does not exist.'.format(copr_path))
return
log.info(
'> Generate key-pair on copr-keygen (if not generated) for email {}.'.
format(create_gpg_email(owner, coprname)))
create_user_keys(owner, coprname, opts)
log.info('> Regenerate pubkey.gpg in copr {}.'.format(copr_path))
get_pubkey(owner, coprname, os.path.join(copr_path, 'pubkey.gpg'))
log.info('> Re-sign rpms and call createrepo in copr\'s chroots:')
for dir_name in os.listdir(copr_path):
dir_path = os.path.join(copr_path, dir_name)
if not os.path.isdir(dir_path):
log.info('> > Ignoring {}'.format(dir_path))
continue
for builddir_name in os.listdir(dir_path):
builddir_path = os.path.join(dir_path, builddir_name)
if not os.path.isdir(builddir_path):
continue
log.info(
'> > Processing rpms in builddir {}:'.format(builddir_path))
try:
unsign_rpms_in_dir(
builddir_path, opts, log
) # first we need to unsign by using rpm-sign before we sign with obs-sign
sign_rpms_in_dir(owner, coprname, builddir_path, opts, log)
except Exception as e:
log.exception(str(e))
continue
log.info("> > Running createrepo_unsafe for {}".format(dir_path))
createrepo_unsafe(dir_path)
log.info("> > Running add_appdata for {}".format(dir_path))
add_appdata(dir_path, owner, coprname)
def test_get_pubkey(self, mc_popen):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, STDERR)
mc_handle.returncode = 0
mc_popen.return_value = mc_handle
result = get_pubkey(self.username, self.projectname)
assert result == STDOUT
assert mc_popen.call_args[0][0] == ['sudo', '/bin/sign', '-u', self.usermail, '-p']
def test_get_pubkey(self, mc_popen):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, STDERR)
mc_handle.returncode = 0
mc_popen.return_value = mc_handle
result = get_pubkey(self.username, self.projectname)
assert result == STDOUT
assert mc_popen.call_args[0][0] == ['sudo', '/bin/sign', '-u', self.usermail, '-p']
def fix_copr(opts, copr_full_name):
log.info('Going to fix {}:'.format(copr_full_name))
owner, coprname = tuple(copr_full_name.split('/'))
copr_path = os.path.abspath(os.path.join(opts.destdir, owner, coprname))
if not os.path.isdir(copr_path):
log.info('Ignoring {}. Directory does not exist.'.format(copr_path))
return
log.info('> Generate key-pair on copr-keygen (if not generated) for email {}.'.format(create_gpg_email(owner, coprname)))
create_user_keys(owner, coprname, opts)
log.info('> Regenerate pubkey.gpg in copr {}.'.format(copr_path))
get_pubkey(owner, coprname, os.path.join(copr_path, 'pubkey.gpg'))
log.info('> Re-sign rpms and call createrepo in copr\'s chroots:')
for dir_name in os.listdir(copr_path):
dir_path = os.path.join(copr_path, dir_name)
if not os.path.isdir(dir_path):
log.info('> > Ignoring {}'.format(dir_path))
continue
for builddir_name in os.listdir(dir_path):
builddir_path = os.path.join(dir_path, builddir_name)
if not os.path.isdir(builddir_path):
continue
log.info('> > Processing rpms in builddir {}:'.format(builddir_path))
try:
unsign_rpms_in_dir(builddir_path, opts, log) # first we need to unsign by using rpm-sign before we sign with obs-sign
sign_rpms_in_dir(owner, coprname, builddir_path, opts, log)
except Exception as e:
log.exception(str(e))
continue
log.info("> > Running createrepo_unsafe for {}".format(dir_path))
createrepo_unsafe(dir_path)
log.info("> > Running add_appdata for {}".format(dir_path))
add_appdata(dir_path, owner, coprname)
def test_get_pubkey_outfile(self, mc_popen, tmp_dir):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, STDERR)
mc_handle.returncode = 0
mc_popen.return_value = mc_handle
outfile_path = os.path.join(self.tmp_dir_path, "out.pub")
assert not os.path.exists(outfile_path)
result = get_pubkey(self.username, self.projectname, outfile_path)
assert result == STDOUT
assert os.path.exists(outfile_path)
with open(outfile_path) as handle:
content = handle.read()
assert STDOUT == content
def test_get_pubkey_outfile(self, mc_popen, tmp_dir):
mc_handle = MagicMock()
mc_handle.communicate.return_value = (STDOUT, STDERR)
mc_handle.returncode = 0
mc_popen.return_value = mc_handle
outfile_path = os.path.join(self.tmp_dir_path, "out.pub")
assert not os.path.exists(outfile_path)
result = get_pubkey(self.username, self.projectname, outfile_path)
assert result == STDOUT
assert os.path.exists(outfile_path)
with open(outfile_path) as handle:
content = handle.read()
assert STDOUT == content
def test_get_pubkey_error(self, mc_popen):
mc_popen.side_effect = IOError(STDERR)
with pytest.raises(CoprSignError):
get_pubkey(self.username, self.projectname)
def test_get_pubkey_error(self, mc_popen):
mc_popen.side_effect = IOError(STDERR)
with pytest.raises(CoprSignError):
get_pubkey(self.username, self.projectname)
