Example #1
0
    def test_import_conf_ssl_auth(self):
        conf_dir = '/tmp/'
        tarball = 'tests/resources/blade01.tar.gz'
        auth_method = 'ssl'

        data = dict(xmlrpc = dict(host='localhost', port='22017'), gpg='00000')
        self.write_yaml(data)

        import_conf.import_conf(self.user, conf_dir, tarball, self.keyring,
                self.secret_keyring, auth_method, self.gpg_home)

        out = self.load_yaml()

        self.assertEqual(out['gpg'], self.key)
        self.assertEqual(out['xmlrpc']['keyfile'], '/tmp/blade01.key')
        self.assertEqual(out['xmlrpc']['certfile'], '/tmp/blade01.crt')

        public_out,_,_ = run_command(['gpg', '--list-keys', '--keyring',
            self.keyring])
        secret_out,_,_ = run_command(['gpg', '--list-keys', '--keyring',
            self.secret_keyring])

        self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in
                public_out)
        self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in
                secret_out)
Example #2
0
def findbugs(deb, analysis):
    _, err, ret = run_command(["dpkg", "-x", deb, "binary"])

    if ret != 0:
        raise Exception("Cannot extract binary from deb:" + err)

    with cd('binary'):
        # Force english as findbugs is localized
        os.putenv("LANG", "C")
        out, err, _ = run_command(
            ['fb', 'analyze', '-effort:max', '-xml:withMessages', '.'])

        xmlbytes = out.encode("utf-8")

        failed = False
        #        if err.strip() == '':
        #            return (analysis, err, failed)

        for issue in parse_findbugs(xmlbytes):
            analysis.results.append(issue)
            if not failed and issue.severity in [
                    'performance', 'portability', 'error', 'warning'
            ]:
                failed = True

        return (analysis, err, failed, None, None)
Example #3
0
def coccinelle(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-coccinelle"])
    os.environ['COCCI_SUT_TYPE'] = 'debian-source'  # used by coccinelle firehose scripts

    with cd('source-coccinelle'):
        log = ""
        failed = False
        for semantic_patch in list_semantic_patches():
            logger.debug('Running patch: {0}'.format(semantic_patch))
            out, err, ret = run_command([
                "spatch",
                "-D", "firehose",
                "--cocci-file", semantic_patch,
                "--dir", ".",
                "--no-show-diff",
                "--timeout", "120",
            ])

            failed = (ret != 0) or failed
            logger.debug('Spatch output: {0}'.format(out))
            logger.debug('Spatch err: {0}'.format(err))
            parsed_results = parse_coccinelle(out)

            result_count = 0
            for result in parsed_results:
                analysis.results.append(result)
                result_count += 1

            log += "DEAL patch %s\n" % semantic_patch
            log += "  %d results\n" % result_count

    return (analysis, log, failed, None, None)
Example #4
0
def coccinelle(dsc, analysis):

    run_command(["dpkg-source", "-x", dsc, "source"])
    os.environ['COCCI_SUT_TYPE'] = 'debian-source' # used by coccinelle firehose scripts

    with cd('source'):
        log = ""
        failed = False
        for semantic_patch in list_semantic_patches():
            logger.debug('Running patch: {0}'.format(semantic_patch))
            out, err, ret = run_command([
                "spatch",
                "-D", "firehose",
                "--cocci-file", semantic_patch,
                "--dir", ".",
                "--no-show-diff",
                "--timeout", "120",
            ])


            failed = (ret != 0) or failed
            logger.debug('Spatch output: {0}'.format(out))
            logger.debug('Spatch err: {0}'.format(err))
            parsed_results = parse_coccinelle(out)

            result_count = 0
            for result in parsed_results:
                analysis.results.append(result)
                result_count += 1

            log += "DEAL patch %s\n" % semantic_patch
            log += "  %d results\n" % result_count

    return (analysis, log, failed, None, None)
Example #5
0
def coccinelle(dsc, analysis):
    raise NotImplemented("Not ported")

    run_command(["dpkg-source", "-x", dsc, "source"])
    with cd('source'):
        log = ""
        failed = False
        for semantic_patch in list_semantic_patches():
            out, err, ret = run_command([
                "spatch",
                "-D", "firehose",
                "--cocci-file", semantic_patch,
                "--dir", ".",
                "--no-show-diff",
                "--timeout", "120",
            ])
            failed = (ret != 0) or failed

            parsed_results = parse_coccinelle(out)

            result_count = 0
            for result in parsed_results:
                analysis.results.append(result)
                result_count += 1

            log += "DEAL patch %s\n" % semantic_patch
            log += "  %d results\n" % result_count

    return (analysis, log, failed, None)
Example #6
0
    def test_import_conf_ssl_auth(self):
        conf_dir = '/tmp/'
        tarball = 'tests/resources/blade01.tar.gz'
        auth_method = 'ssl'

        data = dict(xmlrpc=dict(host='localhost', port='22017'), gpg='00000')
        self.write_yaml(data)

        import_conf.import_conf(self.user, conf_dir, tarball, self.keyring,
                                self.secret_keyring, auth_method,
                                self.gpg_home)

        out = self.load_yaml()

        self.assertEqual(out['gpg'], self.key)
        self.assertEqual(out['xmlrpc']['keyfile'], '/tmp/blade01.key')
        self.assertEqual(out['xmlrpc']['certfile'], '/tmp/blade01.crt')

        public_out, _, _ = run_command(
            ['gpg', '--list-keys', '--keyring', self.keyring])
        secret_out, _, _ = run_command(
            ['gpg', '--list-keys', '--keyring', self.secret_keyring])

        self.assertTrue(
            'Debile Autobuilder (Debile Slave Key (blade01))' in public_out)
        self.assertTrue(
            'Debile Autobuilder (Debile Slave Key (blade01))' in secret_out)
Example #7
0
def pep8(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-pep8"])
    with cd('source-pep8'):
        out, err, ret = run_command(['pep8', '.'])
        failed = ret != 0

        for issue in parse_pep8(out.splitlines()):
            analysis.results.append(issue)

        return (analysis, out, failed, None, None)
Example #8
0
def roodi(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-roodi"])
    with cd('source-roodi'):
        out, _, ret = run_command(['roodi', '.'])
        failed = ret != 0

        for issue in parse_roodi(out.splitlines()):
            analysis.results.append(issue)

        return (analysis, out, failed, None, None)
Example #9
0
def pep8(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source"])
    with cd("source"):
        out, err, ret = run_command(["pep8", "."])
        failed = ret != 0

        for issue in parse_pep8(out.splitlines()):
            analysis.results.append(issue)

        return (analysis, out, failed, None)
Example #10
0
def jshint(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-jshint"])
    with cd('source-jshint'):
        out, _, ret = run_command(['jshint', '--reporter=checkstyle', '.'])
        failed = ret != 0

        if out is not None:
            for issue in parse_jshint(out.splitlines()):
                analysis.results.append(issue)
        else:
            print "Output of JSHint checker command is None!"

        return (analysis, out, failed, None, None)
Example #11
0
def perlcritic(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-perlcritic"])
    with cd('source-perlcritic'):
        out, _, ret = run_command([
            'perlcritic', '--brutal', '.', '--verbose',
            '%f:%l:%c %s    %p    %m\n'
        ])
        if ret == 1:
            raise Exception("Perlcritic had an internal error")

        failed = ret == 2
        for issue in parse_perlcritic(out.splitlines()):
            analysis.results.append(issue)

        return (analysis, out, failed, None, None)
Example #12
0
def version():
    out, err, ret = run_command([
        'pep8', '--version'
    ])
    if ret != 0:
        raise Exception("pep8 is not installed")
    return ('pep8', out.strip())
Example #13
0
def import_pgp(keyring, keydata):
    """
    keydata should be public key data to be imported to the keyring.
    The return value will be the sha1 fingerprint of the public key added.
    """

    out, err, ret = run_command([
        "gpg", "--batch", "--status-fd", "1", "--no-default-keyring",
        "--keyring", keyring, "--import"
    ],
                                input=keydata)

    fingerprint = None
    for line in out.split("\n"):
        data = line.split()
        if not data or data[0] != "[GNUPG:]":
            continue

        if data[1] == "IMPORT_OK":
            fingerprint = data[3]
            break
    else:
        raise ValueError("GPG failed to import pgp public key")

    return fingerprint
Example #14
0
def arch_matches(arch, alias):
    """
    Check if given arch `arch` matches the other arch `alias`. This is most
    useful for the complex any-* rules.
    """

    if arch == alias:
        return True

    if arch == "all" or arch == "source":
        # These pseudo-arches does not match any wildcards or aliases
        return False

    if alias == "any":
        # The 'any' wildcard matches all *real* architectures
        return True

    if alias == "linux-any":
        # GNU/Linux arches are named <cpuabi>
        # Other Linux arches are named <libc>-linux-<cpuabi>
        return "-" not in arch or "linux" in arch.split("-")

    if alias.endswith("-any"):
        # Non-Linux GNU/<os> arches are named <os>-<cpuabi>
        # Other non-Linux arches are named <libc>-<os>-<cpuabi>
        osname, _ = alias.split("-", 1)
        return osname in arch.split("-")

    if "-" not in arch and "-" not in alias:
        return False

    # This is a f*****g disaster for perf. Do what we can to not get here.
    out, err, ret = run_command(["/usr/bin/dpkg-architecture", "-a%s" % (arch), "-i%s" % (alias)])
    return ret == 0
Example #15
0
def import_pgp(keyring, keydata):
    """
    keydata should be public key data to be imported to the keyring.
    The return value will be the sha1 fingerprint of the public key added.
    """

    out, err, ret = run_command([
        "gpg", "--batch", "--status-fd", "1",
        "--no-default-keyring", "--keyring", keyring,
        "--import"
    ], input=keydata)

    fingerprint = None
    for line in out.split("\n"):
        data = line.split()
        if not data or data[0] != "[GNUPG:]":
            continue

        if data[1] == "IMPORT_OK":
            fingerprint = data[3]
            break
    else:
        raise ValueError("GPG failed to import pgp public key")

    return fingerprint
Example #16
0
def version():
    out, _, ret = run_command(["sbuild", '--version'])
    if ret != 0:
        raise Exception("sbuild is not installed")
    vline = out.splitlines()[0]
    v = VERSION.match(vline)
    vdict = v.groupdict()
    return ('sbuild', vdict['version'])
Example #17
0
def version():
    out, err, ret = run_command([
        'cppcheck', '--version'
    ])
    if ret != 0:
        raise Exception("cppcheck is not installed")
    name, version = out.split(" ")
    return (name, version.strip())
Example #18
0
def version():
    out, err, ret = run_command([
        'fb', '-version'
    ])
    if ret != 0:
        raise Exception("findbugs is not installed")
    name, version = out.split(" ")
    return (name, version.strip())
Example #19
0
def ensure_chroot_sanity(chroot_name):
    out, ret, err = run_command(['schroot', '-l'])
    for chroot in out.splitlines():
        chroot = chroot.strip()
        chroots = [chroot, "chroot:%s" % (chroot)]
        if chroot in chroots:
            return True
    raise ValueError("No such schroot (%s) found." % (chroot_name))
Example #20
0
def sign(changes, gpg):
    if changes.endswith(".dud"):
        out, err, ret = run_command(['gpg', '-u', gpg, '--clearsign', changes])
        if ret != 0:
            print(out)
            print(err)
            raise Exception("bad clearsign")
        os.unlink(changes)
        os.rename("%s.asc" % (changes), changes)
        return
    else:
        out, err, ret = run_command(['debsign', '-k%s' % (gpg), changes])
        if ret != 0:
            print(out)
            print(err)
            raise Exception("bad debsign")
        return
Example #21
0
def version(lintian_binary='lintian'):
    out, err, ret = run_command([
        lintian_binary, '--version'
    ])
    if ret != 0:
        raise Exception(lintian_binary + " is not installed")
    name, version = out.split(" ")
    return (name, version.strip())
Example #22
0
def version():
    out, err, ret = run_command([
        'cppcheck', '--version'
    ])
    if ret != 0:
        raise Exception("cppcheck is not installed")
    name, version = out.split(" ")
    return (name, version.strip())
Example #23
0
def version():
    out, err, ret = run_command(["spatch", "--version"])
    if ret != 0:
        raise Exception("spatch seems not to be installed")
    try:
        out = out.split()[2]  # we only extract the version number
    except:
        out = out.strip()
    return ('coccinelle', out)
Example #24
0
def sbuild(package, suite, affinity, build_arch, build_indep, analysis):
    chroot_name = "{suite}-{affinity}".format(suite=suite, affinity=affinity)

    ensure_chroot_sanity(chroot_name)

    if not package.endswith('.dsc'):
        raise ValueError("WTF")

    sbuild_cmd = ["sbuild",
                  "--dist={suite}".format(suite=suite),
                  "--arch={affinity}".format(affinity=affinity),
                  "--chroot={chroot_name}".format(chroot_name=chroot_name),
                  "--verbose"]
    if build_indep:
        sbuild_cmd += ["-A"]
        if not build_arch:
            sbuild_cmd += ["--debbuildopt=-A"]
    sbuild_cmd += [package]

    out, err, ret = run_command(sbuild_cmd)

    summary = False
    status = None
    failstage = None
    for line in out.splitlines():
        if line == u"│ Summary                                                                      │":
            summary = True
        if summary and line.startswith("Status: "):
            status = line.replace("Status: ", "")
        if summary and line.startswith("Fail-Stage: "):
            failstage = line.replace("Fail-Stage: ", "")

    if (not summary or
            ((status == "failed" or
              status == "skipped") and
             (failstage == "abort" or
              failstage == "init" or
              failstage == "create-session" or
              failstage == "create-build-dir" or
              failstage == "lock-session" or
              failstage == "apt-get-clean" or
              failstage == "apt-get-update" or
              failstage == "apt-get-dist-upgrade" or
              failstage == "apt-get-upgrade" or
              failstage == "arch-check" or
              failstage == "check-space" or
              failstage == "chroot-arch"))):
        raise Exception("Sbuild failed to run. " +
                        "Summary: \"%s\" Status: \"%s\" Fail-Stage: \"%s\"" %
                        (summary, status, failstage))

    ftbfs = ret != 0 or status != "successful"
    base, _ = os.path.basename(package).rsplit(".", 1)
    changes = glob.glob("{base}_*.changes".format(base=base))

    return (analysis, out, ftbfs, changes)
Example #25
0
def version():
    out, _, ret = run_command(["spatch", "--version"])
    if ret != 0:
        raise Exception("spatch seems not to be installed")
    try:
        out = out.split()[2]  # we only extract the version number
    except:
        out = out.strip()

    return ('coccinelle', out)
Example #26
0
    def test_import_pgp_public_key(self):
        with tarfile.open('tests/resources/blade01.tar.gz', 'r:gz') as tf:
            pub_key = import_conf.get_attribute_from_tarfile('key.pub', tf)

        import_conf.import_pgp(self.user, pub_key, 'public', self.keyring,
                self.gpg_home)

        out,_,_ = run_command(['gpg', '--list-keys', '--keyring', self.keyring])

        self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in out)
Example #27
0
def cppcheck(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-cppcheck"])
    with cd('source-cppcheck'):
        _, err, _ = run_command(
            ['cppcheck', '-j8', '--enable=all', '.', '--xml'])

        xmlbytes = err.encode()

        failed = False
        if err.strip() == '':
            return (analysis, err, failed, None, None)

        for issue in parse_cppcheck(xmlbytes):
            analysis.results.append(issue)
            if not failed and issue.severity in [
                    'performance', 'portability', 'error', 'warning'
            ]:
                failed = True

        return (analysis, err, failed, None, None)
Example #28
0
def ensure_chroot_sanity(chroot_name):
    out, ret, err = run_command(['schroot', '-l'])
    for chroot in out.splitlines():
        chroot = chroot.strip()
        chroots = [
            chroot,
            "chroot:%s" % (chroot)
        ]
        if chroot in chroots:
            return True
    raise ValueError("No such schroot (%s) found." % (chroot_name))
Example #29
0
    def test_import_pgp_secret_key(self):
        with tarfile.open('tests/resources/blade01.tar.gz', 'r:gz') as tf:
            priv_key = import_conf.get_attribute_from_tarfile('key.priv', tf)

        import_conf.import_pgp(self.user, priv_key, 'secret',
                               self.secret_keyring, self.gpg_home)

        out, _, _ = run_command(
            ['gpg', '--list-keys', '--keyring', self.secret_keyring])

        self.assertTrue(
            'Debile Autobuilder (Debile Slave Key (blade01))' in out)
Example #30
0
def findbugs(deb, analysis):
    run_command(["dpkg", "-x", deb, "binary"])
    with cd('binary'):
        out, err, ret = run_command([
            'fb', 'analyze', '-effort:max', '-xml:withMessages', '.'
        ])

        xmlbytes = out.encode("utf-8")

        failed = False
#        if err.strip() == '':
#            return (analysis, err, failed)

        for issue in parse_findbugs(xmlbytes):
            analysis.results.append(issue)
            if not failed and issue.severity in [
                'performance', 'portability', 'error', 'warning'
            ]:
                failed = True

        return (analysis, err, failed, None, None)
def desktop_file_validate(package_root, analysis):
    log = ""
    failed = False
    for dirpath, dirnames, filenames in os.walk(package_root):
        for fp in filenames:
            out, _, _ = run_command(['desktop-file-validate', fp])
            for issue in parse_desktop_file_validate(out.splitlines()):
                analysis.results.append(issue)
                failed = True
            log += out
    log = log.strip()
    return (analysis, log, failed, None, None)
Example #32
0
def cppcheck(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-cppcheck"])
    with cd('source-cppcheck'):
        _, err, _ = run_command([
            'cppcheck', '-j8', '--enable=all', '.', '--xml'
        ])

        xmlbytes = err.encode()

        failed = False
        if err.strip() == '':
            return (analysis, err, failed, None, None)

        for issue in parse_cppcheck(xmlbytes):
            analysis.results.append(issue)
            if not failed and issue.severity in [
                'performance', 'portability', 'error', 'warning'
            ]:
                failed = True

        return (analysis, err, failed, None, None)
def desktop_file_validate(package_root, analysis):
    log = ""
    failed = False
    for dirpath, dirnames, filenames in os.walk(package_root):
        for fp in filenames:
            out, err, ret = run_command(['desktop-file-validate', fp])
            for issue in parse_desktop_file_validate(out.splitlines()):
                analysis.results.append(issue)
                failed = True
            log += out
    log = log.strip()
    return (analysis, log, failed, None)
Example #34
0
def pylint(dsc, analysis):
    run_command(["dpkg-source", "-x", dsc, "source-pylint"])
    with cd('source-pylint'):
        sources = find_python_files('.')
        failed = False
        output = ""

        for source in sources:
            out, _, ret = run_command([
                'pylint', '-rn',
                '--msg-template="[{C}]{path}:{line},{column}:({msg_id})[{symbol}]{msg}"',
                source
            ])
            failed = ret != 0

            if out is not None:
                output += out

                for issue in parse_pylint(out.splitlines()):
                    analysis.results.append(issue)

        return (analysis, output, failed, None, None)
Example #35
0
def findbugs(deb, analysis):
    _, err, ret = run_command(["dpkg", "-x", deb, "binary"])

    if ret != 0:
        raise Exception("Cannot extract binary from deb:" + err)

    with cd("binary"):
        # Force english as findbugs is localized
        os.putenv("LANG", "C")
        out, err, _ = run_command(["fb", "analyze", "-effort:max", "-xml:withMessages", "."])

        xmlbytes = out.encode("utf-8")

        failed = False
        #        if err.strip() == '':
        #            return (analysis, err, failed)

        for issue in parse_findbugs(xmlbytes):
            analysis.results.append(issue)
            if not failed and issue.severity in ["performance", "portability", "error", "warning"]:
                failed = True

        return (analysis, err, failed, None, None)
Example #36
0
def fetch_and_upload(dist, source, version, **kwargs):
    from . import DEFAULT_MIRROR
    confFile = "/etc/debile-rebuild.ini"
    config = configparser.ConfigParser({'mirror': DEFAULT_MIRROR})
    if not os.path.isfile(confFile):
        raise Exception("Could not find " + confFile)
    config.read([confFile])
    gpg = config.get('config', 'signing-key')
    target = config.get('config', 'dput-target')
    mirror = config.get('config', 'mirror')

    eversion = version
    if ":" in eversion:
        _, eversion = version.rsplit(":", 1)

    if "incoming.debian.org" == mirror:
        DSC_URL = (
            "http://{mirror}/{source}_{version}.dsc".format(
                source=source,
                version=eversion,
                mirror=mirror,
            ))
    else:
        path = pool_path(source)
        DSC_URL = (
            "http://{mirror}/debian/pool/main/"
            "{path}/{source}_{version}.dsc".format(
                path=path,
                source=source,
                version=eversion,
                mirror=mirror,
            ))

    with tdir() as pth:
        with cd(pth):
            _, err, ret = run_command(['dget', '-u', DSC_URL])
            if ret == 0:
                dsc = os.path.basename(DSC_URL)
                try:
                    changes = write_changes(dsc, dist, **kwargs)
                except MissingChangesFieldException as e:
                    print('Could not issue rebuild. Missing Changes'
                          'Field: {0}'.format(e.value))
                else:
                    out, err = run(['debsign', '-k%s' % gpg, changes])
                    out, err = run(['dput', target, changes])
            else:
                print('Could not download %s' % DSC_URL)
Example #37
0
def lintian(targets, analysis, lintian_binary='lintian'):

    if not isinstance(targets, list):
        targets = [targets]

    log = ""
    failed = False
    for target in targets:
        out, err, ret = run_command([lintian_binary, "-IE", "--pedantic",
                                     "--show-overrides", target])
        for issue in parse_lintian(out.splitlines(), target):
            analysis.results.append(issue)
            if issue.severity == 'error':
                failed = True
        log += out

    return (analysis, log, failed, None, None)
Example #38
0
def fetch_and_upload(dist, source, version, **kwargs):
    from . import DEFAULT_MIRROR
    confFile = "/etc/debile-rebuild.ini"
    config = configparser.ConfigParser({'mirror': DEFAULT_MIRROR})
    if not os.path.isfile(confFile):
        raise Exception("Could not find " + confFile)
    config.read([confFile])
    gpg = config.get('config', 'signing-key')
    target = config.get('config', 'dput-target')
    mirror = config.get('config', 'mirror')

    eversion = version
    if ":" in eversion:
        _, eversion = version.rsplit(":", 1)

    if "incoming.debian.org" == mirror:
        DSC_URL = ("http://{mirror}/{source}_{version}.dsc".format(
            source=source,
            version=eversion,
            mirror=mirror,
        ))
    else:
        path = pool_path(source)
        DSC_URL = ("http://{mirror}/debian/pool/main/"
                   "{path}/{source}_{version}.dsc".format(
                       path=path,
                       source=source,
                       version=eversion,
                       mirror=mirror,
                   ))

    with tdir() as pth:
        with cd(pth):
            _, err, ret = run_command(['dget', '-u', DSC_URL])
            if ret == 0:
                dsc = os.path.basename(DSC_URL)
                try:
                    changes = write_changes(dsc, dist, **kwargs)
                except MissingChangesFieldException as e:
                    print('Could not issue rebuild. Missing Changes'
                          'Field: {0}'.format(e.value))
                else:
                    out, err = run(['debsign', '-k%s' % gpg, changes])
                    out, err = run(['dput', target, changes])
            else:
                print('Could not download %s' % DSC_URL)
Example #39
0
def import_ssl(keyring, certdata, cn=None, email=None):
    """
    certdata should be pem-formated certificate data to be added to the
    keyring. The return value will be the sha1 fingerprint of the certificate
    added.
    """

    # Check that this realy is a pem-formated certificate,
    # and get the fingerprint and subject of the certificate
    out, err, ret = run_command([
        "openssl", "x509", "-noout", "-inform", "pem", "-sha1", "-fingerprint",
        "-subject"
    ],
                                input=certdata)

    fingerprint = None
    subject = None
    for line in out.split("\n"):
        data = line.split("=", 1)

        if data[0] == "SHA1 Fingerprint":
            fingerprint = data[1].replace(':', '')

        if data[0] == "subject":
            subject = data[1].split('/')

    if fingerprint is None or subject is None:
        raise ValueError("OpensSSL failed to parse ssl certificate.")

    # SSLSocket breaks badly on multiple certifiates with the same subject
    # in the keyring, so ensure that it unique to this slave/user.
    if ((cn and not "CN={cn}".format(cn=cn) in subject) or
        (email and not "emailAddress={email}".format(email=email) in subject)):
        raise ValueError(
            "Incorrect subject of ssl certificate (cn=\"%s\", emailAddress=\"%s\", subject=\"%s\")"
            % (cn, email, subject))

    # Add the valid pem-formated certificate to the keyring.
    keyring = open(keyring, 'a')
    fcntl.lockf(keyring, fcntl.LOCK_EX)
    keyring.write(certdata)
    keyring.close()

    return fingerprint
Example #40
0
    def validate_signature(self, keyring):
        """
        Validate the GPG signature of a .changes file.
        """

        (gpg_output, gpg_output_stderr, exit_status) = run_command([
            "gpg",
            "--batch",
            "--status-fd",
            "1",
            "--no-default-keyring",
            "--keyring",
            keyring,
            "--verify",
            self.get_dud_file(),
        ])

        if exit_status == -1:
            raise DudFileException("Unknown problem while verifying signature")

        # contains verbose human readable GPG information
        if self.is_python3:
            gpg_output_stderr = str(gpg_output_stderr, encoding='utf8')

        if self.is_python3:
            gpg_output = gpg_output.decode(encoding='UTF-8')

        if gpg_output.count('[GNUPG:] GOODSIG'):
            pass
        elif gpg_output.count('[GNUPG:] BADSIG'):
            raise DudFileException("Bad signature")
        elif gpg_output.count('[GNUPG:] ERRSIG'):
            raise DudFileException("Error verifying signature")
        elif gpg_output.count('[GNUPG:] NODATA'):
            raise DudFileException("No signature on")
        else:
            raise DudFileException("Unknown problem while verifying signature")

        key = None
        for line in gpg_output.split("\n"):
            if line.startswith('[GNUPG:] VALIDSIG'):
                key = line.split()[2]
        return key
Example #41
0
    def validate_signature(self, keyring):
        """
        Validate the GPG signature of a .changes file.

        Throws a :class:`dput.exceptions.ChangesFileException` if there's
        an issue with the GPG signature. Returns the GPG key ID.
        """

        (gpg_output, gpg_output_stderr, exit_status) = run_command([
            "gpg", "--batch", "--status-fd", "1",
            "--no-default-keyring", "--keyring", keyring,
            "--verify", self.get_changes_file()
        ])

        if exit_status == -1:
            raise ChangesFileException(
                "Unknown problem while verifying signature")

        # contains verbose human readable GPG information
        if self.is_python3:
            gpg_output_stderr = str(gpg_output_stderr, encoding='utf8')

        if self.is_python3:
            gpg_output = gpg_output.decode(encoding='UTF-8')

        if gpg_output.count('[GNUPG:] GOODSIG'):
            pass
        elif gpg_output.count('[GNUPG:] BADSIG'):
            raise ChangesFileException("Bad signature")
        elif gpg_output.count('[GNUPG:] ERRSIG'):
            raise ChangesFileException("Error verifying signature")
        elif gpg_output.count('[GNUPG:] NODATA'):
            raise ChangesFileException("No signature on")
        else:
            raise ChangesFileException(
                "Unknown problem while verifying signature"
            )

        key = None
        for line in gpg_output.split("\n"):
            if line.startswith('[GNUPG:] VALIDSIG'):
                key = line.split()[2]
        return key
Example #42
0
def import_ssl(keyring, certdata, cn=None, email=None):
    """
    certdata should be pem-formated certificate data to be added to the
    keyring. The return value will be the sha1 fingerprint of the certificate
    added.
    """

    # Check that this realy is a pem-formated certificate,
    # and get the fingerprint and subject of the certificate
    out, err, ret = run_command([
        "openssl", "x509", "-noout", "-inform", "pem", "-sha1",
        "-fingerprint", "-subject"
    ], input=certdata)

    fingerprint = None
    subject = None
    for line in out.split("\n"):
        data = line.split("=", 1)

        if data[0] == "SHA1 Fingerprint":
            fingerprint = data[1].replace(':', '')

        if data[0] == "subject":
            subject = data[1].split('/')

    if fingerprint is None or subject is None:
        raise ValueError("OpensSSL failed to parse ssl certificate.")

    # SSLSocket breaks badly on multiple certifiates with the same subject
    # in the keyring, so ensure that it unique to this slave/user.
    if ((cn and not "CN={cn}".format(cn=cn) in subject) or
            (email and not "emailAddress={email}".format(email=email) in subject)):
        raise ValueError("Incorrect subject of ssl certificate (cn=\"%s\", emailAddress=\"%s\", subject=\"%s\")" %
                         (cn, email, subject))

    # Add the valid pem-formated certificate to the keyring.
    keyring = open(keyring, 'a')
    fcntl.lockf(keyring, fcntl.LOCK_EX)
    keyring.write(certdata)
    keyring.close()

    return fingerprint
Example #43
0
def import_pgp(user, pgp_key, key_type, keyring, gpg_home_dir):
    ensure_uid(user)

    if key_type == 'public':
        keyring_type = '--keyring'
    elif key_type == 'secret':
        keyring_type = '--secret-keyring'
    else:
        print("You must specify the type of imported key.")
        raise GpgImportException

    out, err, code = run_command(['gpg', '--batch', '--import', '--status-fd',
                                  '1', '--no-default-keyring', '--homedir',
                                  gpg_home_dir, keyring_type, keyring],
                                  input=pgp_key)

    if code != 0:
        print("STDERR: {0}".format(err))
        print("GPG import failed: {0}".format(code))
        raise GpgImportException
Example #44
0
def arch_matches(arch, alias):
    """
    Check if given arch `arch` matches the other arch `alias`. This is most
    useful for the complex any-* rules.
    """

    if arch == alias:
        return True

    if arch == 'all' or arch == 'source':
        # These pseudo-arches does not match any wildcards or aliases
        return False

    if alias == 'any':
        # The 'any' wildcard matches all *real* architectures
        return True

    if alias == 'linux-any':
        # GNU/Linux arches are named <cpuabi>
        # Other Linux arches are named <libc>-linux-<cpuabi>
        return '-' not in arch or 'linux' in arch.split('-')

    if alias.endswith('-any'):
        # Non-Linux GNU/<os> arches are named <os>-<cpuabi>
        # Other non-Linux arches are named <libc>-<os>-<cpuabi>
        osname, _ = alias.split('-', 1)
        return osname in arch.split('-')

    if "-" not in arch and "-" not in alias:
        return False

    # This is a f*****g disaster for perf. Do what we can to not get here.
    out, err, ret = run_command(
        ["/usr/bin/dpkg-architecture",
         "-a%s" % (arch),
         "-i%s" % (alias)])
    return ret == 0
Example #45
0
def version():
    out, _, ret = run_command(['perlcritic', '--version'])
    if ret != 0:
        raise Exception("perlcritic is not installed")
    return ('perlcritic', out.strip())
def run(dsc, source, job, firehose):
    run_command(["dpkg-source", "-x", dsc, "source"])
    with cd('source'):
        return desktop_file_validate('source', firehose)
Example #47
0
def version():
    out, err, ret = run_command(['fb', '-version'])
    if ret != 0:
        raise Exception("findbugs is not installed")
    name, version = out.split(" ")
    return (name, version.strip())
Example #48
0
 def _exec(self, *args):
     cmd = ["reprepro", "-Vb", self.root] + list(args)
     out, err, ret = run_command(cmd)
     if ret != 0:
         raise RepoException(ret)
     return (out, err, ret)
Example #49
0
def version():
    out, _, ret = run_command(['fb', '-version'])
    if ret != 0:
        raise Exception("findbugs is not installed")
    version = out.strip()
    return ('findbugs', version.strip())
Example #50
0
def sbuild(package, maintainer, suite, affinity, build_arch, build_indep, analysis, clang=False):
    chroot_name = "{suite}-{affinity}".format(suite=suite, affinity=affinity)

    ensure_chroot_sanity(chroot_name)

    if not package.endswith('.dsc'):
        raise ValueError("WTF")

    sbuild_cmd = ["sbuild",
                  "--dist={suite}".format(suite=suite),
                  "--arch={affinity}".format(affinity=affinity),
                  "--chroot={chroot_name}".format(chroot_name=chroot_name),
                  "--verbose"]

    if build_indep:
        sbuild_cmd += ["-A"]
        if not build_arch:
            sbuild_cmd += ["--only-arch-all"]
    if maintainer:
        sbuild_cmd += ["--maintainer={maintainer}".format(maintainer=maintainer)]

    if clang:
        sbuild_cmd += ["--chroot-system-setup-commands", "/usr/share/debile-slave/debile-slave-switch-to-clang"]

    sbuild_cmd += [package]

    out, err, ret = run_command(sbuild_cmd)

    summary = False
    status = None
    failstage = None
    for line in out.splitlines():
        if line == u"│ Summary                                                                      │":
            summary = True
        if summary and line.startswith("Status: "):
            status = line.replace("Status: ", "")
        if summary and line.startswith("Fail-Stage: "):
            failstage = line.replace("Fail-Stage: ", "")

    if (not summary or
            ((status == "failed" or
              status == "skipped") and
             (failstage == "abort" or
              failstage == "init" or
              failstage == "create-session" or
              failstage == "create-build-dir" or
              failstage == "lock-session" or
              failstage == "apt-get-clean" or
              failstage == "apt-get-update" or
              failstage == "apt-get-dist-upgrade" or
              failstage == "apt-get-upgrade" or
              failstage == "arch-check" or
              failstage == "check-space" or
              failstage == "chroot-arch"))):
        raise Exception("Sbuild failed to run. " +
                        "Summary: \"%s\" Status: \"%s\" Fail-Stage: \"%s\"" %
                        (summary, status, failstage))

    ftbfs = ret != 0 or status != "successful"
    base, _ = os.path.basename(package).rsplit(".", 1)
    changes = glob.glob("{base}_*.changes".format(base=base))

    return (analysis, out, ftbfs, changes)
Example #51
0
def version():
    out, err, ret = run_command(['pep8', '--version'])
    if ret != 0:
        raise Exception("pep8 is not installed")
    return ('pep8', out.strip())