def test_import_conf_ssl_auth(self):
conf_dir = '/tmp/'
tarball = 'tests/resources/blade01.tar.gz'
auth_method = 'ssl'
data = dict(xmlrpc = dict(host='localhost', port='22017'), gpg='00000')
self.write_yaml(data)
import_conf.import_conf(self.user, conf_dir, tarball, self.keyring,
self.secret_keyring, auth_method, self.gpg_home)
out = self.load_yaml()
self.assertEqual(out['gpg'], self.key)
self.assertEqual(out['xmlrpc']['keyfile'], '/tmp/blade01.key')
self.assertEqual(out['xmlrpc']['certfile'], '/tmp/blade01.crt')
public_out,_,_ = run_command(['gpg', '--list-keys', '--keyring',
self.keyring])
secret_out,_,_ = run_command(['gpg', '--list-keys', '--keyring',
self.secret_keyring])
self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in
public_out)
self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in
secret_out)
def findbugs(deb, analysis):
_, err, ret = run_command(["dpkg", "-x", deb, "binary"])
if ret != 0:
raise Exception("Cannot extract binary from deb:" + err)
with cd('binary'):
# Force english as findbugs is localized
os.putenv("LANG", "C")
out, err, _ = run_command(
['fb', 'analyze', '-effort:max', '-xml:withMessages', '.'])
xmlbytes = out.encode("utf-8")
failed = False
# if err.strip() == '':
# return (analysis, err, failed)
for issue in parse_findbugs(xmlbytes):
analysis.results.append(issue)
if not failed and issue.severity in [
'performance', 'portability', 'error', 'warning'
]:
failed = True
return (analysis, err, failed, None, None)
def coccinelle(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-coccinelle"])
os.environ['COCCI_SUT_TYPE'] = 'debian-source' # used by coccinelle firehose scripts
with cd('source-coccinelle'):
log = ""
failed = False
for semantic_patch in list_semantic_patches():
logger.debug('Running patch: {0}'.format(semantic_patch))
out, err, ret = run_command([
"spatch",
"-D", "firehose",
"--cocci-file", semantic_patch,
"--dir", ".",
"--no-show-diff",
"--timeout", "120",
])
failed = (ret != 0) or failed
logger.debug('Spatch output: {0}'.format(out))
logger.debug('Spatch err: {0}'.format(err))
parsed_results = parse_coccinelle(out)
result_count = 0
for result in parsed_results:
analysis.results.append(result)
result_count += 1
log += "DEAL patch %s\n" % semantic_patch
log += " %d results\n" % result_count
return (analysis, log, failed, None, None)
def coccinelle(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source"])
os.environ['COCCI_SUT_TYPE'] = 'debian-source' # used by coccinelle firehose scripts
with cd('source'):
log = ""
failed = False
for semantic_patch in list_semantic_patches():
logger.debug('Running patch: {0}'.format(semantic_patch))
out, err, ret = run_command([
"spatch",
"-D", "firehose",
"--cocci-file", semantic_patch,
"--dir", ".",
"--no-show-diff",
"--timeout", "120",
])
failed = (ret != 0) or failed
logger.debug('Spatch output: {0}'.format(out))
logger.debug('Spatch err: {0}'.format(err))
parsed_results = parse_coccinelle(out)
result_count = 0
for result in parsed_results:
analysis.results.append(result)
result_count += 1
log += "DEAL patch %s\n" % semantic_patch
log += " %d results\n" % result_count
return (analysis, log, failed, None, None)
def coccinelle(dsc, analysis):
raise NotImplemented("Not ported")
run_command(["dpkg-source", "-x", dsc, "source"])
with cd('source'):
log = ""
failed = False
for semantic_patch in list_semantic_patches():
out, err, ret = run_command([
"spatch",
"-D", "firehose",
"--cocci-file", semantic_patch,
"--dir", ".",
"--no-show-diff",
"--timeout", "120",
])
failed = (ret != 0) or failed
parsed_results = parse_coccinelle(out)
result_count = 0
for result in parsed_results:
analysis.results.append(result)
result_count += 1
log += "DEAL patch %s\n" % semantic_patch
log += " %d results\n" % result_count
return (analysis, log, failed, None)
def test_import_conf_ssl_auth(self):
conf_dir = '/tmp/'
tarball = 'tests/resources/blade01.tar.gz'
auth_method = 'ssl'
data = dict(xmlrpc=dict(host='localhost', port='22017'), gpg='00000')
self.write_yaml(data)
import_conf.import_conf(self.user, conf_dir, tarball, self.keyring,
self.secret_keyring, auth_method,
self.gpg_home)
out = self.load_yaml()
self.assertEqual(out['gpg'], self.key)
self.assertEqual(out['xmlrpc']['keyfile'], '/tmp/blade01.key')
self.assertEqual(out['xmlrpc']['certfile'], '/tmp/blade01.crt')
public_out, _, _ = run_command(
['gpg', '--list-keys', '--keyring', self.keyring])
secret_out, _, _ = run_command(
['gpg', '--list-keys', '--keyring', self.secret_keyring])
self.assertTrue(
'Debile Autobuilder (Debile Slave Key (blade01))' in public_out)
self.assertTrue(
'Debile Autobuilder (Debile Slave Key (blade01))' in secret_out)
def pep8(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-pep8"])
with cd('source-pep8'):
out, err, ret = run_command(['pep8', '.'])
failed = ret != 0
for issue in parse_pep8(out.splitlines()):
analysis.results.append(issue)
return (analysis, out, failed, None, None)
def roodi(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-roodi"])
with cd('source-roodi'):
out, _, ret = run_command(['roodi', '.'])
failed = ret != 0
for issue in parse_roodi(out.splitlines()):
analysis.results.append(issue)
return (analysis, out, failed, None, None)
def pep8(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source"])
with cd("source"):
out, err, ret = run_command(["pep8", "."])
failed = ret != 0
for issue in parse_pep8(out.splitlines()):
analysis.results.append(issue)
return (analysis, out, failed, None)
def jshint(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-jshint"])
with cd('source-jshint'):
out, _, ret = run_command(['jshint', '--reporter=checkstyle', '.'])
failed = ret != 0
if out is not None:
for issue in parse_jshint(out.splitlines()):
analysis.results.append(issue)
else:
print "Output of JSHint checker command is None!"
return (analysis, out, failed, None, None)
def perlcritic(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-perlcritic"])
with cd('source-perlcritic'):
out, _, ret = run_command([
'perlcritic', '--brutal', '.', '--verbose',
'%f:%l:%c %s %p %m\n'
])
if ret == 1:
raise Exception("Perlcritic had an internal error")
failed = ret == 2
for issue in parse_perlcritic(out.splitlines()):
analysis.results.append(issue)
return (analysis, out, failed, None, None)
def version():
out, err, ret = run_command([
'pep8', '--version'
])
if ret != 0:
raise Exception("pep8 is not installed")
return ('pep8', out.strip())
def import_pgp(keyring, keydata):
"""
keydata should be public key data to be imported to the keyring.
The return value will be the sha1 fingerprint of the public key added.
"""
out, err, ret = run_command([
"gpg", "--batch", "--status-fd", "1", "--no-default-keyring",
"--keyring", keyring, "--import"
],
input=keydata)
fingerprint = None
for line in out.split("\n"):
data = line.split()
if not data or data[0] != "[GNUPG:]":
continue
if data[1] == "IMPORT_OK":
fingerprint = data[3]
break
else:
raise ValueError("GPG failed to import pgp public key")
return fingerprint
def arch_matches(arch, alias):
"""
Check if given arch `arch` matches the other arch `alias`. This is most
useful for the complex any-* rules.
"""
if arch == alias:
return True
if arch == "all" or arch == "source":
# These pseudo-arches does not match any wildcards or aliases
return False
if alias == "any":
# The 'any' wildcard matches all *real* architectures
return True
if alias == "linux-any":
# GNU/Linux arches are named <cpuabi>
# Other Linux arches are named <libc>-linux-<cpuabi>
return "-" not in arch or "linux" in arch.split("-")
if alias.endswith("-any"):
# Non-Linux GNU/<os> arches are named <os>-<cpuabi>
# Other non-Linux arches are named <libc>-<os>-<cpuabi>
osname, _ = alias.split("-", 1)
return osname in arch.split("-")
if "-" not in arch and "-" not in alias:
return False
# This is a f*****g disaster for perf. Do what we can to not get here.
out, err, ret = run_command(["/usr/bin/dpkg-architecture", "-a%s" % (arch), "-i%s" % (alias)])
return ret == 0
def import_pgp(keyring, keydata):
"""
keydata should be public key data to be imported to the keyring.
The return value will be the sha1 fingerprint of the public key added.
"""
out, err, ret = run_command([
"gpg", "--batch", "--status-fd", "1",
"--no-default-keyring", "--keyring", keyring,
"--import"
], input=keydata)
fingerprint = None
for line in out.split("\n"):
data = line.split()
if not data or data[0] != "[GNUPG:]":
continue
if data[1] == "IMPORT_OK":
fingerprint = data[3]
break
else:
raise ValueError("GPG failed to import pgp public key")
return fingerprint
def version():
out, _, ret = run_command(["sbuild", '--version'])
if ret != 0:
raise Exception("sbuild is not installed")
vline = out.splitlines()[0]
v = VERSION.match(vline)
vdict = v.groupdict()
return ('sbuild', vdict['version'])
def version():
out, err, ret = run_command([
'cppcheck', '--version'
])
if ret != 0:
raise Exception("cppcheck is not installed")
name, version = out.split(" ")
return (name, version.strip())
def version():
out, err, ret = run_command([
'fb', '-version'
])
if ret != 0:
raise Exception("findbugs is not installed")
name, version = out.split(" ")
return (name, version.strip())
def ensure_chroot_sanity(chroot_name):
out, ret, err = run_command(['schroot', '-l'])
for chroot in out.splitlines():
chroot = chroot.strip()
chroots = [chroot, "chroot:%s" % (chroot)]
if chroot in chroots:
return True
raise ValueError("No such schroot (%s) found." % (chroot_name))
def sign(changes, gpg):
if changes.endswith(".dud"):
out, err, ret = run_command(['gpg', '-u', gpg, '--clearsign', changes])
if ret != 0:
print(out)
print(err)
raise Exception("bad clearsign")
os.unlink(changes)
os.rename("%s.asc" % (changes), changes)
return
else:
out, err, ret = run_command(['debsign', '-k%s' % (gpg), changes])
if ret != 0:
print(out)
print(err)
raise Exception("bad debsign")
return
def version(lintian_binary='lintian'):
out, err, ret = run_command([
lintian_binary, '--version'
])
if ret != 0:
raise Exception(lintian_binary + " is not installed")
name, version = out.split(" ")
return (name, version.strip())
def version():
out, err, ret = run_command([
'cppcheck', '--version'
])
if ret != 0:
raise Exception("cppcheck is not installed")
name, version = out.split(" ")
return (name, version.strip())
def version():
out, err, ret = run_command(["spatch", "--version"])
if ret != 0:
raise Exception("spatch seems not to be installed")
try:
out = out.split()[2] # we only extract the version number
except:
out = out.strip()
return ('coccinelle', out)
def sbuild(package, suite, affinity, build_arch, build_indep, analysis):
chroot_name = "{suite}-{affinity}".format(suite=suite, affinity=affinity)
ensure_chroot_sanity(chroot_name)
if not package.endswith('.dsc'):
raise ValueError("WTF")
sbuild_cmd = ["sbuild",
"--dist={suite}".format(suite=suite),
"--arch={affinity}".format(affinity=affinity),
"--chroot={chroot_name}".format(chroot_name=chroot_name),
"--verbose"]
if build_indep:
sbuild_cmd += ["-A"]
if not build_arch:
sbuild_cmd += ["--debbuildopt=-A"]
sbuild_cmd += [package]
out, err, ret = run_command(sbuild_cmd)
summary = False
status = None
failstage = None
for line in out.splitlines():
if line == u"│ Summary │":
summary = True
if summary and line.startswith("Status: "):
status = line.replace("Status: ", "")
if summary and line.startswith("Fail-Stage: "):
failstage = line.replace("Fail-Stage: ", "")
if (not summary or
((status == "failed" or
status == "skipped") and
(failstage == "abort" or
failstage == "init" or
failstage == "create-session" or
failstage == "create-build-dir" or
failstage == "lock-session" or
failstage == "apt-get-clean" or
failstage == "apt-get-update" or
failstage == "apt-get-dist-upgrade" or
failstage == "apt-get-upgrade" or
failstage == "arch-check" or
failstage == "check-space" or
failstage == "chroot-arch"))):
raise Exception("Sbuild failed to run. " +
"Summary: \"%s\" Status: \"%s\" Fail-Stage: \"%s\"" %
(summary, status, failstage))
ftbfs = ret != 0 or status != "successful"
base, _ = os.path.basename(package).rsplit(".", 1)
changes = glob.glob("{base}_*.changes".format(base=base))
return (analysis, out, ftbfs, changes)
def version():
out, _, ret = run_command(["spatch", "--version"])
if ret != 0:
raise Exception("spatch seems not to be installed")
try:
out = out.split()[2] # we only extract the version number
except:
out = out.strip()
return ('coccinelle', out)
def test_import_pgp_public_key(self):
with tarfile.open('tests/resources/blade01.tar.gz', 'r:gz') as tf:
pub_key = import_conf.get_attribute_from_tarfile('key.pub', tf)
import_conf.import_pgp(self.user, pub_key, 'public', self.keyring,
self.gpg_home)
out,_,_ = run_command(['gpg', '--list-keys', '--keyring', self.keyring])
self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in out)
def cppcheck(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-cppcheck"])
with cd('source-cppcheck'):
_, err, _ = run_command(
['cppcheck', '-j8', '--enable=all', '.', '--xml'])
xmlbytes = err.encode()
failed = False
if err.strip() == '':
return (analysis, err, failed, None, None)
for issue in parse_cppcheck(xmlbytes):
analysis.results.append(issue)
if not failed and issue.severity in [
'performance', 'portability', 'error', 'warning'
]:
failed = True
return (analysis, err, failed, None, None)
def ensure_chroot_sanity(chroot_name):
out, ret, err = run_command(['schroot', '-l'])
for chroot in out.splitlines():
chroot = chroot.strip()
chroots = [
chroot,
"chroot:%s" % (chroot)
]
if chroot in chroots:
return True
raise ValueError("No such schroot (%s) found." % (chroot_name))
def test_import_pgp_secret_key(self):
with tarfile.open('tests/resources/blade01.tar.gz', 'r:gz') as tf:
priv_key = import_conf.get_attribute_from_tarfile('key.priv', tf)
import_conf.import_pgp(self.user, priv_key, 'secret',
self.secret_keyring, self.gpg_home)
out, _, _ = run_command(
['gpg', '--list-keys', '--keyring', self.secret_keyring])
self.assertTrue(
'Debile Autobuilder (Debile Slave Key (blade01))' in out)
def findbugs(deb, analysis):
run_command(["dpkg", "-x", deb, "binary"])
with cd('binary'):
out, err, ret = run_command([
'fb', 'analyze', '-effort:max', '-xml:withMessages', '.'
])
xmlbytes = out.encode("utf-8")
failed = False
# if err.strip() == '':
# return (analysis, err, failed)
for issue in parse_findbugs(xmlbytes):
analysis.results.append(issue)
if not failed and issue.severity in [
'performance', 'portability', 'error', 'warning'
]:
failed = True
return (analysis, err, failed, None, None)
def desktop_file_validate(package_root, analysis):
log = ""
failed = False
for dirpath, dirnames, filenames in os.walk(package_root):
for fp in filenames:
out, _, _ = run_command(['desktop-file-validate', fp])
for issue in parse_desktop_file_validate(out.splitlines()):
analysis.results.append(issue)
failed = True
log += out
log = log.strip()
return (analysis, log, failed, None, None)
def cppcheck(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-cppcheck"])
with cd('source-cppcheck'):
_, err, _ = run_command([
'cppcheck', '-j8', '--enable=all', '.', '--xml'
])
xmlbytes = err.encode()
failed = False
if err.strip() == '':
return (analysis, err, failed, None, None)
for issue in parse_cppcheck(xmlbytes):
analysis.results.append(issue)
if not failed and issue.severity in [
'performance', 'portability', 'error', 'warning'
]:
failed = True
return (analysis, err, failed, None, None)
def desktop_file_validate(package_root, analysis):
log = ""
failed = False
for dirpath, dirnames, filenames in os.walk(package_root):
for fp in filenames:
out, err, ret = run_command(['desktop-file-validate', fp])
for issue in parse_desktop_file_validate(out.splitlines()):
analysis.results.append(issue)
failed = True
log += out
log = log.strip()
return (analysis, log, failed, None)
def pylint(dsc, analysis):
run_command(["dpkg-source", "-x", dsc, "source-pylint"])
with cd('source-pylint'):
sources = find_python_files('.')
failed = False
output = ""
for source in sources:
out, _, ret = run_command([
'pylint', '-rn',
'--msg-template="[{C}]{path}:{line},{column}:({msg_id})[{symbol}]{msg}"',
source
])
failed = ret != 0
if out is not None:
output += out
for issue in parse_pylint(out.splitlines()):
analysis.results.append(issue)
return (analysis, output, failed, None, None)
def findbugs(deb, analysis):
_, err, ret = run_command(["dpkg", "-x", deb, "binary"])
if ret != 0:
raise Exception("Cannot extract binary from deb:" + err)
with cd("binary"):
# Force english as findbugs is localized
os.putenv("LANG", "C")
out, err, _ = run_command(["fb", "analyze", "-effort:max", "-xml:withMessages", "."])
xmlbytes = out.encode("utf-8")
failed = False
# if err.strip() == '':
# return (analysis, err, failed)
for issue in parse_findbugs(xmlbytes):
analysis.results.append(issue)
if not failed and issue.severity in ["performance", "portability", "error", "warning"]:
failed = True
return (analysis, err, failed, None, None)
def fetch_and_upload(dist, source, version, **kwargs):
from . import DEFAULT_MIRROR
confFile = "/etc/debile-rebuild.ini"
config = configparser.ConfigParser({'mirror': DEFAULT_MIRROR})
if not os.path.isfile(confFile):
raise Exception("Could not find " + confFile)
config.read([confFile])
gpg = config.get('config', 'signing-key')
target = config.get('config', 'dput-target')
mirror = config.get('config', 'mirror')
eversion = version
if ":" in eversion:
_, eversion = version.rsplit(":", 1)
if "incoming.debian.org" == mirror:
DSC_URL = (
"http://{mirror}/{source}_{version}.dsc".format(
source=source,
version=eversion,
mirror=mirror,
))
else:
path = pool_path(source)
DSC_URL = (
"http://{mirror}/debian/pool/main/"
"{path}/{source}_{version}.dsc".format(
path=path,
source=source,
version=eversion,
mirror=mirror,
))
with tdir() as pth:
with cd(pth):
_, err, ret = run_command(['dget', '-u', DSC_URL])
if ret == 0:
dsc = os.path.basename(DSC_URL)
try:
changes = write_changes(dsc, dist, **kwargs)
except MissingChangesFieldException as e:
print('Could not issue rebuild. Missing Changes'
'Field: {0}'.format(e.value))
else:
out, err = run(['debsign', '-k%s' % gpg, changes])
out, err = run(['dput', target, changes])
else:
print('Could not download %s' % DSC_URL)
def lintian(targets, analysis, lintian_binary='lintian'):
if not isinstance(targets, list):
targets = [targets]
log = ""
failed = False
for target in targets:
out, err, ret = run_command([lintian_binary, "-IE", "--pedantic",
"--show-overrides", target])
for issue in parse_lintian(out.splitlines(), target):
analysis.results.append(issue)
if issue.severity == 'error':
failed = True
log += out
return (analysis, log, failed, None, None)
def fetch_and_upload(dist, source, version, **kwargs):
from . import DEFAULT_MIRROR
confFile = "/etc/debile-rebuild.ini"
config = configparser.ConfigParser({'mirror': DEFAULT_MIRROR})
if not os.path.isfile(confFile):
raise Exception("Could not find " + confFile)
config.read([confFile])
gpg = config.get('config', 'signing-key')
target = config.get('config', 'dput-target')
mirror = config.get('config', 'mirror')
eversion = version
if ":" in eversion:
_, eversion = version.rsplit(":", 1)
if "incoming.debian.org" == mirror:
DSC_URL = ("http://{mirror}/{source}_{version}.dsc".format(
source=source,
version=eversion,
mirror=mirror,
))
else:
path = pool_path(source)
DSC_URL = ("http://{mirror}/debian/pool/main/"
"{path}/{source}_{version}.dsc".format(
path=path,
source=source,
version=eversion,
mirror=mirror,
))
with tdir() as pth:
with cd(pth):
_, err, ret = run_command(['dget', '-u', DSC_URL])
if ret == 0:
dsc = os.path.basename(DSC_URL)
try:
changes = write_changes(dsc, dist, **kwargs)
except MissingChangesFieldException as e:
print('Could not issue rebuild. Missing Changes'
'Field: {0}'.format(e.value))
else:
out, err = run(['debsign', '-k%s' % gpg, changes])
out, err = run(['dput', target, changes])
else:
print('Could not download %s' % DSC_URL)
def import_ssl(keyring, certdata, cn=None, email=None):
"""
certdata should be pem-formated certificate data to be added to the
keyring. The return value will be the sha1 fingerprint of the certificate
added.
"""
# Check that this realy is a pem-formated certificate,
# and get the fingerprint and subject of the certificate
out, err, ret = run_command([
"openssl", "x509", "-noout", "-inform", "pem", "-sha1", "-fingerprint",
"-subject"
],
input=certdata)
fingerprint = None
subject = None
for line in out.split("\n"):
data = line.split("=", 1)
if data[0] == "SHA1 Fingerprint":
fingerprint = data[1].replace(':', '')
if data[0] == "subject":
subject = data[1].split('/')
if fingerprint is None or subject is None:
raise ValueError("OpensSSL failed to parse ssl certificate.")
# SSLSocket breaks badly on multiple certifiates with the same subject
# in the keyring, so ensure that it unique to this slave/user.
if ((cn and not "CN={cn}".format(cn=cn) in subject) or
(email and not "emailAddress={email}".format(email=email) in subject)):
raise ValueError(
"Incorrect subject of ssl certificate (cn=\"%s\", emailAddress=\"%s\", subject=\"%s\")"
% (cn, email, subject))
# Add the valid pem-formated certificate to the keyring.
keyring = open(keyring, 'a')
fcntl.lockf(keyring, fcntl.LOCK_EX)
keyring.write(certdata)
keyring.close()
return fingerprint
def validate_signature(self, keyring):
"""
Validate the GPG signature of a .changes file.
"""
(gpg_output, gpg_output_stderr, exit_status) = run_command([
"gpg",
"--batch",
"--status-fd",
"1",
"--no-default-keyring",
"--keyring",
keyring,
"--verify",
self.get_dud_file(),
])
if exit_status == -1:
raise DudFileException("Unknown problem while verifying signature")
# contains verbose human readable GPG information
if self.is_python3:
gpg_output_stderr = str(gpg_output_stderr, encoding='utf8')
if self.is_python3:
gpg_output = gpg_output.decode(encoding='UTF-8')
if gpg_output.count('[GNUPG:] GOODSIG'):
pass
elif gpg_output.count('[GNUPG:] BADSIG'):
raise DudFileException("Bad signature")
elif gpg_output.count('[GNUPG:] ERRSIG'):
raise DudFileException("Error verifying signature")
elif gpg_output.count('[GNUPG:] NODATA'):
raise DudFileException("No signature on")
else:
raise DudFileException("Unknown problem while verifying signature")
key = None
for line in gpg_output.split("\n"):
if line.startswith('[GNUPG:] VALIDSIG'):
key = line.split()[2]
return key
def validate_signature(self, keyring):
"""
Validate the GPG signature of a .changes file.
Throws a :class:`dput.exceptions.ChangesFileException` if there's
an issue with the GPG signature. Returns the GPG key ID.
"""
(gpg_output, gpg_output_stderr, exit_status) = run_command([
"gpg", "--batch", "--status-fd", "1",
"--no-default-keyring", "--keyring", keyring,
"--verify", self.get_changes_file()
])
if exit_status == -1:
raise ChangesFileException(
"Unknown problem while verifying signature")
# contains verbose human readable GPG information
if self.is_python3:
gpg_output_stderr = str(gpg_output_stderr, encoding='utf8')
if self.is_python3:
gpg_output = gpg_output.decode(encoding='UTF-8')
if gpg_output.count('[GNUPG:] GOODSIG'):
pass
elif gpg_output.count('[GNUPG:] BADSIG'):
raise ChangesFileException("Bad signature")
elif gpg_output.count('[GNUPG:] ERRSIG'):
raise ChangesFileException("Error verifying signature")
elif gpg_output.count('[GNUPG:] NODATA'):
raise ChangesFileException("No signature on")
else:
raise ChangesFileException(
"Unknown problem while verifying signature"
)
key = None
for line in gpg_output.split("\n"):
if line.startswith('[GNUPG:] VALIDSIG'):
key = line.split()[2]
return key
def import_ssl(keyring, certdata, cn=None, email=None):
"""
certdata should be pem-formated certificate data to be added to the
keyring. The return value will be the sha1 fingerprint of the certificate
added.
"""
# Check that this realy is a pem-formated certificate,
# and get the fingerprint and subject of the certificate
out, err, ret = run_command([
"openssl", "x509", "-noout", "-inform", "pem", "-sha1",
"-fingerprint", "-subject"
], input=certdata)
fingerprint = None
subject = None
for line in out.split("\n"):
data = line.split("=", 1)
if data[0] == "SHA1 Fingerprint":
fingerprint = data[1].replace(':', '')
if data[0] == "subject":
subject = data[1].split('/')
if fingerprint is None or subject is None:
raise ValueError("OpensSSL failed to parse ssl certificate.")
# SSLSocket breaks badly on multiple certifiates with the same subject
# in the keyring, so ensure that it unique to this slave/user.
if ((cn and not "CN={cn}".format(cn=cn) in subject) or
(email and not "emailAddress={email}".format(email=email) in subject)):
raise ValueError("Incorrect subject of ssl certificate (cn=\"%s\", emailAddress=\"%s\", subject=\"%s\")" %
(cn, email, subject))
# Add the valid pem-formated certificate to the keyring.
keyring = open(keyring, 'a')
fcntl.lockf(keyring, fcntl.LOCK_EX)
keyring.write(certdata)
keyring.close()
return fingerprint
def import_pgp(user, pgp_key, key_type, keyring, gpg_home_dir):
ensure_uid(user)
if key_type == 'public':
keyring_type = '--keyring'
elif key_type == 'secret':
keyring_type = '--secret-keyring'
else:
print("You must specify the type of imported key.")
raise GpgImportException
out, err, code = run_command(['gpg', '--batch', '--import', '--status-fd',
'1', '--no-default-keyring', '--homedir',
gpg_home_dir, keyring_type, keyring],
input=pgp_key)
if code != 0:
print("STDERR: {0}".format(err))
print("GPG import failed: {0}".format(code))
raise GpgImportException
def arch_matches(arch, alias):
"""
Check if given arch `arch` matches the other arch `alias`. This is most
useful for the complex any-* rules.
"""
if arch == alias:
return True
if arch == 'all' or arch == 'source':
# These pseudo-arches does not match any wildcards or aliases
return False
if alias == 'any':
# The 'any' wildcard matches all *real* architectures
return True
if alias == 'linux-any':
# GNU/Linux arches are named <cpuabi>
# Other Linux arches are named <libc>-linux-<cpuabi>
return '-' not in arch or 'linux' in arch.split('-')
if alias.endswith('-any'):
# Non-Linux GNU/<os> arches are named <os>-<cpuabi>
# Other non-Linux arches are named <libc>-<os>-<cpuabi>
osname, _ = alias.split('-', 1)
return osname in arch.split('-')
if "-" not in arch and "-" not in alias:
return False
# This is a f*****g disaster for perf. Do what we can to not get here.
out, err, ret = run_command(
["/usr/bin/dpkg-architecture",
"-a%s" % (arch),
"-i%s" % (alias)])
return ret == 0
def version():
out, _, ret = run_command(['perlcritic', '--version'])
if ret != 0:
raise Exception("perlcritic is not installed")
return ('perlcritic', out.strip())
def run(dsc, source, job, firehose):
run_command(["dpkg-source", "-x", dsc, "source"])
with cd('source'):
return desktop_file_validate('source', firehose)
def version():
out, err, ret = run_command(['fb', '-version'])
if ret != 0:
raise Exception("findbugs is not installed")
name, version = out.split(" ")
return (name, version.strip())
def _exec(self, *args):
cmd = ["reprepro", "-Vb", self.root] + list(args)
out, err, ret = run_command(cmd)
if ret != 0:
raise RepoException(ret)
return (out, err, ret)
def version():
out, _, ret = run_command(['fb', '-version'])
if ret != 0:
raise Exception("findbugs is not installed")
version = out.strip()
return ('findbugs', version.strip())
def sbuild(package, maintainer, suite, affinity, build_arch, build_indep, analysis, clang=False):
chroot_name = "{suite}-{affinity}".format(suite=suite, affinity=affinity)
ensure_chroot_sanity(chroot_name)
if not package.endswith('.dsc'):
raise ValueError("WTF")
sbuild_cmd = ["sbuild",
"--dist={suite}".format(suite=suite),
"--arch={affinity}".format(affinity=affinity),
"--chroot={chroot_name}".format(chroot_name=chroot_name),
"--verbose"]
if build_indep:
sbuild_cmd += ["-A"]
if not build_arch:
sbuild_cmd += ["--only-arch-all"]
if maintainer:
sbuild_cmd += ["--maintainer={maintainer}".format(maintainer=maintainer)]
if clang:
sbuild_cmd += ["--chroot-system-setup-commands", "/usr/share/debile-slave/debile-slave-switch-to-clang"]
sbuild_cmd += [package]
out, err, ret = run_command(sbuild_cmd)
summary = False
status = None
failstage = None
for line in out.splitlines():
if line == u"│ Summary │":
summary = True
if summary and line.startswith("Status: "):
status = line.replace("Status: ", "")
if summary and line.startswith("Fail-Stage: "):
failstage = line.replace("Fail-Stage: ", "")
if (not summary or
((status == "failed" or
status == "skipped") and
(failstage == "abort" or
failstage == "init" or
failstage == "create-session" or
failstage == "create-build-dir" or
failstage == "lock-session" or
failstage == "apt-get-clean" or
failstage == "apt-get-update" or
failstage == "apt-get-dist-upgrade" or
failstage == "apt-get-upgrade" or
failstage == "arch-check" or
failstage == "check-space" or
failstage == "chroot-arch"))):
raise Exception("Sbuild failed to run. " +
"Summary: \"%s\" Status: \"%s\" Fail-Stage: \"%s\"" %
(summary, status, failstage))
ftbfs = ret != 0 or status != "successful"
base, _ = os.path.basename(package).rsplit(".", 1)
changes = glob.glob("{base}_*.changes".format(base=base))
return (analysis, out, ftbfs, changes)
def version():
out, err, ret = run_command(['pep8', '--version'])
if ret != 0:
raise Exception("pep8 is not installed")
return ('pep8', out.strip())
