def test_import_conf_ssl_auth(self): conf_dir = '/tmp/' tarball = 'tests/resources/blade01.tar.gz' auth_method = 'ssl' data = dict(xmlrpc = dict(host='localhost', port='22017'), gpg='00000') self.write_yaml(data) import_conf.import_conf(self.user, conf_dir, tarball, self.keyring, self.secret_keyring, auth_method, self.gpg_home) out = self.load_yaml() self.assertEqual(out['gpg'], self.key) self.assertEqual(out['xmlrpc']['keyfile'], '/tmp/blade01.key') self.assertEqual(out['xmlrpc']['certfile'], '/tmp/blade01.crt') public_out,_,_ = run_command(['gpg', '--list-keys', '--keyring', self.keyring]) secret_out,_,_ = run_command(['gpg', '--list-keys', '--keyring', self.secret_keyring]) self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in public_out) self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in secret_out)
def findbugs(deb, analysis): _, err, ret = run_command(["dpkg", "-x", deb, "binary"]) if ret != 0: raise Exception("Cannot extract binary from deb:" + err) with cd('binary'): # Force english as findbugs is localized os.putenv("LANG", "C") out, err, _ = run_command( ['fb', 'analyze', '-effort:max', '-xml:withMessages', '.']) xmlbytes = out.encode("utf-8") failed = False # if err.strip() == '': # return (analysis, err, failed) for issue in parse_findbugs(xmlbytes): analysis.results.append(issue) if not failed and issue.severity in [ 'performance', 'portability', 'error', 'warning' ]: failed = True return (analysis, err, failed, None, None)
def coccinelle(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-coccinelle"]) os.environ['COCCI_SUT_TYPE'] = 'debian-source' # used by coccinelle firehose scripts with cd('source-coccinelle'): log = "" failed = False for semantic_patch in list_semantic_patches(): logger.debug('Running patch: {0}'.format(semantic_patch)) out, err, ret = run_command([ "spatch", "-D", "firehose", "--cocci-file", semantic_patch, "--dir", ".", "--no-show-diff", "--timeout", "120", ]) failed = (ret != 0) or failed logger.debug('Spatch output: {0}'.format(out)) logger.debug('Spatch err: {0}'.format(err)) parsed_results = parse_coccinelle(out) result_count = 0 for result in parsed_results: analysis.results.append(result) result_count += 1 log += "DEAL patch %s\n" % semantic_patch log += " %d results\n" % result_count return (analysis, log, failed, None, None)
def coccinelle(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source"]) os.environ['COCCI_SUT_TYPE'] = 'debian-source' # used by coccinelle firehose scripts with cd('source'): log = "" failed = False for semantic_patch in list_semantic_patches(): logger.debug('Running patch: {0}'.format(semantic_patch)) out, err, ret = run_command([ "spatch", "-D", "firehose", "--cocci-file", semantic_patch, "--dir", ".", "--no-show-diff", "--timeout", "120", ]) failed = (ret != 0) or failed logger.debug('Spatch output: {0}'.format(out)) logger.debug('Spatch err: {0}'.format(err)) parsed_results = parse_coccinelle(out) result_count = 0 for result in parsed_results: analysis.results.append(result) result_count += 1 log += "DEAL patch %s\n" % semantic_patch log += " %d results\n" % result_count return (analysis, log, failed, None, None)
def coccinelle(dsc, analysis): raise NotImplemented("Not ported") run_command(["dpkg-source", "-x", dsc, "source"]) with cd('source'): log = "" failed = False for semantic_patch in list_semantic_patches(): out, err, ret = run_command([ "spatch", "-D", "firehose", "--cocci-file", semantic_patch, "--dir", ".", "--no-show-diff", "--timeout", "120", ]) failed = (ret != 0) or failed parsed_results = parse_coccinelle(out) result_count = 0 for result in parsed_results: analysis.results.append(result) result_count += 1 log += "DEAL patch %s\n" % semantic_patch log += " %d results\n" % result_count return (analysis, log, failed, None)
def test_import_conf_ssl_auth(self): conf_dir = '/tmp/' tarball = 'tests/resources/blade01.tar.gz' auth_method = 'ssl' data = dict(xmlrpc=dict(host='localhost', port='22017'), gpg='00000') self.write_yaml(data) import_conf.import_conf(self.user, conf_dir, tarball, self.keyring, self.secret_keyring, auth_method, self.gpg_home) out = self.load_yaml() self.assertEqual(out['gpg'], self.key) self.assertEqual(out['xmlrpc']['keyfile'], '/tmp/blade01.key') self.assertEqual(out['xmlrpc']['certfile'], '/tmp/blade01.crt') public_out, _, _ = run_command( ['gpg', '--list-keys', '--keyring', self.keyring]) secret_out, _, _ = run_command( ['gpg', '--list-keys', '--keyring', self.secret_keyring]) self.assertTrue( 'Debile Autobuilder (Debile Slave Key (blade01))' in public_out) self.assertTrue( 'Debile Autobuilder (Debile Slave Key (blade01))' in secret_out)
def pep8(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-pep8"]) with cd('source-pep8'): out, err, ret = run_command(['pep8', '.']) failed = ret != 0 for issue in parse_pep8(out.splitlines()): analysis.results.append(issue) return (analysis, out, failed, None, None)
def roodi(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-roodi"]) with cd('source-roodi'): out, _, ret = run_command(['roodi', '.']) failed = ret != 0 for issue in parse_roodi(out.splitlines()): analysis.results.append(issue) return (analysis, out, failed, None, None)
def pep8(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source"]) with cd("source"): out, err, ret = run_command(["pep8", "."]) failed = ret != 0 for issue in parse_pep8(out.splitlines()): analysis.results.append(issue) return (analysis, out, failed, None)
def jshint(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-jshint"]) with cd('source-jshint'): out, _, ret = run_command(['jshint', '--reporter=checkstyle', '.']) failed = ret != 0 if out is not None: for issue in parse_jshint(out.splitlines()): analysis.results.append(issue) else: print "Output of JSHint checker command is None!" return (analysis, out, failed, None, None)
def perlcritic(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-perlcritic"]) with cd('source-perlcritic'): out, _, ret = run_command([ 'perlcritic', '--brutal', '.', '--verbose', '%f:%l:%c %s %p %m\n' ]) if ret == 1: raise Exception("Perlcritic had an internal error") failed = ret == 2 for issue in parse_perlcritic(out.splitlines()): analysis.results.append(issue) return (analysis, out, failed, None, None)
def version(): out, err, ret = run_command([ 'pep8', '--version' ]) if ret != 0: raise Exception("pep8 is not installed") return ('pep8', out.strip())
def import_pgp(keyring, keydata): """ keydata should be public key data to be imported to the keyring. The return value will be the sha1 fingerprint of the public key added. """ out, err, ret = run_command([ "gpg", "--batch", "--status-fd", "1", "--no-default-keyring", "--keyring", keyring, "--import" ], input=keydata) fingerprint = None for line in out.split("\n"): data = line.split() if not data or data[0] != "[GNUPG:]": continue if data[1] == "IMPORT_OK": fingerprint = data[3] break else: raise ValueError("GPG failed to import pgp public key") return fingerprint
def arch_matches(arch, alias): """ Check if given arch `arch` matches the other arch `alias`. This is most useful for the complex any-* rules. """ if arch == alias: return True if arch == "all" or arch == "source": # These pseudo-arches does not match any wildcards or aliases return False if alias == "any": # The 'any' wildcard matches all *real* architectures return True if alias == "linux-any": # GNU/Linux arches are named <cpuabi> # Other Linux arches are named <libc>-linux-<cpuabi> return "-" not in arch or "linux" in arch.split("-") if alias.endswith("-any"): # Non-Linux GNU/<os> arches are named <os>-<cpuabi> # Other non-Linux arches are named <libc>-<os>-<cpuabi> osname, _ = alias.split("-", 1) return osname in arch.split("-") if "-" not in arch and "-" not in alias: return False # This is a f*****g disaster for perf. Do what we can to not get here. out, err, ret = run_command(["/usr/bin/dpkg-architecture", "-a%s" % (arch), "-i%s" % (alias)]) return ret == 0
def version(): out, _, ret = run_command(["sbuild", '--version']) if ret != 0: raise Exception("sbuild is not installed") vline = out.splitlines()[0] v = VERSION.match(vline) vdict = v.groupdict() return ('sbuild', vdict['version'])
def version(): out, err, ret = run_command([ 'cppcheck', '--version' ]) if ret != 0: raise Exception("cppcheck is not installed") name, version = out.split(" ") return (name, version.strip())
def version(): out, err, ret = run_command([ 'fb', '-version' ]) if ret != 0: raise Exception("findbugs is not installed") name, version = out.split(" ") return (name, version.strip())
def ensure_chroot_sanity(chroot_name): out, ret, err = run_command(['schroot', '-l']) for chroot in out.splitlines(): chroot = chroot.strip() chroots = [chroot, "chroot:%s" % (chroot)] if chroot in chroots: return True raise ValueError("No such schroot (%s) found." % (chroot_name))
def sign(changes, gpg): if changes.endswith(".dud"): out, err, ret = run_command(['gpg', '-u', gpg, '--clearsign', changes]) if ret != 0: print(out) print(err) raise Exception("bad clearsign") os.unlink(changes) os.rename("%s.asc" % (changes), changes) return else: out, err, ret = run_command(['debsign', '-k%s' % (gpg), changes]) if ret != 0: print(out) print(err) raise Exception("bad debsign") return
def version(lintian_binary='lintian'): out, err, ret = run_command([ lintian_binary, '--version' ]) if ret != 0: raise Exception(lintian_binary + " is not installed") name, version = out.split(" ") return (name, version.strip())
def version(): out, err, ret = run_command(["spatch", "--version"]) if ret != 0: raise Exception("spatch seems not to be installed") try: out = out.split()[2] # we only extract the version number except: out = out.strip() return ('coccinelle', out)
def sbuild(package, suite, affinity, build_arch, build_indep, analysis): chroot_name = "{suite}-{affinity}".format(suite=suite, affinity=affinity) ensure_chroot_sanity(chroot_name) if not package.endswith('.dsc'): raise ValueError("WTF") sbuild_cmd = ["sbuild", "--dist={suite}".format(suite=suite), "--arch={affinity}".format(affinity=affinity), "--chroot={chroot_name}".format(chroot_name=chroot_name), "--verbose"] if build_indep: sbuild_cmd += ["-A"] if not build_arch: sbuild_cmd += ["--debbuildopt=-A"] sbuild_cmd += [package] out, err, ret = run_command(sbuild_cmd) summary = False status = None failstage = None for line in out.splitlines(): if line == u"│ Summary │": summary = True if summary and line.startswith("Status: "): status = line.replace("Status: ", "") if summary and line.startswith("Fail-Stage: "): failstage = line.replace("Fail-Stage: ", "") if (not summary or ((status == "failed" or status == "skipped") and (failstage == "abort" or failstage == "init" or failstage == "create-session" or failstage == "create-build-dir" or failstage == "lock-session" or failstage == "apt-get-clean" or failstage == "apt-get-update" or failstage == "apt-get-dist-upgrade" or failstage == "apt-get-upgrade" or failstage == "arch-check" or failstage == "check-space" or failstage == "chroot-arch"))): raise Exception("Sbuild failed to run. " + "Summary: \"%s\" Status: \"%s\" Fail-Stage: \"%s\"" % (summary, status, failstage)) ftbfs = ret != 0 or status != "successful" base, _ = os.path.basename(package).rsplit(".", 1) changes = glob.glob("{base}_*.changes".format(base=base)) return (analysis, out, ftbfs, changes)
def version(): out, _, ret = run_command(["spatch", "--version"]) if ret != 0: raise Exception("spatch seems not to be installed") try: out = out.split()[2] # we only extract the version number except: out = out.strip() return ('coccinelle', out)
def test_import_pgp_public_key(self): with tarfile.open('tests/resources/blade01.tar.gz', 'r:gz') as tf: pub_key = import_conf.get_attribute_from_tarfile('key.pub', tf) import_conf.import_pgp(self.user, pub_key, 'public', self.keyring, self.gpg_home) out,_,_ = run_command(['gpg', '--list-keys', '--keyring', self.keyring]) self.assertTrue('Debile Autobuilder (Debile Slave Key (blade01))' in out)
def cppcheck(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-cppcheck"]) with cd('source-cppcheck'): _, err, _ = run_command( ['cppcheck', '-j8', '--enable=all', '.', '--xml']) xmlbytes = err.encode() failed = False if err.strip() == '': return (analysis, err, failed, None, None) for issue in parse_cppcheck(xmlbytes): analysis.results.append(issue) if not failed and issue.severity in [ 'performance', 'portability', 'error', 'warning' ]: failed = True return (analysis, err, failed, None, None)
def ensure_chroot_sanity(chroot_name): out, ret, err = run_command(['schroot', '-l']) for chroot in out.splitlines(): chroot = chroot.strip() chroots = [ chroot, "chroot:%s" % (chroot) ] if chroot in chroots: return True raise ValueError("No such schroot (%s) found." % (chroot_name))
def test_import_pgp_secret_key(self): with tarfile.open('tests/resources/blade01.tar.gz', 'r:gz') as tf: priv_key = import_conf.get_attribute_from_tarfile('key.priv', tf) import_conf.import_pgp(self.user, priv_key, 'secret', self.secret_keyring, self.gpg_home) out, _, _ = run_command( ['gpg', '--list-keys', '--keyring', self.secret_keyring]) self.assertTrue( 'Debile Autobuilder (Debile Slave Key (blade01))' in out)
def findbugs(deb, analysis): run_command(["dpkg", "-x", deb, "binary"]) with cd('binary'): out, err, ret = run_command([ 'fb', 'analyze', '-effort:max', '-xml:withMessages', '.' ]) xmlbytes = out.encode("utf-8") failed = False # if err.strip() == '': # return (analysis, err, failed) for issue in parse_findbugs(xmlbytes): analysis.results.append(issue) if not failed and issue.severity in [ 'performance', 'portability', 'error', 'warning' ]: failed = True return (analysis, err, failed, None, None)
def desktop_file_validate(package_root, analysis): log = "" failed = False for dirpath, dirnames, filenames in os.walk(package_root): for fp in filenames: out, _, _ = run_command(['desktop-file-validate', fp]) for issue in parse_desktop_file_validate(out.splitlines()): analysis.results.append(issue) failed = True log += out log = log.strip() return (analysis, log, failed, None, None)
def cppcheck(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-cppcheck"]) with cd('source-cppcheck'): _, err, _ = run_command([ 'cppcheck', '-j8', '--enable=all', '.', '--xml' ]) xmlbytes = err.encode() failed = False if err.strip() == '': return (analysis, err, failed, None, None) for issue in parse_cppcheck(xmlbytes): analysis.results.append(issue) if not failed and issue.severity in [ 'performance', 'portability', 'error', 'warning' ]: failed = True return (analysis, err, failed, None, None)
def desktop_file_validate(package_root, analysis): log = "" failed = False for dirpath, dirnames, filenames in os.walk(package_root): for fp in filenames: out, err, ret = run_command(['desktop-file-validate', fp]) for issue in parse_desktop_file_validate(out.splitlines()): analysis.results.append(issue) failed = True log += out log = log.strip() return (analysis, log, failed, None)
def pylint(dsc, analysis): run_command(["dpkg-source", "-x", dsc, "source-pylint"]) with cd('source-pylint'): sources = find_python_files('.') failed = False output = "" for source in sources: out, _, ret = run_command([ 'pylint', '-rn', '--msg-template="[{C}]{path}:{line},{column}:({msg_id})[{symbol}]{msg}"', source ]) failed = ret != 0 if out is not None: output += out for issue in parse_pylint(out.splitlines()): analysis.results.append(issue) return (analysis, output, failed, None, None)
def findbugs(deb, analysis): _, err, ret = run_command(["dpkg", "-x", deb, "binary"]) if ret != 0: raise Exception("Cannot extract binary from deb:" + err) with cd("binary"): # Force english as findbugs is localized os.putenv("LANG", "C") out, err, _ = run_command(["fb", "analyze", "-effort:max", "-xml:withMessages", "."]) xmlbytes = out.encode("utf-8") failed = False # if err.strip() == '': # return (analysis, err, failed) for issue in parse_findbugs(xmlbytes): analysis.results.append(issue) if not failed and issue.severity in ["performance", "portability", "error", "warning"]: failed = True return (analysis, err, failed, None, None)
def fetch_and_upload(dist, source, version, **kwargs): from . import DEFAULT_MIRROR confFile = "/etc/debile-rebuild.ini" config = configparser.ConfigParser({'mirror': DEFAULT_MIRROR}) if not os.path.isfile(confFile): raise Exception("Could not find " + confFile) config.read([confFile]) gpg = config.get('config', 'signing-key') target = config.get('config', 'dput-target') mirror = config.get('config', 'mirror') eversion = version if ":" in eversion: _, eversion = version.rsplit(":", 1) if "incoming.debian.org" == mirror: DSC_URL = ( "http://{mirror}/{source}_{version}.dsc".format( source=source, version=eversion, mirror=mirror, )) else: path = pool_path(source) DSC_URL = ( "http://{mirror}/debian/pool/main/" "{path}/{source}_{version}.dsc".format( path=path, source=source, version=eversion, mirror=mirror, )) with tdir() as pth: with cd(pth): _, err, ret = run_command(['dget', '-u', DSC_URL]) if ret == 0: dsc = os.path.basename(DSC_URL) try: changes = write_changes(dsc, dist, **kwargs) except MissingChangesFieldException as e: print('Could not issue rebuild. Missing Changes' 'Field: {0}'.format(e.value)) else: out, err = run(['debsign', '-k%s' % gpg, changes]) out, err = run(['dput', target, changes]) else: print('Could not download %s' % DSC_URL)
def lintian(targets, analysis, lintian_binary='lintian'): if not isinstance(targets, list): targets = [targets] log = "" failed = False for target in targets: out, err, ret = run_command([lintian_binary, "-IE", "--pedantic", "--show-overrides", target]) for issue in parse_lintian(out.splitlines(), target): analysis.results.append(issue) if issue.severity == 'error': failed = True log += out return (analysis, log, failed, None, None)
def fetch_and_upload(dist, source, version, **kwargs): from . import DEFAULT_MIRROR confFile = "/etc/debile-rebuild.ini" config = configparser.ConfigParser({'mirror': DEFAULT_MIRROR}) if not os.path.isfile(confFile): raise Exception("Could not find " + confFile) config.read([confFile]) gpg = config.get('config', 'signing-key') target = config.get('config', 'dput-target') mirror = config.get('config', 'mirror') eversion = version if ":" in eversion: _, eversion = version.rsplit(":", 1) if "incoming.debian.org" == mirror: DSC_URL = ("http://{mirror}/{source}_{version}.dsc".format( source=source, version=eversion, mirror=mirror, )) else: path = pool_path(source) DSC_URL = ("http://{mirror}/debian/pool/main/" "{path}/{source}_{version}.dsc".format( path=path, source=source, version=eversion, mirror=mirror, )) with tdir() as pth: with cd(pth): _, err, ret = run_command(['dget', '-u', DSC_URL]) if ret == 0: dsc = os.path.basename(DSC_URL) try: changes = write_changes(dsc, dist, **kwargs) except MissingChangesFieldException as e: print('Could not issue rebuild. Missing Changes' 'Field: {0}'.format(e.value)) else: out, err = run(['debsign', '-k%s' % gpg, changes]) out, err = run(['dput', target, changes]) else: print('Could not download %s' % DSC_URL)
def import_ssl(keyring, certdata, cn=None, email=None): """ certdata should be pem-formated certificate data to be added to the keyring. The return value will be the sha1 fingerprint of the certificate added. """ # Check that this realy is a pem-formated certificate, # and get the fingerprint and subject of the certificate out, err, ret = run_command([ "openssl", "x509", "-noout", "-inform", "pem", "-sha1", "-fingerprint", "-subject" ], input=certdata) fingerprint = None subject = None for line in out.split("\n"): data = line.split("=", 1) if data[0] == "SHA1 Fingerprint": fingerprint = data[1].replace(':', '') if data[0] == "subject": subject = data[1].split('/') if fingerprint is None or subject is None: raise ValueError("OpensSSL failed to parse ssl certificate.") # SSLSocket breaks badly on multiple certifiates with the same subject # in the keyring, so ensure that it unique to this slave/user. if ((cn and not "CN={cn}".format(cn=cn) in subject) or (email and not "emailAddress={email}".format(email=email) in subject)): raise ValueError( "Incorrect subject of ssl certificate (cn=\"%s\", emailAddress=\"%s\", subject=\"%s\")" % (cn, email, subject)) # Add the valid pem-formated certificate to the keyring. keyring = open(keyring, 'a') fcntl.lockf(keyring, fcntl.LOCK_EX) keyring.write(certdata) keyring.close() return fingerprint
def validate_signature(self, keyring): """ Validate the GPG signature of a .changes file. """ (gpg_output, gpg_output_stderr, exit_status) = run_command([ "gpg", "--batch", "--status-fd", "1", "--no-default-keyring", "--keyring", keyring, "--verify", self.get_dud_file(), ]) if exit_status == -1: raise DudFileException("Unknown problem while verifying signature") # contains verbose human readable GPG information if self.is_python3: gpg_output_stderr = str(gpg_output_stderr, encoding='utf8') if self.is_python3: gpg_output = gpg_output.decode(encoding='UTF-8') if gpg_output.count('[GNUPG:] GOODSIG'): pass elif gpg_output.count('[GNUPG:] BADSIG'): raise DudFileException("Bad signature") elif gpg_output.count('[GNUPG:] ERRSIG'): raise DudFileException("Error verifying signature") elif gpg_output.count('[GNUPG:] NODATA'): raise DudFileException("No signature on") else: raise DudFileException("Unknown problem while verifying signature") key = None for line in gpg_output.split("\n"): if line.startswith('[GNUPG:] VALIDSIG'): key = line.split()[2] return key
def validate_signature(self, keyring): """ Validate the GPG signature of a .changes file. Throws a :class:`dput.exceptions.ChangesFileException` if there's an issue with the GPG signature. Returns the GPG key ID. """ (gpg_output, gpg_output_stderr, exit_status) = run_command([ "gpg", "--batch", "--status-fd", "1", "--no-default-keyring", "--keyring", keyring, "--verify", self.get_changes_file() ]) if exit_status == -1: raise ChangesFileException( "Unknown problem while verifying signature") # contains verbose human readable GPG information if self.is_python3: gpg_output_stderr = str(gpg_output_stderr, encoding='utf8') if self.is_python3: gpg_output = gpg_output.decode(encoding='UTF-8') if gpg_output.count('[GNUPG:] GOODSIG'): pass elif gpg_output.count('[GNUPG:] BADSIG'): raise ChangesFileException("Bad signature") elif gpg_output.count('[GNUPG:] ERRSIG'): raise ChangesFileException("Error verifying signature") elif gpg_output.count('[GNUPG:] NODATA'): raise ChangesFileException("No signature on") else: raise ChangesFileException( "Unknown problem while verifying signature" ) key = None for line in gpg_output.split("\n"): if line.startswith('[GNUPG:] VALIDSIG'): key = line.split()[2] return key
def import_ssl(keyring, certdata, cn=None, email=None): """ certdata should be pem-formated certificate data to be added to the keyring. The return value will be the sha1 fingerprint of the certificate added. """ # Check that this realy is a pem-formated certificate, # and get the fingerprint and subject of the certificate out, err, ret = run_command([ "openssl", "x509", "-noout", "-inform", "pem", "-sha1", "-fingerprint", "-subject" ], input=certdata) fingerprint = None subject = None for line in out.split("\n"): data = line.split("=", 1) if data[0] == "SHA1 Fingerprint": fingerprint = data[1].replace(':', '') if data[0] == "subject": subject = data[1].split('/') if fingerprint is None or subject is None: raise ValueError("OpensSSL failed to parse ssl certificate.") # SSLSocket breaks badly on multiple certifiates with the same subject # in the keyring, so ensure that it unique to this slave/user. if ((cn and not "CN={cn}".format(cn=cn) in subject) or (email and not "emailAddress={email}".format(email=email) in subject)): raise ValueError("Incorrect subject of ssl certificate (cn=\"%s\", emailAddress=\"%s\", subject=\"%s\")" % (cn, email, subject)) # Add the valid pem-formated certificate to the keyring. keyring = open(keyring, 'a') fcntl.lockf(keyring, fcntl.LOCK_EX) keyring.write(certdata) keyring.close() return fingerprint
def import_pgp(user, pgp_key, key_type, keyring, gpg_home_dir): ensure_uid(user) if key_type == 'public': keyring_type = '--keyring' elif key_type == 'secret': keyring_type = '--secret-keyring' else: print("You must specify the type of imported key.") raise GpgImportException out, err, code = run_command(['gpg', '--batch', '--import', '--status-fd', '1', '--no-default-keyring', '--homedir', gpg_home_dir, keyring_type, keyring], input=pgp_key) if code != 0: print("STDERR: {0}".format(err)) print("GPG import failed: {0}".format(code)) raise GpgImportException
def arch_matches(arch, alias): """ Check if given arch `arch` matches the other arch `alias`. This is most useful for the complex any-* rules. """ if arch == alias: return True if arch == 'all' or arch == 'source': # These pseudo-arches does not match any wildcards or aliases return False if alias == 'any': # The 'any' wildcard matches all *real* architectures return True if alias == 'linux-any': # GNU/Linux arches are named <cpuabi> # Other Linux arches are named <libc>-linux-<cpuabi> return '-' not in arch or 'linux' in arch.split('-') if alias.endswith('-any'): # Non-Linux GNU/<os> arches are named <os>-<cpuabi> # Other non-Linux arches are named <libc>-<os>-<cpuabi> osname, _ = alias.split('-', 1) return osname in arch.split('-') if "-" not in arch and "-" not in alias: return False # This is a f*****g disaster for perf. Do what we can to not get here. out, err, ret = run_command( ["/usr/bin/dpkg-architecture", "-a%s" % (arch), "-i%s" % (alias)]) return ret == 0
def version(): out, _, ret = run_command(['perlcritic', '--version']) if ret != 0: raise Exception("perlcritic is not installed") return ('perlcritic', out.strip())
def run(dsc, source, job, firehose): run_command(["dpkg-source", "-x", dsc, "source"]) with cd('source'): return desktop_file_validate('source', firehose)
def version(): out, err, ret = run_command(['fb', '-version']) if ret != 0: raise Exception("findbugs is not installed") name, version = out.split(" ") return (name, version.strip())
def _exec(self, *args): cmd = ["reprepro", "-Vb", self.root] + list(args) out, err, ret = run_command(cmd) if ret != 0: raise RepoException(ret) return (out, err, ret)
def version(): out, _, ret = run_command(['fb', '-version']) if ret != 0: raise Exception("findbugs is not installed") version = out.strip() return ('findbugs', version.strip())
def sbuild(package, maintainer, suite, affinity, build_arch, build_indep, analysis, clang=False): chroot_name = "{suite}-{affinity}".format(suite=suite, affinity=affinity) ensure_chroot_sanity(chroot_name) if not package.endswith('.dsc'): raise ValueError("WTF") sbuild_cmd = ["sbuild", "--dist={suite}".format(suite=suite), "--arch={affinity}".format(affinity=affinity), "--chroot={chroot_name}".format(chroot_name=chroot_name), "--verbose"] if build_indep: sbuild_cmd += ["-A"] if not build_arch: sbuild_cmd += ["--only-arch-all"] if maintainer: sbuild_cmd += ["--maintainer={maintainer}".format(maintainer=maintainer)] if clang: sbuild_cmd += ["--chroot-system-setup-commands", "/usr/share/debile-slave/debile-slave-switch-to-clang"] sbuild_cmd += [package] out, err, ret = run_command(sbuild_cmd) summary = False status = None failstage = None for line in out.splitlines(): if line == u"│ Summary │": summary = True if summary and line.startswith("Status: "): status = line.replace("Status: ", "") if summary and line.startswith("Fail-Stage: "): failstage = line.replace("Fail-Stage: ", "") if (not summary or ((status == "failed" or status == "skipped") and (failstage == "abort" or failstage == "init" or failstage == "create-session" or failstage == "create-build-dir" or failstage == "lock-session" or failstage == "apt-get-clean" or failstage == "apt-get-update" or failstage == "apt-get-dist-upgrade" or failstage == "apt-get-upgrade" or failstage == "arch-check" or failstage == "check-space" or failstage == "chroot-arch"))): raise Exception("Sbuild failed to run. " + "Summary: \"%s\" Status: \"%s\" Fail-Stage: \"%s\"" % (summary, status, failstage)) ftbfs = ret != 0 or status != "successful" base, _ = os.path.basename(package).rsplit(".", 1) changes = glob.glob("{base}_*.changes".format(base=base)) return (analysis, out, ftbfs, changes)
def version(): out, err, ret = run_command(['pep8', '--version']) if ret != 0: raise Exception("pep8 is not installed") return ('pep8', out.strip())