def sign_file(self): """Sign the original file (`file_path`), then move signed extension file to the signed path (`signed_file_path`) on public storage. The original file remains on private storage. Return the signed file size.""" if not self.extension.uuid: raise SigningError('Need uuid to be set to sign') if not self.pk: raise SigningError('Need version pk to be set to sign') ids = json.dumps({ # 'id' needs to be an unique identifier not shared with anything # else (other extensions, langpacks, webapps...), but should not # change when there is an update. 'id': self.extension.uuid, # 'version' should be an integer and should be monotonically # increasing. 'version': self.pk }) with statsd.timer('extensions.sign'): try: # This will read the file from self.file_path, generate a # signature and write the signed file to self.signed_file_path. sign_app(private_storage.open(self.file_path), self.signed_file_path, ids) except SigningError: log.info('[ExtensionVersion:%s] Signing failed' % self.pk) self.remove_public_signed_file() # Clean up. raise return public_storage.size(self.signed_file_path)
def sign_file(self): """Sign the original file (`file_path`), then move signed extension file to the signed path (`signed_file_path`) on public storage. The original file remains on private storage. Return the signed file size.""" if not self.extension.uuid: raise SigningError('Need uuid to be set to sign') if not self.pk: raise SigningError('Need version pk to be set to sign') if self.extension.is_blocked(): raise SigningError('Trying to signed a blocked extension') ids = json.dumps({ # 'id' needs to be an unique identifier not shared with anything # else (other extensions, langpacks, webapps...), but should not # change when there is an update. 'id': self.extension.uuid, # 'version' should be an integer and should be monotonically # increasing. 'version': self.pk }) with statsd.timer('extensions.sign'): try: # This will read the file from self.file_path, generate a # signature and write the signed file to self.signed_file_path. sign_app(private_storage.open(self.file_path), self.signed_file_path, ids) except SigningError: log.info('[ExtensionVersion:%s] Signing failed' % self.pk) self.remove_public_signed_file() # Clean up. raise return public_storage.size(self.signed_file_path)
def reviewer_sign_file(self): """Sign the original file (`file_path`) with reviewer certs, then move the signed file to the reviewers-specific signed path (`reviewer_signed_file_path`) on private storage.""" if not self.extension.uuid: raise SigningError('Need uuid to be set to sign') if not self.pk: raise SigningError('Need version pk to be set to sign') ids = json.dumps({ # Reviewers get a unique 'id' so the reviewer installed add-on # won't conflict with the public add-on, and also so even multiple # versions of the same add-on can be installed side by side with # other versions. 'id': 'reviewer-{guid}-{version_id}'.format( guid=self.extension.uuid, version_id=self.pk), 'version': self.pk }) with statsd.timer('extensions.sign_reviewer'): try: # This will read the file from self.file_path, generate a # reviewer signature and write the signed file to # self.reviewer_signed_file_path. sign_app(private_storage.open(self.file_path), self.reviewer_signed_file_path, ids, reviewer=True) except SigningError: log.info( '[ExtensionVersion:%s] Reviewer Signing failed' % self.pk) if private_storage.exists(self.reviewer_signed_file_path): private_storage.delete(self.reviewer_signed_file_path) raise
def reviewer_sign_file(self): """Sign the original file (`file_path`) with reviewer certs, then move the signed file to the reviewers-specific signed path (`reviewer_signed_file_path`) on private storage.""" if not self.extension.uuid: raise SigningError('Need uuid to be set to sign') if not self.pk: raise SigningError('Need version pk to be set to sign') ids = json.dumps({ 'id': self.review_id, 'version': self.pk }) with statsd.timer('extensions.sign_reviewer'): try: # This will read the file from self.file_path, generate a # reviewer signature and write the signed file to # self.reviewer_signed_file_path. sign_app(private_storage.open(self.file_path), self.reviewer_signed_file_path, ids, reviewer=True) except SigningError: log.info( '[ExtensionVersion:%s] Reviewer Signing failed' % self.pk) if private_storage.exists(self.reviewer_signed_file_path): private_storage.delete(self.reviewer_signed_file_path) raise
def sign_marketplace(src=None): # Note: not using storage because I think this all happens locally. src = src or get_package_path(signed=False) dest = get_package_path(signed=True) if os.path.exists(dest): log.info('File already exists: %s' % dest) raise OSError('File already exists: %s' % dest) log.info('Signing %s' % src) sign_app(src, dest)
def package_signer(): destination = getattr(settings, "SIGNED_APPS_SERVER", None) if not destination: return "", "Signer is not configured." app_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "nagios_check_packaged_app.zip") signed_path = tempfile.mktemp() try: packaged.sign_app(open(app_path), signed_path, None, False) return "", "Package signer working" except PackageSigningError, e: msg = "Error on package signing (%s): %s" % (destination, e) return msg, msg
def package_signer(): destination = getattr(settings, 'SIGNED_APPS_SERVER', None) if not destination: return '', 'Signer is not configured.' app_path = os.path.join(os.path.dirname(__file__), 'nagios_check_packaged_app.zip') signed_path = tempfile.mktemp() try: packaged.sign_app(app_path, signed_path, None, False) return '', 'Package signer working' except PackageSigningError, e: msg = 'Error on package signing (%s): %s' % (destination, e) return msg, msg
def sign_and_move_file(self, upload): ids = json.dumps({ # 'id' needs to be unique for a given langpack, but should not # change when there is an update. 'id': self.pk, # 'version' should be an integer and should be monotonically # increasing. 'version': self.file_version }) with statsd.timer('langpacks.sign'): try: # This will read the upload.path file, generate a signature # and write the signed file to self.file_path. sign_app(storage.open(upload.path), self.file_path, ids) except SigningError: log.info('[LangPack:%s] Signing failed' % self.pk) if storage.exists(self.file_path): storage.delete(self.file_path) raise
def sign_and_move_file(self, upload): ids = json.dumps({ # 'id' needs to be an unique identifier not shared with anything # else (other langpacks, webapps, extensions...), but should not # change when there is an update. Since our PKs are uuid it's the # best choice. 'id': self.pk, # 'version' should be an integer and should be monotonically # increasing. 'version': self.file_version }) with statsd.timer('langpacks.sign'): try: # This will read the upload.path file, generate a signature # and write the signed file to self.file_path. sign_app(private_storage.open(upload.path), self.file_path, ids) except SigningError: log.info('[LangPack:%s] Signing failed' % self.pk) if public_storage.exists(self.file_path): public_storage.delete(self.file_path) raise
def reviewer_sign_file(self): """Sign the original file (`file_path`) with reviewer certs, then move the signed file to the reviewers-specific signed path (`reviewer_signed_file_path`) on private storage.""" if not self.extension.uuid: raise SigningError('Need uuid to be set to sign') if not self.pk: raise SigningError('Need version pk to be set to sign') ids = json.dumps({'id': self.review_id, 'version': self.pk}) with statsd.timer('extensions.sign_reviewer'): try: # This will read the file from self.file_path, generate a # reviewer signature and write the signed file to # self.reviewer_signed_file_path. sign_app(private_storage.open(self.file_path), self.reviewer_signed_file_path, ids, reviewer=True) except SigningError: log.info('[ExtensionVersion:%s] Reviewer Signing failed' % self.pk) if private_storage.exists(self.reviewer_signed_file_path): private_storage.delete(self.reviewer_signed_file_path) raise