def sign_file(self):
"""Sign the original file (`file_path`), then move signed extension
file to the signed path (`signed_file_path`) on public storage. The
original file remains on private storage.
Return the signed file size."""
if not self.extension.uuid:
raise SigningError('Need uuid to be set to sign')
if not self.pk:
raise SigningError('Need version pk to be set to sign')
ids = json.dumps({
# 'id' needs to be an unique identifier not shared with anything
# else (other extensions, langpacks, webapps...), but should not
# change when there is an update.
'id': self.extension.uuid,
# 'version' should be an integer and should be monotonically
# increasing.
'version': self.pk
})
with statsd.timer('extensions.sign'):
try:
# This will read the file from self.file_path, generate a
# signature and write the signed file to self.signed_file_path.
sign_app(private_storage.open(self.file_path),
self.signed_file_path, ids)
except SigningError:
log.info('[ExtensionVersion:%s] Signing failed' % self.pk)
self.remove_public_signed_file() # Clean up.
raise
return public_storage.size(self.signed_file_path)
def sign_file(self):
"""Sign the original file (`file_path`), then move signed extension
file to the signed path (`signed_file_path`) on public storage. The
original file remains on private storage.
Return the signed file size."""
if not self.extension.uuid:
raise SigningError('Need uuid to be set to sign')
if not self.pk:
raise SigningError('Need version pk to be set to sign')
if self.extension.is_blocked():
raise SigningError('Trying to signed a blocked extension')
ids = json.dumps({
# 'id' needs to be an unique identifier not shared with anything
# else (other extensions, langpacks, webapps...), but should not
# change when there is an update.
'id': self.extension.uuid,
# 'version' should be an integer and should be monotonically
# increasing.
'version': self.pk
})
with statsd.timer('extensions.sign'):
try:
# This will read the file from self.file_path, generate a
# signature and write the signed file to self.signed_file_path.
sign_app(private_storage.open(self.file_path),
self.signed_file_path, ids)
except SigningError:
log.info('[ExtensionVersion:%s] Signing failed' % self.pk)
self.remove_public_signed_file() # Clean up.
raise
return public_storage.size(self.signed_file_path)
def reviewer_sign_file(self):
"""Sign the original file (`file_path`) with reviewer certs, then move
the signed file to the reviewers-specific signed path
(`reviewer_signed_file_path`) on private storage."""
if not self.extension.uuid:
raise SigningError('Need uuid to be set to sign')
if not self.pk:
raise SigningError('Need version pk to be set to sign')
ids = json.dumps({
# Reviewers get a unique 'id' so the reviewer installed add-on
# won't conflict with the public add-on, and also so even multiple
# versions of the same add-on can be installed side by side with
# other versions.
'id': 'reviewer-{guid}-{version_id}'.format(
guid=self.extension.uuid, version_id=self.pk),
'version': self.pk
})
with statsd.timer('extensions.sign_reviewer'):
try:
# This will read the file from self.file_path, generate a
# reviewer signature and write the signed file to
# self.reviewer_signed_file_path.
sign_app(private_storage.open(self.file_path),
self.reviewer_signed_file_path, ids, reviewer=True)
except SigningError:
log.info(
'[ExtensionVersion:%s] Reviewer Signing failed' % self.pk)
if private_storage.exists(self.reviewer_signed_file_path):
private_storage.delete(self.reviewer_signed_file_path)
raise
def reviewer_sign_file(self):
"""Sign the original file (`file_path`) with reviewer certs, then move
the signed file to the reviewers-specific signed path
(`reviewer_signed_file_path`) on private storage."""
if not self.extension.uuid:
raise SigningError('Need uuid to be set to sign')
if not self.pk:
raise SigningError('Need version pk to be set to sign')
ids = json.dumps({
'id': self.review_id,
'version': self.pk
})
with statsd.timer('extensions.sign_reviewer'):
try:
# This will read the file from self.file_path, generate a
# reviewer signature and write the signed file to
# self.reviewer_signed_file_path.
sign_app(private_storage.open(self.file_path),
self.reviewer_signed_file_path, ids, reviewer=True)
except SigningError:
log.info(
'[ExtensionVersion:%s] Reviewer Signing failed' % self.pk)
if private_storage.exists(self.reviewer_signed_file_path):
private_storage.delete(self.reviewer_signed_file_path)
raise
def sign_marketplace(src=None):
# Note: not using storage because I think this all happens locally.
src = src or get_package_path(signed=False)
dest = get_package_path(signed=True)
if os.path.exists(dest):
log.info('File already exists: %s' % dest)
raise OSError('File already exists: %s' % dest)
log.info('Signing %s' % src)
sign_app(src, dest)
def package_signer():
destination = getattr(settings, "SIGNED_APPS_SERVER", None)
if not destination:
return "", "Signer is not configured."
app_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "nagios_check_packaged_app.zip")
signed_path = tempfile.mktemp()
try:
packaged.sign_app(open(app_path), signed_path, None, False)
return "", "Package signer working"
except PackageSigningError, e:
msg = "Error on package signing (%s): %s" % (destination, e)
return msg, msg
def package_signer():
destination = getattr(settings, 'SIGNED_APPS_SERVER', None)
if not destination:
return '', 'Signer is not configured.'
app_path = os.path.join(os.path.dirname(__file__), 'nagios_check_packaged_app.zip')
signed_path = tempfile.mktemp()
try:
packaged.sign_app(app_path, signed_path, None, False)
return '', 'Package signer working'
except PackageSigningError, e:
msg = 'Error on package signing (%s): %s' % (destination, e)
return msg, msg
def sign_and_move_file(self, upload):
ids = json.dumps({
# 'id' needs to be unique for a given langpack, but should not
# change when there is an update.
'id': self.pk,
# 'version' should be an integer and should be monotonically
# increasing.
'version': self.file_version
})
with statsd.timer('langpacks.sign'):
try:
# This will read the upload.path file, generate a signature
# and write the signed file to self.file_path.
sign_app(storage.open(upload.path), self.file_path, ids)
except SigningError:
log.info('[LangPack:%s] Signing failed' % self.pk)
if storage.exists(self.file_path):
storage.delete(self.file_path)
raise
def sign_and_move_file(self, upload):
ids = json.dumps({
# 'id' needs to be unique for a given langpack, but should not
# change when there is an update.
'id': self.pk,
# 'version' should be an integer and should be monotonically
# increasing.
'version': self.file_version
})
with statsd.timer('langpacks.sign'):
try:
# This will read the upload.path file, generate a signature
# and write the signed file to self.file_path.
sign_app(storage.open(upload.path), self.file_path, ids)
except SigningError:
log.info('[LangPack:%s] Signing failed' % self.pk)
if storage.exists(self.file_path):
storage.delete(self.file_path)
raise
def sign_and_move_file(self, upload):
ids = json.dumps({
# 'id' needs to be an unique identifier not shared with anything
# else (other langpacks, webapps, extensions...), but should not
# change when there is an update. Since our PKs are uuid it's the
# best choice.
'id': self.pk,
# 'version' should be an integer and should be monotonically
# increasing.
'version': self.file_version
})
with statsd.timer('langpacks.sign'):
try:
# This will read the upload.path file, generate a signature
# and write the signed file to self.file_path.
sign_app(private_storage.open(upload.path), self.file_path,
ids)
except SigningError:
log.info('[LangPack:%s] Signing failed' % self.pk)
if public_storage.exists(self.file_path):
public_storage.delete(self.file_path)
raise
def sign_and_move_file(self, upload):
ids = json.dumps({
# 'id' needs to be an unique identifier not shared with anything
# else (other langpacks, webapps, extensions...), but should not
# change when there is an update. Since our PKs are uuid it's the
# best choice.
'id': self.pk,
# 'version' should be an integer and should be monotonically
# increasing.
'version': self.file_version
})
with statsd.timer('langpacks.sign'):
try:
# This will read the upload.path file, generate a signature
# and write the signed file to self.file_path.
sign_app(private_storage.open(upload.path),
self.file_path, ids)
except SigningError:
log.info('[LangPack:%s] Signing failed' % self.pk)
if public_storage.exists(self.file_path):
public_storage.delete(self.file_path)
raise
def reviewer_sign_file(self):
"""Sign the original file (`file_path`) with reviewer certs, then move
the signed file to the reviewers-specific signed path
(`reviewer_signed_file_path`) on private storage."""
if not self.extension.uuid:
raise SigningError('Need uuid to be set to sign')
if not self.pk:
raise SigningError('Need version pk to be set to sign')
ids = json.dumps({'id': self.review_id, 'version': self.pk})
with statsd.timer('extensions.sign_reviewer'):
try:
# This will read the file from self.file_path, generate a
# reviewer signature and write the signed file to
# self.reviewer_signed_file_path.
sign_app(private_storage.open(self.file_path),
self.reviewer_signed_file_path,
ids,
reviewer=True)
except SigningError:
log.info('[ExtensionVersion:%s] Reviewer Signing failed' %
self.pk)
if private_storage.exists(self.reviewer_signed_file_path):
private_storage.delete(self.reviewer_signed_file_path)
raise
