def _metadata_modified(self, fn):
# read in the file
blob = open(fn, 'rb').read()
blob_p7b = self._sign_blob(blob)
if not blob_p7b:
return
# write a new file
fn_p7b = fn + '.asc'
with open(fn_p7b, 'w') as f:
f.write(blob_p7b)
# inform the plugin loader
ploader.file_modified(fn_p7b)
def _metadata_modified(self, fn):
# plugin not enabled
settings = _get_settings('sign_sigul')
if settings['sign_sigul_enable'] != 'enabled':
return
# generate
blob_asc = _sigul_detached_sign_data(open(fn, 'rb').read(),
settings['sign_sigul_config_file'],
settings['sign_sigul_metadata_key'])
fn_asc = fn + '.asc'
with open(fn_asc, 'w') as f:
f.write(blob_asc)
# inform the plugin loader
ploader.file_modified(fn_asc)
def _regenerate_and_sign_metadata():
# get list of dirty remotes
remotes = []
for r in db.session.query(Remote).all():
if r.name == 'private':
continue
if r.name == 'deleted':
continue
if r.is_dirty:
remotes.append(r)
# nothing to do
if not len(remotes):
return
# update everything required
for r in remotes:
print('Updating: %s' % r.name)
_metadata_update_targets(remotes)
for r in remotes:
if r.name == 'stable':
_metadata_update_pulp()
# sign and sync
download_dir = app.config['DOWNLOAD_DIR']
for r in remotes:
ploader.file_modified(os.path.join(download_dir, r.filename))
# mark as no longer dirty
for r in remotes:
r.is_dirty = False
db.session.commit()
# drop caches in other sessions
db.session.expire_all()
# log what we did
for r in remotes:
_event_log('Signed metadata %s' % r.name)
def _sign_fw(fw):
# load the .cab file
download_dir = app.config['DOWNLOAD_DIR']
fn = os.path.join(download_dir, fw.filename)
try:
data = open(fn, 'rb').read()
except IOError as e:
raise NotImplementedError('cannot read %s: %s' % (fn, str(e)))
istream = Gio.MemoryInputStream.new_from_bytes(GLib.Bytes.new(data))
cfarchive = GCab.Cabinet.new()
cfarchive.load(istream)
cfarchive.extract(None)
# look for each metainfo file
cfs = _archive_get_files_from_glob(cfarchive, '*.metainfo.xml')
if len(cfs) == 0:
raise NotImplementedError('no .metadata.xml files in %s' % fn)
# parse each MetaInfo file
print('Signing: %s' % fn)
for cf in cfs:
_sign_md(cfarchive, cf)
# save the new archive
ostream = Gio.MemoryOutputStream.new_resizable()
cfarchive.write_simple(ostream)
cab_data = Gio.MemoryOutputStream.steal_as_bytes(ostream).get_data()
# overwrite old file
open(fn, 'wb').write(cab_data)
# inform the plugin loader
ploader.file_modified(fn)
# update the database
fw.checksum_signed = hashlib.sha1(cab_data).hexdigest()
fw.signed_timestamp = datetime.datetime.utcnow()
db.session.commit()
def _metadata_modified(self, fn):
# plugin not enabled
settings = _get_settings('sign_gpg')
if settings['sign_gpg_enable'] != 'enabled':
return
# generate
if not settings['sign_gpg_keyring_dir']:
raise PluginError('No keyring directory set')
if not settings['sign_gpg_metadata_uid']:
raise PluginError('No metadata signing UID set')
affidavit = Affidavit(settings['sign_gpg_metadata_uid'],
settings['sign_gpg_keyring_dir'])
if not affidavit:
return
blob = open(fn, 'rb').read()
blob_asc = affidavit.create(blob)
fn_asc = fn + '.asc'
with open(fn_asc, 'w') as f:
f.write(blob_asc)
# inform the plugin loader
ploader.file_modified(fn_asc)