def _metadata_modified(self, fn): # read in the file blob = open(fn, 'rb').read() blob_p7b = self._sign_blob(blob) if not blob_p7b: return # write a new file fn_p7b = fn + '.asc' with open(fn_p7b, 'w') as f: f.write(blob_p7b) # inform the plugin loader ploader.file_modified(fn_p7b)
def _metadata_modified(self, fn): # plugin not enabled settings = _get_settings('sign_sigul') if settings['sign_sigul_enable'] != 'enabled': return # generate blob_asc = _sigul_detached_sign_data(open(fn, 'rb').read(), settings['sign_sigul_config_file'], settings['sign_sigul_metadata_key']) fn_asc = fn + '.asc' with open(fn_asc, 'w') as f: f.write(blob_asc) # inform the plugin loader ploader.file_modified(fn_asc)
def _regenerate_and_sign_metadata(): # get list of dirty remotes remotes = [] for r in db.session.query(Remote).all(): if r.name == 'private': continue if r.name == 'deleted': continue if r.is_dirty: remotes.append(r) # nothing to do if not len(remotes): return # update everything required for r in remotes: print('Updating: %s' % r.name) _metadata_update_targets(remotes) for r in remotes: if r.name == 'stable': _metadata_update_pulp() # sign and sync download_dir = app.config['DOWNLOAD_DIR'] for r in remotes: ploader.file_modified(os.path.join(download_dir, r.filename)) # mark as no longer dirty for r in remotes: r.is_dirty = False db.session.commit() # drop caches in other sessions db.session.expire_all() # log what we did for r in remotes: _event_log('Signed metadata %s' % r.name)
def _sign_fw(fw): # load the .cab file download_dir = app.config['DOWNLOAD_DIR'] fn = os.path.join(download_dir, fw.filename) try: data = open(fn, 'rb').read() except IOError as e: raise NotImplementedError('cannot read %s: %s' % (fn, str(e))) istream = Gio.MemoryInputStream.new_from_bytes(GLib.Bytes.new(data)) cfarchive = GCab.Cabinet.new() cfarchive.load(istream) cfarchive.extract(None) # look for each metainfo file cfs = _archive_get_files_from_glob(cfarchive, '*.metainfo.xml') if len(cfs) == 0: raise NotImplementedError('no .metadata.xml files in %s' % fn) # parse each MetaInfo file print('Signing: %s' % fn) for cf in cfs: _sign_md(cfarchive, cf) # save the new archive ostream = Gio.MemoryOutputStream.new_resizable() cfarchive.write_simple(ostream) cab_data = Gio.MemoryOutputStream.steal_as_bytes(ostream).get_data() # overwrite old file open(fn, 'wb').write(cab_data) # inform the plugin loader ploader.file_modified(fn) # update the database fw.checksum_signed = hashlib.sha1(cab_data).hexdigest() fw.signed_timestamp = datetime.datetime.utcnow() db.session.commit()
def _metadata_modified(self, fn): # plugin not enabled settings = _get_settings('sign_gpg') if settings['sign_gpg_enable'] != 'enabled': return # generate if not settings['sign_gpg_keyring_dir']: raise PluginError('No keyring directory set') if not settings['sign_gpg_metadata_uid']: raise PluginError('No metadata signing UID set') affidavit = Affidavit(settings['sign_gpg_metadata_uid'], settings['sign_gpg_keyring_dir']) if not affidavit: return blob = open(fn, 'rb').read() blob_asc = affidavit.create(blob) fn_asc = fn + '.asc' with open(fn_asc, 'w') as f: f.write(blob_asc) # inform the plugin loader ploader.file_modified(fn_asc)