def verify(self, explorer): try: manifest.verify(self.impl_path) except BadDigest as ex: box = gtk.MessageDialog(None, 0, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, str(ex)) if ex.detail: swin = gtk.ScrolledWindow() buffer = gtk.TextBuffer() mono = buffer.create_tag('mono', family = 'Monospace') buffer.insert_with_tags(buffer.get_start_iter(), ex.detail, mono) text = gtk.TextView(buffer) text.set_editable(False) text.set_cursor_visible(False) swin.add(text) swin.set_shadow_type(gtk.SHADOW_IN) swin.set_border_width(4) box.vbox.pack_start(swin) swin.show_all() box.set_resizable(True) else: box = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, gtk.BUTTONS_OK, _('Contents match digest; nothing has been changed.')) box.run() box.destroy()
def do_audit(args): """audit [DIRECTORY]""" if len(args) == 0: audit_stores = stores.stores else: audit_stores = [zerostore.Store(x) for x in args] audit_ls = [] total = 0 for a in audit_stores: if os.path.isdir(a.dir): items = sorted(os.listdir(a.dir)) audit_ls.append((a.dir, items)) total += len(items) elif len(args): raise SafeException(_("No such directory '%s'") % a.dir) verified = 0 failures = [] i = 0 for root, impls in audit_ls: print(_("Scanning %s") % root) for required_digest in impls: path = os.path.join(root, required_digest) try: (alg, digest ) = zerostore.parse_algorithm_digest_pair(required_digest) except zerostore.BadDigest: print(_("Skipping non-implementation directory %s") % path) continue i += 1 try: msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % { 'done': i, 'total': total, 'digest': required_digest } print(msg, end='') sys.stdout.flush() verify(path, required_digest) print("\r" + (" " * len(msg)) + "\r", end='') verified += 1 except zerostore.BadDigest as ex: print() failures.append(path) print(str(ex)) if ex.detail: print() print(ex.detail) if failures: print('\n' + _("List of corrupted or modified implementations:")) for x in failures: print(x) print() print(_("Checked %d items") % i) print(_("Successfully verified implementations: %d") % verified) print(_("Corrupted or modified implementations: %d") % len(failures)) if failures: sys.exit(1)
def do_audit(args): """audit [DIRECTORY]""" if len(args) == 0: audit_stores = stores.stores else: audit_stores = [zerostore.Store(x) for x in args] audit_ls = [] total = 0 for a in audit_stores: if os.path.isdir(a.dir): items = sorted(os.listdir(a.dir)) audit_ls.append((a.dir, items)) total += len(items) elif len(args): raise SafeException(_("No such directory '%s'") % a.dir) verified = 0 failures = [] i = 0 for root, impls in audit_ls: print(_("Scanning %s") % root) for required_digest in impls: path = os.path.join(root, required_digest) try: (alg, digest) = zerostore.parse_algorithm_digest_pair(required_digest) except zerostore.BadDigest: print(_("Skipping non-implementation directory %s") % path) continue i += 1 try: msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % { "done": i, "total": total, "digest": required_digest, } print(msg, end="") sys.stdout.flush() verify(path, required_digest) print("\r" + (" " * len(msg)) + "\r", end="") verified += 1 except zerostore.BadDigest as ex: print() failures.append(path) print(str(ex)) if ex.detail: print() print(ex.detail) if failures: print("\n" + _("List of corrupted or modified implementations:")) for x in failures: print(x) print() print(_("Checked %d items") % i) print(_("Successfully verified implementations: %d") % verified) print(_("Corrupted or modified implementations: %d") % len(failures)) if failures: sys.exit(1)
def do_audit(args): """audit [DIRECTORY]""" if len(args) == 0: audit_stores = stores.stores else: audit_stores = [zerostore.Store(x) for x in args] audit_ls = [] total = 0 for a in audit_stores: if os.path.isdir(a.dir): items = sorted(os.listdir(a.dir)) audit_ls.append((a.dir, items)) total += len(items) elif len(args): raise SafeException(_("No such directory '%s'") % a.dir) verified = 0 failures = [] i = 0 for root, impls in audit_ls: print _("Scanning %s") % root for required_digest in impls: i += 1 path = os.path.join(root, required_digest) if '=' not in required_digest: print _("Skipping non-implementation directory %s") % path continue try: msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % {'done': i, 'total': total, 'digest': required_digest} print msg, sys.stdout.flush() verify(path, required_digest) print "\r" + (" " * len(msg)) + "\r", verified += 1 except zerostore.BadDigest as ex: print failures.append(path) print str(ex) if ex.detail: print print ex.detail if failures: print '\n' + _("List of corrupted or modified implementations:") for x in failures: print x print print _("Checked %d items") % i print _("Successfully verified implementations: %d") % verified print _("Corrupted or modified implementations: %d") % len(failures) if failures: sys.exit(1)
def testVerify(self): path = os.path.join(self.tmp, "MyLink") os.symlink("Hello", path) mfile = os.path.join(self.tmp, ".manifest") for alg_name in ["sha1", "sha256", "sha1new"]: try: alg = manifest.get_algorithm(alg_name) added_digest = alg.getID(manifest.add_manifest_file(self.tmp, alg)) digest = alg.new_digest() digest.update("Hello") self.assertEquals("S %s 5 MyLink\n" % digest.hexdigest(), file(mfile, "rb").read()) manifest.verify(self.tmp, added_digest) os.chmod(self.tmp, 0700) os.unlink(mfile) except BadDigest, ex: raise Exception("%s: %s\n%s" % (alg_name, ex, ex.detail))
def testVerify(self): path = os.path.join(self.tmp, 'MyLink') os.symlink('Hello', path) mfile = os.path.join(self.tmp, '.manifest') for alg_name in ['sha1', 'sha256', 'sha1new']: try: alg = manifest.get_algorithm(alg_name) added_digest = alg.getID(manifest.add_manifest_file(self.tmp, alg)) digest = alg.new_digest() digest.update('Hello') self.assertEquals("S %s 5 MyLink\n" % digest.hexdigest(), file(mfile, 'rb').read()) manifest.verify(self.tmp, added_digest) os.chmod(self.tmp, 0o700) os.unlink(mfile) except BadDigest as ex: raise Exception("%s: %s\n%s" % (alg_name, ex, ex.detail))
def do_audit(args): """audit [DIRECTORY]""" if len(args) == 0: audit_stores = stores.stores else: audit_stores = [zerostore.Store(x) for x in args] audit_ls = [] total = 0 for a in audit_stores: if os.path.isdir(a.dir): items = sorted(os.listdir(a.dir)) audit_ls.append((a.dir, items)) total += len(items) elif len(args): raise SafeException(_("No such directory '%s'") % a.dir) verified = 0 failures = [] i = 0 for root, impls in audit_ls: print _("Scanning %s") % root for required_digest in impls: i += 1 path = os.path.join(root, required_digest) if '=' not in required_digest: print _("Skipping non-implementation directory %s") % path continue try: msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % { 'done': i, 'total': total, 'digest': required_digest } print msg, sys.stdout.flush() verify(path, required_digest) print "\r" + (" " * len(msg)) + "\r", verified += 1 except zerostore.BadDigest, ex: print failures.append(path) print str(ex) if ex.detail: print print ex.detail
def testVerify(self): path = os.path.join(self.tmp, 'MyLink') os.symlink('Hello', path) mfile = os.path.join(self.tmp, '.manifest') for alg_name in ['sha1', 'sha256', 'sha1new']: try: alg = manifest.get_algorithm(alg_name) added_digest = alg.getID( manifest.add_manifest_file(self.tmp, alg)) digest = alg.new_digest() digest.update('Hello') self.assertEquals("S %s 5 MyLink\n" % digest.hexdigest(), file(mfile, 'rb').read()) manifest.verify(self.tmp, added_digest) os.chmod(self.tmp, 0o700) os.unlink(mfile) except BadDigest as ex: raise Exception("%s: %s\n%s" % (alg_name, ex, ex.detail))
def add_digest(impl, alg_name): alg = manifest.get_algorithm(alg_name) # Scan through the existing digests # - If we've already got the one we need, return # - Otherwise, find a cached implementation we can use existing_path = None for a, value in digests(impl): if a in ('sha1', 'sha1new', 'sha256'): digest = '%s=%s' % (a, value) else: digest = '%s_%s' % (a, value) if a == alg_name: return False # Already signed with this algorithm if not existing_path: try: existing_path = stores.lookup(digest) if existing_path: existing_digest = digest except NotStored: pass # OK if existing_path is None: print("No implementations of %s cached; can't calculate new digest" % get_version(impl)) return False info("Verifying %s", existing_path) manifest.verify(existing_path, existing_digest) print("Adding new digest to version %s" % get_version(impl)) new_digest = alg.new_digest() for line in alg.generate_manifest(existing_path): new_digest.update((line + '\n').encode()) for md in xmltools.children(impl, 'manifest-digest'): break else: md = xmltools.create_element(impl, 'manifest-digest') _, digest_value = manifest.splitID(alg.getID(new_digest)) md.setAttribute(alg_name, digest_value) return True
def verify(self): try: manifest.verify(self.impl_path) except BadDigest, ex: box = gtk.MessageDialog(None, 0, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, str(ex)) if ex.detail: swin = gtk.ScrolledWindow() buffer = gtk.TextBuffer() mono = buffer.create_tag("mono", family="Monospace") buffer.insert_with_tags(buffer.get_start_iter(), ex.detail, mono) text = gtk.TextView(buffer) text.set_editable(False) text.set_cursor_visible(False) swin.add(text) swin.set_shadow_type(gtk.SHADOW_IN) swin.set_border_width(4) box.vbox.pack_start(swin) swin.show_all() box.set_resizable(True)
def do_verify(args): """verify (DIGEST | (DIRECTORY [DIGEST])""" if len(args) == 2: required_digest = args[1] root = args[0] elif len(args) == 1: root = get_stored(args[0]) required_digest = None # Get from name else: raise UsageError(_("Missing DIGEST or DIRECTORY")) print(_("Verifying"), root) try: verify(root, required_digest) print(_("OK")) except zerostore.BadDigest as ex: print(str(ex)) if ex.detail: print() print(ex.detail) sys.exit(1)
def add_digest(impl, alg_name): alg = manifest.get_algorithm(alg_name) # Scan through the existing digests # - If we've already got the one we need, return # - Otherwise, find a cached implementation we can use existing_path = None for a, value in digests(impl): digest = '%s=%s' % (a, value) if a == alg_name: return False # Already signed with this algorithm if not existing_path: try: existing_path = stores.lookup(digest) if existing_path: existing_digest = digest except NotStored: pass # OK if existing_path is None: print "No implementations of %s cached; can't calculate new digest" % get_version(impl) return False info("Verifying %s", existing_path) manifest.verify(existing_path, existing_digest) print "Adding new digest to version %s" % get_version(impl) new_digest = alg.new_digest() for line in alg.generate_manifest(existing_path): new_digest.update(line + '\n') for md in xmltools.children(impl, 'manifest-digest'): break else: md = xmltools.create_element(impl, 'manifest-digest') md.setAttribute(alg_name, new_digest.hexdigest()) return True