def run(self):
self.ensure_directories_writable()
self._messenger.info('Searching for latest release...')
version_str = self._determine_latest_version()
version_tuple = self._parse_version(version_str)
self._messenger.info('Found {} to be latest.'.format(version_str))
tarball_download_url = self._create_tarball_download_url(
version_tuple, self._architecture)
signatur_download_url = '{}.asc'.format(tarball_download_url)
# Signature first, so we fail earlier if we do
abs_filename_signature = self._download_file(signatur_download_url)
abs_filename_tarball = self._download_file(tarball_download_url)
abs_temp_dir = os.path.abspath(tempfile.mkdtemp())
try:
abs_gpg_home_dir = self._initialize_gpg_home(abs_temp_dir)
release_pubring_gpg = resource_filename(resources.__name__,
'ncopa.asc')
self._import_gpg_key_file(abs_gpg_home_dir, release_pubring_gpg)
self._verify_file_gpg(abs_filename_tarball, abs_filename_signature,
abs_gpg_home_dir)
self._messenger.info('Extracting to "{}"...'.format(
self._abs_target_dir))
with TarFile.open(abs_filename_tarball) as tf:
tf.extractall(path=self._abs_target_dir)
finally:
self._messenger.info('Cleaning up "{}"...'.format(abs_temp_dir))
shutil.rmtree(abs_temp_dir)
def _initialize_gpg_home(self, abs_temp_dir):
abs_gpg_home_dir = os.path.join(abs_temp_dir, 'gpg_home')
self._messenger.info('Initializing temporary GnuPG home at "%s"...' % abs_gpg_home_dir)
os.mkdir(abs_gpg_home_dir, 0700)
self._check_gpg_for_no_autostart_support(abs_gpg_home_dir)
release_pubring_gpg = resource_filename(resources.__name__, 'pubring.gpg')
cmd = self._get_gpg_argv_start(abs_gpg_home_dir) + [
'--import', release_pubring_gpg,
]
self._executor.check_call(cmd)
return abs_gpg_home_dir
def _initialize_gpg_home(self, abs_temp_dir):
abs_gpg_home_dir = os.path.join(abs_temp_dir, 'gpg_home')
self._messenger.info('Initializing temporary GnuPG home at "%s"...' %
abs_gpg_home_dir)
os.mkdir(abs_gpg_home_dir, 0700)
self._check_gpg_for_no_autostart_support(abs_gpg_home_dir)
release_pubring_gpg = resource_filename(resources.__name__,
'pubring.gpg')
cmd = self._get_gpg_argv_start(abs_gpg_home_dir) + [
'--import',
release_pubring_gpg,
]
self._executor.check_call(cmd)
return abs_gpg_home_dir
def _initialize_gpg_home(self, abs_temp_dir):
abs_gpg_home_dir = os.path.join(abs_temp_dir, 'gpg_home')
self._messenger.info('Initializing temporary GnuPG home at "%s"...' %
abs_gpg_home_dir)
os.mkdir(abs_gpg_home_dir, 0o700)
self._check_gpg_for_no_autostart_support(abs_gpg_home_dir)
self._messenger.info('Importing known GnuPG keys from disk...')
signatures = [ # from https://www.gentoo.org/downloads/signatures/
# Key Fingerprint # Description # Created # Expiry
('13EBBDBEDE7A12775DFDB1BABB572E0E2D182910',
'Gentoo Linux Release Engineering (Automated Weekly Release Key)',
'2009-08-25', '2020-07-01'),
('DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D',
'Gentoo ebuild repository signing key (Automated Signing Key)',
'2011-11-25', '2020-07-01'),
('EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72',
'Gentoo repository mirrors (automated git signing key)',
'2018-05-28', '2020-07-01'),
('D99EAC7379A850BCE47DA5F29E6438C817072058',
'Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)',
'2004-07-20', '2020-07-01'),
('ABD00913019D6354BA1D9A132839FE0D796198B1',
'Gentoo Authority Key L1', '2019-04-01', '2020-07-01'),
('18F703D702B1B9591373148C55D3238EC050396E',
'Gentoo Authority Key L2 for Services', '2019-04-01',
'2020-07-01'),
('2C13823B8237310FA213034930D132FF0FF50EEB',
'Gentoo Authority Key L2 for Developers', '2019-04-01',
'2020-07-01'),
]
for signature in signatures:
filename = resource_filename(resources.__name__,
'{}.asc'.format(signature[0]))
cmd = self._get_gpg_argv_start(abs_gpg_home_dir) + [
'--import',
filename,
]
self._executor.check_call(cmd)
return abs_gpg_home_dir
def run(self):
self.ensure_directories_writable()
abs_temp_dir = os.path.abspath(tempfile.mkdtemp())
try:
if self._image_date_triple_or_none is None:
image_listing_html = self._get_image_listing()
image_yyyy_mm_dd = self.extract_latest_date(
image_listing_html, _image_date_matcher)
else:
image_yyyy_mm_dd = '%04s.%02d.%02d' % self._image_date_triple_or_none
keyring_listing_html = self._get_keyring_listing()
package_yyyymmdd = self.extract_latest_date(
keyring_listing_html, _keyring_package_date_matcher)
package_sig_filename = self._download_keyring_package(
package_yyyymmdd, '.sig')
package_filename = self._download_keyring_package(package_yyyymmdd)
abs_gpg_home_dir = self._initialize_gpg_home(abs_temp_dir)
self._messenger.info(
'Importing GPG keys whitelisted to sign archlinux-keyring...')
key_infos = self._obtain_keys_allowed_to_sign_archlinux_keyring_tarball(
)
self._messenger.info(
'Keys found allowed to sign archlinux-keyring tarball:')
for key in sorted(key_infos,
key=lambda x: (x.comment, x.long_key_id)):
self._messenger.info(' - %s (%s)' %
(key.comment, key.long_key_id))
remote_key_ids = {k.long_key_id for k in key_infos}
on_disk_key_ids = {
# https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/archlinux-keyring
'4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC', # Pierre Schmitz <*****@*****.**>
'A314827C4E4250A204CE6E13284FC34C8E4B1A25', # Thomas Bächler <*****@*****.**>
'86CFFCA918CF3AF47147588051E8B148A9999C34', # Evangelos Foutras <*****@*****.**>
'F3691687D867B81B51CE07D9BBE43771487328A9', # Bartlomiej Piotrowski <*****@*****.**>
'BD84DE71F493DF6814B0167254EDC91609BC9183', # Christian Hesse <*****@*****.**>
'CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E', # Florian Pritz <*****@*****.**>
'E499C79F53C96A54E572FEE1C06086337C50773E', # Jelle van der Waa <*****@*****.**>
}
load_from_web_key_ids = remote_key_ids - on_disk_key_ids
load_from_disk_key_ids = remote_key_ids - load_from_web_key_ids
self._messenger.info('Importing GPG keys from the internet...')
self._import_gpg_keys(abs_gpg_home_dir, load_from_web_key_ids)
self._messenger.info('Importing GPG keys from disk...')
for key_id in load_from_disk_key_ids:
abs_key_path = resource_filename(resources.__name__,
'%s.asc' % key_id)
self._import_gpg_key_file(abs_gpg_home_dir, abs_key_path)
self._verify_file_gpg(package_filename, package_sig_filename,
abs_gpg_home_dir)
self._import_gpg_keyring(abs_temp_dir, abs_gpg_home_dir,
package_filename, package_yyyymmdd)
image_sig_filename = self._download_image(image_yyyy_mm_dd, '.sig')
image_filename = self._download_image(image_yyyy_mm_dd)
self._verify_file_gpg(image_filename, image_sig_filename,
abs_gpg_home_dir)
abs_pacstrap_inner_root = self._extract_image(
image_filename, abs_temp_dir)
self._adjust_pacman_mirror_list(abs_pacstrap_inner_root)
self._copy_etc_resolv_conf(abs_pacstrap_inner_root)
rel_pacstrap_target_dir = os.path.join('mnt', 'arch_root', '')
abs_pacstrap_target_dir = os.path.join(abs_pacstrap_inner_root,
rel_pacstrap_target_dir)
os.makedirs(abs_pacstrap_target_dir)
self._mount_disk_chroot_mounts(abs_pacstrap_target_dir)
try:
self._mount_nondisk_chroot_mounts(abs_pacstrap_inner_root)
try:
self._initialize_pacman_keyring(abs_pacstrap_inner_root)
self._run_pacstrap(abs_pacstrap_inner_root,
rel_pacstrap_target_dir)
finally:
self._unmount_nondisk_chroot_mounts(
abs_pacstrap_inner_root)
finally:
self._unmount_disk_chroot_mounts(abs_pacstrap_target_dir)
finally:
self._messenger.info('Cleaning up "%s"...' % abs_temp_dir)
shutil.rmtree(abs_temp_dir)