def fetch_feed():
yield dl.downloaded
tasks.check(dl.downloaded)
pending = PendingFeed(feed_url, stream)
if use_mirror:
# If we got the feed from a mirror, get the key from there too
key_mirror = self.feed_mirror + '/keys/'
else:
key_mirror = None
keys_downloaded = tasks.Task(
pending.download_keys(self.handler,
feed_hint=feed_url,
key_mirror=key_mirror),
_("download keys for %s") % feed_url)
yield keys_downloaded.finished
tasks.check(keys_downloaded.finished)
iface = iface_cache.get_interface(pending.url)
if not iface_cache.update_interface_if_trusted(
iface, pending.sigs, pending.new_xml):
blocker = self.handler.confirm_keys(pending,
self.fetch_key_info)
if blocker:
yield blocker
tasks.check(blocker)
if not iface_cache.update_interface_if_trusted(
iface, pending.sigs, pending.new_xml):
raise NoTrustedKeys(
_("No signing keys trusted; not importing"))
def fetch_feed():
try:
yield dl.downloaded
tasks.check(dl.downloaded)
pending = PendingFeed(feed_url, stream)
if use_mirror:
# If we got the feed from a mirror, get the key from there too
key_mirror = self.config.mirror + '/keys/'
else:
key_mirror = None
keys_downloaded = tasks.Task(pending.download_keys(self, feed_hint = feed_url, key_mirror = key_mirror), _("download keys for %s") % feed_url)
yield keys_downloaded.finished
tasks.check(keys_downloaded.finished)
dry_run = self.handler.dry_run
if not self.config.iface_cache.update_feed_if_trusted(pending.url, pending.sigs, pending.new_xml, dry_run = dry_run):
blocker = self.config.trust_mgr.confirm_keys(pending)
if blocker:
yield blocker
tasks.check(blocker)
if not self.config.iface_cache.update_feed_if_trusted(pending.url, pending.sigs, pending.new_xml, dry_run = dry_run):
raise NoTrustedKeys(_("No signing keys trusted; not importing"))
finally:
stream.close()
def fetch_feed():
yield dl.downloaded
tasks.check(dl.downloaded)
pending = PendingFeed(feed_url, stream)
if use_mirror:
# If we got the feed from a mirror, get the key from there too
key_mirror = self.feed_mirror + "/keys/"
else:
key_mirror = None
keys_downloaded = tasks.Task(
pending.download_keys(self.handler, feed_hint=feed_url, key_mirror=key_mirror),
_("download keys for %s") % feed_url,
)
yield keys_downloaded.finished
tasks.check(keys_downloaded.finished)
if not iface_cache.update_feed_if_trusted(pending.url, pending.sigs, pending.new_xml):
blocker = self.handler.confirm_keys(pending, self.fetch_key_info)
if blocker:
yield blocker
tasks.check(blocker)
if not iface_cache.update_feed_if_trusted(pending.url, pending.sigs, pending.new_xml):
raise NoTrustedKeys(_("No signing keys trusted; not importing"))
def fetch_feed():
try:
yield dl.downloaded
tasks.check(dl.downloaded)
pending = PendingFeed(feed_url, stream)
if use_mirror:
# If we got the feed from a mirror, get the key from there too
key_mirror = self.config.mirror + '/keys/'
else:
key_mirror = None
keys_downloaded = tasks.Task(
pending.download_keys(self,
feed_hint=feed_url,
key_mirror=key_mirror),
_("download keys for %s") % feed_url)
yield keys_downloaded.finished
tasks.check(keys_downloaded.finished)
if not self.config.iface_cache.update_feed_if_trusted(
pending.url, pending.sigs, pending.new_xml):
blocker = self.config.trust_mgr.confirm_keys(pending)
if blocker:
yield blocker
tasks.check(blocker)
if not self.config.iface_cache.update_feed_if_trusted(
pending.url, pending.sigs, pending.new_xml):
raise NoTrustedKeys(
_("No signing keys trusted; not importing"))
finally:
stream.close()
def testXMLupdate(self):
iface_cache = self.config.iface_cache
trust.trust_db.trust_key('92429807C9853C0744A68B9AAE07828059A53CC1')
stream = tempfile.TemporaryFile()
stream.write(data.thomas_key)
stream.seek(0)
gpg.import_key(stream)
iface = iface_cache.get_interface('http://foo')
src = tempfile.TemporaryFile()
src.write(data.foo_signed_xml)
src.seek(0)
pending = PendingFeed(iface.uri, src)
assert iface_cache.update_feed_if_trusted(iface.uri, pending.sigs,
pending.new_xml)
iface_cache.__init__()
feed = iface_cache.get_feed('http://foo')
assert feed.last_modified == 1154850229
# mtimes are unreliable because copying often changes them -
# check that we extract the time from the signature when upgrading
upstream_dir = basedir.save_cache_path(config_site, 'interfaces')
cached = os.path.join(upstream_dir, model.escape(feed.url))
os.utime(cached, None)
iface_cache.__init__()
feed = iface_cache.get_feed('http://foo')
assert feed.last_modified > 1154850229
src = tempfile.TemporaryFile()
src.write(data.new_foo_signed_xml)
src.seek(0)
pending = PendingFeed(feed.url, src)
assert iface_cache.update_feed_if_trusted(feed.url, pending.sigs,
pending.new_xml)
# Can't 'update' to an older copy
src = tempfile.TemporaryFile()
src.write(data.foo_signed_xml)
src.seek(0)
try:
pending = PendingFeed(feed.url, src)
assert iface_cache.update_feed_if_trusted(feed.url, pending.sigs,
pending.new_xml)
assert 0
except model.SafeException:
pass
def testCheckSigned(self): iface_cache = self.config.iface_cache trust.trust_db.trust_key( '92429807C9853C0744A68B9AAE07828059A53CC1') feed_url = 'http://foo' with tempfile.TemporaryFile(mode = 'w+b') as src: # Unsigned src.write(b"hello") src.flush() src.seek(0) try: PendingFeed(feed_url, src) assert 0 except model.SafeException: pass with tempfile.TemporaryFile(mode = 'w+b') as stream: stream.write(data.thomas_key) stream.seek(0) gpg.import_key(stream) # Signed src.seek(0) src.write(data.foo_signed_xml) src.flush() src.seek(0) pending = PendingFeed(feed_url, src) assert iface_cache.update_feed_if_trusted(feed_url, pending.sigs, pending.new_xml) self.assertEqual(['http://foo'], iface_cache.list_all_interfaces()) feed = iface_cache.get_feed(feed_url) self.assertEqual(1154850229, feed.last_modified)
def handle(config, options, args):
if not args:
raise UsageError()
h = config.handler
for x in args:
if not os.path.isfile(x):
raise SafeException(_("File '%s' does not exist") % x)
logging.info(_("Importing from file '%s'"), x)
signed_data = file(x)
data, sigs = gpg.check_stream(signed_data)
doc = minidom.parseString(data.read())
uri = doc.documentElement.getAttribute('uri')
if not uri:
raise SafeException(
_("Missing 'uri' attribute on root element in '%s'") % x)
logging.info(_("Importing information about interface %s"), uri)
signed_data.seek(0)
pending = PendingFeed(uri, signed_data)
def run():
keys_downloaded = tasks.Task(pending.download_keys(h),
"download keys")
yield keys_downloaded.finished
tasks.check(keys_downloaded.finished)
if not config.iface_cache.update_feed_if_trusted(
uri, pending.sigs, pending.new_xml):
blocker = config.trust_mgr.confirm_keys(pending)
if blocker:
yield blocker
tasks.check(blocker)
if not config.iface_cache.update_feed_if_trusted(
uri, pending.sigs, pending.new_xml):
raise SafeException(
_("No signing keys trusted; not importing"))
task = tasks.Task(run(), "import feed")
errors = tasks.wait_for_blocker(task.finished)
if errors:
raise SafeException(
_("Errors during download: ") + '\n'.join(errors))
def _import_feed(args):
from zeroinstall.support import tasks
from zeroinstall.injector import gpg, handler
from zeroinstall.injector.iface_cache import PendingFeed
from xml.dom import minidom
handler = handler.Handler()
for x in args:
if not os.path.isfile(x):
raise SafeException(_("File '%s' does not exist") % x)
logging.info(_("Importing from file '%s'"), x)
signed_data = file(x)
data, sigs = gpg.check_stream(signed_data)
doc = minidom.parseString(data.read())
uri = doc.documentElement.getAttribute('uri')
if not uri:
raise SafeException(_("Missing 'uri' attribute on root element in '%s'") % x)
iface = iface_cache.get_interface(uri)
logging.info(_("Importing information about interface %s"), iface)
signed_data.seek(0)
pending = PendingFeed(uri, signed_data)
def run():
keys_downloaded = tasks.Task(pending.download_keys(handler), "download keys")
yield keys_downloaded.finished
tasks.check(keys_downloaded.finished)
if not iface_cache.update_interface_if_trusted(iface, pending.sigs, pending.new_xml):
blocker = handler.confirm_trust_keys(iface, pending.sigs, pending.new_xml)
if blocker:
yield blocker
tasks.check(blocker)
if not iface_cache.update_interface_if_trusted(iface, pending.sigs, pending.new_xml):
raise SafeException(_("No signing keys trusted; not importing"))
task = tasks.Task(run(), "import feed")
errors = handler.wait_for_blocker(task.finished)
if errors:
raise SafeException(_("Errors during download: ") + '\n'.join(errors))