def kill_running_process(service_name, host, port):
"""Find and kill any running web service processes."""
try:
pid = get_pid(service_name)
except IOError:
# We could not find an existing pidfile.
return
except ValueError:
# The file contained a mangled and invalid PID number, so we should
# clean the file up.
remove_if_exists(pidfile_path(service_name))
else:
if pid is not None:
try:
os.kill(pid, signal.SIGTERM)
# We need to use a busy-wait to find out when the socket
# becomes available. Failing to do so causes a race condition
# between freeing the socket in the killed process, and
# opening it in the current one.
wait_for_service_shutdown(host, port)
except os.error as err:
if err.errno == errno.ESRCH:
# Whoops, we got a 'No such process' error. The PID file
# is probably stale, so we'll remove it to prevent trash
# from lying around in the test environment.
# See bug #237086.
remove_if_exists(pidfile_path(service_name))
else:
raise
def ensureNoFiles(self):
"""Ensure the .ht* files don't already exist."""
pub_config = getPubConfig(self.ppa)
htaccess = os.path.join(pub_config.archiveroot, ".htaccess")
htpasswd = os.path.join(pub_config.archiveroot, ".htpasswd")
remove_if_exists(htaccess)
remove_if_exists(htpasswd)
return htaccess, htpasswd
def ensureNoFiles(self):
"""Ensure the .ht* files don't already exist."""
pub_config = getPubConfig(self.ppa)
htaccess = os.path.join(pub_config.htaccessroot, ".htaccess")
htpasswd = os.path.join(pub_config.htaccessroot, ".htpasswd")
remove_if_exists(htaccess)
remove_if_exists(htpasswd)
return htaccess, htpasswd
def _makeSignatures(self, signatures, log=None):
"""Make a sequence of signatures.
This abstraction is useful in the case where we're using an
in-process `GPGHandler`, since it avoids having to import the secret
key more than once.
:param signatures: A sequence of (input path, output path,
`SigningMode`, suite) tuples. Note that some backends may make
a policy decision not to produce all the requested output paths.
:param log: An optional logger.
:return: A list of output paths that were produced.
"""
if not self.can_sign:
raise CannotSignArchive("No signing key available for %s" %
self.archive.displayname)
if self.archive.signing_key is not None:
secret_key_path = self.getPathForSecretKey(
self.archive.signing_key)
with open(secret_key_path) as secret_key_file:
secret_key_export = secret_key_file.read()
gpghandler = getUtility(IGPGHandler)
secret_key = gpghandler.importSecretKey(secret_key_export)
output_paths = []
for input_path, output_path, mode, suite in signatures:
if self.archive.signing_key is not None:
with open(input_path) as input_file:
input_content = input_file.read()
signature = gpghandler.signContent(input_content,
secret_key,
mode=self.gpgme_modes[mode])
with open(output_path, "w") as output_file:
output_file.write(signature)
output_paths.append(output_path)
elif find_run_parts_dir(self.archive.distribution.name,
"sign.d") is not None:
remove_if_exists(output_path)
env = {
"ARCHIVEROOT": self.pubconf.archiveroot,
"INPUT_PATH": input_path,
"OUTPUT_PATH": output_path,
"MODE": mode.name.lower(),
"DISTRIBUTION": self.archive.distribution.name,
"SUITE": suite,
}
run_parts(self.archive.distribution.name,
"sign.d",
log=log,
env=env)
if os.path.exists(output_path):
output_paths.append(output_path)
else:
raise AssertionError("No signing key available for %s" %
self.archive.displayname)
return output_paths
def setUp(self, spew=False, umask=None):
# setUp() watches the logfile to determine when the daemon has fully
# started. If it sees an old logfile, then it will find the
# readyservice.LOG_MAGIC string and return immediately, provoking
# hard-to-diagnose race conditions. Delete the logfile to make sure
# this does not happen.
remove_if_exists(self.logfile)
TacTestFixture.setUp(self,
python_path=sys.executable,
twistd_script=twistd_script)
def signOpal(self, image):
"""Attempt to sign a kernel image for Opal."""
remove_if_exists("%s.sig" % image)
(pem, cert) = self.getKeys('Opal Kernel', self.generateOpalKeys,
self.opal_pem, self.opal_x509)
if not pem or not cert:
return
self.publishPublicKey(cert)
cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"]
return self.callLog("Opal signing", cmdl)
def signKmod(self, image):
"""Attempt to sign a kernel module."""
remove_if_exists("%s.sig" % image)
(pem, cert) = self.getKeys('Kernel Module', self.generateKmodKeys,
self.kmod_pem, self.kmod_x509)
if not pem or not cert:
return
self.publishPublicKey(cert)
cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"]
return self.callLog("Kmod signing", cmdl)
def signUefi(self, image):
"""Attempt to sign an image."""
remove_if_exists("%s.signed" % image)
(key, cert) = self.getKeys('UEFI', self.generateUefiKeys,
self.uefi_key, self.uefi_cert)
if not key or not cert:
return
self.publishPublicKey(cert)
cmdl = ["sbsign", "--key", key, "--cert", cert, image]
return self.callLog("UEFI signing", cmdl)
def setUp(self, spew=False, umask=None):
# setUp() watches the logfile to determine when the daemon has fully
# started. If it sees an old logfile, then it will find the
# readyservice.LOG_MAGIC string and return immediately, provoking
# hard-to-diagnose race conditions. Delete the logfile to make sure
# this does not happen.
remove_if_exists(self.logfile)
TacTestFixture.setUp(self,
python_path=sys.executable,
twistd_script=twistd_script)
def extract(self):
"""Copy the custom upload to a temporary directory, and sign it.
No actual extraction is required.
"""
super(UefiUpload, self).extract()
if self.key is not None and self.cert is not None:
efi_filenames = list(self.findEfiFilenames())
for efi_filename in efi_filenames:
remove_if_exists("%s.signed" % efi_filename)
self.sign(efi_filename)
def _setUp(self):
pidfile = pidfile_path(
"codebrowse", use_config=LayerProcessController.appserver_config)
pid = get_pid_from_file(pidfile)
if pid is not None:
warnings.warn(
"Attempt to start LoggerheadFixture with an existing "
"instance (%d) running in %s." % (pid, pidfile))
kill_by_pidfile(pidfile)
self.logfile = os.path.join(config.codebrowse.log_folder, "debug.log")
remove_if_exists(self.logfile)
self.addCleanup(kill_by_pidfile, pidfile)
run_script(
os.path.join("scripts", "start-loggerhead.py"),
["--daemon"],
# The testrunner-appserver config provides the correct
# openid_provider_root URL.
extra_env={"LPCONFIG": BaseLayer.appserver_config_name})
self._waitForStartup()
def testEnsureHtaccess(self):
"""Ensure that the .htaccess file is generated correctly."""
# The publisher Config object does not have an interface, so we
# need to remove the security wrapper.
pub_config = getPubConfig(self.ppa)
filename = os.path.join(pub_config.archiveroot, ".htaccess")
remove_if_exists(filename)
script = self.getScript()
script.ensureHtaccess(self.ppa)
self.addCleanup(remove_if_exists, filename)
contents = [
"",
"AuthType Basic",
"AuthName \"Token Required\"",
"AuthUserFile %s/.htpasswd" % pub_config.archiveroot,
"Require valid-user",
"",
]
self.assertThat(filename, FileContains('\n'.join(contents)))
def testEnsureHtaccess(self):
"""Ensure that the .htaccess file is generated correctly."""
# The publisher Config object does not have an interface, so we
# need to remove the security wrapper.
pub_config = getPubConfig(self.ppa)
filename = os.path.join(pub_config.htaccessroot, ".htaccess")
remove_if_exists(filename)
script = self.getScript()
script.ensureHtaccess(self.ppa)
self.addCleanup(remove_if_exists, filename)
contents = [
"",
"AuthType Basic",
"AuthName \"Token Required\"",
"AuthUserFile %s/.htpasswd" % pub_config.htaccessroot,
"Require valid-user",
"",
]
self.assertThat(filename, FileContains('\n'.join(contents)))
def removeLog(self):
remove_if_exists(self.logfile)
