Exemplo n.º 1
0
def in_toto_verify(layout_path, layout_key_paths):
  """Loads layout file and layout keys from disk and performs all in-toto
  verifications."""

  try:
    log.doing("load layout...")
    layout = Layout.read_from_file(layout_path)
  except Exception, e:
    _die("in load layout - %s" % e)
Exemplo n.º 2
0
def in_toto_verify(layout_path, layout_key_paths):
    """Loads layout file and layout keys from disk and performs all in-toto
  verifications."""

    try:
        log.doing("load layout...")
        layout = Layout.read_from_file(layout_path)
    except Exception, e:
        _die("in load layout - %s" % e)
Exemplo n.º 3
0
def toto_verify(layout_path, layout_key):
  global retval

  # Load layout (validates format)
  try:
    log.doing("'%s' - load layout" % layout_path)
    layout = toto.models.layout.Layout.read_from_file(layout_path)
  except Exception, e:
    log.error("in load layout - %s" % e)
    return 1 # TODO: re-raise?
Exemplo n.º 4
0
def in_toto_run(step_name, key_path, material_list, product_list,
    link_cmd_args, record_byproducts=False):
  """Load link signing private keys from disk and runs passed command, storing
  its materials, by-products and return value, and products into link metadata
  file. The link metadata file is signed and stored to disk. """
  try:
    log.doing("load link signing key...")
    key = toto.util.prompt_import_rsa_key_from_file(key_path)
  except Exception, e:
    _die("in load key - %s" % e)
Exemplo n.º 5
0
def in_toto_run(step_name,
                key_path,
                material_list,
                product_list,
                link_cmd_args,
                record_byproducts=False):
    """Load link signing private keys from disk and runs passed command, storing
  its materials, by-products and return value, and products into link metadata
  file. The link metadata file is signed and stored to disk. """
    try:
        log.doing("load link signing key...")
        key = toto.util.prompt_import_rsa_key_from_file(key_path)
    except Exception, e:
        _die("in load key - %s" % e)
Exemplo n.º 6
0
def in_toto_run(step_name,
                key_path,
                material_list,
                product_list,
                link_cmd_args,
                record_byproducts=False):
    """Load link signing private keys from disk and runs passed command, storing
  its materials, by-products and return value, and products into link metadata
  file. The link metadata file is signed and stored to disk. """

    if tpm.readFromTPM(23) == str(0):
        tpm.set_register_23()
        log.doing("TPM: First time running - creating entry for register 23.")
    elif tpm.check_register_23():
        log.doing("TPM: Check passed.")
    else:
        log.doing("TPM: Check failed.  Exiting.")
        sys.exit()
    """
  if tpm.initialize_register_23():
    log.doing("TPM check passed.")
  else:
    log.doing("TPM check failed, exiting.")
    sys.exit()
  """

    try:
        log.doing("load link signing key...")
        key = toto.util.prompt_import_rsa_key_from_file(key_path)
    except Exception, e:
        _die("in load key - %s" % e)
Exemplo n.º 7
0
  def _verify_rules(rules, source_type, item_name, item_link, step_links):
    """ Iterates over list of rules and calls verify on them. """
    global retval

    for rule_data in rules:
      try:
        rule = toto.models.matchrule.Matchrule.read(rule_data)
        rule.source_type = source_type
        log.doing("'%s' - '%s' - verify %s matchrule - %s" \
            % (layout_path, item_name, source_type, rule_data))
        rule.verify_rule(item_link, step_links)

      except toto.models.matchrule.RuleVerficationFailed, e:
        log.failing("'%s' - '%s' - verify %s matchrule - %s" \
            % (layout_path, item_name, source_type, e))
        retval = 1
      except Exception, e:
        log.error("in verify matchrule - %s" % e)
Exemplo n.º 8
0
def in_toto_verify(layout_path, layout_key_paths):
    try:
        log.doing("load layout...")
        layout = Layout.read_from_file(layout_path)
    except Exception, e:
        _die("in load layout - %s" % e)
Exemplo n.º 9
0
def _die(msg, exitcode=1):
            log.failing(msg)
            log.doing("Stopping installation process.")
            sys.exit(exitcode)
Exemplo n.º 10
0
        self.successfully_installed = to_install

def _die(msg, exitcode=1):
            log.failing(msg)
            log.doing("Stopping installation process.")
            sys.exit(exitcode)

def in_toto_verify(layout_path, layout_key_paths):
    try:
        log.doing("load layout...")
        layout = Layout.read_from_file(layout_path)
    except Exception, e:
        _die("in load layout - %s" % e)

    try:
        log.doing("verify layout expiration")
        toto.verifylib.verify_layout_expiration(layout)
    except Exception, e:
        _die("in verify layout expiration - %s" % e)

    try:
        log.doing("load layout keys...")
        layout_key_dict = toto.util.import_rsa_public_keys_from_files_as_dict(
        layout_key_paths)
    except Exception, e:
        _die("in load layout keys - %s" % e)

    try:
        log.doing("verify layout signatures...")
        toto.verifylib.verify_layout_signatures(layout, layout_key_dict)
    except Exception, e:
Exemplo n.º 11
0
                key_path,
                material_list,
                product_list,
                link_cmd_args,
                record_byproducts=False):
    """Load link signing private keys from disk and runs passed command, storing
  its materials, by-products and return value, and products into link metadata
  file. The link metadata file is signed and stored to disk. """
    try:
        log.doing("load link signing key...")
        key = toto.util.prompt_import_rsa_key_from_file(key_path)
    except Exception, e:
        _die("in load key - %s" % e)

    try:
        log.doing("record materials...")
        materials_dict = toto.runlib.record_artifacts_as_dict(material_list)
    except Exception, e:
        _die("in record materials - %s" % e)

    try:
        log.doing("run command...")
        byproducts, return_value = toto.runlib.execute_link(
            link_cmd_args, record_byproducts)
    except Exception, e:
        _die("in run command - %s" % e)

    try:
        log.doing("record products...")
        products_dict = toto.runlib.record_artifacts_as_dict(product_list)
    except Exception, e:
Exemplo n.º 12
0
retval = 0

def toto_verify(layout_path, layout_key):
  global retval

  # Load layout (validates format)
  try:
    log.doing("'%s' - load layout" % layout_path)
    layout = toto.models.layout.Layout.read_from_file(layout_path)
  except Exception, e:
    log.error("in load layout - %s" % e)
    return 1 # TODO: re-raise?

  try:
    log.doing("'%s' - load key '%s'" % (layout_path, layout_key))
    # FIXME: Change key load
    layout_key_dict = toto.util.create_and_persist_or_load_key(layout_key)

  except Exception, e:
    log.error("in load key - %s" % e)


  # Verify signature
  try:
    log.doing("'%s' - verify signature - key '%s'" \
        % (layout_path, layout_key))

    msg = "'%s' - verify signature" % layout_path
    if layout.verify_signature(layout_key):
      log.passing(msg)
Exemplo n.º 13
0
def main():
    print """
  #############################################################################
  # Define the supply chain
  #############################################################################
  """
    # Create keys
    print "Generate keypair for Alice..."
    toto.util.generate_and_write_rsa_keypair("alice")

    print "Generate keypair for Bob..."
    toto.util.generate_and_write_rsa_keypair("bob")

    alice_public = toto.util.import_rsa_key_from_file("alice.pub")
    bob_public = toto.util.import_rsa_key_from_file("bob.pub")

    # Create Layout
    layout = m.Layout.read({
        "_type":
        "layout",
        "expires":
        "EXPIRES",
        "keys": {
            alice_public["keyid"]: alice_public,
            bob_public["keyid"]: bob_public
        },
        "steps": [{
            "name": "write-code",
            "material_matchrules": [],
            "product_matchrules": [["CREATE", "foo.py"]],
            "pubkeys": [alice_public["keyid"]],
            "expected_command": "vi",
        }, {
            "name":
            "package",
            "material_matchrules": [
                ["MATCH", "PRODUCT", "foo.py", "FROM", "write-code"],
            ],
            "product_matchrules": [
                ["CREATE", "foo.tar.gz"],
            ],
            "pubkeys": [bob_public["keyid"]],
            "expected_command":
            "tar zcvf foo.tar.gz foo.py",
        }],
        "inspect": [{
            "name":
            "untar",
            "material_matchrules":
            [["MATCH", "PRODUCT", "foo.tar.gz", "FROM", "package"]],
            "product_matchrules": [
                ["MATCH", "PRODUCT", "foo.py", "FROM", "write-code"],
            ],
            "run":
            "tar xfz foo.tar.gz",
        }],
        "signatures": []
    })

    # Sign and dump layout
    print "Load alice private key to sign layout..."
    alice_private = toto.util.import_rsa_key_from_file("alice")
    layout.sign(alice_private)
    layout.dump()

    # Check if dumping - reading - dumping produces the same layout
    # layout_same = m.Layout.read_from_file("root.layout")
    # if repr(layout) != repr(layout_same):
    #   log.failing("There is something wrong with layout de-/serialization")

    wait_for_y("Wanna do the peachy supply chain?")

    print """
  #############################################################################
  # Do the peachy supply chain
  #############################################################################
  """


    write_code_cmd = "python -m toto.toto-run "\
                     "--name write-code --products foo.py "\
                     "--key alice -- vi foo.py"
    log.doing("(Alice) - %s" % write_code_cmd)

    wait_for_y("Wanna drop to vi and write peachy code?")
    subprocess.call(write_code_cmd.split())

    package_cmd = "python -m toto.toto-run "\
                  "--name package --material foo.py --products foo.tar.gz "\
                  "--key bob --record-byproducts -- tar zcvf foo.tar.gz foo.py"
    log.doing("(Bob) - %s" % package_cmd)
    subprocess.call(package_cmd.split())

    print """
  #############################################################################
  # Verify the peachy supply chain
  #############################################################################
  """

    wait_for_y("Wanna verify peachy supply chain?")

    verify_cmd = "python -m toto.toto-verify "\
                 "--layout root.layout "\
                 "--layout-key alice"
    log.doing("(User) - %s" % verify_cmd)
    subprocess.call(verify_cmd.split())

    wait_for_y("Wanna do the failing supply chain?")

    print """
  #############################################################################
  # Do the failing supply chain
  #############################################################################
  """

    write_code_cmd = "python -m toto.toto-run "\
                     "--name write-code --products foo.py "\
                     "--key alice -- vi foo.py"
    log.doing("(Alice) - %s" % write_code_cmd)
    wait_for_y("Wanna drop to vi and write peachy code?")
    subprocess.call(write_code_cmd.split())

    bad_cmd = "vi foo.py"
    wait_for_y("Wanna drop to vi and write baaad code?")
    log.doing("(Malory) - %s" % bad_cmd)

    subprocess.call(bad_cmd.split())


    package_cmd = "python -m toto.toto-run "\
                  "--name package --material foo.py --products foo.tar.gz "\
                  "--key bob --record-byproducts -- tar zcvf foo.tar.gz foo.py"
    log.doing("(Bob) - %s" % package_cmd)
    subprocess.call(package_cmd.split())

    print """
  #############################################################################
  # Verify the failing supply chain
  #############################################################################
  """

    verify_cmd = "python -m toto.toto-verify "\
                 "--layout root.layout "\
                 "--layout-key alice"
    log.doing("(User) - %s" % verify_cmd)
    subprocess.call(verify_cmd.split())
Exemplo n.º 14
0
  log.error(msg)
  sys.exit(exitcode)

def in_toto_run(step_name, key_path, material_list, product_list,
    link_cmd_args, record_byproducts=False):
  """Load link signing private keys from disk and runs passed command, storing
  its materials, by-products and return value, and products into link metadata
  file. The link metadata file is signed and stored to disk. """
  try:
    log.doing("load link signing key...")
    key = toto.util.prompt_import_rsa_key_from_file(key_path)
  except Exception, e:
    _die("in load key - %s" % e)

  try:
    log.doing("record materials...")
    materials_dict = toto.runlib.record_artifacts_as_dict(material_list)
  except Exception, e:
    _die("in record materials - %s" % e)

  try:
    log.doing("run command...")
    byproducts, return_value = toto.runlib.execute_link(link_cmd_args,
        record_byproducts)
  except Exception, e:
    _die("in run command - %s" % e)

  try:
    log.doing("record products...")
    products_dict = toto.runlib.record_artifacts_as_dict(product_list)
  except Exception, e: