def update():
# Set the local repository directory containing the metadata files.
tuf.conf.repository_directory = 'C:\Users\Sarah\Documents\GitHub\TUFeverywhere\Project'
repository_mirrors = {'mirror1': {'url_prefix': 'http://172.16.42.2:8001',
'metadata_path': 'metadata',
'targets_path': 'targets',
'confined_target_dirs': ['']}}
# Create the Upater object using the updater name 'tuf-example'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tuf-example', repository_mirrors)
# Set the local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets, destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError, e:
pass
def update_conf(filename, host):
"""
<Purpose>
Downloads the FILENAME file from the localhost http server
<Arguments>
<Exceptions>
<Side Effects>
None.
<Returns>
None.
"""
# conf = cc.load_conf(os.path.join(os.getcwd(),'Configuration/conf.json'))
# Set the local repositories directory containing all of the metadata files.
tuf.settings.repositories_directory = 'tufclient'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py.getupdates.pygetupdates.py
repository_mirrors = {'mirror': {'url_prefix': host,
'metadata_path': 'metadata', 'targets_path': 'targets',
'confined_target_dirs': ['']}}
# Create the repository object using the repository name 'repository'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tufrepo', repository_mirrors)
# The local destination directory to save the target files.
destination_directory = './tufclient/tuftargets'
logging.info("TUF is updating...")
# Refresh the repository's top-level roles...
updater.refresh(unsafely_update_root_if_necessary=False)
# ... and store the target information for the target file specified on the
# command line, and determine which of these targets have been updated.
target_fileinfo = []
target_fileinfo.append(updater.get_one_valid_targetinfo(
filename))
updated_targets = updater.updated_targets(target_fileinfo, destination_directory)
# Retrieve each of these updated targets and save them to the destination
# directory.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
logging.info("TUF updating %s", target)
except tuf.exceptions.DownloadError:
logging.error("TUF update failed %s", target)
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
if len(updated_targets) > 0:
return True
return False
def fetch(component):
directory = 'updater-tmp' + "/"
try:
os.mkdir(directory)
except:
pass # likely the directory already exists
targets = updater.targets_of_role('targets/' + component)
updated_targets = updater.updated_targets(targets, directory)
for target in updated_targets:
updater.download_target(target, directory)
updater.remove_obsolete_targets(directory)
def run(self):
"""
Check for updates
"""
if not self.mirrors:
return
while True:
try:
tuf.conf.repository_directory = os.path.join(self.bundle_path,
'repo')
updater = tuf.client.updater.Updater('leap-updater',
self.mirrors)
updater.refresh()
targets = updater.all_targets()
updated_targets = updater.updated_targets(targets,
self.source_path)
if updated_targets:
logger.info("There is updates needed. Start downloading "
"updates.")
for target in updated_targets:
updater.download_target(target, self.dest_path)
self._set_permissions(target)
if os.path.isdir(self.dest_path):
if os.path.isdir(self.update_path):
shutil.rmtree(self.update_path)
shutil.move(self.dest_path, self.update_path)
filepath = sorted([f['filepath'] for f in updated_targets])
emit(catalog.UPDATER_NEW_UPDATES,
", ".join(filepath))
logger.info("Updates ready: %s" % (filepath,))
return
except NotImplemented as e:
logger.error("NotImplemented: %s" % (e,))
return
except Exception as e:
logger.error("An unexpected error has occurred while "
"updating: %s" % (e,))
finally:
time.sleep(self.delay)
def run(self):
"""
Check for updates periodically
"""
if not self.mirrors:
return
while True:
try:
tuf.conf.repository_directory = os.path.join(
self.bundle_path, 'repo')
updater = tuf.client.updater.Updater('leap-updater',
self.mirrors)
updater.refresh()
targets = updater.all_targets()
updated_targets = updater.updated_targets(
targets, self.source_path)
if updated_targets:
print "There is updates needed. Start downloading updates."
for target in updated_targets:
updater.download_target(target, self.dest_path)
self._set_permissions(target)
if os.path.isdir(self.dest_path):
if os.path.isdir(self.update_path):
shutil.rmtree(self.update_path)
shutil.move(self.dest_path, self.update_path)
filepath = sorted([f['filepath'] for f in updated_targets])
signal(proto.UPDATER_NEW_UPDATES,
content=", ".join(filepath))
print "Updates ready: ", filepath
return
except NotImplemented as e:
print "NotImplemented: ", e
return
except Exception as e:
print "ERROR:", e
finally:
time.sleep(self.delay)
def update_client(repository_mirror):
"""
<Purpose>
Perform an update of the metadata and target files located at
'repository_mirror'. Target files are saved to the 'targets' directory
in the current working directory. The current directory must already
include a 'metadata' directory, which in turn must contain the 'current'
and 'previous' directories. At a minimum, these two directories require
the 'root.json' metadata file.
<Arguments>
repository_mirror:
The URL to the repository mirror hosting the metadata and target
files. E.g., 'http://localhost:8001'
<Exceptions>
tuf.RepositoryError, if 'repository_mirror' is improperly formatted.
<Side Effects>
Connects to a repository mirror and updates the metadata files and
any target files. Obsolete targets are also removed locally.
<Returns>
None.
"""
# Does 'repository_mirror' have the correct format?
try:
tuf.formats.URL_SCHEMA.check_match(repository_mirror)
except tuf.FormatError as e:
message = 'The repository mirror supplied is invalid.'
raise tuf.RepositoryError(message)
# Set the local repository directory containing all of the metadata files.
tuf.conf.repository_directory = '.'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py.
repository_mirrors = {'mirror': {'url_prefix': repository_mirror,
'metadata_path': 'metadata',
'targets_path': 'targets',
'confined_target_dirs': ['']}}
# Create the repository object using the repository name 'repository'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('repository', repository_mirrors)
# The local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets, destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError as e:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
'targets_path': 'targets',
'confined_target_dirs': ['']}}
# Create the Upater object using the updater name 'tuf-example'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tuf-example', repository_mirrors)
# Set the local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets, destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError, e:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
"""
# Example demonstrating an update that only downloads the targets of
def update_client(parsed_arguments):
"""
<Purpose>
Perform an update of the metadata and target files located at
'repository_mirror'. Target files are saved to the 'targets' directory
in the current working directory. The current directory must already
include a 'metadata' directory, which in turn must contain the 'current'
and 'previous' directories. At a minimum, these two directories require
the 'root.json' metadata file.
<Arguments>
parsed_arguments:
An argparse Namespace object, containing the parsed arguments.
<Exceptions>
tuf.exceptions.Error, if 'parsed_arguments' is not a Namespace object.
<Side Effects>
Connects to a repository mirror and updates the local metadata files and
any target files. Obsolete, local targets are also removed.
<Returns>
None.
"""
if not isinstance(parsed_arguments, argparse.Namespace):
raise tuf.exceptions.Error('Invalid namespace object.')
else:
logger.debug('We have a valid argparse Namespace object.')
# Set the local repositories directory containing all of the metadata files.
tuf.settings.repositories_directory = '.'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py.
repository_mirrors = {
'mirror': {
'url_prefix': parsed_arguments.repo,
'metadata_path': 'metadata',
'targets_path': 'targets'
}
}
# Create the repository object using the repository name 'repository'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tufrepo', repository_mirrors)
# The local destination directory to save the target files.
destination_directory = './tuftargets'
# Refresh the repository's top-level roles...
updater.refresh(unsafely_update_root_if_necessary=False)
# ... and store the target information for the target file specified on the
# command line, and determine which of these targets have been updated.
target_fileinfo = []
for target in parsed_arguments.targets:
target_fileinfo.append(updater.get_one_valid_targetinfo(target))
updated_targets = updater.updated_targets(target_fileinfo,
destination_directory)
# Retrieve each of these updated targets and save them to the destination
# directory.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.exceptions.DownloadError:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
# Set the local repository directory containing the metadata files.
tuf.conf.repository_directory = "."
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py. The client will download metadata and target
# files from any one of these mirrors.
repository_mirrors = {
"mirror1": {
"url_prefix": "http://localhost:8001",
"metadata_path": "metadata",
"targets_path": "targets",
"confined_target_dirs": [""],
}
}
# Create the Upater object using the updater name 'tuf-example'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater("tuf-example", repository_mirrors)
# Set the local destination directory to save the target files.
destination_directory = "./targets"
# Example demonstrating an update that downloads a specific target.
# The target is signed for by a 'pypi-signed' bin.
updater.refresh()
warehouse_target = updater.target("packages/warehouse/warehouse-14.2.1.tar.gz")
updated_target = updater.updated_targets([warehouse_target], destination_directory)
for target in updated_target:
updater.download_target(target, destination_directory)
def pull_metadata(self, root_public_key=None, progress=None):
"""
Download TUF metadata from the repository.
The metadata is checked for expiry and verified against the root public
key for the repository.
You only need to supply the root public key once, and you should obtain
it from the person who uploaded the metadata.
Target data is not downloaded - use :meth:`pull_target` for that.
:param root_public_key: PEM-encoded root public key. Obtain this from the repository's owner, who generates the key using :meth:`DTufMaster.create_root_key` on the repository master.
:type root_public_key: str
:param progress: Optional function to call as the download progresses. The function will be called with the hash of the metadata currently being download, the blob just read from the repository and the total size of the metadata.
:type progress: function(dgst, chunk, total)
:returns: List of targets which have been updated since you last downloaded them (using :meth:`pull_target`).
:rtype: list
"""
import tuf.keydb
import tuf.roledb
import tuf.client.updater
import tuf.formats
import tuf.sig
from tuf.exceptions import BadSignatureError
# pylint: disable=global-statement
global _updater_progress
_updater_progress = progress
for d in ['current', 'previous']:
try:
makedirs(path.join(self._copy_repo_dir, 'metadata', d))
except OSError as exception:
import errno
if exception.errno != errno.EEXIST:
raise
# If root public key was passed, we shouldn't rely on the current
# version but instead retrieve a new one and verify it using
# the public key.
if root_public_key:
dgst = self._dxf.get_alias('root.json')[0]
temp_file = securesystemslib.util.TempFile()
try:
it, size = self._dxf.pull_blob(dgst, size=True)
_write_with_progress(it, dgst, size, temp_file, progress)
metadata = temp_file.read()
metadata_signable = json.loads(metadata.decode('utf-8'))
tuf.formats.check_signable_object_format(metadata_signable)
# pylint: disable=protected-access
f = tuf.client.updater.Updater._ensure_not_expired
f = getattr(f, '__func__', f)
f(None, metadata_signable['signed'], 'root')
# This metadata is claiming to be root.json
# Get the keyid of the signature and use it to add the root
# public key to the keydb. Thus when we verify the signature
# the root public key will be used for verification.
keyid = metadata_signable['signatures'][0]['keyid']
tuf.keydb.add_key(
{
'keytype':
'rsa',
'scheme':
metadata_signable['signed']['keys'][keyid]['scheme'],
'keyid':
keyid,
'keyval': {
'public': root_public_key
}
}, keyid)
tuf.roledb.add_role('root', {
'keyids': [keyid],
'threshold': 1
})
if not tuf.sig.verify(metadata_signable, 'root'):
raise BadSignatureError('root')
temp_file.move(
path.join(self._copy_repo_dir, 'metadata', 'current',
'root.json'))
except:
temp_file.close_temp_file()
raise
updater = tuf.client.updater.Updater('repository',
self._repository_mirrors)
updater.refresh(False)
targets = updater.all_targets()
updated_targets = updater.updated_targets(targets,
self._copy_targets_dir)
if path.isdir(self._copy_targets_dir):
targets = dict([(t['filepath'][1:], True) for t in targets])
for t in listdir(self._copy_targets_dir):
if t not in targets:
remove(path.join(self._copy_targets_dir, t))
return [t['filepath'][1:] for t in updated_targets]
}
}
# Create the repository object using the repository name 'repository'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('repository', repository_mirrors)
# The local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets,
destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError, e:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
def parse_options():
"""
}
}
# Create the Upater object using the updater name 'tuf-example'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tuf-example', repository_mirrors)
# Set the local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets, destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError as e:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
# Example demonstrating an update that only downloads the targets of
# a specific role (i.e., 'targets/project')
'targets_path': 'targets',
'confined_target_dirs': ['']}}
# Create the Upater object using the updater name 'tuf-example'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tuf-example', repository_mirrors)
# Set the local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets, destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError as e:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
def pull_metadata(self, root_public_key=None, progress=None):
"""
Download TUF metadata from the repository.
The metadata is checked for expiry and verified against the root public
key for the repository.
You only need to supply the root public key once, and you should obtain
it from the person who uploaded the metadata.
Target data is not downloaded - use :meth:`pull_target` for that.
:param root_public_key: PEM-encoded root public key. Obtain this from the repository's owner, who generates the key using :meth:`DTufMaster.create_root_key` on the repository master.
:type root_public_key: str
:param progress: Optional function to call as the download progresses. The function will be called with the hash of the metadata currently being download, the blob just read from the repository and the total size of the metadata.
:type progress: function(dgst, chunk, total)
:returns: List of targets which have been updated since you last downloaded them (using :meth:`pull_target`).
:rtype: list
"""
import tuf.keydb
import tuf.roledb
import tuf.client.updater
import tuf.util
import tuf.formats
import tuf.sig
from tuf import BadSignatureError
# pylint: disable=global-statement
global _updater_progress
_updater_progress = progress
for d in ['current', 'previous']:
try:
makedirs(path.join(self._copy_repo_dir, 'metadata', d))
except OSError as exception:
import errno
if exception.errno != errno.EEXIST:
raise
# If root public key was passed, we shouldn't rely on the current
# version but instead retrieve a new one and verify it using
# the public key.
if root_public_key:
dgst = self._dxf.get_alias('root.json')[0]
temp_file = tuf.util.TempFile()
try:
it, size = self._dxf.pull_blob(dgst, size=True)
_write_with_progress(it, dgst, size, temp_file, progress)
metadata = temp_file.read()
metadata_signable = json.loads(metadata.decode('utf-8'))
tuf.formats.check_signable_object_format(metadata_signable)
# pylint: disable=protected-access
f = tuf.client.updater.Updater._ensure_not_expired
f = getattr(f, '__func__', f)
f(None, metadata_signable['signed'], 'root')
# This metadata is claiming to be root.json
# Get the keyid of the signature and use it to add the root
# public key to the keydb. Thus when we verify the signature
# the root public key will be used for verification.
keyid = metadata_signable['signatures'][0]['keyid']
tuf.keydb.add_key({
'keytype': 'rsa',
'keyid': keyid,
'keyval': {'public': root_public_key}
}, keyid)
tuf.roledb.add_role('root', {
'keyids': [keyid],
'threshold': 1
})
if not tuf.sig.verify(metadata_signable, 'root'):
raise BadSignatureError('root')
temp_file.move(path.join(self._copy_repo_dir,
'metadata',
'current',
'root.json'))
except:
temp_file.close_temp_file()
raise
updater = tuf.client.updater.Updater('updater',
self._repository_mirrors)
updater.refresh(False)
targets = updater.all_targets()
updated_targets = updater.updated_targets(
targets, self._copy_targets_dir)
if path.isdir(self._copy_targets_dir):
# pylint: disable=redefined-variable-type
targets = dict([(t['filepath'][1:], True) for t in targets])
for t in listdir(self._copy_targets_dir):
if t not in targets:
remove(path.join(self._copy_targets_dir, t))
return [t['filepath'][1:] for t in updated_targets]
tuf.conf.repository_directory = '.'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py. The client will download metadata and target
# files from any one of these mirrors.
repository_mirrors = {
'mirror1': {
'url_prefix': 'http://localhost:8001',
'metadata_path': 'metadata',
'targets_path': 'targets',
'confined_target_dirs': ['']
}
}
# Create the Upater object using the updater name 'tuf-example'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('tuf-example', repository_mirrors)
# Set the local destination directory to save the target files.
destination_directory = './targets'
# Example demonstrating an update that downloads a specific target.
# The target is signed for by a 'pypi-signed' bin.
updater.refresh()
warehouse_target = updater.target('packages/warehouse/warehouse-14.2.1.tar.gz')
updated_target = updater.updated_targets([warehouse_target],
destination_directory)
for target in updated_target:
updater.download_target(target, destination_directory)
def update_client(repository_mirror):
"""
<Purpose>
Perform an update of the metadata and target files located at
'repository_mirror'. Target files are saved to the 'targets' directory
in the current working directory. The current directory must already
include a 'metadata' directory, which in turn must contain the 'current'
and 'previous' directories. At a minimum, these two directories require
the 'root.json' metadata file.
<Arguments>
repository_mirror:
The URL to the repository mirror hosting the metadata and target
files. E.g., 'http://localhost:8001'
<Exceptions>
tuf.RepositoryError, if 'repository_mirror' is improperly formatted.
<Side Effects>
Connects to a repository mirror and updates the metadata files and
any target files. Obsolete targets are also removed locally.
<Returns>
None.
"""
# Does 'repository_mirror' have the correct format?
try:
tuf.formats.URL_SCHEMA.check_match(repository_mirror)
except tuf.FormatError as e:
message = 'The repository mirror supplied is invalid.'
raise tuf.RepositoryError(message)
# Set the local repository directory containing all of the metadata files.
tuf.conf.repository_directory = '.'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py.
repository_mirrors = {
'mirror': {
'url_prefix': repository_mirror,
'metadata_path': 'repository',
'targets_path': 'repository/targets',
'confined_target_dirs': ['']
}
}
# Create the repository object using the repository name 'repository'
# and the repository mirrors defined above.
updater = tuf.client.updater.Updater('repository', repository_mirrors)
# The local destination directory to save the target files.
destination_directory = './targets'
# Refresh the repository's top-level roles, store the target information for
# all the targets tracked, and determine which of these targets have been
# updated.
updater.refresh()
all_targets = updater.all_targets()
updated_targets = updater.updated_targets(all_targets,
destination_directory)
# Download each of these updated targets and save them locally.
for target in updated_targets:
try:
updater.download_target(target, destination_directory)
except tuf.DownloadError as e:
pass
# Remove any files from the destination directory that are no longer being
# tracked.
updater.remove_obsolete_targets(destination_directory)
