def verify(self, explorer):
try:
manifest.verify(self.impl_path)
except BadDigest as ex:
box = gtk.MessageDialog(None, 0,
gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, str(ex))
if ex.detail:
swin = gtk.ScrolledWindow()
buffer = gtk.TextBuffer()
mono = buffer.create_tag('mono', family = 'Monospace')
buffer.insert_with_tags(buffer.get_start_iter(), ex.detail, mono)
text = gtk.TextView(buffer)
text.set_editable(False)
text.set_cursor_visible(False)
swin.add(text)
swin.set_shadow_type(gtk.SHADOW_IN)
swin.set_border_width(4)
box.vbox.pack_start(swin)
swin.show_all()
box.set_resizable(True)
else:
box = gtk.MessageDialog(None, 0,
gtk.MESSAGE_INFO, gtk.BUTTONS_OK,
_('Contents match digest; nothing has been changed.'))
box.run()
box.destroy()
def verify(self, explorer):
try:
manifest.verify(self.impl_path)
except BadDigest as ex:
box = gtk.MessageDialog(None, 0,
gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, str(ex))
if ex.detail:
swin = gtk.ScrolledWindow()
buffer = gtk.TextBuffer()
mono = buffer.create_tag('mono', family = 'Monospace')
buffer.insert_with_tags(buffer.get_start_iter(), ex.detail, mono)
text = gtk.TextView(buffer)
text.set_editable(False)
text.set_cursor_visible(False)
swin.add(text)
swin.set_shadow_type(gtk.SHADOW_IN)
swin.set_border_width(4)
box.vbox.pack_start(swin)
swin.show_all()
box.set_resizable(True)
else:
box = gtk.MessageDialog(None, 0,
gtk.MESSAGE_INFO, gtk.BUTTONS_OK,
_('Contents match digest; nothing has been changed.'))
box.run()
box.destroy()
def do_audit(args):
"""audit [DIRECTORY]"""
if len(args) == 0:
audit_stores = stores.stores
else:
audit_stores = [zerostore.Store(x) for x in args]
audit_ls = []
total = 0
for a in audit_stores:
if os.path.isdir(a.dir):
items = sorted(os.listdir(a.dir))
audit_ls.append((a.dir, items))
total += len(items)
elif len(args):
raise SafeException(_("No such directory '%s'") % a.dir)
verified = 0
failures = []
i = 0
for root, impls in audit_ls:
print(_("Scanning %s") % root)
for required_digest in impls:
path = os.path.join(root, required_digest)
try:
(alg, digest
) = zerostore.parse_algorithm_digest_pair(required_digest)
except zerostore.BadDigest:
print(_("Skipping non-implementation directory %s") % path)
continue
i += 1
try:
msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % {
'done': i,
'total': total,
'digest': required_digest
}
print(msg, end='')
sys.stdout.flush()
verify(path, required_digest)
print("\r" + (" " * len(msg)) + "\r", end='')
verified += 1
except zerostore.BadDigest as ex:
print()
failures.append(path)
print(str(ex))
if ex.detail:
print()
print(ex.detail)
if failures:
print('\n' + _("List of corrupted or modified implementations:"))
for x in failures:
print(x)
print()
print(_("Checked %d items") % i)
print(_("Successfully verified implementations: %d") % verified)
print(_("Corrupted or modified implementations: %d") % len(failures))
if failures:
sys.exit(1)
def do_audit(args):
"""audit [DIRECTORY]"""
if len(args) == 0:
audit_stores = stores.stores
else:
audit_stores = [zerostore.Store(x) for x in args]
audit_ls = []
total = 0
for a in audit_stores:
if os.path.isdir(a.dir):
items = sorted(os.listdir(a.dir))
audit_ls.append((a.dir, items))
total += len(items)
elif len(args):
raise SafeException(_("No such directory '%s'") % a.dir)
verified = 0
failures = []
i = 0
for root, impls in audit_ls:
print(_("Scanning %s") % root)
for required_digest in impls:
path = os.path.join(root, required_digest)
try:
(alg, digest) = zerostore.parse_algorithm_digest_pair(required_digest)
except zerostore.BadDigest:
print(_("Skipping non-implementation directory %s") % path)
continue
i += 1
try:
msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % {
"done": i,
"total": total,
"digest": required_digest,
}
print(msg, end="")
sys.stdout.flush()
verify(path, required_digest)
print("\r" + (" " * len(msg)) + "\r", end="")
verified += 1
except zerostore.BadDigest as ex:
print()
failures.append(path)
print(str(ex))
if ex.detail:
print()
print(ex.detail)
if failures:
print("\n" + _("List of corrupted or modified implementations:"))
for x in failures:
print(x)
print()
print(_("Checked %d items") % i)
print(_("Successfully verified implementations: %d") % verified)
print(_("Corrupted or modified implementations: %d") % len(failures))
if failures:
sys.exit(1)
def do_audit(args):
"""audit [DIRECTORY]"""
if len(args) == 0:
audit_stores = stores.stores
else:
audit_stores = [zerostore.Store(x) for x in args]
audit_ls = []
total = 0
for a in audit_stores:
if os.path.isdir(a.dir):
items = sorted(os.listdir(a.dir))
audit_ls.append((a.dir, items))
total += len(items)
elif len(args):
raise SafeException(_("No such directory '%s'") % a.dir)
verified = 0
failures = []
i = 0
for root, impls in audit_ls:
print _("Scanning %s") % root
for required_digest in impls:
i += 1
path = os.path.join(root, required_digest)
if '=' not in required_digest:
print _("Skipping non-implementation directory %s") % path
continue
try:
msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % {'done': i, 'total': total, 'digest': required_digest}
print msg,
sys.stdout.flush()
verify(path, required_digest)
print "\r" + (" " * len(msg)) + "\r",
verified += 1
except zerostore.BadDigest as ex:
print
failures.append(path)
print str(ex)
if ex.detail:
print
print ex.detail
if failures:
print '\n' + _("List of corrupted or modified implementations:")
for x in failures:
print x
print
print _("Checked %d items") % i
print _("Successfully verified implementations: %d") % verified
print _("Corrupted or modified implementations: %d") % len(failures)
if failures:
sys.exit(1)
def testVerify(self):
path = os.path.join(self.tmp, "MyLink")
os.symlink("Hello", path)
mfile = os.path.join(self.tmp, ".manifest")
for alg_name in ["sha1", "sha256", "sha1new"]:
try:
alg = manifest.get_algorithm(alg_name)
added_digest = alg.getID(manifest.add_manifest_file(self.tmp, alg))
digest = alg.new_digest()
digest.update("Hello")
self.assertEquals("S %s 5 MyLink\n" % digest.hexdigest(), file(mfile, "rb").read())
manifest.verify(self.tmp, added_digest)
os.chmod(self.tmp, 0700)
os.unlink(mfile)
except BadDigest, ex:
raise Exception("%s: %s\n%s" % (alg_name, ex, ex.detail))
def testVerify(self):
path = os.path.join(self.tmp, 'MyLink')
os.symlink('Hello', path)
mfile = os.path.join(self.tmp, '.manifest')
for alg_name in ['sha1', 'sha256', 'sha1new']:
try:
alg = manifest.get_algorithm(alg_name)
added_digest = alg.getID(manifest.add_manifest_file(self.tmp, alg))
digest = alg.new_digest()
digest.update('Hello')
self.assertEquals("S %s 5 MyLink\n" % digest.hexdigest(),
file(mfile, 'rb').read())
manifest.verify(self.tmp, added_digest)
os.chmod(self.tmp, 0o700)
os.unlink(mfile)
except BadDigest as ex:
raise Exception("%s: %s\n%s" % (alg_name, ex, ex.detail))
def do_audit(args):
"""audit [DIRECTORY]"""
if len(args) == 0:
audit_stores = stores.stores
else:
audit_stores = [zerostore.Store(x) for x in args]
audit_ls = []
total = 0
for a in audit_stores:
if os.path.isdir(a.dir):
items = sorted(os.listdir(a.dir))
audit_ls.append((a.dir, items))
total += len(items)
elif len(args):
raise SafeException(_("No such directory '%s'") % a.dir)
verified = 0
failures = []
i = 0
for root, impls in audit_ls:
print _("Scanning %s") % root
for required_digest in impls:
i += 1
path = os.path.join(root, required_digest)
if '=' not in required_digest:
print _("Skipping non-implementation directory %s") % path
continue
try:
msg = _("[%(done)d / %(total)d] Verifying %(digest)s") % {
'done': i,
'total': total,
'digest': required_digest
}
print msg,
sys.stdout.flush()
verify(path, required_digest)
print "\r" + (" " * len(msg)) + "\r",
verified += 1
except zerostore.BadDigest, ex:
print
failures.append(path)
print str(ex)
if ex.detail:
print
print ex.detail
def testVerify(self):
path = os.path.join(self.tmp, 'MyLink')
os.symlink('Hello', path)
mfile = os.path.join(self.tmp, '.manifest')
for alg_name in ['sha1', 'sha256', 'sha1new']:
try:
alg = manifest.get_algorithm(alg_name)
added_digest = alg.getID(
manifest.add_manifest_file(self.tmp, alg))
digest = alg.new_digest()
digest.update('Hello')
self.assertEquals("S %s 5 MyLink\n" % digest.hexdigest(),
file(mfile, 'rb').read())
manifest.verify(self.tmp, added_digest)
os.chmod(self.tmp, 0o700)
os.unlink(mfile)
except BadDigest as ex:
raise Exception("%s: %s\n%s" % (alg_name, ex, ex.detail))
def add_digest(impl, alg_name):
alg = manifest.get_algorithm(alg_name)
# Scan through the existing digests
# - If we've already got the one we need, return
# - Otherwise, find a cached implementation we can use
existing_path = None
for a, value in digests(impl):
if a in ('sha1', 'sha1new', 'sha256'):
digest = '%s=%s' % (a, value)
else:
digest = '%s_%s' % (a, value)
if a == alg_name:
return False # Already signed with this algorithm
if not existing_path:
try:
existing_path = stores.lookup(digest)
if existing_path:
existing_digest = digest
except NotStored:
pass # OK
if existing_path is None:
print("No implementations of %s cached; can't calculate new digest" %
get_version(impl))
return False
info("Verifying %s", existing_path)
manifest.verify(existing_path, existing_digest)
print("Adding new digest to version %s" % get_version(impl))
new_digest = alg.new_digest()
for line in alg.generate_manifest(existing_path):
new_digest.update((line + '\n').encode())
for md in xmltools.children(impl, 'manifest-digest'):
break
else:
md = xmltools.create_element(impl, 'manifest-digest')
_, digest_value = manifest.splitID(alg.getID(new_digest))
md.setAttribute(alg_name, digest_value)
return True
def verify(self):
try:
manifest.verify(self.impl_path)
except BadDigest, ex:
box = gtk.MessageDialog(None, 0, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, str(ex))
if ex.detail:
swin = gtk.ScrolledWindow()
buffer = gtk.TextBuffer()
mono = buffer.create_tag("mono", family="Monospace")
buffer.insert_with_tags(buffer.get_start_iter(), ex.detail, mono)
text = gtk.TextView(buffer)
text.set_editable(False)
text.set_cursor_visible(False)
swin.add(text)
swin.set_shadow_type(gtk.SHADOW_IN)
swin.set_border_width(4)
box.vbox.pack_start(swin)
swin.show_all()
box.set_resizable(True)
def do_verify(args):
"""verify (DIGEST | (DIRECTORY [DIGEST])"""
if len(args) == 2:
required_digest = args[1]
root = args[0]
elif len(args) == 1:
root = get_stored(args[0])
required_digest = None # Get from name
else:
raise UsageError(_("Missing DIGEST or DIRECTORY"))
print(_("Verifying"), root)
try:
verify(root, required_digest)
print(_("OK"))
except zerostore.BadDigest as ex:
print(str(ex))
if ex.detail:
print()
print(ex.detail)
sys.exit(1)
def do_verify(args):
"""verify (DIGEST | (DIRECTORY [DIGEST])"""
if len(args) == 2:
required_digest = args[1]
root = args[0]
elif len(args) == 1:
root = get_stored(args[0])
required_digest = None # Get from name
else:
raise UsageError(_("Missing DIGEST or DIRECTORY"))
print(_("Verifying"), root)
try:
verify(root, required_digest)
print(_("OK"))
except zerostore.BadDigest as ex:
print(str(ex))
if ex.detail:
print()
print(ex.detail)
sys.exit(1)
def add_digest(impl, alg_name):
alg = manifest.get_algorithm(alg_name)
# Scan through the existing digests
# - If we've already got the one we need, return
# - Otherwise, find a cached implementation we can use
existing_path = None
for a, value in digests(impl):
digest = '%s=%s' % (a, value)
if a == alg_name:
return False # Already signed with this algorithm
if not existing_path:
try:
existing_path = stores.lookup(digest)
if existing_path:
existing_digest = digest
except NotStored:
pass # OK
if existing_path is None:
print "No implementations of %s cached; can't calculate new digest" % get_version(impl)
return False
info("Verifying %s", existing_path)
manifest.verify(existing_path, existing_digest)
print "Adding new digest to version %s" % get_version(impl)
new_digest = alg.new_digest()
for line in alg.generate_manifest(existing_path):
new_digest.update(line + '\n')
for md in xmltools.children(impl, 'manifest-digest'):
break
else:
md = xmltools.create_element(impl, 'manifest-digest')
md.setAttribute(alg_name, new_digest.hexdigest())
return True
