示例#1
0
def main():
    # shutil.rmtree("/tmp/users_failed.txt", ignore_errors=True)
    # shutil.rmtree("/tmp/users_done.txt", ignore_errors=True)
    users_done_old = set()
    try:
        with open("/tmp/users_done.txt") as handle:
            for line in handle:
                users_done_old.add(line.strip())
    except Exception as err:
        log.exception(err)
        log.debug("error during read old users done")

    opts = BackendConfigReader().read()
    log.info("Starting pubkey fill, destdir: {}".format(opts.destdir))

    log.debug("list dir: {}".format(os.listdir(opts.destdir)))
    for user_name in os.listdir(opts.destdir):
        if user_name in users_done_old:
            log.info("skipping user: {}".format(user_name))
            continue

        failed = False
        log.info("Started processing user dir: {}".format(user_name))
        user_dir = os.path.join(opts.destdir, user_name)

        for project_name in os.listdir(user_dir):
            log.info("Checking project dir: {}".format(project_name))

            try:
                get_pubkey(user_name, project_name)
                log.info("Key-pair exists for {}/{}".format(
                    user_name, project_name))
            except CoprSignNoKeyError:
                create_user_keys(user_name, project_name, opts)
                log.info("Created new key-pair for {}/{}".format(
                    user_name, project_name))
            except Exception as err:
                log.error(
                    "Failed to get pubkey for {}/{}, mark as failed, skipping")
                log.exception(err)
                failed = True
                continue

            project_dir = os.path.join(user_dir, project_name)
            pubkey_path = os.path.join(project_dir, "pubkey.gpg")
            if not check_signed_rpms(project_dir, user_name, project_name,
                                     opts):
                failed = False

            if not check_pubkey(pubkey_path, user_name, project_name, opts):
                failed = False

        if failed:
            with open("/tmp/users_failed.txt", "a") as handle:
                handle.write("{}\n".format(user_name))
        else:
            with open("/tmp/users_done.txt", "a") as handle:
                handle.write("{}\n".format(user_name))
示例#2
0
文件: test_sign.py 项目: 0-T-0/copr
    def test_get_pubkey_unknown_key(self, mc_popen):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, "unknown key: foobar")
        mc_handle.returncode = 1
        mc_popen.return_value = mc_handle

        with pytest.raises(CoprSignNoKeyError) as err:
            get_pubkey(self.username, self.projectname)

        assert "There are no gpg keys for user foo in keyring" in str(err)
示例#3
0
文件: test_sign.py 项目: 0-T-0/copr
    def test_get_pubkey_unknown_error(self, mc_popen):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, STDERR)
        mc_handle.returncode = 1
        mc_popen.return_value = mc_handle

        with pytest.raises(CoprSignError) as err:
            get_pubkey(self.username, self.projectname)

        assert "Failed to get user pubkey" in str(err)
示例#4
0
    def test_get_pubkey_unknown_key(self, mc_popen):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, "unknown key: foobar")
        mc_handle.returncode = 1
        mc_popen.return_value = mc_handle

        with pytest.raises(CoprSignNoKeyError) as err:
            get_pubkey(self.username, self.projectname)

        assert "There are no gpg keys for user foo in keyring" in str(err)
示例#5
0
    def test_get_pubkey_unknown_error(self, mc_popen):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, STDERR)
        mc_handle.returncode = 1
        mc_popen.return_value = mc_handle

        with pytest.raises(CoprSignError) as err:
            get_pubkey(self.username, self.projectname)

        assert "Failed to get user pubkey" in str(err)
示例#6
0
def main():
    # shutil.rmtree("/tmp/users_failed.txt", ignore_errors=True)
    # shutil.rmtree("/tmp/users_done.txt", ignore_errors=True)
    users_done_old = set()
    try:
        with open("/tmp/users_done.txt") as handle:
            for line in handle:
                users_done_old.add(line.strip())
    except Exception as err:
        log.exception(err)
        log.debug("error during read old users done")

    opts = BackendConfigReader().read()
    log.info("Starting pubkey fill, destdir: {}".format(opts.destdir))

    log.debug("list dir: {}".format(os.listdir(opts.destdir)))
    for user_name in os.listdir(opts.destdir):
        if user_name in users_done_old:
            log.info("skipping user: {}".format(user_name))
            continue

        failed = False
        log.info("Started processing user dir: {}".format(user_name))
        user_dir = os.path.join(opts.destdir, user_name)

        for project_name in os.listdir(user_dir):
            log.info("Checking project dir: {}".format(project_name))

            try:
                get_pubkey(user_name, project_name)
                log.info("Key-pair exists for {}/{}".format(user_name, project_name))
            except CoprSignNoKeyError:
                create_user_keys(user_name, project_name, opts)
                log.info("Created new key-pair for {}/{}".format(user_name, project_name))
            except Exception as err:
                log.error("Failed to get pubkey for {}/{}, mark as failed, skipping")
                log.exception(err)
                failed = True
                continue

            project_dir = os.path.join(user_dir, project_name)
            pubkey_path = os.path.join(project_dir, "pubkey.gpg")
            if not check_signed_rpms(project_dir, user_name, project_name, opts):
                failed = False

            if not check_pubkey(pubkey_path, user_name, project_name, opts):
                failed = False

        if failed:
            with open("/tmp/users_failed.txt", "a") as handle:
                handle.write("{}\n".format(user_name))
        else:
            with open("/tmp/users_done.txt", "a") as handle:
                handle.write("{}\n".format(user_name))
示例#7
0
def check_pubkey(pubkey_path, user, project, opts):
    """
    Ensure that pubkey.gpg presented in project/dir
    """
    if os.path.exists(pubkey_path):
        log.info("Pubkey for {}/{} exists: {}".format(user, project, pubkey_path))
        return True
    else:
        log.info("Missing pubkey for {}/{}".format(user, project))
        try:
            get_pubkey(user, project, pubkey_path)
            return True
        except Exception as err:
            log.exception(err)
            return False
示例#8
0
def check_pubkey(pubkey_path, user, project, opts):
    """
    Ensure that pubkey.gpg presented in project/dir
    """
    if os.path.exists(pubkey_path):
        log.info("Pubkey for {}/{} exists: {}".format(user, project, pubkey_path))
        return True
    else:
        log.info("Missing pubkey for {}/{}".format(user, project))
        try:
            get_pubkey(user, project, pubkey_path)
            return True
        except Exception as err:
            log.exception(err)
            return False
示例#9
0
def fix_copr(opts, copr_full_name):
    log.info('Going to fix {}:'.format(copr_full_name))

    owner, coprname = tuple(copr_full_name.split('/'))
    copr_path = os.path.abspath(os.path.join(opts.destdir, owner, coprname))

    if not os.path.isdir(copr_path):
        log.info('Ignoring {}. Directory does not exist.'.format(copr_path))
        return

    log.info(
        '> Generate key-pair on copr-keygen (if not generated) for email {}.'.
        format(create_gpg_email(owner, coprname)))
    create_user_keys(owner, coprname, opts)

    log.info('> Regenerate pubkey.gpg in copr {}.'.format(copr_path))
    get_pubkey(owner, coprname, os.path.join(copr_path, 'pubkey.gpg'))

    log.info('> Re-sign rpms and call createrepo in copr\'s chroots:')
    for dir_name in os.listdir(copr_path):
        dir_path = os.path.join(copr_path, dir_name)
        if not os.path.isdir(dir_path):
            log.info('> > Ignoring {}'.format(dir_path))
            continue

        for builddir_name in os.listdir(dir_path):
            builddir_path = os.path.join(dir_path, builddir_name)
            if not os.path.isdir(builddir_path):
                continue
            log.info(
                '> > Processing rpms in builddir {}:'.format(builddir_path))
            try:
                unsign_rpms_in_dir(
                    builddir_path, opts, log
                )  # first we need to unsign by using rpm-sign before we sign with obs-sign
                sign_rpms_in_dir(owner, coprname, builddir_path, opts, log)
            except Exception as e:
                log.exception(str(e))
                continue

        log.info("> > Running createrepo_unsafe for {}".format(dir_path))
        createrepo_unsafe(dir_path)

        log.info("> > Running add_appdata for {}".format(dir_path))
        add_appdata(dir_path, owner, coprname)
示例#10
0
文件: test_sign.py 项目: 0-T-0/copr
    def test_get_pubkey(self, mc_popen):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, STDERR)
        mc_handle.returncode = 0
        mc_popen.return_value = mc_handle

        result = get_pubkey(self.username, self.projectname)
        assert result == STDOUT
        assert mc_popen.call_args[0][0] == ['sudo', '/bin/sign', '-u', self.usermail, '-p']
示例#11
0
    def test_get_pubkey(self, mc_popen):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, STDERR)
        mc_handle.returncode = 0
        mc_popen.return_value = mc_handle

        result = get_pubkey(self.username, self.projectname)
        assert result == STDOUT
        assert mc_popen.call_args[0][0] == ['sudo', '/bin/sign', '-u', self.usermail, '-p']
示例#12
0
def fix_copr(opts, copr_full_name):
    log.info('Going to fix {}:'.format(copr_full_name))

    owner, coprname = tuple(copr_full_name.split('/'))
    copr_path = os.path.abspath(os.path.join(opts.destdir, owner, coprname))

    if not os.path.isdir(copr_path):
        log.info('Ignoring {}. Directory does not exist.'.format(copr_path))
        return

    log.info('> Generate key-pair on copr-keygen (if not generated) for email {}.'.format(create_gpg_email(owner, coprname)))
    create_user_keys(owner, coprname, opts)

    log.info('> Regenerate pubkey.gpg in copr {}.'.format(copr_path))
    get_pubkey(owner, coprname, os.path.join(copr_path, 'pubkey.gpg'))

    log.info('> Re-sign rpms and call createrepo in copr\'s chroots:')
    for dir_name in os.listdir(copr_path):
        dir_path = os.path.join(copr_path, dir_name)
        if not os.path.isdir(dir_path):
            log.info('> > Ignoring {}'.format(dir_path))
            continue

        for builddir_name in os.listdir(dir_path):
            builddir_path = os.path.join(dir_path, builddir_name)
            if not os.path.isdir(builddir_path):
                continue
            log.info('> > Processing rpms in builddir {}:'.format(builddir_path))
            try:
                unsign_rpms_in_dir(builddir_path, opts, log) # first we need to unsign by using rpm-sign before we sign with obs-sign
                sign_rpms_in_dir(owner, coprname, builddir_path, opts, log)
            except Exception as e:
                log.exception(str(e))
                continue

        log.info("> > Running createrepo_unsafe for {}".format(dir_path))
        createrepo_unsafe(dir_path)

        log.info("> > Running add_appdata for {}".format(dir_path))
        add_appdata(dir_path, owner, coprname)
示例#13
0
文件: test_sign.py 项目: 0-T-0/copr
    def test_get_pubkey_outfile(self, mc_popen, tmp_dir):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, STDERR)
        mc_handle.returncode = 0
        mc_popen.return_value = mc_handle

        outfile_path = os.path.join(self.tmp_dir_path, "out.pub")
        assert not os.path.exists(outfile_path)
        result = get_pubkey(self.username, self.projectname, outfile_path)
        assert result == STDOUT
        assert os.path.exists(outfile_path)
        with open(outfile_path) as handle:
            content = handle.read()
            assert STDOUT == content
示例#14
0
    def test_get_pubkey_outfile(self, mc_popen, tmp_dir):
        mc_handle = MagicMock()
        mc_handle.communicate.return_value = (STDOUT, STDERR)
        mc_handle.returncode = 0
        mc_popen.return_value = mc_handle

        outfile_path = os.path.join(self.tmp_dir_path, "out.pub")
        assert not os.path.exists(outfile_path)
        result = get_pubkey(self.username, self.projectname, outfile_path)
        assert result == STDOUT
        assert os.path.exists(outfile_path)
        with open(outfile_path) as handle:
            content = handle.read()
            assert STDOUT == content
示例#15
0
文件: test_sign.py 项目: 0-T-0/copr
    def test_get_pubkey_error(self, mc_popen):
        mc_popen.side_effect = IOError(STDERR)

        with pytest.raises(CoprSignError):
            get_pubkey(self.username, self.projectname)
示例#16
0
    def test_get_pubkey_error(self, mc_popen):
        mc_popen.side_effect = IOError(STDERR)

        with pytest.raises(CoprSignError):
            get_pubkey(self.username, self.projectname)