def main(): # shutil.rmtree("/tmp/users_failed.txt", ignore_errors=True) # shutil.rmtree("/tmp/users_done.txt", ignore_errors=True) users_done_old = set() try: with open("/tmp/users_done.txt") as handle: for line in handle: users_done_old.add(line.strip()) except Exception as err: log.exception(err) log.debug("error during read old users done") opts = BackendConfigReader().read() log.info("Starting pubkey fill, destdir: {}".format(opts.destdir)) log.debug("list dir: {}".format(os.listdir(opts.destdir))) for user_name in os.listdir(opts.destdir): if user_name in users_done_old: log.info("skipping user: {}".format(user_name)) continue failed = False log.info("Started processing user dir: {}".format(user_name)) user_dir = os.path.join(opts.destdir, user_name) for project_name in os.listdir(user_dir): log.info("Checking project dir: {}".format(project_name)) try: get_pubkey(user_name, project_name) log.info("Key-pair exists for {}/{}".format( user_name, project_name)) except CoprSignNoKeyError: create_user_keys(user_name, project_name, opts) log.info("Created new key-pair for {}/{}".format( user_name, project_name)) except Exception as err: log.error( "Failed to get pubkey for {}/{}, mark as failed, skipping") log.exception(err) failed = True continue project_dir = os.path.join(user_dir, project_name) pubkey_path = os.path.join(project_dir, "pubkey.gpg") if not check_signed_rpms(project_dir, user_name, project_name, opts): failed = False if not check_pubkey(pubkey_path, user_name, project_name, opts): failed = False if failed: with open("/tmp/users_failed.txt", "a") as handle: handle.write("{}\n".format(user_name)) else: with open("/tmp/users_done.txt", "a") as handle: handle.write("{}\n".format(user_name))
def test_get_pubkey_unknown_key(self, mc_popen): mc_handle = MagicMock() mc_handle.communicate.return_value = (STDOUT, "unknown key: foobar") mc_handle.returncode = 1 mc_popen.return_value = mc_handle with pytest.raises(CoprSignNoKeyError) as err: get_pubkey(self.username, self.projectname) assert "There are no gpg keys for user foo in keyring" in str(err)
def test_get_pubkey_unknown_error(self, mc_popen): mc_handle = MagicMock() mc_handle.communicate.return_value = (STDOUT, STDERR) mc_handle.returncode = 1 mc_popen.return_value = mc_handle with pytest.raises(CoprSignError) as err: get_pubkey(self.username, self.projectname) assert "Failed to get user pubkey" in str(err)
def main(): # shutil.rmtree("/tmp/users_failed.txt", ignore_errors=True) # shutil.rmtree("/tmp/users_done.txt", ignore_errors=True) users_done_old = set() try: with open("/tmp/users_done.txt") as handle: for line in handle: users_done_old.add(line.strip()) except Exception as err: log.exception(err) log.debug("error during read old users done") opts = BackendConfigReader().read() log.info("Starting pubkey fill, destdir: {}".format(opts.destdir)) log.debug("list dir: {}".format(os.listdir(opts.destdir))) for user_name in os.listdir(opts.destdir): if user_name in users_done_old: log.info("skipping user: {}".format(user_name)) continue failed = False log.info("Started processing user dir: {}".format(user_name)) user_dir = os.path.join(opts.destdir, user_name) for project_name in os.listdir(user_dir): log.info("Checking project dir: {}".format(project_name)) try: get_pubkey(user_name, project_name) log.info("Key-pair exists for {}/{}".format(user_name, project_name)) except CoprSignNoKeyError: create_user_keys(user_name, project_name, opts) log.info("Created new key-pair for {}/{}".format(user_name, project_name)) except Exception as err: log.error("Failed to get pubkey for {}/{}, mark as failed, skipping") log.exception(err) failed = True continue project_dir = os.path.join(user_dir, project_name) pubkey_path = os.path.join(project_dir, "pubkey.gpg") if not check_signed_rpms(project_dir, user_name, project_name, opts): failed = False if not check_pubkey(pubkey_path, user_name, project_name, opts): failed = False if failed: with open("/tmp/users_failed.txt", "a") as handle: handle.write("{}\n".format(user_name)) else: with open("/tmp/users_done.txt", "a") as handle: handle.write("{}\n".format(user_name))
def check_pubkey(pubkey_path, user, project, opts): """ Ensure that pubkey.gpg presented in project/dir """ if os.path.exists(pubkey_path): log.info("Pubkey for {}/{} exists: {}".format(user, project, pubkey_path)) return True else: log.info("Missing pubkey for {}/{}".format(user, project)) try: get_pubkey(user, project, pubkey_path) return True except Exception as err: log.exception(err) return False
def fix_copr(opts, copr_full_name): log.info('Going to fix {}:'.format(copr_full_name)) owner, coprname = tuple(copr_full_name.split('/')) copr_path = os.path.abspath(os.path.join(opts.destdir, owner, coprname)) if not os.path.isdir(copr_path): log.info('Ignoring {}. Directory does not exist.'.format(copr_path)) return log.info( '> Generate key-pair on copr-keygen (if not generated) for email {}.'. format(create_gpg_email(owner, coprname))) create_user_keys(owner, coprname, opts) log.info('> Regenerate pubkey.gpg in copr {}.'.format(copr_path)) get_pubkey(owner, coprname, os.path.join(copr_path, 'pubkey.gpg')) log.info('> Re-sign rpms and call createrepo in copr\'s chroots:') for dir_name in os.listdir(copr_path): dir_path = os.path.join(copr_path, dir_name) if not os.path.isdir(dir_path): log.info('> > Ignoring {}'.format(dir_path)) continue for builddir_name in os.listdir(dir_path): builddir_path = os.path.join(dir_path, builddir_name) if not os.path.isdir(builddir_path): continue log.info( '> > Processing rpms in builddir {}:'.format(builddir_path)) try: unsign_rpms_in_dir( builddir_path, opts, log ) # first we need to unsign by using rpm-sign before we sign with obs-sign sign_rpms_in_dir(owner, coprname, builddir_path, opts, log) except Exception as e: log.exception(str(e)) continue log.info("> > Running createrepo_unsafe for {}".format(dir_path)) createrepo_unsafe(dir_path) log.info("> > Running add_appdata for {}".format(dir_path)) add_appdata(dir_path, owner, coprname)
def test_get_pubkey(self, mc_popen): mc_handle = MagicMock() mc_handle.communicate.return_value = (STDOUT, STDERR) mc_handle.returncode = 0 mc_popen.return_value = mc_handle result = get_pubkey(self.username, self.projectname) assert result == STDOUT assert mc_popen.call_args[0][0] == ['sudo', '/bin/sign', '-u', self.usermail, '-p']
def fix_copr(opts, copr_full_name): log.info('Going to fix {}:'.format(copr_full_name)) owner, coprname = tuple(copr_full_name.split('/')) copr_path = os.path.abspath(os.path.join(opts.destdir, owner, coprname)) if not os.path.isdir(copr_path): log.info('Ignoring {}. Directory does not exist.'.format(copr_path)) return log.info('> Generate key-pair on copr-keygen (if not generated) for email {}.'.format(create_gpg_email(owner, coprname))) create_user_keys(owner, coprname, opts) log.info('> Regenerate pubkey.gpg in copr {}.'.format(copr_path)) get_pubkey(owner, coprname, os.path.join(copr_path, 'pubkey.gpg')) log.info('> Re-sign rpms and call createrepo in copr\'s chroots:') for dir_name in os.listdir(copr_path): dir_path = os.path.join(copr_path, dir_name) if not os.path.isdir(dir_path): log.info('> > Ignoring {}'.format(dir_path)) continue for builddir_name in os.listdir(dir_path): builddir_path = os.path.join(dir_path, builddir_name) if not os.path.isdir(builddir_path): continue log.info('> > Processing rpms in builddir {}:'.format(builddir_path)) try: unsign_rpms_in_dir(builddir_path, opts, log) # first we need to unsign by using rpm-sign before we sign with obs-sign sign_rpms_in_dir(owner, coprname, builddir_path, opts, log) except Exception as e: log.exception(str(e)) continue log.info("> > Running createrepo_unsafe for {}".format(dir_path)) createrepo_unsafe(dir_path) log.info("> > Running add_appdata for {}".format(dir_path)) add_appdata(dir_path, owner, coprname)
def test_get_pubkey_outfile(self, mc_popen, tmp_dir): mc_handle = MagicMock() mc_handle.communicate.return_value = (STDOUT, STDERR) mc_handle.returncode = 0 mc_popen.return_value = mc_handle outfile_path = os.path.join(self.tmp_dir_path, "out.pub") assert not os.path.exists(outfile_path) result = get_pubkey(self.username, self.projectname, outfile_path) assert result == STDOUT assert os.path.exists(outfile_path) with open(outfile_path) as handle: content = handle.read() assert STDOUT == content
def test_get_pubkey_error(self, mc_popen): mc_popen.side_effect = IOError(STDERR) with pytest.raises(CoprSignError): get_pubkey(self.username, self.projectname)