def localconfig(samplesdir):
'''
Retrieve a Laniakea LocalConfig object which is set
up for testing.
'''
import json
test_aux_data_dir = os.path.join('/tmp', 'test-lkaux')
if os.path.isdir(test_aux_data_dir):
from shutil import rmtree
rmtree(test_aux_data_dir)
os.makedirs(test_aux_data_dir)
config_tmpl_fname = os.path.join(samplesdir, 'config', 'base-config.json')
with open(config_tmpl_fname, 'r') as f:
config_json = json.load(f)
config_json['CurveKeysDir'] = os.path.join(test_aux_data_dir, 'keys',
'curve')
config_json['Archive']['path'] = os.path.join(samplesdir, 'samplerepo',
'dummy')
config_fname = os.path.join(test_aux_data_dir, 'base-config.json')
with open(config_fname, 'w') as f:
json.dump(config_json, f)
conf = LocalConfig(config_fname)
conf = LocalConfig.instance
assert conf.cache_dir == '/var/tmp/laniakea'
assert conf.workspace == '/tmp/test-lkws/'
assert conf.database_url == 'postgresql://*****:*****@localhost:5432/laniakea_unittest'
assert conf.lighthouse.endpoints_jobs == ['tcp://*:5570']
assert conf.lighthouse.endpoints_submit == ['tcp://*:5571']
assert conf.lighthouse.endpoints_publish == ['tcp://*:5572']
assert conf.lighthouse.servers_jobs == ['tcp://localhost:5570']
assert conf.lighthouse.servers_submit == ['tcp://localhost:5571']
assert conf.lighthouse.servers_publish == ['tcp://localhost:5572']
# Check injected sample certificate directory
assert conf.secret_curve_keyfile_for_module('test').startswith(
'/tmp/test-lkaux/keys/curve/secret/')
os.makedirs(conf._curve_keys_basedir, exist_ok=True)
# add the trusted keyring with test keys
conf._trusted_gpg_keyrings = []
conf._trusted_gpg_keyrings.append(
os.path.join(samplesdir, 'gpg', 'keyrings', 'keyring.gpg'))
conf._trusted_gpg_keyrings.append(
os.path.join(samplesdir, 'gpg', 'keyrings', 'other-keyring.gpg'))
# set our GPG secret keyring dir
conf._secret_gpg_home_dir = os.path.join(samplesdir, 'gpg', 'home')
return conf
def __init__(self, endpoint, pub_queue):
self._server = None
self._ctx = zmq.Context.instance()
lconf = LocalConfig()
self._trusted_keys_dir = lconf.trusted_curve_keys_dir + '/'
self._server_private_key = lconf.secret_curve_keyfile_for_module(
LkModule.LIGHTHOUSE)
self._jobs_endpoint = endpoint
self._worker = JobWorker(pub_queue)
def install_service_keyfile(options):
''' Install a private key for a specific service '''
from shutil import copyfile
service = '' if not options.service else options.service.lower()
if not service:
print('The "service" option must not be empty')
sys.exit(1)
source_keyfile = options.keyfile
if not source_keyfile:
print('No private key file given!')
sys.exit(1)
if not os.path.isfile(source_keyfile):
print('Private key file "{}" was not found.'.format(source_keyfile))
sys.exit(1)
_, sec_key = zmq.auth.load_certificate(source_keyfile)
if not sec_key:
print('The given keyfile does not contain a secret ZCurve key!')
lconf = LocalConfig()
target_keyfile = lconf.secret_curve_keyfile_for_module(service)
if os.path.isfile(target_keyfile) and not options.force:
print(
'We already have a secret key for this service on the current machine. You can override the existing one by specifying "--force".'
)
sys.exit(2)
try:
copyfile(source_keyfile, target_keyfile)
except Exception as e:
print('Failed to install new secret key as {}: {}'.format(
target_keyfile, str(e)))
sys.exit(3)
print('Installed private key as {}'.format(target_keyfile))
def __init__(self, endpoints, pub_queue):
from laniakea import LocalConfig, LkModule
from laniakea.msgstream.signing import NACL_ED25519, decode_signing_key_base64, \
keyfile_read_signing_key
lconf = LocalConfig()
self._sockets = []
self._endpoints = endpoints
self._ctx = zmq.Context.instance()
self._pub_queue = pub_queue
# load our own signing key, so we can sign outgoing messages
keyfile = lconf.secret_curve_keyfile_for_module(LkModule.LIGHTHOUSE)
self._signer_id = None
self._signing_key = None
if os.path.isfile(keyfile):
self._signer_id, self._signing_key = keyfile_read_signing_key(keyfile)
if not self._signing_key:
log.warning('Can not sign outgoing messages: No valid signing key found for this module.')
else:
if type(self._signing_key) is str:
self._signing_key = decode_signing_key_base64(NACL_ED25519, self._signing_key)
