def localconfig(samplesdir): ''' Retrieve a Laniakea LocalConfig object which is set up for testing. ''' import json test_aux_data_dir = os.path.join('/tmp', 'test-lkaux') if os.path.isdir(test_aux_data_dir): from shutil import rmtree rmtree(test_aux_data_dir) os.makedirs(test_aux_data_dir) config_tmpl_fname = os.path.join(samplesdir, 'config', 'base-config.json') with open(config_tmpl_fname, 'r') as f: config_json = json.load(f) config_json['CurveKeysDir'] = os.path.join(test_aux_data_dir, 'keys', 'curve') config_json['Archive']['path'] = os.path.join(samplesdir, 'samplerepo', 'dummy') config_fname = os.path.join(test_aux_data_dir, 'base-config.json') with open(config_fname, 'w') as f: json.dump(config_json, f) conf = LocalConfig(config_fname) conf = LocalConfig.instance assert conf.cache_dir == '/var/tmp/laniakea' assert conf.workspace == '/tmp/test-lkws/' assert conf.database_url == 'postgresql://*****:*****@localhost:5432/laniakea_unittest' assert conf.lighthouse.endpoints_jobs == ['tcp://*:5570'] assert conf.lighthouse.endpoints_submit == ['tcp://*:5571'] assert conf.lighthouse.endpoints_publish == ['tcp://*:5572'] assert conf.lighthouse.servers_jobs == ['tcp://localhost:5570'] assert conf.lighthouse.servers_submit == ['tcp://localhost:5571'] assert conf.lighthouse.servers_publish == ['tcp://localhost:5572'] # Check injected sample certificate directory assert conf.secret_curve_keyfile_for_module('test').startswith( '/tmp/test-lkaux/keys/curve/secret/') os.makedirs(conf._curve_keys_basedir, exist_ok=True) # add the trusted keyring with test keys conf._trusted_gpg_keyrings = [] conf._trusted_gpg_keyrings.append( os.path.join(samplesdir, 'gpg', 'keyrings', 'keyring.gpg')) conf._trusted_gpg_keyrings.append( os.path.join(samplesdir, 'gpg', 'keyrings', 'other-keyring.gpg')) # set our GPG secret keyring dir conf._secret_gpg_home_dir = os.path.join(samplesdir, 'gpg', 'home') return conf
def __init__(self, endpoint, pub_queue): self._server = None self._ctx = zmq.Context.instance() lconf = LocalConfig() self._trusted_keys_dir = lconf.trusted_curve_keys_dir + '/' self._server_private_key = lconf.secret_curve_keyfile_for_module( LkModule.LIGHTHOUSE) self._jobs_endpoint = endpoint self._worker = JobWorker(pub_queue)
def install_service_keyfile(options): ''' Install a private key for a specific service ''' from shutil import copyfile service = '' if not options.service else options.service.lower() if not service: print('The "service" option must not be empty') sys.exit(1) source_keyfile = options.keyfile if not source_keyfile: print('No private key file given!') sys.exit(1) if not os.path.isfile(source_keyfile): print('Private key file "{}" was not found.'.format(source_keyfile)) sys.exit(1) _, sec_key = zmq.auth.load_certificate(source_keyfile) if not sec_key: print('The given keyfile does not contain a secret ZCurve key!') lconf = LocalConfig() target_keyfile = lconf.secret_curve_keyfile_for_module(service) if os.path.isfile(target_keyfile) and not options.force: print( 'We already have a secret key for this service on the current machine. You can override the existing one by specifying "--force".' ) sys.exit(2) try: copyfile(source_keyfile, target_keyfile) except Exception as e: print('Failed to install new secret key as {}: {}'.format( target_keyfile, str(e))) sys.exit(3) print('Installed private key as {}'.format(target_keyfile))
def __init__(self, endpoints, pub_queue): from laniakea import LocalConfig, LkModule from laniakea.msgstream.signing import NACL_ED25519, decode_signing_key_base64, \ keyfile_read_signing_key lconf = LocalConfig() self._sockets = [] self._endpoints = endpoints self._ctx = zmq.Context.instance() self._pub_queue = pub_queue # load our own signing key, so we can sign outgoing messages keyfile = lconf.secret_curve_keyfile_for_module(LkModule.LIGHTHOUSE) self._signer_id = None self._signing_key = None if os.path.isfile(keyfile): self._signer_id, self._signing_key = keyfile_read_signing_key(keyfile) if not self._signing_key: log.warning('Can not sign outgoing messages: No valid signing key found for this module.') else: if type(self._signing_key) is str: self._signing_key = decode_signing_key_base64(NACL_ED25519, self._signing_key)