def post_index_creation(raw_repodata: dict, channel_name, subdir):
"""Use available online keys to sign packages"""
with get_db_manager() as db:
query = (
db.query(db_models.SigningKey)
.join(db_models.RoleDelegation.keys)
.filter(
db_models.RoleDelegation.channel == channel_name,
db_models.RoleDelegation.type == "pkg_mgr",
db_models.SigningKey.private_key is not None,
)
.order_by(desc('time_created'))
.all()
)
if query:
import json
from libmambapy import bindings as libmamba_api
signatures = {}
for name, metadata in raw_repodata["packages"].items():
sig = libmamba_api.sign(
json.dumps(metadata, indent=2, sort_keys=True), query[0].private_key
)
if name not in signatures:
signatures[name] = {}
signatures[name][query[0].public_key] = dict(signature=sig)
logger.info(f"Signed {Path(channel_name) / subdir}")
raw_repodata["signatures"] = signatures
def pkg_mgr_role_file(test_data_dir, private_key, public_key):
filename = "pkg_mgr.json"
filepath = Path(test_data_dir) / filename
timestamp = datetime.now(timezone.utc)
# avoid failing test due to expired role
expiration = timestamp + timedelta(days=365)
json_role = {
"signatures": {},
"signed": {
"delegations": {},
"expiration": expiration.strftime('%Y-%m-%dT%H:%M:%SZ'),
"metadata_spec_version": "0.6.0",
"timestamp": timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'),
"type": "pkg_mgr",
"version": 1,
},
}
signature = libmamba_api.sign(json.dumps(json_role["signed"], indent=2),
private_key)
json_role["signatures"][public_key] = {"signature": signature}
with open(filepath, "w") as f:
json.dump(json_role, f, indent=2)
return filepath
def key_mgr_role_file(tmp_path, offline_keys, signing_key):
filename = "key_mgr.json"
filepath = pathlib.Path(tmp_path) / filename
timestamp = datetime.datetime.now(datetime.timezone.utc)
# avoid failing test due to expired role
expiration = timestamp + datetime.timedelta(days=365)
json_role = {
"signatures": {},
"signed": {
"delegations": {
"pkg_mgr": {
"pubkeys": [signing_key.public_key],
"threshold": 1,
}
},
"expiration": expiration.strftime('%Y-%m-%dT%H:%M:%SZ'),
"metadata_spec_version": "0.6.0",
"timestamp": timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'),
"type": "key_mgr",
"version": 1,
},
}
signature = libmamba_api.sign(json.dumps(json_role["signed"], indent=2),
offline_keys["key_mgr"][1])
json_role["signatures"][offline_keys["key_mgr"][0]] = {
"signature": signature
}
with open(filepath, "w") as f:
json.dump(json_role, f)
yield filepath
def root_role_file(test_data_dir, offline_keys):
filename = "root.json"
filepath = Path(test_data_dir) / filename
timestamp = datetime.now(timezone.utc)
# avoid failing test due to expired role
expiration = timestamp + timedelta(days=365)
json_role = {
"signatures": {},
"signed": {
"delegations": {
"key_mgr": {
"pubkeys": [offline_keys["key_mgr"][0]],
"threshold": 1,
},
"root": {
"pubkeys": [offline_keys["root"][0]],
"threshold": 1,
},
},
"expiration": expiration.strftime('%Y-%m-%dT%H:%M:%SZ'),
"metadata_spec_version": "0.6.0",
"timestamp": timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'),
"type": "root",
"version": 1,
},
}
signature = libmamba_api.sign(json.dumps(json_role["signed"], indent=2),
offline_keys["root"][1])
json_role["signatures"][offline_keys["root"][0]] = {"signature": signature}
with open(filepath, "w") as f:
json.dump(json_role, f, indent=2)
return filepath