def post_index_creation(raw_repodata: dict, channel_name, subdir): """Use available online keys to sign packages""" with get_db_manager() as db: query = ( db.query(db_models.SigningKey) .join(db_models.RoleDelegation.keys) .filter( db_models.RoleDelegation.channel == channel_name, db_models.RoleDelegation.type == "pkg_mgr", db_models.SigningKey.private_key is not None, ) .order_by(desc('time_created')) .all() ) if query: import json from libmambapy import bindings as libmamba_api signatures = {} for name, metadata in raw_repodata["packages"].items(): sig = libmamba_api.sign( json.dumps(metadata, indent=2, sort_keys=True), query[0].private_key ) if name not in signatures: signatures[name] = {} signatures[name][query[0].public_key] = dict(signature=sig) logger.info(f"Signed {Path(channel_name) / subdir}") raw_repodata["signatures"] = signatures
def pkg_mgr_role_file(test_data_dir, private_key, public_key): filename = "pkg_mgr.json" filepath = Path(test_data_dir) / filename timestamp = datetime.now(timezone.utc) # avoid failing test due to expired role expiration = timestamp + timedelta(days=365) json_role = { "signatures": {}, "signed": { "delegations": {}, "expiration": expiration.strftime('%Y-%m-%dT%H:%M:%SZ'), "metadata_spec_version": "0.6.0", "timestamp": timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'), "type": "pkg_mgr", "version": 1, }, } signature = libmamba_api.sign(json.dumps(json_role["signed"], indent=2), private_key) json_role["signatures"][public_key] = {"signature": signature} with open(filepath, "w") as f: json.dump(json_role, f, indent=2) return filepath
def key_mgr_role_file(tmp_path, offline_keys, signing_key): filename = "key_mgr.json" filepath = pathlib.Path(tmp_path) / filename timestamp = datetime.datetime.now(datetime.timezone.utc) # avoid failing test due to expired role expiration = timestamp + datetime.timedelta(days=365) json_role = { "signatures": {}, "signed": { "delegations": { "pkg_mgr": { "pubkeys": [signing_key.public_key], "threshold": 1, } }, "expiration": expiration.strftime('%Y-%m-%dT%H:%M:%SZ'), "metadata_spec_version": "0.6.0", "timestamp": timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'), "type": "key_mgr", "version": 1, }, } signature = libmamba_api.sign(json.dumps(json_role["signed"], indent=2), offline_keys["key_mgr"][1]) json_role["signatures"][offline_keys["key_mgr"][0]] = { "signature": signature } with open(filepath, "w") as f: json.dump(json_role, f) yield filepath
def root_role_file(test_data_dir, offline_keys): filename = "root.json" filepath = Path(test_data_dir) / filename timestamp = datetime.now(timezone.utc) # avoid failing test due to expired role expiration = timestamp + timedelta(days=365) json_role = { "signatures": {}, "signed": { "delegations": { "key_mgr": { "pubkeys": [offline_keys["key_mgr"][0]], "threshold": 1, }, "root": { "pubkeys": [offline_keys["root"][0]], "threshold": 1, }, }, "expiration": expiration.strftime('%Y-%m-%dT%H:%M:%SZ'), "metadata_spec_version": "0.6.0", "timestamp": timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'), "type": "root", "version": 1, }, } signature = libmamba_api.sign(json.dumps(json_role["signed"], indent=2), offline_keys["root"][1]) json_role["signatures"][offline_keys["root"][0]] = {"signature": signature} with open(filepath, "w") as f: json.dump(json_role, f, indent=2) return filepath