def test_1__get_password(self): # SETUP original_getpass = signercli.getpass.getpass password = self.random_string() def _mock_getpass(junk1, junk2, pw=password): return pw # Patch getpass.getpass(). signercli.getpass.getpass = _mock_getpass # Test: normal case. self.assertEqual(signercli._get_password(), password) # RESTORE signercli.getpass.getpass = original_getpass
def update_metadata(keystore_path, project_root, root_cfg_path, server_dir, state=BUILD_ROOT): logger.info(state) # normalize the paths metadata_root = os.path.join(server_dir, "meta") targets_root = os.path.join(server_dir, "targets") # build the keydb key_db = keystore.KeyStore(keystore_path) if TEST: key_db.load(['test']) while True: if TEST: break line = signercli._get_password("Please input a decryption password for the keystore, or -- to stop: ") if line != '--': key_db.load([line]) else: break # get the config data root_cfg = ConfigParser() root_cfg.read(root_cfg_path) fuzzy_root_keys = [key for key in root_cfg.get("root", "keyids").split(", ")] fuzzy_targets_keys = [key for key in root_cfg.get("targets", "keyids").split(", ")] fuzzy_release_keys = [key for key in root_cfg.get("release", "keyids").split(", ")] fuzzy_timestamp_keys = [key for key in root_cfg.get("timestamp", "keyids").split(", ")] # copy the project over to the targets root if project_root != targets_root: rmtree(targets_root) logger.info("removed the tree") copytree(project_root, targets_root) logger.info("copied the tree") # started if state == BUILD_ROOT: try: build_root_txt(root_cfg_path, fuzzy_root_keys, key_db, metadata_root) state += 1 except: logger.info('Quickstart was unable to build root.txt. Please send the incomplete update to your root key holder.') logger.info('They can continue the update process by running quickstart with the \'-step build_root\' argument') state = FINISH # built_root logger.info("done with root") if state == BUILD_TARGETS: try: build_targets_txt(targets_root, fuzzy_targets_keys, key_db, server_dir) state += 1 print("BUILT TARGETS") except: logger.info('Quickstart was unable to build targets.txt. Please send the incomplete update to your targets key holder.') logger.info('They can continue the update process by running quickstart with the \'-step build_targets\' argument') state = FINISH # built_targets logger.info("done with targets") if state == BUILD_RELEASE: try: build_release_txt(fuzzy_release_keys, key_db, metadata_root) state += 1 except: logger.info('Quickstart was unable to build release.txt. Please send the incomplete update to your release key holder.') logger.info('They can continue the update process by running quickstart with the \'-step build_release\' argument') state = FINISH # built_release logger.info("done with the release") if state == BUILD_TIMESTAMP: try: build_timestamp_txt(fuzzy_timestamp_keys, key_db, metadata_root) state += 1 except: logger.info('Quickstart was unable to build timestamp.txt. Please send the incomplete update to your timestamp key holder.') logger.info('They can continue the update process by running quickstart with the \'-step build_timestamp\' argument') state = FINISH # almost done logger.info("done with the timestamp") logger.info("done updating")
if not options.KEYSTORE_LOCATION: options.KEYSTORE_LOCATION = get_keystore_location() # build the keystore key_db = keystore.KeyStore(options.KEYSTORE_LOCATION) key_ids = {} for k in ["root", "targets", "release", "timestamp"]: threshold = getattr(options, k.upper() + "_THRESHOLD") if not threshold and not options.DEFAULT_THRESHOLD: threshold = get_threshold(k) elif options.DEFAULT_THRESHOLD: threshold = options.DEFAULT_THRESHOLD for i in range(threshold): key = signerlib.generate_key(options.DEFAULT_KEY_SIZE) if TEST: password = '******' else: password = signercli._get_password() key_db.add_key(key, password) try: key_ids[k][0].append(key.get_key_id()) except KeyError: key_ids[k] = ([key.get_key_id()], threshold) key_db.save() # get the server root if not options.SERVER_ROOT_LOCATION: options.SERVER_ROOT_LOCATION = get_server_root() # build the server root metadata_loc = options.SERVER_ROOT_LOCATION + pathsep + "meta" print metadata_loc targets_loc = options.SERVER_ROOT_LOCATION + pathsep + "targets" print targets_loc
def update_metadata(keystore_path, project_root, root_cfg_path, server_dir, add_keys, remove_keys, thresholds, keysize, state=BUILD_ROOT): logger.info(state) # normalize the paths metadata_root = os.path.join(server_dir, "meta") targets_root = os.path.join(server_dir, "targets") # build the keydb key_db = keystore.KeyStore(keystore_path) if TEST: key_db.load(['test']) while True: if TEST: break line = signercli._get_password("Please input a decryption password for the keystore, or -- to stop: ") if line != '--': key_db.load([line]) else: break # these are the keys we'll sign with and those that will wind up in the # root.cfg when we're done fuzzy_keys = {'root': set(), 'targets': set(), 'release': set(), 'timestamp': set()} if not thresholds: thresholds = { 'root': 1, 'targets': 1, 'release': 1, 'timestamp': 1} # generate any new keys for role, add in add_keys.items(): if add: key = signerlib.generate_key(keysize) pw = signercli._get_password() key_db.add_key(key, pw) fuzzy_keys[role].add(key.get_key_id()) key_db.save() # get the config data root_cfg = ConfigParser() root_cfg.read(root_cfg_path) # read the config data known_keys = list(key_db._keys) for role in fuzzy_keys: for key_id in root_cfg.get(role, "keyids").split(","): if key_id in known_keys: fuzzy_keys[role].add(key_id) if not thresholds[role]: thresholds[role] = root_cfg.get(role, 'threshold') # remove any removed keys for role in fuzzy_keys: fuzzy_keys[role].discard(remove_keys[role]) # write the results back to the root.cfg expiration = root_cfg.get('expiration', 'days') keydata = {} for role in fuzzy_keys: previous_keys = set(root_cfg.get(role, 'keyids').split(',')) previous_keys.discard(remove_keys[role]) previous_keys |= set(fuzzy_keys[role]) if len(previous_keys) < thresholds[role]: msg = "Number of keys for %s is less then threshold." msg += "Threshold set: %s, keys provided: %s" msg = msg % (role, thresholds[role], previous_keys) log.error(msg) return keydata[role] = (previous_keys, thresholds[role]) build_root_cfg(server_dir, expiration, keydata) # copy the project over to the targets root if project_root != targets_root: rmtree(targets_root) logger.info("removed the tree") copytree(project_root, targets_root) logger.info("copied the tree") # started if state == BUILD_ROOT: try: build_root_txt(root_cfg_path, fuzzy_keys['root'], key_db, metadata_root) state += 1 except Exception, e: print e logger.info('Quickstart was unable to build root.txt. Please send the incomplete update to your root key holder.') logger.info('They can continue the update process by running quickstart with the \'-step build_root\' argument') state = FINISH
if not options.KEYSTORE_LOCATION: options.KEYSTORE_LOCATION = get_keystore_location() # build the keystore key_db = keystore.KeyStore(options.KEYSTORE_LOCATION) key_ids = {} for k in ["root", "targets", "release", "timestamp"]: threshold = getattr(options, k.upper() + "_THRESHOLD") if not threshold and not options.DEFAULT_THRESHOLD: threshold = get_threshold(k) elif options.DEFAULT_THRESHOLD: threshold = options.DEFAULT_THRESHOLD for i in range(threshold): key = signerlib.generate_key(options.DEFAULT_KEY_SIZE) if TEST: password = '******' else: password = signercli._get_password('Password for %s key #%d: ' % (k, i+1)) key_db.add_key(key, password) if not TEST: print 'keyid for %s key #%d: %s' % (k, i+1, key.get_key_id()) try: key_ids[k][0].append(key.get_key_id()) except KeyError: key_ids[k] = ([key.get_key_id()], threshold) key_db.save() # get the server root if not options.SERVER_ROOT_LOCATION: options.SERVER_ROOT_LOCATION = get_server_root() # build the server root metadata_loc = options.SERVER_ROOT_LOCATION + pathsep + "meta" targets_loc = options.SERVER_ROOT_LOCATION + pathsep + "targets" try: mkdir(options.SERVER_ROOT_LOCATION)