[or-cvs] r17084: {updater} Implement all of signing-side and server-side for updater, a (in updater/trunk: . lib/glider samples specs)
nickm at seul.org
nickm at seul.org
Tue Oct 14 05:04:41 UTC 2008
Author: nickm
Date: 2008-10-14 01:04:40 -0400 (Tue, 14 Oct 2008)
New Revision: 17084
Added:
updater/trunk/lib/glider/ClientCLI.py
updater/trunk/lib/glider/ServerCLI.py
updater/trunk/lib/glider/SignerCLI.py
updater/trunk/lib/glider/checkJson.py
updater/trunk/lib/glider/download.py
updater/trunk/lib/glider/master_keys.py
updater/trunk/lib/glider/util.py
updater/trunk/samples/
updater/trunk/samples/bundle.cfg
updater/trunk/samples/example-mirrors.txt
updater/trunk/samples/example-package.cfg
updater/trunk/samples/testpackage.cfg
Modified:
updater/trunk/Makefile
updater/trunk/TODO
updater/trunk/lib/glider/__init__.py
updater/trunk/lib/glider/formats.py
updater/trunk/lib/glider/keys.py
updater/trunk/lib/glider/repository.py
updater/trunk/lib/glider/tests.py
updater/trunk/specs/glider-spec.txt
Log:
Implement all of signing-side and server-side for updater, and the core loops of client-side. More downloader support is needed, and more polishing. See TODO for details. This no longer matches glider-spec.txt exactly. Notably, it uses json instead of sexp.
Modified: updater/trunk/Makefile
===================================================================
--- updater/trunk/Makefile 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/Makefile 2008-10-14 05:04:40 UTC (rev 17084)
@@ -2,5 +2,5 @@
export PYTHONPATH=./lib
test:
- python -m sexp.tests
+ #python -m sexp.tests
python -m glider.tests
Modified: updater/trunk/TODO
===================================================================
--- updater/trunk/TODO 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/TODO 2008-10-14 05:04:40 UTC (rev 17084)
@@ -1,39 +1,54 @@
-
o Write spec
. Write server-side code (python)
- o S-expression lib
- . Code to manage data formats
- . Parse
+ X S-expression lib
+ o Code to manage data formats
+ o Parse
o Validate
- - Code to wrangle private keys
+ o Code to wrangle private keys
o Generate
- . Store, load (password-protected)
- - Print for posterity
+ o Store, load (password-protected)
+ o Print for posterity
+ o Associate with roles.
+ o Code to generate timestamp files
+ o Code to generate mirror files
+ o Code to generate keylist files
+ o and add new keys to them
+ o and remove keys.
- - Code to generate timestamp files
- - Code to generate mirror files
- - Code to generate keylist files, and add new keys to them, and
- remove keys.
+o Repository code.
+ o make access functions independent of consistency/loading functions
- Write client-side code
- - Decide early if a python implementation will do for v1.
- IF SO:
+ . Decide early if a python implementation will do for v1.
- Adjust httplib, urllib2 to use socks4a.
- Check SOCKS package for suitability as basis for socks4a support?
- Look into best packageing practices
- IF NOT:
- - Maybe use curllib for downloading, unless there's something
- better.
- - Check out Ron's reference code for s-expression handling.
- - Write cacheing code
- - Write code to pick a mirror
- - Write code to grab a timestamp file and figure out what to do.
- - Write code to update other files
- - Write code to run, telling another process about status,
+ o Write cacheing code
+ o Write code to pick a mirror
+ o Write code to grab a timestamp file and figure out what to do.
+ o Write code to update other files
+ . Write code to run, telling another process about status,
eventually coming up with a list of packages to install or an
"A-OK" signal.
- - GUI
+ D GUI
+
+ - DL-via-Tor
+ - Install-when-done
+ - Verbose output
+ - Rendezvous-back with Tor when done.
+
+- Wrapping
+ - More unit tests
+ - Setup.py script to install everything
+
+- Documentation
+ - HOWTO guides
+ . full pydoc
+ - revise spec
+
+- Testing
+ - Much bigger unit tests.
Added: updater/trunk/lib/glider/ClientCLI.py
===================================================================
--- updater/trunk/lib/glider/ClientCLI.py (rev 0)
+++ updater/trunk/lib/glider/ClientCLI.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,66 @@
+
+import os
+import sys
+import getopt
+
+import glider.util
+import glider.repository
+import glider.download
+
+def update(args):
+ repoRoot = glider.util.userFilename("cache")
+ options, args = getopt.getopt(args, "", [ "repo=", "no-download" ])
+ download = True
+
+ for o, v in options:
+ if o == '--repo':
+ repoRoot = v
+ elif o == "--no-download":
+ download = False
+
+ repo = glider.repository.LocalRepository(repoRoot)
+
+ files = repo.getFilesToUpdate(trackingBundles=args)
+
+ if not download:
+ return
+
+ mirrorlist = repo.getMirrorlistFile().get()
+
+ downloader = glider.download.Downloads()
+ downloader.start()
+
+ for f in files:
+ # XXXX Use hash.
+ dj = glider.download.DownloadJob(f, repo.getFilename(f),
+ mirrorlist)
+ downloader.addDownloadJob(dj)
+ # XXXX replace file in repository if ok; reload; see what changed.
+
+ # Wait for in-progress jobs
+
+# Check my repository
+
+# Tell me what I need to download
+
+# Download stuff
+
+# Tell me what to install.
+
+def usage():
+ print "Known commands:"
+ print " update [--repo=repository] [--no-download]"
+ sys.exit(1)
+
+def main():
+ if len(sys.argv) < 2:
+ usage()
+ cmd = sys.argv[1]
+ args = sys.argv[2:]
+ if cmd in [ "update" ]:
+ globals()[cmd](args)
+ else:
+ usage()
+
+if __name__ == '__main__':
+ main()
Added: updater/trunk/lib/glider/ServerCLI.py
===================================================================
--- updater/trunk/lib/glider/ServerCLI.py (rev 0)
+++ updater/trunk/lib/glider/ServerCLI.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,187 @@
+
+import os
+import sys
+import getopt
+import time
+
+import simplejson
+
+import glider.formats
+import glider.util
+import glider.keys
+
+def tstamp():
+ return time.strftime("%Y%m%d_%H%M%S", time.localtime())
+
+def snarf(fname):
+ f = open(fname, 'rb')
+ try:
+ return f.read()
+ finally:
+ f.close()
+
+def snarfObj(fname):
+ f = open(fname, 'r')
+ try:
+ return simplejson.load(f)
+ finally:
+ f.close()
+
+def insert(args):
+ repo = os.environ.get("THANDY_MASTER_REPO")
+ backupDir = glider.util.userFilename("old_files")
+ checkSigs = True
+
+ options, args = getopt.getopt(args, "", ["repo=", "no-check"])
+ for o,v in options:
+ if o == "--repo":
+ repo = v
+ elif o == "--no-check":
+ checkSigs = False
+
+ if not repo:
+ print "No repository specified."
+ usage()
+ if not os.path.exists(repo):
+ print "No such repository as %r"%repo
+ usage()
+
+ if not os.path.exists(backupDir):
+ os.makedirs(backupDir, 0700)
+
+ if checkSigs:
+ keys = glider.util.getKeylist(os.path.join(repo, "meta/keys.txt"))
+ else:
+ keys = None
+
+ n_ok = 0
+ for fn in args:
+ print "Loading %s..."%fn
+ try:
+ content = snarf(fn)
+ except OSError, e:
+ print "Couldn't open %s: %s"%(fn, e)
+ continue
+
+ try:
+ obj = simplejson.loads(content)
+ except ValueError, e:
+ print "Couldn't decode %s: %s"%(fn, e)
+ continue
+
+ try:
+ ss, r, path = glider.formats.checkSignedObj(obj, keys)
+ except glider.FormatException, e:
+ print "Bad format on %s: %s"%(fn, e)
+ continue
+ if checkSigs and not ss.isValid():
+ print "Not enough valid signatures on %s"%fn
+ continue
+
+ print " Looks okay. It goes in %s"%path
+ assert path.startswith("/")
+ targetPath = os.path.join(repo, path[1:])
+ if os.path.exists(targetPath):
+ oldContents = snarf(targetPath)
+ if oldContents == content:
+ print " File unchanged!"
+ n_ok += 1
+ continue
+
+ baseFname = "%s_%s" % (tstamp(), os.path.split(path)[1])
+ backupFname = os.path.join(backupDir, baseFname)
+ print " Copying old file to %s"%backupFname
+ glider.util.replaceFile(backupFname, oldContents)
+
+ parentDir = os.path.split(targetPath)[0]
+ if not os.path.exists(parentDir):
+ print " Making %s"%parentDir
+ os.makedirs(parentDir, 0755)
+ print " Replacing file..."
+ glider.util.replaceFile(targetPath, content)
+ print " Done."
+ n_ok += 1
+ if n_ok != len(args):
+ sys.exit(1)
+
+def timestamp(args):
+ repo = os.environ.get("THANDY_MASTER_REPO")
+ ts_keyfile = glider.util.userFilename("timestamp_key")
+
+ options, args = getopt.getopt(args, "", ["repo=", "ts-key="])
+ for o,v in options:
+ if o == "--repo":
+ repo = v
+ elif o == "--ts-key":
+ ts_keyfile = v
+
+ if repo == None:
+ print "No repository specified."
+ usage()
+ if not os.path.exists(repo):
+ print "No such repository as %r"%repo
+ usage()
+
+ tsFname = os.path.join(repo, "meta/timestamp.txt")
+
+ try:
+ mObj = snarfObj(os.path.join(repo, "meta/mirrors.txt"))
+ except OSError:
+ print "No mirror list!"
+ sys.exit(1)
+ try:
+ kObj = snarfObj(os.path.join(repo, "meta/keys.txt"))
+ except OSError:
+ print "No key list!"
+ sys.exit(1)
+
+ bundles = []
+ for dirpath, dirname, fns in os.walk(os.path.join(repo, "bundleinfo")):
+ for fn in fns:
+ try:
+ bObj = snarfObj(fn)
+ except (ValueError, OSError), e:
+ print "(Couldn't read bundle-like %s)"%fn
+ continue
+ try:
+ _, r, _ = glider.formats.checkSignedObj(bObj)
+ except glider.FormatException, e:
+ print "Problem reading object from %s"%fn
+ continue
+ if r != "bundle":
+ print "%s was not a good bundle"%fn
+ continue
+ bundles.append(bObj['signed'])
+
+ timestamp = glider.formats.makeTimestampObj(
+ mObj['signed'], kObj['signed'], bundles)
+ signable = glider.formats.makeSignable(timestamp)
+
+ keydb = glider.formats.Keylist()
+ #XXXX Still a roundabout way to do this.
+ keylist = glider.formats.makeKeylistObj(ts_keyfile, True)
+ keydb.addFromKeylist(keylist)
+ for k in keydb.iterkeys():
+ glider.formats.sign(signable, k)
+
+ content = simplejson.dumps(signable, sort_keys=True)
+ glider.util.replaceFile(tsFname, content)
+
+def usage():
+ print "Known commands:"
+ print " insert [--no-check] [--repo=repository] file ..."
+ print " timestamp [--repo=repository]"
+ sys.exit(1)
+
+def main():
+ if len(sys.argv) < 2:
+ usage()
+ cmd = sys.argv[1]
+ args = sys.argv[2:]
+ if cmd in [ "insert", "timestamp" ]:
+ globals()[cmd](args)
+ else:
+ usage()
+
+if __name__ == '__main__':
+ main()
Added: updater/trunk/lib/glider/SignerCLI.py
===================================================================
--- updater/trunk/lib/glider/SignerCLI.py (rev 0)
+++ updater/trunk/lib/glider/SignerCLI.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,313 @@
+
+import os
+import getopt
+import sys
+import logging
+import simplejson
+
+import glider.keys
+import glider.formats
+
+def getKeyStore():
+ return glider.keys.KeyStore(glider.util.userFilename("secret_keys"))
+
+def dumpKey(key, indent=0):
+ i = " "*indent
+ print "%s%s"%(i, key.getKeyID())
+ for r, p in key.getRoles():
+ print " %s%s\t%s"%(i, r, p)
+
+def getKey(ks, keyid=None, role=None, path=None):
+ if keyid is not None:
+ keys = ks.getKeysFuzzy(keyid)
+ if None not in (role, path):
+ keys = [ k for k in keys if k.hasRole(role, path) ]
+ elif None not in (role, path):
+ keys = ks.getKeysByRole(role, path)
+ else:
+ assert False
+ if len(keys) < 1:
+ print "No such key.\nI wanted",
+ if keyid: print "keyid='%s...'"%keyid,
+ if None not in (role, path): print "role=%s, path=%s"%(role,path),
+ print
+ print "I only know about:"
+ for k in ks.iterkeys():
+ dumpKey(k)
+ sys.exit(1)
+ elif len(keys) > 1:
+ print "Multiple keys match. Possibilities are:"
+ for k in keys:
+ dumpKey(k)
+ sys.exit(1)
+ else:
+ return keys[0]
+
+# ------------------------------
+
+def makepackage(args):
+ options, args = getopt.getopt(args, "", "keyid=")
+ keyid = None
+ for o,v in options:
+ if o == "--keyid":
+ keyid = v
+
+ if len(args) < 2:
+ usage()
+
+ configFile = args[0]
+ dataFile = args[1]
+ print "Generating package."
+ package = glider.formats.makePackageObj(configFile, dataFile)
+ relpath = package['location']
+ print "need a key with role matching [package %s]"%relpath
+ ks = getKeyStore()
+ ks.load()
+ key = getKey(ks, keyid=keyid, role='package', path=relpath)
+ signable = glider.formats.makeSignable(package)
+ glider.formats.sign(signable, key)
+
+ if 1:
+ ss, r, p = glider.formats.checkSignedObj(signable, ks)
+ assert ss.isValid()
+
+ location = os.path.split(package['location'])[-1]
+ print "Writing signed package to %s"%location
+ f = open(location, 'w')
+ simplejson.dump(signable, f, indent=1)
+ f.close()
+
+def makebundle(args):
+ options, args = getopt.getopt(args, "", "keyid=")
+ keyid = None
+ for o,v in options:
+ if o == "--keyid":
+ keyid = v
+
+ if len(args) < 2:
+ usage()
+
+ configFile = args[0]
+ packages = {}
+ for pkgFile in args[1:]:
+ print "Loading", pkgFile
+ f = open(pkgFile, 'r')
+ p = simplejson.load(f)
+ f.close()
+ _, r, _ = glider.formats.checkSignedObj(p)
+ if r != 'package':
+ print pkgFile, "was not a package"
+ packages[p['signed']['location']] = p
+
+ def getHash(path):
+ p = packages[path]
+ return glider.formats.getDigest(p['signed'])
+
+ bundleObj = glider.formats.makeBundleObj(configFile, getHash)
+ signable = glider.formats.makeSignable(bundleObj)
+
+ ks = getKeyStore()
+ ks.load()
+ key = getKey(ks, keyid=keyid, role="bundle", path=bundleObj['location'])
+ glider.formats.sign(signable, key)
+
+ if 1:
+ ss, r, p = glider.formats.checkSignedObj(signable, ks)
+ assert ss.isValid()
+
+ location = os.path.split(bundleObj['location'])[-1]
+ print "Writing signed bundle to %s"%location
+ f = open(location, 'w')
+ simplejson.dump(signable, f, indent=1)
+ f.close()
+
+# ------------------------------
+def makekeylist(args):
+ options, args = getopt.getopt(args, "", "keyid=")
+ keyid = None
+ for o,v in options:
+ if o == "--keyid":
+ keyid = v
+
+ if len(args) < 1:
+ usage()
+
+ keylist = glider.formats.makeKeylistObj(args[0])
+ signable = glider.formats.makeSignable(keylist)
+
+ ks = getKeyStore()
+ ks.load()
+ key = getKey(ks, keyid=keyid, role="master", path="/meta/keys.txt")
+ glider.formats.sign(signable, key)
+
+ if 1:
+ ss, r, p = glider.formats.checkSignedObj(signable, ks)
+ assert ss.isValid()
+
+ print "writing signed keylist to keys.txt"
+ glider.util.replaceFile("keys.txt",
+ simplejson.dumps(signable, indent=1, sort_keys=True),
+ textMode=True)
+
+def signkeylist(args):
+ if len(args) != 1:
+ usage()
+
+ keylist = simplejson.load(open(args[0], 'r'))
+ glider.formats.SIGNED_SCHEMA.checkMatch(keylist)
+ glider.formats.KEYLIST_SCHEMA.checkMatch(keylist['signed'])
+
+ ks = getKeyStore()
+ ks.load()
+ keys = ks.getKeysByRole("master", "/meta/keys.txt")
+ for k in keys:
+ glider.formats.sign(keylist, k)
+
+ print "writing signed keylist to keys.txt"
+ glider.util.replaceFile("keys.txt",
+ simplejson.dumps(keylist, indent=1, sort_keys=True),
+ textMode=True)
+
+def makemirrorlist(args):
+ options, args = getopt.getopt(args, "", "keyid=")
+ keyid = None
+ for o,v in options:
+ if o == "--keyid":
+ keyid = v
+
+ if len(args) < 1:
+ usage()
+
+ mirrorlist = glider.formats.makeMirrorListObj(args[0])
+ signable = glider.formats.makeSignable(mirrorlist)
+
+ ks = getKeyStore()
+ ks.load()
+ key = getKey(ks, keyid=keyid, role='mirrors', path="/meta/mirrors.txt")
+ glider.formats.sign(signable, key)
+
+ if 1:
+ ss, r, p = glider.formats.checkSignedObj(signable, ks)
+ assert ss.isValid()
+
+ print "writing signed mirrorlist to mirrors.txt"
+ glider.util.replaceFile("mirrors.txt",
+ simplejson.dumps(signable, indent=1, sort_keys=True),
+ textMode=True)
+
+# ------------------------------
+
+def keygen(args):
+ k = getKeyStore()
+ k.load()
+ print "Generating key. This will be slow."
+ key = glider.keys.RSAKey.generate()
+ print "Generated new key: %s" % key.getKeyID()
+ k.addKey(key)
+ k.save()
+
+def listkeys(args):
+ k = getKeyStore()
+ k.load()
+ for k in k.iterkeys():
+ print k.getKeyID()
+ for r, p in k.getRoles():
+ print " ", r, p
+
+def addrole(args):
+ if len(args) < 3:
+ usage()
+ ks = getKeyStore()
+ ks.load()
+ k = getKey(ks, args[0])
+ r = args[1]
+ if r not in glider.formats.ALL_ROLES:
+ print "Unrecognized role %r. Known roles are %s"%(
+ r,", ".join(glider.format.ALL_ROLES))
+ sys.exit(1)
+ p = args[2]
+ k.addRole(r, p)
+ ks.save()
+
+def delrole(args):
+ if len(args) < 3:
+ usage()
+ ks = getKeyStore()
+ ks.load()
+ k = getKey(ks, args[0])
+ r = args[1]
+ if r not in glider.formats.ALL_ROLES:
+ print "Unrecognized role %r. Known roles are %s"%(
+ r,", ".join(glider.format.ALL_ROLES))
+ sys.exit(1)
+ p = args[2]
+
+ #XXXX rep.
+ origLen = len(k._roles)
+ k._roles = [ (role,path) for role,path in k._roles
+ if (role,path) != (r,p) ]
+ removed = origLen - len(k._roles)
+ print removed, "roles removed"
+ if removed:
+ ks.save()
+
+def chpass(args):
+ ks = getKeyStore()
+ print "Old password."
+ ks.load()
+ print "New password."
+ ks.clearPassword()
+ ks.save()
+
+def dumpkey(args):
+ options, args = getopt.getopt(args, "", ["include-secret", "passwd="])
+
+ includeSecret = False
+ for o,v in options:
+ if o == '--include-secret':
+ includeSecret = True
+ else:
+ print "Unexpected %r"%o
+
+ ks = getKeyStore()
+ ks.load()
+
+ keys = []
+ if len(args):
+ keys = [ getKey(ks, a) for a in args ]
+ else:
+ keys = list(ks.iterkeys())
+
+ for k in keys:
+ data = k.format(private=includeSecret, includeRoles=True)
+ print "Key(", simplejson.dumps(data, indent=2), ")"
+
+def usage():
+ print "Known commands:"
+ print " keygen"
+ print " listkeys"
+ print " chpass"
+ print " addrole keyid role path"
+ print " delrole keyid role path"
+ print " dumpkey [--include-secret] keyid"
+ print " makepackage config datafile"
+ print " makebundle config packagefile ..."
+ print " signkeylist keylist"
+ print " makekeylist keylist"
+ print " makemirrorlist config"
+ sys.exit(1)
+
+def main():
+ if len(sys.argv) < 2:
+ usage()
+ cmd = sys.argv[1]
+ args = sys.argv[2:]
+ if cmd in [ "keygen", "listkeys", "addrole", "delrole", "chpass",
+ "dumpkey", "makepackage", "makebundle", "signkeylist",
+ "makekeylist", "signkeylist", "makemirrorlist", ]:
+ globals()[cmd](args)
+ else:
+ usage()
+
+if __name__ == '__main__':
+ main()
Modified: updater/trunk/lib/glider/__init__.py
===================================================================
--- updater/trunk/lib/glider/__init__.py 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/lib/glider/__init__.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -1,3 +1,35 @@
__all__ = [ 'formats' ]
+_BaseException = Exception
+
+class Exception(_BaseException):
+ pass
+
+class FormatException(Exception):
+ pass
+
+class UnknownFormat(FormatException):
+ pass
+
+class BadSignature(Exception):
+ pass
+
+class BadPassword(Exception):
+ pass
+
+class InternalError(Exception):
+ pass
+
+class RepoError(InternalError):
+ pass
+
+class CryptoError(Exception):
+ pass
+
+class PubkeyFormatException(FormatException):
+ pass
+
+class UnknownMethod(CryptoError):
+ pass
+
Added: updater/trunk/lib/glider/checkJson.py
===================================================================
--- updater/trunk/lib/glider/checkJson.py (rev 0)
+++ updater/trunk/lib/glider/checkJson.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,274 @@
+
+import re
+import sys
+
+import glider
+
+class Schema:
+ def matches(self, obj):
+ try:
+ self.checkMatch(obj)
+ except glider.FormatException:
+ return False
+ else:
+ return True
+
+ def checkMatch(self, obj):
+ raise NotImplemented()
+
+class Any(Schema):
+ """
+ >>> s = Any()
+ >>> s.matches("A String")
+ True
+ >>> s.matches([1, "list"])
+ True
+ """
+ def checkMatch(self, obj):
+ pass
+
+class RE(Schema):
+ """
+ >>> s = RE("h.*d")
+ >>> s.matches("hello world")
+ True
+ >>> s.matches("Hello World")
+ False
+ >>> s.matches("hello world!")
+ False
+ >>> s.matches([33, "Hello"])
+ False
+ """
+ def __init__(self, pat=None, modifiers=0, reObj=None, reName="pattern"):
+ if not reObj:
+ if not pat.endswith("$"):
+ pat += "$"
+ reObj = re.compile(pat, modifiers)
+ self._re = reObj
+ self._reName = reName
+ def checkMatch(self, obj):
+ if not isinstance(obj, basestring) or not self._re.match(obj):
+ raise glider.FormatException("%r did not match %s"
+ %(obj,self._reName))
+
+class Str(Schema):
+ """
+ >>> s = Str("Hi")
+ >>> s.matches("Hi")
+ True
+ >>> s.matches("Not hi")
+ False
+ """
+ def __init__(self, val):
+ self._str = val
+ def checkMatch(self, obj):
+ if self._str != obj:
+ raise glider.FormatException("Expected %r; got %r"%(self._str, obj))
+
+class AnyStr(Schema):
+ """
+ >>> s = AnyStr()
+ >>> s.matches("")
+ True
+ >>> s.matches("a string")
+ True
+ >>> s.matches(["a"])
+ False
+ >>> s.matches(3)
+ False
+ >>> s.matches(u"a unicode string")
+ True
+ >>> s.matches({})
+ False
+ """
+ def __init__(self):
+ pass
+ def checkMatch(self, obj):
+ if not isinstance(obj, basestring):
+ raise glider.FormatException("Expected a string; got %r"%obj)
+
+class ListOf(Schema):
+ """
+ >>> s = ListOf(RE("(?:..)*"))
+ >>> s.matches("hi")
+ False
+ >>> s.matches([])
+ True
+ >>> s.matches({})
+ False
+ >>> s.matches(["Hi", "this", "list", "is", "full", "of", "even", "strs"])
+ True
+ >>> s.matches(["This", "one", "is not"])
+ False
+ """
+ def __init__(self, schema, minCount=0, maxCount=sys.maxint,listName="list"):
+ self._schema = schema
+ self._minCount = minCount
+ self._maxCount = maxCount
+ self._listName = listName
+ def checkMatch(self, obj):
+ if not isinstance(obj, (list, tuple)):
+ raise glider.FormatException("Expected %s; got %r"
+ %(self._listName,obj))
+ for item in obj:
+ try:
+ self._schema.checkMatch(item)
+ except glider.FormatException, e:
+ raise glider.FormatException("%s in %s"%(e, self._listName))
+
+ if not (self._minCount <= len(obj) <= self._maxCount):
+ raise glider.FormatException("Length of %s out of range"
+ %self._listName)
+
+class Struct(Schema):
+ """
+ >>> s = Struct([ListOf(AnyStr()), AnyStr(), Str("X")])
+ >>> s.matches(False)
+ False
+ >>> s.matches("Foo")
+ False
+ >>> s.matches([[], "Q", "X"])
+ True
+ >>> s.matches([[], "Q", "D"])
+ False
+ >>> s.matches([[3], "Q", "X"])
+ False
+ >>> s.matches([[], "Q", "X", "Y"])
+ False
+ """
+ def __init__(self, subschemas, allowMore=False, structName="list"):
+ self._subschemas = subschemas[:]
+ self._allowMore = allowMore
+ self._structName = structName
+ def checkMatch(self, obj):
+ if not isinstance(obj, (list, tuple)):
+ raise glider.FormatException("Expected %s; got %r"
+ %(self._structName,obj))
+ elif len(obj) < len(self._subschemas):
+ raise glider.FormatException(
+ "Too few fields in %s"%self._structName)
+ elif len(obj) > len(self._subschemas) and not self._allowMore:
+ raise glider.FormatException(
+ "Too many fields in %s"%self._structName)
+ for item, schema in zip(obj, self._subschemas):
+ schema.checkMatch(item)
+
+class DictOf(Schema):
+ """
+ >>> s = DictOf(RE(r'[aeiou]+'), Struct([AnyStr(), AnyStr()]))
+ >>> s.matches("")
+ False
+ >>> s.matches({})
+ True
+ >>> s.matches({"a": ["x", "y"], "e" : ["", ""]})
+ True
+ >>> s.matches({"a": ["x", 3], "e" : ["", ""]})
+ False
+ >>> s.matches({"a": ["x", "y"], "e" : ["", ""], "d" : ["a", "b"]})
+ False
+ """
+ def __init__(self, keySchema, valSchema):
+ self._keySchema = keySchema
+ self._valSchema = valSchema
+ def checkMatch(self, obj):
+ try:
+ iter = obj.iteritems()
+ except AttributeError:
+ raise glider.FormatException("Expected a dict; got %r"%obj)
+
+ for k,v in iter:
+ self._keySchema.checkMatch(k)
+ self._valSchema.checkMatch(v)
+
+class Opt:
+ """Helper; applied to a value in Obj to mark it optional.
+
+ >>> s = Obj(k1=Str("X"), k2=Opt(Str("Y")))
+ >>> s.matches({'k1': "X", 'k2': "Y"})
+ True
+ >>> s.matches({'k1': "X", 'k2': "Z"})
+ False
+ >>> s.matches({'k1': "X"})
+ True
+ """
+ def __init__(self, schema):
+ self._schema = schema
+ def checkMatch(self, obj):
+ self._schema.checkMatch(obj)
+
+class Obj(Schema):
+ """
+ >>> s = Obj(a=AnyStr(), bc=Struct([Int(), Int()]))
+ >>> s.matches({'a':"ZYYY", 'bc':[5,9]})
+ True
+ >>> s.matches({'a':"ZYYY", 'bc':[5,9], 'xx':5})
+ True
+ >>> s.matches({'a':"ZYYY", 'bc':[5,9,3]})
+ False
+ >>> s.matches({'a':"ZYYY"})
+ False
+
+ """
+ def __init__(self, _objname="object", **d):
+ self._objname = _objname
+ self._required = d.items()
+
+
+ def checkMatch(self, obj):
+ for k,schema in self._required:
+ try:
+ item = obj[k]
+ except KeyError:
+ if not isinstance(schema, Opt):
+ raise glider.FormatException("Missing key %s in %s"
+ %(k,self._objname))
+
+ else:
+ try:
+ schema.checkMatch(item)
+ except glider.FormatException, e:
+ raise glider.FormatException("%s in %s.%s"
+ %(e,self._objname,k))
+
+
+class Int(Schema):
+ """
+ >>> s = Int()
+ >>> s.matches(99)
+ True
+ >>> s.matches(False)
+ False
+ >>> s.matches(0L)
+ True
+ >>> s.matches("a string")
+ False
+ >>> Int(lo=10, hi=30).matches(25)
+ True
+ >>> Int(lo=10, hi=30).matches(5)
+ False
+ """
+ def __init__(self, lo=-sys.maxint, hi=sys.maxint):
+ self._lo = lo
+ self._hi = hi
+ def checkMatch(self, obj):
+ if isinstance(obj, bool) or not isinstance(obj, (int, long)):
+ # We need to check for bool as a special case, since bool
+ # is for historical reasons a subtype of int.
+ raise glider.FormatException("Got %r instead of an integer"%obj)
+ elif not (self._lo <= obj <= self._hi):
+ raise glider.FormatException("%r not in range [%r,%r]"
+ %(obj, self._lo, self._hi))
+
+class Bool(Schema):
+ """
+ >>> s = Bool()
+ >>> s.matches(True) and s.matches(False)
+ True
+ >>> s.matches(11)
+ False
+ """
+ def __init__(self):
+ pass
+ def checkMatch(self, obj):
+ if not isinstance(obj, bool):
+ raise glider.FormatException("Got %r instead of a boolean"%obj)
Added: updater/trunk/lib/glider/download.py
===================================================================
--- updater/trunk/lib/glider/download.py (rev 0)
+++ updater/trunk/lib/glider/download.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,127 @@
+
+
+import urllib2
+import httplib
+import random
+
+import threading, Queue
+
+import glider.util
+
+class Downloads:
+ def __init__(self, n_threads=2):
+ self._lock = threading.RLock()
+ self.downloads = {}
+ self.haveDownloaded = {}
+ self.downloadQueue = Queue.Queue()
+ self.threads = [ threading.Thread(target=self._thread) ]
+ for t in self.threads:
+ t.setDaemon(True)
+
+ def start(self):
+ for t in self.threads:
+ t.start()
+
+ def isCurrentlyDownloading(self, relPath):
+ self._lock.acquire()
+ try:
+ return self.downloads.has_key(relPath)
+ finally:
+ self._lock.release()
+
+ def isRedundant(self, relPath):
+ self._lock.acquire()
+ try:
+ return (self.downloads.has_key(relPath) or
+ self.haveDownloaded.has_key(relPath))
+ finally:
+ self._lock.release()
+
+ def addDownloadJob(self, job):
+ rp = job.getRelativePath()
+ self._lock.acquire()
+ self.downloads[rp] = job
+ self._lock.release()
+ self.downloadQueue.put(job)
+
+ def _thread(self):
+ while True:
+ job = self.downloadQueue.get()
+ job.download()
+ rp = job.getRelativePath()
+ self._lock.acquire()
+ try:
+ del self.downloads[rp]
+ self.haveDownloaded[rp] = True
+ finally:
+ self._lock.release()
+
+class DownloadJob:
+ def __init__(self, relPath, destPath, mirrorlist=None,
+ wantHash=None, canStall=False):
+ self._relPath = relPath
+ self._wantHash = wantHash
+ self._mirrorList = mirrorlist
+ self._destPath = destPath
+
+ tmppath = glider.util.userFilename("tmp")
+ if relPath.startswith("/"):
+ relPath = relPath[1:]
+ self._tmppath = os.path.join(tmppath, relPath)
+
+ d = os.path.dirname(self._tmppath)
+ if not os.path.exists(d):
+ os.makedirs(d, 0700)
+
+ def getRelativePath(self):
+ return self._relPath
+
+ def haveStalledFile(self):
+ return os.path.exists(self._tmppath)
+
+ def getURL(self, mirrorlist=None):
+ if mirrorlist is None:
+ mirrorlist = self._mirrorList
+ weightSoFar = 0
+ usable = []
+
+ for m in mirrorlist['mirrors']:
+ for c in m['contents']:
+ # CHECK FOR URL SUITABILITY XXXXX
+
+ if glider.formats.rolePathMatches(c, self._relPath):
+ weightSoFar += m['weight']
+ usable.append( (weightSoFar, m) )
+ break
+
+ wTarget = random.randint(0, weightSoFar)
+ mirror = None
+ # Could use bisect here instead
+ for w, m in mirrorlist:
+ if w >= wTarget:
+ mirror = m
+ break
+
+ return m['urlbase'] + self._relPath
+
+ def download(self):
+ # XXXX RESUME
+
+ f_in = urllib2.urlopen(self.getURL())
+ f_out = open(self._tmpPath, 'w')
+ while True:
+ c = f_in.read(1024)
+ if not c:
+ break
+ f_out.write(c)
+ f_in.close()
+ f_out.close()
+ # XXXXX retry on failure
+
+ if self._wantHash:
+ gotHash = glider.formats.getFileDigest(self._tmpPath)
+ if gotHash != self._wantHash:
+ # XXXX Corrupt file.
+ pass
+
+ glider.utils.moveFile(self._tmpPath, self._destPath)
Modified: updater/trunk/lib/glider/formats.py
===================================================================
--- updater/trunk/lib/glider/formats.py 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/lib/glider/formats.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -1,28 +1,62 @@
-import sexp.access
-import sexp.encode
+import simplejson
import time
import re
+import binascii
+import calendar
-class FormatException(Exception):
- pass
+import glider.checkJson
+import Crypto.Hash.SHA256
+
class KeyDB:
+ """A KeyDB holds public keys, indexed by their key IDs."""
def __init__(self):
- self.keys = {}
+ self._keys = {}
def addKey(self, k):
- self.keys[k.getKeyID()] = k
+ keyid = k.getKeyID()
+ try:
+ oldkey = self._keys[keyid]
+ for r, p in oldkey.getRoles():
+ if (r, p) not in k.getRoles():
+ k.addRole(r,p)
+ except KeyError:
+ pass
+ self._keys[k.getKeyID()] = k
def getKey(self, keyid):
- return self.keys[keyid]
+ return self._keys[keyid]
+ def getKeysByRole(self, role, path):
+ results = []
+ for key in self._keys.itervalues():
+ for r,p in key.getRoles():
+ if r == role:
+ if rolePathMatches(p, path):
+ results.append(key)
+ return results
+ def getKeysFuzzy(self, keyid):
+ r = []
+ for k,v in self._keys.iteritems():
+ if k.startswith(keyid):
+ r.append(v)
+ return r
+ def iterkeys(self):
+ return self._keys.itervalues()
+
_rolePathCache = {}
def rolePathMatches(rolePath, path):
- """
+ """Return true iff the relative path in the filesystem 'path' conforms
+ to the pattern 'rolePath': a path that a given key is
+ authorized to sign. Patterns are allowed to contain * to
+ represent one or more characters in a filename, and ** to
+ represent any level of directory structure.
>>> rolePathMatches("a/b/c/", "a/b/c/")
True
>>> rolePathMatches("**/c.*", "a/b/c.txt")
True
+ >>> rolePathMatches("**/c.*", "a/b/ctxt")
+ False
>>> rolePathMatches("**/c.*", "a/b/c.txt/foo")
False
>>> rolePathMatches("a/*/c", "a/b/c")
@@ -35,40 +69,74 @@
try:
regex = _rolePathCache[rolePath]
except KeyError:
+ orig = rolePath
+ # remove duplicate slashes.
rolePath = re.sub(r'/+', '/', rolePath)
+ # escape, then ** becomes .*
rolePath = re.escape(rolePath).replace(r'\*\*', r'.*')
+ # * becomes [^/]*
rolePath = rolePath.replace(r'\*', r'[^/]*')
+ # and no extra text is allowed.
rolePath += "$"
- regex = _rolePathCache[rolePath] = re.compile(rolePath)
+ regex = _rolePathCache[orig] = re.compile(rolePath)
return regex.match(path) != None
-def checkSignatures(signed, keyDB, role, path):
+class SignatureStatus:
+ """Represents the outcome of checking signature(s) on an object."""
+ def __init__(self, good, bad, unrecognized, unauthorized):
+ # keyids for all the valid signatures
+ self._good = good[:]
+ # keyids for the invalid signatures (we had the key, and it failed).
+ self._bad = bad[:]
+ # keyids for signatures where we didn't recognize the key
+ self._unrecognized = unrecognized[:]
+ # keyids for signatures where we recognized the key, but it doesn't
+ # seem to be allowed to sign this kind of document.
+ self._unauthorized = unauthorized[:]
+
+ def isValid(self, threshold=1):
+ """Return true iff we got at least 'threshold' good signatures."""
+ return len(self._good) >= threshold
+
+ def mayNeedNewKeys(self):
+ """Return true iff downloading a new set of keys might tip this
+ signature status over to 'valid.'"""
+ return len(self._unrecognized) or len(self._unauthorized)
+
+def checkSignatures(signed, keyDB, role=None, path=None):
+ """Given an object conformant to SIGNED_SCHEMA and a set of public keys
+ in keyDB, verify the signed object in 'signed'."""
+
+ SIGNED_SCHEMA.checkMatch(signed)
+
goodSigs = []
badSigs = []
unknownSigs = []
tangentialSigs = []
- assert signed[0] == "signed"
- data = signed[1]
+ signable = signed['signed']
+ signatures = signed['signatures']
d_obj = Crypto.Hash.SHA256.new()
- sexp.encode.hash_canonical(data, d_obj)
+ getDigest(signable, d_obj)
digest = d_obj.digest()
- for signature in sexp.access.s_children(signed, "signature"):
- attrs = signature[1]
- sig = attrs[2]
- keyid = s_child(attrs, "keyid")[1]
+ for signature in signatures:
+ sig = signature['sig']
+ keyid = signature['keyid']
+ method = signature['method']
+
try:
key = keyDB.getKey(keyid)
except KeyError:
unknownSigs.append(keyid)
continue
- method = s_child(attrs, "method")[1]
+
try:
result = key.checkSignature(method, sig, digest=digest)
- except UnknownMethod:
+ except glider.UnknownMethod:
continue
+
if result == True:
if role is not None:
for r,p in key.getRoles():
@@ -82,132 +150,264 @@
else:
badSigs.append(keyid)
- return goodSigs, badSigs, unknownSigs, tangentialSigs
+ return SignatureStatus(goodSigs, badSigs, unknownSigs, tangentialSigs)
+def encodeCanonical(obj, outf=None):
+ """Encode the object obj in canoncial JSon form, as specified at
+ http://wiki.laptop.org/go/Canonical_JSON . It's a restricted
+ dialect of json in which keys are always lexically sorted,
+ there is no whitespace, floats aren't allowed, and only quote
+ and backslash get escaped. The result is encoded in UTF-8,
+ and the resulting bits are passed to outf (if provided), or joined
+ into a string and returned.
+
+ >>> encodeCanonical("")
+ '""'
+ >>> encodeCanonical([1, 2, 3])
+ '[1,2,3]'
+ >>> encodeCanonical({"x" : 3, "y" : 2})
+ '{"x":3,"y":2}'
+ """
+ def default(o):
+ raise TypeError("Can't encode %r", o)
+ def floatstr(o):
+ raise TypeError("Floats not allowed.")
+ def canonical_str_encoder(s):
+ return '"%s"' % re.sub(r'(["\\])', r'\\\1', s)
+
+ # XXX This is, alas, a hack. I'll submit a canonical JSon patch to
+ # the simplejson folks.
+
+ iterator = simplejson.encoder._make_iterencode(
+ None, default, canonical_str_encoder, None, floatstr,
+ ":", ",", True, False, True)(obj, 0)
+
+ result = None
+ if outf == None:
+ result = [ ]
+ outf = result.append
+
+ for u in iterator:
+ outf(u.encode("utf-8"))
+ if result is not None:
+ return "".join(result)
+
+def getDigest(obj, digestObj=None):
+ """Update 'digestObj' (typically a SHA256 object) with the digest of
+ the canonical json encoding of obj. If digestObj is none,
+ compute the SHA256 hash and return it.
+
+ DOCDOC string equivalence.
+ """
+ useTempDigestObj = (digestObj == None)
+ if useTempDigestObj:
+ digestObj = Crypto.Hash.SHA256.new()
+
+ if isinstance(obj, str):
+ digestObj.update(obj)
+ elif isinstance(obj, unicode):
+ digestObj.update(obj.encode("utf-8"))
+ else:
+ encodeCanonical(obj, digestObj.update)
+
+ if useTempDigestObj:
+ return digestObj.digest()
+
+def getFileDigest(f, digestObj=None):
+ """Update 'digestObj' (typically a SHA256 object) with the digest of
+ the file object in f. If digestObj is none, compute the SHA256
+ hash and return it.
+
+ >>> s = "here is a long string"*1000
+ >>> import cStringIO, Crypto.Hash.SHA256
+ >>> h1 = Crypto.Hash.SHA256.new()
+ >>> h2 = Crypto.Hash.SHA256.new()
+ >>> getFileDigest(cStringIO.StringIO(s), h1)
+ >>> h2.update(s)
+ >>> h1.digest() == h2.digest()
+ True
+ """
+ useTempDigestObj = (digestObj == None)
+ if useTempDigestObj:
+ digestObj = Crypto.Hash.SHA256.new()
+
+ while 1:
+ s = f.read(4096)
+ if not s:
+ break
+ digestObj.update(s)
+
+ if useTempDigestObj:
+ return digestObj.digest()
+
+def makeSignable(obj):
+ return { 'signed' : obj, 'signatures' : [] }
+
def sign(signed, key):
- assert sexp.access.s_tag(signed) == 'signed'
- s = signed[1]
- keyid = key.keyID()
+ """Add an element to the signatures of 'signed', containing a new signature
+ of the "signed" part.
+ """
- oldsignatures = [ s for s in signed[2:] if s_child(s[1], "keyid") != keyid ]
- signed[2:] = oldsignatures
+ SIGNED_SCHEMA.checkMatch(signed)
- for method, sig in key.sign(s):
- signed.append(['signature', [['keyid', keyid], ['method', method]],
- sig])
+ signable = signed["signed"]
+ signatures = signed['signatures']
+ keyid = key.getKeyID()
+
+ signatures = [ s for s in signatures if s['keyid'] != keyid ]
+
+ method, sig = key.sign(signable)
+ signatures.append({ 'keyid' : keyid,
+ 'method' : method,
+ 'sig' : sig })
+ signed['signatures'] = signatures
+
def formatTime(t):
- """
+ """Encode the time 't' in YYYY-MM-DD HH:MM:SS format.
+
>>> formatTime(1221265172)
'2008-09-13 00:19:32'
"""
return time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(t))
def parseTime(s):
- return time.timegm(time.strptime(s, "%Y-%m-%d %H:%M:%S"))
+ """Parse a time 's' in YYYY-MM-DD HH:MM:SS format."""
+ try:
+ return calendar.timegm(time.strptime(s, "%Y-%m-%d %H:%M:%S"))
+ except ValueError:
+ raise glider.FormatError("Malformed time %r", s)
-def _parseSchema(s, t=None):
- sexpr = sexp.parse.parse(s)
- schema = sexp.access.parseSchema(sexpr, t)
- return schema
+def formatBase64(h):
+ """Return the base64 encoding of h with whitespace and = signs omitted."""
+ return binascii.b2a_base64(h).rstrip("=\n ")
-SCHEMA_TABLE = { }
+formatHash = formatBase64
-PUBKEY_TEMPLATE = r"""
- (=pubkey ((:unordered (=type .) (:anyof (. _)))) _)
-"""
+def parseBase64(s):
+ """Parse a base64 encoding with whitespace and = signs omitted. """
+ extra = len(s) % 4
+ if extra:
+ padding = "=" * (4 - extra)
+ s += padding
+ try:
+ return binascii.a2b_base64(s)
+ except binascii.Error:
+ raise glider.FormatError("Invalid base64 encoding")
-SCHEMA_TABLE['PUBKEY'] = _parseSchema(PUBKEY_TEMPLATE)
+def parseHash(s):
+ h = parseBase64(s)
+ if len(h) != Crypto.Hash.SHA256.digest_size:
+ raise glider.FormatError("Bad hash length")
+ return h
-TIME_TEMPLATE = r"""/\{d}4-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/"""
+S = glider.checkJson
-SCHEMA_TABLE['TIME'] = sexp.access.parseSchema(TIME_TEMPLATE)
+# A date, in YYYY-MM-DD HH:MM:SS format.
+TIME_SCHEMA = S.RE(r'\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}')
+# A hash, base64-encoded
+HASH_SCHEMA = S.RE(r'[a-zA-Z0-9\+\/]{43}')
-ATTRS_TEMPLATE = r"""(:anyof (_ *))"""
+# A hexadecimal value.
+HEX_SCHEMA = S.RE(r'[a-fA-F0-9]+')
+# A base-64 encoded value
+BASE64_SCHEMA = S.RE(r'[a-zA-Z0-9\+\/]+')
+# An RSA key; subtype of PUBKEY_SCHEMA.
+RSAKEY_SCHEMA = S.Obj(
+ _keytype=S.Str("rsa"),
+ e=BASE64_SCHEMA,
+ n=BASE64_SCHEMA)
+# Any public key.
+PUBKEY_SCHEMA = S.Obj(
+ _keytype=S.AnyStr())
-SCHEMA_TABLE['ATTRS'] = _parseSchema(ATTRS_TEMPLATE)
+KEYID_SCHEMA = HASH_SCHEMA
+SIG_METHOD_SCHEMA = S.AnyStr()
+RELPATH_SCHEMA = PATH_PATTERN_SCHEMA = S.AnyStr()
+URL_SCHEMA = S.AnyStr()
+VERSION_SCHEMA = S.ListOf(S.Any()) #XXXX WRONG
-SIGNED_TEMPLATE = r"""
- (=signed
- _
- (:someof
- (=signature ((:unordered
- (=keyid _) (=method _) .ATTRS)) _)
- )
- )"""
+# A single signature of an object. Indicates the signature, the id of the
+# signing key, and the signing method.
+SIGNATURE_SCHEMA = S.Obj(
+ keyid=KEYID_SCHEMA,
+ method=SIG_METHOD_SCHEMA,
+ sig=BASE64_SCHEMA)
-SIGNED_SCHEMA = _parseSchema(SIGNED_TEMPLATE, SCHEMA_TABLE)
+# A signed object.
+SIGNED_SCHEMA = S.Obj(
+ signed=S.Any(),
+ signatures=S.ListOf(SIGNATURE_SCHEMA))
-KEYLIST_TEMPLATE = r"""
- (=keylist
- (=ts .TIME)
- (=keys
- (:anyof
- (=key ((:unordered (=roles (:someof (. .))) .ATTRS)) _)
- ))
- *
- )"""
+ROLENAME_SCHEMA = S.AnyStr()
-KEYLIST_SCHEMA = _parseSchema(KEYLIST_TEMPLATE, SCHEMA_TABLE)
+# A role: indicates that a key is allowed to certify a kind of
+# document at a certain place in the repo.
+ROLE_SCHEMA = S.Struct([ROLENAME_SCHEMA, PATH_PATTERN_SCHEMA])
-MIRRORLIST_TEMPLATE = r"""
- (=mirrorlist
- (=ts .TIME)
- (=mirrors (:anyof
- (=mirror ((:unordered (=name .) (=urlbase .) (=contents (:someof .))
- .ATTRS)))))
- *)
-"""
+# A Keylist: indicates a list of live keys and their roles.
+KEYLIST_SCHEMA = S.Obj(
+ _type=S.Str("Keylist"),
+ ts=TIME_SCHEMA,
+ keys=S.ListOf(S.Obj(key=PUBKEY_SCHEMA, roles=S.ListOf(ROLE_SCHEMA))))
-MIRRORLIST_SCHEMA = _parseSchema(MIRRORLIST_TEMPLATE, SCHEMA_TABLE)
+# A Mirrorlist: indicates all the live mirrors, and what documents they
+# serve.
+MIRRORLIST_SCHEMA = S.Obj(
+ _type=S.Str("Mirrorlist"),
+ ts=TIME_SCHEMA,
+ mirrors=S.ListOf(S.Obj(name=S.AnyStr(),
+ urlbase=URL_SCHEMA,
+ contents=S.ListOf(PATH_PATTERN_SCHEMA),
+ weight=S.Int(lo=0),
+ )))
-TIMESTAMP_TEMPLATE = r"""
- (=ts
- ((:unordered (=at .TIME) (=m .TIME .) (=k .TIME .)
- (:anyof (=b . . .TIME . .)) .ATTRS))
- )"""
-
-TIMESTAMP_SCHEMA = _parseSchema(TIMESTAMP_TEMPLATE, SCHEMA_TABLE)
-
-BUNDLE_TEMPLATE = r"""
- (=bundle
- (=at .TIME)
- (=os .)
- (:maybe (=arch .))
- (=packages
- (:someof
- (. . . . ((:unordered
- (:maybe (=order . . .))
- (:maybe (=optional))
- (:anyof (=gloss . .))
- (:anyof (=longgloss . .))
- .ATTRS)))
- )
+# A timestamp: indicates the lastest versions of all top-level signed objects.
+TIMESTAMP_SCHEMA = S.Obj(
+ _type = S.Str("Timestamp"),
+ at = TIME_SCHEMA,
+ m = S.Struct([TIME_SCHEMA, HASH_SCHEMA]),
+ k = S.Struct([TIME_SCHEMA, HASH_SCHEMA]),
+ b = S.DictOf(keySchema=S.AnyStr(),
+ valSchema=
+ S.Struct([ VERSION_SCHEMA, RELPATH_SCHEMA, TIME_SCHEMA, HASH_SCHEMA ]))
)
- *
- )"""
-BUNDLE_SCHEMA = _parseSchema(BUNDLE_TEMPLATE, SCHEMA_TABLE)
+# A Bundle: lists a bunch of packages that should be updated in tandem
+BUNDLE_SCHEMA = S.Obj(
+ _type=S.Str("Bundle"),
+ at=TIME_SCHEMA,
+ name=S.AnyStr(),
+ os=S.AnyStr(),
+ arch=S.Opt(S.AnyStr()),
+ version=VERSION_SCHEMA,
+ location=RELPATH_SCHEMA,
+ packages=S.ListOf(S.Obj(
+ name=S.AnyStr(),
+ version=VERSION_SCHEMA,
+ path=RELPATH_SCHEMA,
+ hash=HASH_SCHEMA,
+ order=S.Struct([S.Int(), S.Int(), S.Int()]),
+ optional=S.Opt(S.Bool()),
+ gloss=S.DictOf(S.AnyStr(), S.AnyStr()),
+ longgloss=S.DictOf(S.AnyStr(), S.AnyStr()))))
-PACKAGE_TEMPLATE = r"""
- (=package
- ((:unordered (=name .)
- (=version .)
- (=format . (.ATTRS))
- (=path .)
- (=ts .TIME)
- (=digest .)
- (:anyof (=shortdesc . .))
- (:anyof (=longdesc . .))
- .ATTRS)))
-"""
+PACKAGE_SCHEMA = S.Obj(
+ _type=S.Str("Package"),
+ name=S.AnyStr(),
+ location=RELPATH_SCHEMA,
+ version=VERSION_SCHEMA,
+ format=S.Obj(),
+ ts=TIME_SCHEMA,
+ files=S.ListOf(S.Struct([RELPATH_SCHEMA, HASH_SCHEMA])),
+ shortdesc=S.DictOf(S.AnyStr(), S.AnyStr()),
+ longdesc=S.DictOf(S.AnyStr(), S.AnyStr()))
-PACKAGE_SCHEMA = _parseSchema(PACKAGE_TEMPLATE, SCHEMA_TABLE)
-
ALL_ROLES = ('timestamp', 'mirrors', 'bundle', 'package', 'master')
class Key:
- def __init__(self, key, roles):
+ #XXXX UNUSED.
+ def __init__(self, key, roles=()):
self.key = key
self.roles = []
for r,p in roles:
@@ -215,15 +415,18 @@
def addRole(self, role, path):
assert role in ALL_ROLES
- self.roles.append(role, path)
+ self.roles.append((role, path))
def getRoles(self):
- return self.rules
+ return self.roles
@staticmethod
- def fromSExpression(sexpr):
+ def fromJSon(obj):
# must match PUBKEY_SCHEMA
- typeattr = sexp.access.s_attr(sexpr[1], "type")
+ keytype = obj['_keytype']
+ if keytype == 'rsa':
+ return Key(glider.keys.RSAKey.fromJSon(obj))
+
if typeattr == 'rsa':
key = glider.keys.RSAKey.fromSExpression(sexpr)
if key is not None:
@@ -240,29 +443,27 @@
def sign(self, sexpr=None, digest=None):
return self.key.sign(sexpr, digest=digest)
- def checkSignature(self, method, sexpr=None, digest=None):
- if digest == None:
- _, digest = self.key._digest(sexpr, method)
- ok = self.key.checkSignature(method, digest=digest)
+ def checkSignature(self, method, data, signatute):
+ ok = self.key.checkSignature(method, data, signature)
# XXXX CACHE HERE.
return ok
-class Keystore(KeyDB):
+class Keylist(KeyDB):
def __init__(self):
KeyDB.__init__(self)
- @staticmethod
- def addFromKeylist(sexpr, allowMasterKeys=False):
- # Don't do this until we have validated the structure.
- for ks in sexpr.access.s_lookup_all("keys.key"):
- attrs = ks[1]
- key_s = ks[2]
- roles = s_attr(attrs, "roles")
- #XXXX Use interface of Key, not RSAKey.
- key = Key.fromSExpression(key_s)
- if not key:
+ def addFromKeylist(self, obj, allowMasterKeys=False):
+ for keyitem in obj['keys']:
+ key = keyitem['key']
+ roles = keyitem['roles']
+
+ try:
+ key = glider.keys.RSAKey.fromJSon(key)
+ except glider.FormatException, e:
+ print e
#LOG skipping key.
continue
+
for r,p in roles:
if r == 'master' and not allowMasterKeys:
#LOG
@@ -273,4 +474,274 @@
self.addKey(key)
+class StampedInfo:
+ def __init__(self, ts, hash, version=None, relpath=None):
+ self._ts = ts
+ self._hash = hash
+ self._version = version
+ self._relpath = relpath
+ @staticmethod
+ def fromJSonFields(timeStr, hashStr):
+ t = parseTime(timeStr)
+ h = parseHash(hashStr)
+ return StampedInfo(t, h)
+
+ def getHash(self):
+ return self._hash
+
+ def getRelativePath(self):
+ return self._relpath
+
+class TimestampFile:
+ def __init__(self, at, mirrorlistinfo, keylistinfo, bundleinfo):
+ self._time = at
+ self._mirrorListInfo = mirrorlistinfo
+ self._keyListInfo = keylistinfo
+ self._bundleInfo = bundleinfo
+
+ @staticmethod
+ def fromJSon(obj):
+ # must be validated.
+ at = parseTime(obj['at'])
+ m = StampedInfo.fromJSonFields(*obj['m'][:2])
+ k = StampedInfo.fromJSonFields(*obj['k'][:2])
+ b = {}
+ for name, bundle in obj['b'].iteritems():
+ v = bundle[0]
+ rp = bundle[1]
+ t = parseTime(bundle[2])
+ h = parseHash(bundle[3])
+ b[name] = StampedInfo(t, h, v, rp)
+
+ return TimestampFile(at, m, k, b)
+
+ def getTime(self):
+ return self._time
+
+ def getMirrorlistInfo(self):
+ return self._mirrorListInfo
+
+ def getKeylistInfo(self):
+ return self._keyListInfo
+
+ def getBundleInfo(self, name):
+ return self._bundleInfo[name]
+
+def readConfigFile(fname, needKeys=(), optKeys=(), preload={}):
+ parsed = preload.copy()
+ result = {}
+ execfile(fname, parsed)
+
+ for k in needKeys:
+ try:
+ result[k] = parsed[k]
+ except KeyError:
+ raise glider.FormatError("Missing value for %s in %s"%k,fname)
+
+ for k in optKeys:
+ try:
+ result[k] = parsed[k]
+ except KeyError:
+ pass
+
+ return result
+
+def makePackageObj(config_fname, package_fname):
+ preload = {}
+ shortDescs = {}
+ longDescs = {}
+ def ShortDesc(lang, val): shortDescs[lang] = val
+ def LongDesc(lang, val): longDescs[lang] = val
+ preload = { 'ShortDesc' : ShortDesc, 'LongDesc' : LongDesc }
+ r = readConfigFile(config_fname,
+ ['name',
+ 'version',
+ 'format',
+ 'location',
+ 'relpath',
+ ], (), preload)
+
+ f = open(package_fname, 'rb')
+ digest = getFileDigest(f)
+
+ # Check fields!
+ result = { '_type' : "Package",
+ 'ts' : formatTime(time.time()),
+ 'name' : r['name'],
+ 'location' : r['location'], #DOCDOC
+ 'version' : r['version'],
+ 'format' : r['format'],
+ 'files' : [ [ r['relpath'], formatHash(digest) ] ],
+ 'shortdesc' : shortDescs,
+ 'longdesc' : longDescs
+ }
+
+ PACKAGE_SCHEMA.checkMatch(result)
+
+ return result
+
+def makeBundleObj(config_fname, getPackageHash):
+ packages = []
+ def ShortGloss(lang, val): packages[-1]['gloss'][lang] = val
+ def LongGloss(lang, val): packages[-1]['longgloss'][lang] = val
+ def Package(name, version, path, order, optional=False):
+ packages.append({'name' : name,
+ 'version' : version,
+ 'path' : path,
+ 'order' : order,
+ 'optional' : optional,
+ 'gloss' : {},
+ 'longgloss' : {} })
+ preload = { 'ShortGloss' : ShortGloss, 'LongGloss' : LongGloss,
+ 'Package' : Package }
+ r = readConfigFile(config_fname,
+ ['name',
+ 'os',
+ 'version',
+ 'location',
+ ], ['arch'], preload)
+
+ result = { '_type' : "Bundle",
+ 'at' : formatTime(time.time()),
+ 'name' : r['name'],
+ 'os' : r['os'],
+ 'version' : r['version'],
+ 'location' : r['location'],
+ 'packages' : packages }
+ if r.has_key('arch'):
+ result['arch'] = r['arch']
+
+ for p in packages:
+ try:
+ p['hash'] = formatHash(getPackageHash(p['path']))
+ except KeyError:
+ raise glider.FormatException("No such package as %s"%p['path'])
+
+ BUNDLE_SCHEMA.checkMatch(result)
+ return result
+
+def versionIsNewer(v1, v2):
+ return v1 > v2
+
+def makeTimestampObj(mirrorlist_obj, keylist_obj,
+ bundle_objs):
+ result = { '_type' : 'Timestamp',
+ 'at' : formatTime(time.time()) }
+ result['m'] = [ mirrorlist_obj['ts'],
+ formatHash(getDigest(mirrorlist_obj)) ]
+ result['k'] = [ keylist_obj['ts'],
+ formatHash(getDigest(keylist_obj)) ]
+ result['b'] = bundles = {}
+ for bundle in bundle_objs:
+ name = bundle['name']
+ v = bundle['version']
+ entry = [ v, bundle['location'], bundle['at'], formatHash(getDigest(bundle)) ]
+ if not bundles.has_key(name) or versionIsNewer(v, bundles[name][0]):
+ bundles[name] = entry
+
+ TIMESTAMP_SCHEMA.checkMatch(result)
+
+ return result
+
+class MirrorInfo:
+ def __init__(self, name, urlbase, contents, weight):
+ self._name = name
+ self._urlbase = urlbase
+ self._contents = contents
+ self._weight = weight
+
+ def canServeFile(self, fname):
+ for c in self._contents:
+ if rolePathMatches(c, fname):
+ return True
+ return False
+
+ def getFileURL(self, fname):
+ if self._urlbase[-1] == '/':
+ return self._urlbase+fname
+ else:
+ return "%s/%s" % (self._urlbase, fname)
+
+ def format(self):
+ return { 'name' : self._name,
+ 'urlbase' : self._urlbase,
+ 'contents' : self._contents,
+ 'weight' : self._weight }
+
+def makeMirrorListObj(mirror_fname):
+ mirrors = []
+ def Mirror(*a, **kw): mirrors.append(MirrorInfo(*a, **kw))
+ preload = {'Mirror' : Mirror}
+ r = readConfigFile(mirror_fname, (), (), preload)
+ result = { '_type' : "Mirrorlist",
+ 'ts' : formatTime(time.time()),
+ 'mirrors' : [ m.format() for m in mirrors ] }
+
+ MIRRORLIST_SCHEMA.checkMatch(result)
+ return result
+
+def makeKeylistObj(keylist_fname, includePrivate=False):
+ keys = []
+ def Key(obj): keys.append(obj)
+ preload = {'Key': Key}
+ r = readConfigFile(keylist_fname, (), (), preload)
+
+ klist = []
+ for k in keys:
+ k = glider.keys.RSAKey.fromJSon(k)
+ klist.append({'key': k.format(private=includePrivate), 'roles' : k.getRoles() })
+
+ result = { '_type' : "Keylist",
+ 'ts' : formatTime(time.time()),
+ 'keys' : klist }
+
+ KEYLIST_SCHEMA.checkMatch(result)
+ return result
+
+SCHEMAS_BY_TYPE = {
+ 'Keylist' : KEYLIST_SCHEMA,
+ 'Mirrorlist' : MIRRORLIST_SCHEMA,
+ 'Timestamp' : TIMESTAMP_SCHEMA,
+ 'Bundle' : BUNDLE_SCHEMA,
+ 'Package' : PACKAGE_SCHEMA,
+ }
+
+def checkSignedObj(obj, keydb=None):
+ # Returns signaturestatus, role, path on sucess.
+
+ SIGNED_SCHEMA.checkMatch(obj)
+ try:
+ tp = obj['signed']['_type']
+ except KeyError:
+ raise glider.FormatException("Untyped object")
+ try:
+ schema = SCHEMAS_BY_TYPE[tp]
+ except KeyError:
+ raise glider.FormatException("Unrecognized type %r" % tp)
+ schema.checkMatch(obj['signed'])
+
+ if tp == 'Keylist':
+ role = "master"
+ path = "/meta/keys.txt"
+ elif tp == 'Mirrorlist':
+ role = "mirrors"
+ path = "/meta/mirrors.txt"
+ elif tp == "Timestamp":
+ role = 'timestamp'
+ path = "/meta/timestamp.txt"
+ elif tp == 'Bundle':
+ role = 'bundle'
+ path = obj['signed']['location']
+ elif tp == 'Package':
+ role = 'package'
+ path = obj['signed']['location']
+ else:
+ print tp
+ raise "Foo"
+
+ ss = None
+ if keydb is not None:
+ ss = checkSignatures(obj, keydb, role, path)
+
+ return ss, role, path
Modified: updater/trunk/lib/glider/keys.py
===================================================================
--- updater/trunk/lib/glider/keys.py 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/lib/glider/keys.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -4,25 +4,23 @@
import Crypto.Hash.SHA256
import Crypto.Cipher.AES
-import sexp.access
-import sexp.encode
-import sexp.parse
-
import cPickle as pickle
import binascii
+import logging
import os
import struct
+import sys
+import simplejson
+import getpass
-class CryptoError(Exception):
- pass
+import glider.formats
+import glider.util
-class PubkeyFormatException(Exception):
- pass
-
-class UnknownMethod(Exception):
- pass
-
class PublicKey:
+ def __init__(self):
+ # Confusingly, these roles are the ones used for a private key to
+ # remember what we're willing to do with it.
+ self._roles = []
def format(self):
raise NotImplemented()
def sign(self, data):
@@ -34,7 +32,17 @@
def getKeyID(self):
raise NotImplemented()
def getRoles(self):
- raise NotImplemented()
+ return self._roles
+ def addRole(self, role, path):
+ assert role in glider.formats.ALL_ROLES
+ self._roles.append((role, path))
+ def clearRoles(self):
+ del self._roles[:]
+ def hasRole(self, role, path):
+ for r, p in self._roles:
+ if r == role and glider.formats.rolePathMatches(p, path):
+ return True
+ return False
if hex(1L).upper() == "0X1L":
def intToBinary(number):
@@ -64,8 +72,13 @@
"""
return long(binascii.b2a_hex(binary), 16)
+def intToBase64(number):
+ return glider.formats.formatBase64(intToBinary(number))
+
+def base64ToInt(number):
+ return binaryToInt(glider.formats.parseBase64(number))
+
def _pkcs1_padding(m, size):
-
# I'd rather use OAEP+, but apparently PyCrypto barely supports
# signature verification, and doesn't seem to support signature
# verification with nondeterministic padding. "argh."
@@ -83,25 +96,28 @@
class RSAKey(PublicKey):
"""
>>> k = RSAKey.generate(bits=512)
- >>> sexpr = k.format()
- >>> sexpr[:2]
- ('pubkey', [('type', 'rsa')])
- >>> k1 = RSAKey.fromSExpression(sexpr)
+ >>> obj = k.format()
+ >>> obj['_keytype']
+ 'rsa'
+ >>> base64ToInt(obj['e'])
+ 65537L
+ >>> k1 = RSAKey.fromJSon(obj)
>>> k1.key.e == k.key.e
True
>>> k1.key.n == k.key.n
True
>>> k.getKeyID() == k1.getKeyID()
True
- >>> s = ['tag1', ['foobar'], [['foop', 'bar']], 'baz']
- >>> method, sig = k.sign(sexpr=s)
- >>> k.checkSignature(method, sig, sexpr=s)
+ >>> s = { 'A B C' : "D", "E" : [ "F", "g", 99] }
+ >>> method, sig = k.sign(obj=s)
+ >>> k.checkSignature(method, sig, obj=s)
True
>>> s2 = [ s ]
- >>> k.checkSignature(method, sig, sexpr=s2)
+ >>> k.checkSignature(method, sig, obj=s2)
False
"""
def __init__(self, key):
+ PublicKey.__init__(self)
self.key = key
self.keyid = None
@@ -111,58 +127,79 @@
return RSAKey(key)
@staticmethod
- def fromSExpression(sexpr):
- # sexpr must match PUBKEY_SCHEMA
- typeattr = sexp.access.s_attr(sexpr[1], "type")
- if typeattr != "rsa":
- return None
- if len(sexpr[2]) != 2:
- raise PubkeyFormatException("RSA keys must have an e,n pair")
- e,n = sexpr[2]
- key = Crypto.PublicKey.RSA.construct((binaryToInt(n), binaryToInt(e)))
- return RSAKey(key)
+ def fromJSon(obj):
+ # obj must match RSAKEY_SCHEMA
- def format(self):
- n = intToBinary(self.key.n)
- e = intToBinary(self.key.e)
- return ("pubkey", [("type", "rsa")], (e, n))
+ glider.formats.RSAKEY_SCHEMA.checkMatch(obj)
+ n = base64ToInt(obj['n'])
+ e = base64ToInt(obj['e'])
+ if obj.has_key('d'):
+ d = base64ToInt(obj['d'])
+ p = base64ToInt(obj['p'])
+ q = base64ToInt(obj['q'])
+ u = base64ToInt(obj['u'])
+ key = Crypto.PublicKey.RSA.construct((n, e, d, p, q, u))
+ else:
+ key = Crypto.PublicKey.RSA.construct((n, e))
+ result = RSAKey(key)
+ if obj.has_key('roles'):
+ for r, p in obj['roles']:
+ result.addRole(r,p)
+
+ return result
+
+ def isPrivateKey(self):
+ return hasattr(self.key, 'd')
+
+ def format(self, private=False, includeRoles=False):
+ n = intToBase64(self.key.n)
+ e = intToBase64(self.key.e)
+ result = { '_keytype' : 'rsa',
+ 'e' : e,
+ 'n' : n }
+ if private:
+ result['d'] = intToBase64(self.key.d)
+ result['p'] = intToBase64(self.key.p)
+ result['q'] = intToBase64(self.key.q)
+ result['u'] = intToBase64(self.key.u)
+ if includeRoles:
+ result['roles'] = self.getRoles()
+ return result
+
def getKeyID(self):
if self.keyid == None:
- n = intToBinary(self.key.n)
- e = intToBinary(self.key.e)
- keyval = (e,n)
d_obj = Crypto.Hash.SHA256.new()
- sexp.encode.hash_canonical(keyval, d_obj)
- self.keyid = ("rsa", d_obj.digest())
+ glider.formats.getDigest(self.format(), d_obj)
+ self.keyid = glider.formats.formatHash(d_obj.digest())
return self.keyid
- def _digest(self, sexpr, method=None):
+ def _digest(self, obj, method=None):
if method in (None, "sha256-pkcs1"):
d_obj = Crypto.Hash.SHA256.new()
- sexp.encode.hash_canonical(sexpr, d_obj)
+ glider.formats.getDigest(obj, d_obj)
digest = d_obj.digest()
return ("sha256-pkcs1", digest)
raise UnknownMethod(method)
- def sign(self, sexpr=None, digest=None):
- assert _xor(sexpr == None, digest == None)
+ def sign(self, obj=None, digest=None):
+ assert _xor(obj == None, digest == None)
if digest == None:
- method, digest = self._digest(sexpr)
+ method, digest = self._digest(obj)
m = _pkcs1_padding(digest, (self.key.size()+1) // 8)
- sig = intToBinary(self.key.sign(m, "")[0])
+ sig = intToBase64(self.key.sign(m, "")[0])
return (method, sig)
- def checkSignature(self, method, sig, sexpr=None, digest=None):
- assert _xor(sexpr == None, digest == None)
+ def checkSignature(self, method, sig, obj=None, digest=None):
+ assert _xor(obj == None, digest == None)
if method != "sha256-pkcs1":
raise UnknownMethod("method")
if digest == None:
- method, digest = self._digest(sexpr, method)
- sig = binaryToInt(sig)
+ method, digest = self._digest(obj, method)
+ sig = base64ToInt(sig)
m = _pkcs1_padding(digest, (self.key.size()+1) // 8)
- return self.key.verify(m, (sig,))
+ return bool(self.key.verify(m, (sig,)))
SALTLEN=16
@@ -244,15 +281,21 @@
pad = '\x00' * padlen
slen = struct.pack("!L",len(secret))
- encrypted = e.encrypt("%s%s%s%s" % (slen, secret, d, pad))[:-padlen]
+ encrypted = e.encrypt("%s%s%s%s" % (slen, secret, d, pad))
+ if padlen:
+ encrypted = encrypted[:-padlen]
return "GKEY1%s%s%s"%(salt, iv, encrypted)
def decryptSecret(encrypted, password):
+ """Decrypt a value encrypted with encryptSecret. Raises UnknownFormat
+ or FormatError if 'encrypted' was not generated with encryptSecret.
+ Raises BadPassword if the password was not correct.
+ """
if encrypted[:5] != "GKEY1":
- raise UnknownFormat()
+ raise glider.UnknownFormat()
encrypted = encrypted[5:]
if len(encrypted) < SALTLEN+1+16:
- raise FormatError()
+ raise glider.FormatException()
salt = encrypted[:SALTLEN+1]
iv = encrypted[SALTLEN+1:SALTLEN+1+16]
@@ -276,8 +319,81 @@
d.update(salt)
if d.digest() != hash:
- print repr(decrypted)
- raise BadPassword()
+ raise glider.BadPassword()
return secret
+class KeyStore(glider.formats.KeyDB):
+ def __init__(self, fname, encrypted=True):
+ glider.formats.KeyDB.__init__(self)
+
+ self._loaded = None
+ self._fname = fname
+ self._passwd = None
+ self._encrypted = encrypted
+
+ def getpass(self, reprompt=False):
+ if self._passwd != None:
+ return self._passwd
+ while 1:
+ pwd = getpass.getpass("Password: ", sys.stderr)
+ if not reprompt:
+ return pwd
+
+ pwd2 = getpass.getpass("Confirm: ", sys.stderr)
+ if pwd == pwd2:
+ return pwd
+ else:
+ print "Mismatch; try again."
+
+ def load(self, password=None):
+ logging.info("Loading private keys from %r...", self._fname)
+ if not os.path.exists(self._fname):
+ logging.info("...no such file.")
+ self._loaded = True
+ return
+
+ if password is None and self._encrypted:
+ password = self.getpass()
+
+ contents = open(self._fname, 'rb').read()
+ if self._encrypted:
+ contents = decryptSecret(contents, password)
+
+ listOfKeys = simplejson.loads(contents)
+ self._passwd = password # It worked.
+ if not listOfKeys.has_key('keys'):
+ listOfKeys['keys'] = []
+ for obj in listOfKeys['keys']:
+ key = RSAKey.fromJSon(obj)
+ self.addKey(key)
+ logging.info("Loaded key %s", key.getKeyID())
+
+ self._loaded = True
+
+ def setPassword(self, passwd):
+ self._passwd = passwd
+
+ def clearPassword(self):
+ self._passwd = None
+
+ def save(self, password=None):
+ if not self._loaded and self._encrypted:
+ self.load(password)
+
+ if password is None:
+ password = self.getpass(True)
+
+ logging.info("Saving private keys into %r...", self._fname)
+ listOfKeys = { 'keys' :
+ [ key.format(private=True, includeRoles=True) for key in
+ self._keys.values() ]
+ }
+ contents = simplejson.dumps(listOfKeys)
+ if self._encrypted:
+ contents = encryptSecret(contents, password)
+ glider.util.replaceFile(self._fname, contents)
+ self._passwd = password # It worked.
+ logging.info("Done.")
+
+
Added: updater/trunk/lib/glider/master_keys.py
===================================================================
--- updater/trunk/lib/glider/master_keys.py (rev 0)
+++ updater/trunk/lib/glider/master_keys.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,5 @@
+
+
+MASTER_KEYS = [
+
+]
Modified: updater/trunk/lib/glider/repository.py
===================================================================
--- updater/trunk/lib/glider/repository.py 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/lib/glider/repository.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -1,11 +1,15 @@
-import sexp.parse
-import sexp.access
import glider.formats
+import glider.util
+import simplejson
+import logging
import os
import threading
+import time
+MAX_TIMESTAMP_AGE = 24*60*60
+
class RepositoryFile:
def __init__(self, repository, relativePath, schema,
needRole=None, signedFormat=True, needSigs=1):
@@ -16,12 +20,15 @@
self._signedFormat = signedFormat
self._needSigs = needSigs
- self._signed_sexpr = None
- self._main_sexpr = None
+ self._signed_obj = self._main_obj = None
+ self._sigStatus = None
self._mtime = None
+ def getRelativePath(self):
+ return self._relativePath
+
def getPath(self):
- return os.path.join(self._repository._root, self._relativePath)
+ return self._repository.getFilename(self._relativePath)
def _load(self):
fname = self.getPath()
@@ -40,82 +47,267 @@
finally:
f.close()
- signed_sexpr,main_sexpr = self._checkContent(content)
+ signed_obj,main_obj = self._checkContent(content)
- self._signed_sexpr = signed_sexpr
- self._main_sexpr = main_sexpr
+ self._signed_obj = signed_obj
+ self._main_obj = main_obj
self._mtime = mtime
def _save(self, content=None):
if content == None:
content = sexpr.encode
- signed_sexpr,main_sexpr = self._checkContent(content)
+ signed_obj,main_obj = self._checkContent(content)
fname = self.getPath()
- fname_tmp = fname+"_tmp"
+ glider.util.replaceFile(fname, contents)
- fd = os.open(fname_tmp, os.WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
- try:
- os.write(fd, contents)
- finally:
- os.close(fd)
- if sys.platform in ('cygwin', 'win32'):
- # Win32 doesn't let rename replace an existing file.
- try:
- os.unlink(fname)
- except OSError:
- pass
- os.rename(fname_tmp, fname)
-
- self._signed_sexpr = signed_sexpr
- self._main_sexpr = main_sexpr
+ self._signed_obj = signed_obj
+ self._main_obj = main_obj
self._mtime = mtime
def _checkContent(self, content):
- sexpr = sexp.parse.parse(content)
- if not sexpr:
- raise ParseError()
+ try:
+ obj = simplejson.loads(content)
+ except ValueError, e:
+ raise glider.FormatException("Couldn't decode content: %s"%e)
+
if self._signedFormat:
- if not glider.formats.SIGNED_SCHEMA.matches(sexpr):
- raise FormatError()
+ # This is supposed to be signed.
+ glider.formats.SIGNED_SCHEMA.checkMatch(obj)
- sigs = checkSignatures(sexpr, self._repository._keyDB,
- self._needRole, self._relativePath)
- good = sigs[0]
- # XXXX If good is too low but unknown is high, we may need
- # a new key file.
- if len(good) < 1:
- raise SignatureError()
-
- main_sexpr = sexpr[1]
- signed_sexpr = sexpr
+ main_obj = obj['signed']
+ signed_obj = obj
else:
- signed_sexpr = None
- main_sexpr = sexpr
+ signed_obj = None
+ main_obj = obj
- if self._schema != None and not self._schema.matches(main_sexpr):
- raise FormatError()
+ if self._schema != None:
+ self._schema.checkMatch(main_obj)
- return signed_sexpr, main_sexpr
+ return signed_obj, main_obj
def load(self):
- if self._main_sexpr == None:
+ if self._main_obj == None:
self._load()
+ def get(self):
+ return self._main_obj
+
+ def isLoaded(self):
+ return self._main_obj != None
+
+ def getContent(self):
+ self.load()
+ return self._main_obj
+
+ def _checkSignatures(self):
+ self.load()
+ sigStatus = glider.formats.checkSignatures(self._signed_obj,
+ self._repository._keyDB,
+ self._needRole, self._relativePath)
+ self._sigStatus = sigStatus
+
+ def checkSignatures(self):
+ if self._sigStatus is None:
+ self._checkSignatures()
+ return self._sigStatus
+
class LocalRepository:
def __init__(self, root):
self._root = root
- self._keyDB = None
+ self._keyDB = glider.util.getKeylist(None)
self._keylistFile = RepositoryFile(
- self, "meta/keys.txt", glider.formats.KEYLIST_SCHEMA,
+ self, "/meta/keys.txt", glider.formats.KEYLIST_SCHEMA,
needRole="master")
self._timestampFile = RepositoryFile(
- self, "meta/timestamp.txt", glider.formats.TIMESTAMP_SCHEMA,
+ self, "/meta/timestamp.txt", glider.formats.TIMESTAMP_SCHEMA,
needRole="timestamp")
self._mirrorlistFile = RepositoryFile(
- self, "meta/mirrors.txt", glider.formats.MIRRORLIST_SCHEMA,
+ self, "/meta/mirrors.txt", glider.formats.MIRRORLIST_SCHEMA,
needRole="mirrors")
+ self._metaFiles = [ self._keylistFile,
+ self._timestampFile,
+ self._mirrorlistFile ]
+ self._packageFiles = {}
+ self._bundleFiles = {}
+
+ def getFilename(self, relativePath):
+ if relativePath.startswith("/"):
+ relativePath = relativePath[1:]
+ return os.path.join(self._root, relativePath)
+
+ def getKeylistFile(self):
+ return self._keylistFile
+
+ def getTimestampFile(self):
+ return self._timestampFile
+
+ def getMirrorlistFile(self):
+ return self._mirrorlistFile
+
+ def getPackageFile(self, relPath):
+ try:
+ return self._packageFiles[relPath]
+ except KeyError:
+ self._packageFiles[relPath] = pkg = RepositoryFile(
+ self, relPath, glider.formats.PACKAGE_SCHEMA,
+ needRole='package')
+ return pkg
+
+ def getBundleFile(self, relPath):
+ try:
+ return self._bundleFiles[relPath]
+ except KeyError:
+ self._bundleFiles[relPath] = pkg = RepositoryFile(
+ self, relPath, glider.formats.BUNDLE_SCHEMA,
+ needRole='bundle')
+ return pkg
+
+ def getFilesToUpdate(self, now=None, trackingBundles=()):
+ if now == None:
+ now = time.time()
+
+ need = set()
+
+ # Fetch missing metafiles.
+ for f in self._metaFiles:
+ try:
+ f.load()
+ except OSError, e:
+ print "need", f.getPath()
+ logging.info("Couldn't load %s: %s. Must fetch it.",
+ f.getPath(), e)
+ need.add(f.getRelativePath())
+
+ # If the timestamp file is out of date, we need to fetch it no
+ # matter what. (Even if it is isn't signed, it can't possibly
+ # be good.)
+ ts = self._timestampFile.get()
+ if ts:
+ age = now - glider.formats.parseTime(ts['at'])
+ ts = glider.formats.TimestampFile.fromJSon(ts)
+ if age > MAX_TIMESTAMP_AGE:
+ need.add(self._timestampFile.getRelativePath())
+
+ # If the keylist isn't signed right, we can't check the
+ # signatures on anything else.
+ if self._keylistFile.get():
+ s = self._keylistFile.checkSignatures()
+ if not s.isValid(): # For now only require one master key.
+ need.add(self._keylistFile.getRelativePath())
+
+ if need:
+ return need
+
+ # Import the keys from the keylist.
+ self._keyDB.addFromKeylist(self._keylistFile.get())
+
+ # If the timestamp isn't signed right, get a new timestamp and a
+ # new keylist.
+ s = self._timestampFile.checkSignatures()
+ if not s.isValid():
+ need.add(self._keylistFile.getRelativePath())
+ need.add(self._timestampFile.getRelativePath())
+ return need
+
+ # FINALLY, we know we have an up-to-date, signed timestamp
+ # file. Check whether the keys and mirrors file are as
+ # authenticated.
+ h_kf = glider.formats.getDigest(self._keylistFile.get())
+ h_expected = ts.getKeylistInfo().getHash()
+ if h_kf != h_expected:
+ need.add(self._keylistFile.getRelativePath())
+
+ if need:
+ return need
+
+ s = self._mirrorlistFile.checkSignatures()
+ if not s.isValid():
+ need.add(self._mirrorlistFile.getRelativePath())
+
+ h_mf = glider.formats.getDigest(self._mirrorlistFile.get())
+ h_expected = ts.getMirrorlistInfo().getHash()
+ if h_mf != h_expected:
+ need.add(self._mirrorlistFile.getRelativePath())
+
+ if need:
+ return need
+
+ # Okay; that's it for the metadata. Do we have the right
+ # bundles?
+ bundles = {}
+ for b in trackingBundles:
+ try:
+ binfo = ts.getBundleInfo(b)
+ except KeyError:
+ logging.warn("Unrecognized bundle %s"%b)
+ continue
+
+ rp = binfo.getRelativePath()
+ bfile = self.getBundleFile(rp)
+ try:
+ bfile.load()
+ except OSError:
+ need.add(rp)
+ continue
+
+ h_b = glider.formats.getDigest(bfile.get())
+ h_expected = binfo.getHash()
+ if h_b != h_expected:
+ need.add(rp)
+ continue
+
+ s = bfile.checkSignatures()
+ if not s.isValid():
+ # Can't actually use it.
+ continue
+
+ bundles[rp] = bfile
+
+ # Okay. So we have some bundles. See if we have their packages.
+ packages = {}
+ for bfile in bundles.values():
+ bundle = bfile.get()
+ for pkginfo in bundle['packages']:
+ rp = pkginfo['path']
+ pfile = self.getPackageFile(rp)
+ try:
+ pfile.load()
+ except OSError:
+ need.add(rp)
+ continue
+
+ h_p = glider.formats.getDigest(pfile.get())
+ h_expected = glider.formats.parseHash(pkginfo['hash'])
+ if h_p != h_expected:
+ need.add(rp)
+ continue
+
+ s = pfile.checkSignatures()
+ if not s.isValid():
+ # Can't use it.
+ continue
+ packages[rp] = pfile
+
+ # Finally, we have some packages. Do we have their underlying
+ # files?
+ for pfile in packages.values():
+ package = pfile.get()
+ for f in package['files']:
+ rp, h = f[:2]
+ h_expected = glider.formats.parseHash(h)
+ fn = self.getFilename(rp)
+ try:
+ h_got = glider.formats.getFileDigest(fn)
+ except OSError:
+ need.add(rp)
+ continue
+ if h_got != h_expected:
+ need.add(rp)
+
+ # Okay; these are the files we need.
+ return need
Modified: updater/trunk/lib/glider/tests.py
===================================================================
--- updater/trunk/lib/glider/tests.py 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/lib/glider/tests.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -1,21 +1,57 @@
import unittest
import doctest
+import os
+import tempfile
import glider.keys
import glider.formats
import glider.repository
+import glider.checkJson
import glider.tests
-class EncryptionTest(unittest.TestCase):
- pass
+class CanonicalEncodingTest(unittest.TestCase):
+ def test_encode(self):
+ enc = glider.formats.encodeCanonical
+ self.assertEquals(enc(''), '""')
+ self.assertEquals(enc('"'), '"\\""')
+ self.assertEquals(enc('\t\\\n"\r'),
+ '"\t\\\\\n\\"\r"')
+class CryptoTests(unittest.TestCase):
+ def test_encrypt(self):
+ s = "The Secret words are marzipan habidashery zeugma."
+ password = "the password is swordfish."
+ encrypted = glider.keys.encryptSecret(s, password)
+ self.assertNotEquals(encrypted, s)
+ self.assert_(encrypted.startswith("GKEY1"))
+ self.assertEquals(s, glider.keys.decryptSecret(encrypted, password))
+ self.assertRaises(glider.BadPassword, glider.keys.decryptSecret,
+ encrypted, "password")
+ self.assertRaises(glider.UnknownFormat, glider.keys.decryptSecret,
+ "foobar", password)
+
+ def test_keystore(self):
+ passwd = "umfitty noonah"
+ fname = tempfile.mktemp()
+ ks = glider.keys.KeyStore(fname)
+ key1 = glider.keys.RSAKey.generate(512)
+ key2 = glider.keys.RSAKey.generate(512)
+ ks.addKey(key1)
+ ks.addKey(key2)
+ ks.save(passwd)
+
+ ks2 = glider.keys.KeyStore(fname)
+ ks2.load(passwd)
+ self.assertEquals(key1.key.n, ks2.getKey(key1.getKeyID()).key.n)
+
def suite():
suite = unittest.TestSuite()
suite.addTest(doctest.DocTestSuite(glider.formats))
suite.addTest(doctest.DocTestSuite(glider.keys))
+ suite.addTest(doctest.DocTestSuite(glider.checkJson))
loader = unittest.TestLoader()
suite.addTest(loader.loadTestsFromModule(glider.tests))
Added: updater/trunk/lib/glider/util.py
===================================================================
--- updater/trunk/lib/glider/util.py (rev 0)
+++ updater/trunk/lib/glider/util.py 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,73 @@
+
+import os
+import sys
+import tempfile
+
+import simplejson
+
+import glider.formats
+import glider.keys
+import glider.master_keys
+
+def moveFile(fromLocation, toLocation):
+ if sys.platform in ('cygwin', 'win32'):
+ # Win32 doesn't let rename replace an existing file.
+ try:
+ os.unlink(toLocation)
+ except OSError:
+ pass
+ os.rename(fromLocation, toLocation)
+
+
+def replaceFile(fname, contents, textMode=False):
+ """overwrite the file in 'fname' atomically with the content of 'contents'
+ """
+ dir, prefix = os.path.split(fname)
+ fd, fname_tmp = tempfile.mkstemp(prefix=prefix, dir=dir, text=textMode)
+
+ try:
+ os.write(fd, contents)
+ finally:
+ os.close(fd)
+
+ moveFile(fname_tmp, fname)
+
+def userFilename(name):
+ try:
+ base = os.environ["THANDY_HOME"]
+ except KeyError:
+ base = "~/.thandy"
+ base = os.path.expanduser(base)
+ if not os.path.exists(base):
+ os.makedirs(base, 0700)
+ return os.path.join(base, name)
+
+def getKeylist(keys_fname, checkKeys=True):
+ import glider.master_keys
+
+ keydb = glider.formats.Keylist()
+
+ for key in glider.master_keys.MASTER_KEYS:
+ keydb.addKey(key)
+
+ user_keys = userFilename("preload_keys")
+ if os.path.exists(user_keys):
+ #XXXX somewhat roundabout.
+ keylist = glider.formats.makeKeylistObj(user_keys)
+ keydb.addFromKeylist(keylist, allowMasterKeys=True)
+
+ if keys_fname and os.path.exists(keys_fname):
+ f = open(keys_fname, 'r')
+ try:
+ obj = simplejson.load(f)
+ finally:
+ f.close()
+ ss, role, path = glider.formats.checkSignedObj(obj, keydb)
+ if role != 'master':
+ raise glider.FormatException("%s wasn't a keylist."%keys_fname)
+ if checkKeys and not ss.isValid():
+ raise glider.FormatException("%s not signed by enough master keys"%
+ keys_fname)
+ keydb.addFromKeylist(obj['signed'], allowMasterKeys=False)
+
+ return keydb
Added: updater/trunk/samples/bundle.cfg
===================================================================
--- updater/trunk/samples/bundle.cfg (rev 0)
+++ updater/trunk/samples/bundle.cfg 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,15 @@
+
+name = "example-bundle"
+version = [0,1,10]
+location = "/bundleinfo/example/os-arch/example-os-arch-0.1.10.txt"
+os = "os"
+arch = "arch"
+
+Package(name="example",
+ version=[0,1,2],
+ path="/pkginfo/example/rpm/example.txt",
+ order=(10,10,10),
+ optional=False)
+ShortGloss("en", "Example package is needed to make the ossifrage squeamish.")
+LongGloss("en", "You wouldn't want an unsqueamish ossifrage, would you?")
+
Added: updater/trunk/samples/example-mirrors.txt
===================================================================
--- updater/trunk/samples/example-mirrors.txt (rev 0)
+++ updater/trunk/samples/example-mirrors.txt 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,5 @@
+
+Mirror(name="moria",
+ urlbase="http://moria.seul.org/thandy-example/",
+ contents=[ "**" ],
+ weight=1)
Added: updater/trunk/samples/example-package.cfg
===================================================================
--- updater/trunk/samples/example-package.cfg (rev 0)
+++ updater/trunk/samples/example-package.cfg 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1,24 @@
+
+
+# This is package is name 'example'
+name = "example"
+
+# Encodes version 0.1.2.
+version = [0, 1, 2]
+
+# What kind of package is this?
+format = "rpm"
+
+# Where in the repository does it go?
+location = "/pkginfo/example/rpm/example.txt"
+
+# Where in the repository does its underlying rpm file go?
+relpath = "/data/example-0.1.2.rpm"
+
+# Decriptions of the package.
+ShortDesc('en', "Example package")
+LongDesc('en',
+"""This is an example package.
+
+Its description is not quite so long as it might be, but hey.""")
+
Added: updater/trunk/samples/testpackage.cfg
===================================================================
--- updater/trunk/samples/testpackage.cfg (rev 0)
+++ updater/trunk/samples/testpackage.cfg 2008-10-14 05:04:40 UTC (rev 17084)
@@ -0,0 +1 @@
+
Modified: updater/trunk/specs/glider-spec.txt
===================================================================
--- updater/trunk/specs/glider-spec.txt 2008-10-14 03:54:28 UTC (rev 17083)
+++ updater/trunk/specs/glider-spec.txt 2008-10-14 05:04:40 UTC (rev 17084)
@@ -307,6 +307,14 @@
(signature ({(keyid K) (method M) (ATTR VAL)*}) SIG)+
)
+ { "_type" : "Signed",
+ "signed" : X,
+ "sigatures" : [
+ { "keyid" : K,
+ "method" : M,
+ ...
+ "sig" : S } ]
+
where: X is a list whose first element describes the signed object.
K is the identifier of a key signing the document
M is the method to be used to make the signature
@@ -324,6 +332,11 @@
All keys are of the format:
(pubkey ({(type TYPE) (ATTR VAL)*}) KEYVAL)
+
+ { "_keytype" : TYPE,
+ ...
+ "keyval" : KEYVAL }
+
where TYPE is a string describing the type of the key and how it's
used to sign documents. The type determines the interpretation of
KEYVAL.
@@ -336,6 +349,10 @@
binary format. [This makes keys 45-60% more compact than using
decimal integers.]
+ {Values given as integers.}
+
+ {'e' : e, 'n' : n, big-endian hex. }
+
All RSA keys must be at least 2048 bits long.
@@ -370,6 +387,13 @@
...
)
+ { "_type" : "Keylist",
+ "ts" : TIME,
+ "keys" : [
+ { "roles" : [ [ ROLE, PATH ], ... ],
+ ...
+ "key" : KEY }, ... ] }
+
The "ts" line describes when the keys file was updated. Clients
MUST NOT replace a file with an older one, and SHOULD NOT accept a
file too far in the future.
@@ -392,8 +416,19 @@
( (mirror ({(name N) (urlbase U) (contents PATH+) (weight W)
(official)? (ATTR VAL)})) * )
...
- )
+ )
+ { "_type" : "Mirrorlist",
+ "mirrors" : [
+ { "name" : N,
+ "urlbase" : U,
+ "contents" : [PATH ... ] ,
+ "weight" : W,
+ "official" : BOOL,
+ ...
+ }, ... ]
+ }
+
Every mirror is a copy of some or all of the directory hierarchy
containing at least the /meta, /bundles/, and /pkginfo directories.
@@ -417,12 +452,20 @@
({(at TIME)
(m TIME MIRRORLISTHASH)
(k TIME KEYLISTHASH)
- (b NAME VERSION TIME PATH HASH)*})
+ (b NAME VERSION PATH TIME HASH)*})
)
+ { "_type" : Timestamp,
+ "at" : TIME,
+ "m" : [ TIME, HASH ],
+ "k" : [ TIME, HASH ],
+ "b" : { NAME :
+ [ [ Version, Path, Time, Hash ] ] }
+ }
+
TIME is when the timestamp was signed. MIRRORLISTHASH is the digest
of the mirror-list file; KEYLISTHASH is the digest of the key list
- file; and the 'b' entries are a list of the latest version of each
+ file; and the 'b' entries are a list of the latest version of all
bundles and their locations and hashes.
3.6. File formats: bundle files
@@ -440,6 +483,23 @@
(ATTR VAL)*})? )* )
)
+ { "_type" : "Bundle",
+ "name" : NAME,
+ "at" : TIME,
+ "os" : OS,
+ [ "arch" : ARCH, ]
+ "version" : V
+ "packages" :
+ [ { "name" : NAME,
+ "version" : VERSION,
+ "path" : PATH,
+ "hash" : HASH,
+ "order" : [ INST, UPDATE, REMOVE ],
+ [ "optional : BOOL, ]
+ "gloss" : { LANG : TEXT },
+ "longgloss" : { LANG : TEXT },
+ } ] }
+
Most elements are self-explanatory; the INST, UPDATE, and REMOVE
elements of the order element are numbers defining the order in
which the packages are installed, updated, and removed respectively.
@@ -648,6 +708,3 @@
have to be mad to touch it.
-
-
-
More information about the tor-commits
mailing list