diff options
Diffstat (limited to 'pkg/tuf')
| -rwxr-xr-x | pkg/tuf/init.py | 102 | ||||
| -rwxr-xr-x | pkg/tuf/release.py | 135 | 
2 files changed, 0 insertions, 237 deletions
| diff --git a/pkg/tuf/init.py b/pkg/tuf/init.py deleted file mode 100755 index 7300da0a..00000000 --- a/pkg/tuf/init.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python -# init.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program.  If not, see <http://www.gnu.org/licenses/>. - -""" -Tool to initialize a TUF repo. - -The keys can be generated with: -    openssl genrsa -des3 -out private.pem 4096 -The public key can be exported with: -    openssl rsa -in private.pem -outform PEM -pubout -out public.pem -""" - -import sys - -from tuf.repository_tool import create_new_repository -from tuf.repository_tool import import_rsa_privatekey_from_file -from tuf.repository_tool import import_rsa_publickey_from_file - - -def usage(): -    print ("Usage:  %s repo root_private_key root_pub_key targets_pub_key" -           " timestamp_pub_key") % (sys.argv[0],) - - -def main(): -    if len(sys.argv) < 6: -        usage() -        return - -    repo_path = sys.argv[1] -    root_priv_path = sys.argv[2] -    root_pub_path = sys.argv[3] -    targets_pub_path = sys.argv[4] -    timestamp_pub_path = sys.argv[5] -    repo = Repo(repo_path, root_priv_path) -    repo.build(root_pub_path, targets_pub_path, timestamp_pub_path) - -    print "%s/metadata.staged/root.json is ready" % (repo_path,) - - -class Repo(object): -    """ -    Repository builder class -    """ - -    def __init__(self, repo_path, key_path): -        """ -        Constructor - -        :param repo_path: path where the repo lives -        :type repo_path: str -        :param key_path: path where the private root key lives -        :type key_path: str -        """ -        self._repo_path = repo_path -        self._key = import_rsa_privatekey_from_file(key_path) - -    def build(self, root_pub_path, targets_pub_path, timestamp_pub_path): -        """ -        Create a new repo - -        :param root_pub_path: path where the public root key lives -        :type root_pub_path: str -        :param targets_pub_path: path where the public targets key lives -        :type targets_pub_path: str -        :param timestamp_pub_path: path where the public timestamp key lives -        :type timestamp_pub_path: str -        """ -        repository = create_new_repository(self._repo_path) - -        pub_root_key = import_rsa_publickey_from_file(root_pub_path) -        repository.root.add_verification_key(pub_root_key) -        repository.root.load_signing_key(self._key) - -        pub_target_key = import_rsa_publickey_from_file(targets_pub_path) -        repository.targets.add_verification_key(pub_target_key) -        repository.snapshot.add_verification_key(pub_target_key) -        repository.targets.compressions = ["gz"] -        repository.snapshot.compressions = ["gz"] - -        pub_timestamp_key = import_rsa_publickey_from_file(timestamp_pub_path) -        repository.timestamp.add_verification_key(pub_timestamp_key) - -        repository.write_partial() - - -if __name__ == "__main__": -    main() diff --git a/pkg/tuf/release.py b/pkg/tuf/release.py deleted file mode 100755 index 0e1c989c..00000000 --- a/pkg/tuf/release.py +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/env python -# release.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program.  If not, see <http://www.gnu.org/licenses/>. - -""" -Tool to generate TUF related files after a release - -The 'repo' folder should contain two folders: -  - 'metadata.staged' with all the jsons from the previows release -  - 'targets' where the release targets are -""" - -import datetime -import os.path -import sys - -from tuf.repository_tool import load_repository -from tuf.repository_tool import import_rsa_privatekey_from_file - -""" -Days until the expiration of targets.json and snapshot.json. After this ammount -of days the TUF client won't accept this files. -""" -EXPIRATION_DAYS = 90 - - -def usage(): -    print "Usage:  %s repo key" % (sys.argv[0],) - - -def main(): -    if len(sys.argv) < 3: -        usage() -        return - -    repo_path = sys.argv[1] -    key_path = sys.argv[2] -    targets = Targets(repo_path, key_path) -    targets.build() - -    print "%s/metadata.staged/(targets|snapshot).json[.gz] are ready" % \ -          (repo_path,) - - -class Targets(object): -    """ -    Targets builder class -    """ - -    def __init__(self, repo_path, key_path): -        """ -        Constructor - -        :param repo_path: path where the repo lives -        :type repo_path: str -        :param key_path: path where the private targets key lives -        :type key_path: str -        """ -        self._repo_path = repo_path -        self._key = import_rsa_privatekey_from_file(key_path) - -    def build(self): -        """ -        Generate snapshot.json[.gz] and targets.json[.gz] -        """ -        self._repo = load_repository(self._repo_path) -        self._load_targets() - -        self._repo.targets.load_signing_key(self._key) -        self._repo.snapshot.load_signing_key(self._key) -        self._repo.targets.compressions = ["gz"] -        self._repo.snapshot.compressions = ["gz"] -        self._repo.snapshot.expiration = ( -            datetime.datetime.now() + -            datetime.timedelta(days=EXPIRATION_DAYS)) -        self._repo.targets.expiration = ( -            datetime.datetime.now() + -            datetime.timedelta(days=EXPIRATION_DAYS)) -        self._repo.write_partial() - -    def _load_targets(self): -        """ -        Load a list of targets -        """ -        targets_path = os.path.join(self._repo_path, 'targets') -        target_list = self._repo.get_filepaths_in_directory( -            targets_path, -            recursive_walk=True, -            followlinks=True) - -        self._remove_obsolete_targets(target_list) - -        for target in target_list: -            octal_file_permissions = oct(os.stat(target).st_mode)[3:] -            custom_file_permissions = { -                'file_permissions': octal_file_permissions -            } -            self._repo.targets.add_target(target, custom_file_permissions) - -    def _remove_obsolete_targets(self, target_list): -        """ -        Remove obsolete targets from TUF targets - -        :param target_list: list of targets on full path comming from TUF -                            get_filepaths_in_directory -        :type target_list: list(str) -        """ -        targets_path = os.path.join(self._repo_path, 'targets') -        relative_path_list = map(lambda t: t.split("/targets")[1], target_list) -        removed_targets = (set(self._repo.targets.target_files.keys()) -                           - set(relative_path_list)) - -        for target in removed_targets: -            target_rel_path = target -            if target[0] == '/': -                target_rel_path = target[1:] -            target_path = os.path.join(targets_path, target_rel_path) -            self._repo.targets.remove_target(target_path) - - -if __name__ == "__main__": -    main() | 
