From ba19eb974cb937056bddc13652d2a8ec481d0880 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 29 Oct 2014 16:41:46 -0300 Subject: Add fabric file to update the TUF repo. Add support for json config file. This feature looks like it will be included soon in newer versions of fabric, but right now we add it manually. Add the configuration into a json file to avoid data on the python file. Ignore the file fabfile.json since it contains server information that may be sensitive. --- .gitignore | 2 ++ fabfile.json.sample | 9 +++++ fabfile.py | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) create mode 100644 fabfile.json.sample create mode 100644 fabfile.py diff --git a/.gitignore b/.gitignore index b7c287d..0500d95 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,5 @@ data/bitmask.pro binaries bundler.paths seeded_config + +fabfile.json diff --git a/fabfile.json.sample b/fabfile.json.sample new file mode 100644 index 0000000..48eaec3 --- /dev/null +++ b/fabfile.json.sample @@ -0,0 +1,9 @@ +{ + "hosts": ["example.org"], + "port": "22", + "release": "(stable|unstable)", + "repo_file": "Bitmask-linux64-0.7.0rc6-tuf.tar.bz2", + "tuf_arch": "(32|64)", + "tuf_path": "/absolute/path/to/the/tuf/repo/", + "user": "the-tuf-user" +} diff --git a/fabfile.py b/fabfile.py new file mode 100644 index 0000000..a7c2047 --- /dev/null +++ b/fabfile.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# encoding: utf-8 +import json +import os + +from fabric.api import task, cd, env, require, run, put + + +@task +def status(): + """ + Display some status of the server. + """ + require('tuf_path', 'hosts', 'port', 'user') + + run('whoami') + + run('ls {0}/linux-i386 --color=auto'.format(env.tuf_path)) + run('ls {0}/linux-x86_64 --color=auto'.format(env.tuf_path)) + + +@task +def update(): + """ + Update the TUF repo using the specified file name. + """ + require('tuf_path', 'tuf_arch', 'hosts', 'port', 'user', 'repo_file') + + if env.tuf_arch not in ['32', '64']: + print "Error: invalid parameter, use 32 or 64." + return + + if not os.path.isfile(env.repo_file): + print "Error: the file does not exist." + return + + if env.tuf_arch == '32': + arch = 'linux-i386' + else: + arch = 'linux-x86_64' + + path = os.path.join(env.tuf_path, arch) + print arch, env.repo_file, path + + put(env.repo_file, path) + + with cd(path): + # we keep the targets folder until we finish so we can recover it in + # case of error + run('mv targets targets.old') + run('tar xjf {0} --strip-components=1'.format(env.repo_file)) + # NOTE: Don't copy the root.json file + # run('cp -a metadata.staged/root.json metadata/') + run('cp -a metadata.staged/targets.json* metadata/') + run('cp -a metadata.staged/snapshot.json* metadata/') + # '|| true' is a hack to avoid permissions problems + run('chmod g+w -f -R metadata.staged/ metadata/timestamp.json || true') + run('rm -fr targets.old') + run('rm {0}'.format(env.repo_file)) + # Note: the timestamp is updated by cron + + +@task(default=True) +def help(): + print 'This script is meant to be used to update a TUF remote remository.' + print 'You need to provide a fabfile.json containing server details and ' + print 'files to update. As an example see the fabfile.json.sample file.' + print + print 'Note: this assumes that you authenticate using the ssh-agent.' + print + print 'You should use this as follows:' + print ' fab update' + + +def load_json(): + """ + Load a fabfile.json file and add its data to the 'env' dict. + """ + # NOTE hopefully this will be available soon on fabric, + # see https://github.com/fabric/fabric/pull/1092 + try: + jdata = None + with open('fabfile.json', 'r') as f: + jdata = json.load(f) + + env.update(jdata) + print "ENV updated" + except: + print "ENV not updated" + pass + + +# Do this always and as a first task +load_json() -- cgit v1.2.3