1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
#!/usr/bin/env python
# init.py
# Copyright (C) 2014 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Tool to initialize or update the root.json of a TUF repo.
The keys can be generated with:
openssl genrsa -des3 -out private.pem 4096
The public key can be exported with:
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
"""
import datetime
import sys
from os import listdir
from os.path import exists
from tuf.repository_tool import load_repository, create_new_repository
from tuf.repository_tool import import_rsa_privatekey_from_file
from tuf.repository_tool import import_rsa_publickey_from_file
"""
Days until the expiration of root.json. After this ammount of days the TUF
client won't accept this file.
"""
EXPIRATION_DAYS = 365
def usage():
print ("Usage: %s repo root_private_key root_pub_key targets_pub_key"
" timestamp_pub_key") % (sys.argv[0],)
def main():
if len(sys.argv) < 6:
usage()
return
repo_path = sys.argv[1]
root_priv_path = sys.argv[2]
root_pub_path = sys.argv[3]
targets_pub_path = sys.argv[4]
timestamp_pub_path = sys.argv[5]
repo = Repo(repo_path, root_priv_path)
repo.build(root_pub_path, targets_pub_path, timestamp_pub_path)
print "%s/metadata.staged/root.json is ready" % (repo_path,)
class Repo(object):
"""
Repository builder class
"""
def __init__(self, repo_path, key_path):
"""
Constructor
:param repo_path: path where the repo lives
:type repo_path: str
:param key_path: path where the private root key lives
:type key_path: str
"""
self._repo_path = repo_path
self._key = import_rsa_privatekey_from_file(key_path)
def build(self, root_pub_path, targets_pub_path, timestamp_pub_path):
"""
Create or update the repo
:param root_pub_path: path where the public root key lives
:type root_pub_path: str
:param targets_pub_path: path where the public targets key lives
:type targets_pub_path: str
:param timestamp_pub_path: path where the public timestamp key lives
:type timestamp_pub_path: str
"""
if exists(self._repo_path) and listdir(self._repo_path) != []:
repository = load_repository(self._repo_path)
else:
repository = create_new_repository(self._repo_path)
pub_root_key = import_rsa_publickey_from_file(root_pub_path)
repository.root.add_verification_key(pub_root_key)
repository.root.load_signing_key(self._key)
repository.root.expiration = (
datetime.datetime.now() +
datetime.timedelta(days=EXPIRATION_DAYS))
pub_target_key = import_rsa_publickey_from_file(targets_pub_path)
repository.targets.add_verification_key(pub_target_key)
repository.snapshot.add_verification_key(pub_target_key)
repository.targets.compressions = ["gz"]
repository.snapshot.compressions = ["gz"]
pub_timestamp_key = import_rsa_publickey_from_file(timestamp_pub_path)
repository.timestamp.add_verification_key(pub_timestamp_key)
try:
repository.write_partial()
except:
pass
if __name__ == "__main__":
main()
|
