diff options
Diffstat (limited to 'pkg/tuf')
-rwxr-xr-x | pkg/tuf/init.py | 102 | ||||
-rwxr-xr-x | pkg/tuf/release.py | 135 |
2 files changed, 0 insertions, 237 deletions
diff --git a/pkg/tuf/init.py b/pkg/tuf/init.py deleted file mode 100755 index 7300da0a..00000000 --- a/pkg/tuf/init.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python -# init.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -""" -Tool to initialize a TUF repo. - -The keys can be generated with: - openssl genrsa -des3 -out private.pem 4096 -The public key can be exported with: - openssl rsa -in private.pem -outform PEM -pubout -out public.pem -""" - -import sys - -from tuf.repository_tool import create_new_repository -from tuf.repository_tool import import_rsa_privatekey_from_file -from tuf.repository_tool import import_rsa_publickey_from_file - - -def usage(): - print ("Usage: %s repo root_private_key root_pub_key targets_pub_key" - " timestamp_pub_key") % (sys.argv[0],) - - -def main(): - if len(sys.argv) < 6: - usage() - return - - repo_path = sys.argv[1] - root_priv_path = sys.argv[2] - root_pub_path = sys.argv[3] - targets_pub_path = sys.argv[4] - timestamp_pub_path = sys.argv[5] - repo = Repo(repo_path, root_priv_path) - repo.build(root_pub_path, targets_pub_path, timestamp_pub_path) - - print "%s/metadata.staged/root.json is ready" % (repo_path,) - - -class Repo(object): - """ - Repository builder class - """ - - def __init__(self, repo_path, key_path): - """ - Constructor - - :param repo_path: path where the repo lives - :type repo_path: str - :param key_path: path where the private root key lives - :type key_path: str - """ - self._repo_path = repo_path - self._key = import_rsa_privatekey_from_file(key_path) - - def build(self, root_pub_path, targets_pub_path, timestamp_pub_path): - """ - Create a new repo - - :param root_pub_path: path where the public root key lives - :type root_pub_path: str - :param targets_pub_path: path where the public targets key lives - :type targets_pub_path: str - :param timestamp_pub_path: path where the public timestamp key lives - :type timestamp_pub_path: str - """ - repository = create_new_repository(self._repo_path) - - pub_root_key = import_rsa_publickey_from_file(root_pub_path) - repository.root.add_verification_key(pub_root_key) - repository.root.load_signing_key(self._key) - - pub_target_key = import_rsa_publickey_from_file(targets_pub_path) - repository.targets.add_verification_key(pub_target_key) - repository.snapshot.add_verification_key(pub_target_key) - repository.targets.compressions = ["gz"] - repository.snapshot.compressions = ["gz"] - - pub_timestamp_key = import_rsa_publickey_from_file(timestamp_pub_path) - repository.timestamp.add_verification_key(pub_timestamp_key) - - repository.write_partial() - - -if __name__ == "__main__": - main() diff --git a/pkg/tuf/release.py b/pkg/tuf/release.py deleted file mode 100755 index 0e1c989c..00000000 --- a/pkg/tuf/release.py +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/env python -# release.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -""" -Tool to generate TUF related files after a release - -The 'repo' folder should contain two folders: - - 'metadata.staged' with all the jsons from the previows release - - 'targets' where the release targets are -""" - -import datetime -import os.path -import sys - -from tuf.repository_tool import load_repository -from tuf.repository_tool import import_rsa_privatekey_from_file - -""" -Days until the expiration of targets.json and snapshot.json. After this ammount -of days the TUF client won't accept this files. -""" -EXPIRATION_DAYS = 90 - - -def usage(): - print "Usage: %s repo key" % (sys.argv[0],) - - -def main(): - if len(sys.argv) < 3: - usage() - return - - repo_path = sys.argv[1] - key_path = sys.argv[2] - targets = Targets(repo_path, key_path) - targets.build() - - print "%s/metadata.staged/(targets|snapshot).json[.gz] are ready" % \ - (repo_path,) - - -class Targets(object): - """ - Targets builder class - """ - - def __init__(self, repo_path, key_path): - """ - Constructor - - :param repo_path: path where the repo lives - :type repo_path: str - :param key_path: path where the private targets key lives - :type key_path: str - """ - self._repo_path = repo_path - self._key = import_rsa_privatekey_from_file(key_path) - - def build(self): - """ - Generate snapshot.json[.gz] and targets.json[.gz] - """ - self._repo = load_repository(self._repo_path) - self._load_targets() - - self._repo.targets.load_signing_key(self._key) - self._repo.snapshot.load_signing_key(self._key) - self._repo.targets.compressions = ["gz"] - self._repo.snapshot.compressions = ["gz"] - self._repo.snapshot.expiration = ( - datetime.datetime.now() + - datetime.timedelta(days=EXPIRATION_DAYS)) - self._repo.targets.expiration = ( - datetime.datetime.now() + - datetime.timedelta(days=EXPIRATION_DAYS)) - self._repo.write_partial() - - def _load_targets(self): - """ - Load a list of targets - """ - targets_path = os.path.join(self._repo_path, 'targets') - target_list = self._repo.get_filepaths_in_directory( - targets_path, - recursive_walk=True, - followlinks=True) - - self._remove_obsolete_targets(target_list) - - for target in target_list: - octal_file_permissions = oct(os.stat(target).st_mode)[3:] - custom_file_permissions = { - 'file_permissions': octal_file_permissions - } - self._repo.targets.add_target(target, custom_file_permissions) - - def _remove_obsolete_targets(self, target_list): - """ - Remove obsolete targets from TUF targets - - :param target_list: list of targets on full path comming from TUF - get_filepaths_in_directory - :type target_list: list(str) - """ - targets_path = os.path.join(self._repo_path, 'targets') - relative_path_list = map(lambda t: t.split("/targets")[1], target_list) - removed_targets = (set(self._repo.targets.target_files.keys()) - - set(relative_path_list)) - - for target in removed_targets: - target_rel_path = target - if target[0] == '/': - target_rel_path = target[1:] - target_path = os.path.join(targets_path, target_rel_path) - self._repo.targets.remove_target(target_path) - - -if __name__ == "__main__": - main() |