From a13070c7259fcd76ff3903c59470ae4c60fe780e Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Thu, 2 Oct 2014 18:22:30 -0500 Subject: Handle removals on the updater repo --- pkg/tuf/release.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/tuf/release.py b/pkg/tuf/release.py index c4abcd0d..0e1c989c 100755 --- a/pkg/tuf/release.py +++ b/pkg/tuf/release.py @@ -29,7 +29,6 @@ import sys from tuf.repository_tool import load_repository from tuf.repository_tool import import_rsa_privatekey_from_file -from tuf.repository_tool import import_rsa_publickey_from_file """ Days until the expiration of targets.json and snapshot.json. After this ammount @@ -102,6 +101,8 @@ class Targets(object): recursive_walk=True, followlinks=True) + self._remove_obsolete_targets(target_list) + for target in target_list: octal_file_permissions = oct(os.stat(target).st_mode)[3:] custom_file_permissions = { @@ -109,6 +110,26 @@ class Targets(object): } self._repo.targets.add_target(target, custom_file_permissions) + def _remove_obsolete_targets(self, target_list): + """ + Remove obsolete targets from TUF targets + + :param target_list: list of targets on full path comming from TUF + get_filepaths_in_directory + :type target_list: list(str) + """ + targets_path = os.path.join(self._repo_path, 'targets') + relative_path_list = map(lambda t: t.split("/targets")[1], target_list) + removed_targets = (set(self._repo.targets.target_files.keys()) + - set(relative_path_list)) + + for target in removed_targets: + target_rel_path = target + if target[0] == '/': + target_rel_path = target[1:] + target_path = os.path.join(targets_path, target_rel_path) + self._repo.targets.remove_target(target_path) + if __name__ == "__main__": main() -- cgit v1.2.3 From c7fba69b445ae4b0ad8fe8ec1e4d21b51e514518 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Fri, 31 Oct 2014 17:38:31 -0300 Subject: Remove unused scripts --- pkg/linux/build_bundle.sh | 116 ---------------------------------- pkg/osx/build_bundle.sh | 123 ------------------------------------- pkg/osx/build_bundle_from_linux.sh | 84 ------------------------- pkg/scripts/bitmask_bootstrap.sh | 76 ----------------------- 4 files changed, 399 deletions(-) delete mode 100755 pkg/linux/build_bundle.sh delete mode 100755 pkg/osx/build_bundle.sh delete mode 100644 pkg/osx/build_bundle_from_linux.sh delete mode 100755 pkg/scripts/bitmask_bootstrap.sh (limited to 'pkg') diff --git a/pkg/linux/build_bundle.sh b/pkg/linux/build_bundle.sh deleted file mode 100755 index 60151a80..00000000 --- a/pkg/linux/build_bundle.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash -# -# USAGE NOTES: -# -# This script is meant to be used as follows: -# user@host ~ $ ./build_bundle.sh ~/tmp 0.3.2 ~/tmp/0.3.1/Bitmask-linux64-0.3.1/ /media/Shared/CHANGELOG ~/tmp/bundle_out/ -# -# So we would have: -# REPOS_ROOT -> ~/tmp -# VERSION -> 0.3.2 -# TEMPLATE_BUNDLE -> ~/tmp/0.3.1/Bitmask-linux64-0.3.1/ -# JOINT_CHANGELOG -> /media/Shared/CHANGELOG -# DEST -> ~/tmp/bundle_out/ -# -# We need to set different PATHs in order to use a specific version of PySide, -# supposing that we have our compiled pyside in '~/pyside/sandbox', the above command would be: -# user@host ~ $ PYTHONPATH=~/pyside/sandbox/lib/python2.7/site-packages/ LD_LIBRARY_PATH=~/pyside/sandbox/lib/ PATH=$PATH:~/pyside/sandbox/bin/ ./build_bundle.sh ~/tmp 0.3.2 ~/tmp/0.3.1/Bitmask-linux64-0.3.1/ /media/sf_Shared/CHANGELOG ~/tmp/bundle_out/ - - -# Required arguments -REPOS_ROOT=$1 # Root path for all the needed repositories -VERSION=$2 # Version number that we are building -TEMPLATE_BUNDLE=$3 # A template used to create the new bundle -JOINT_CHANGELOG=$4 # Joint changelog for all the repositories -DEST=$5 # Destination folder for the bundle - -# Helper variables -REPOSITORIES="bitmask_client leap_pycommon soledad keymanager leap_mail" -ARCH=$(uname -m | sed 's/x86_//;s/i[3-6]86/32/') - -# Bundle structure -LEAP_LIB=$TEMPLATE_BUNDLE/lib/leap/ -BITMASK_BIN=$TEMPLATE_BUNDLE/bitmask -BUNDLE_NAME=Bitmask-linux$ARCH-$VERSION - -# clean template -rm -f $TEMPLATE_BUNDLE/CHANGELOG -rm -f $TEMPLATE_BUNDLE/relnotes.txt -rm -rf $TEMPLATE_BUNDLE/apps/leap -rm -rf $TEMPLATE_BUNDLE/lib/leap/{common,keymanager,soledad,mail} - -# checkout the latest tag in all repos -for repo in $REPOSITORIES; do - cd $REPOS_ROOT/$repo - git checkout master - git pull --ff-only origin master && git fetch - git reset --hard origin/master # this avoids problems if you are in a commit far in the past - # checkout to the closest annotated tag, supress 'detached head' warning - git checkout --quiet `git describe --abbrev=0` -done - -# make: compile ui and resources in client -cd $REPOS_ROOT/bitmask_client -make - -# copy the latest client code to the template -cp -r $REPOS_ROOT/bitmask_client/src/leap $TEMPLATE_BUNDLE/apps/leap - -# setup sdist client -cd $REPOS_ROOT/bitmask_client -python setup.py sdist - -# extract $VERSION and copy _version.py to TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/_version.py -# copy _version.py (versioneer) and reqs.txt (requirements) to the bundle template -cd dist -rm -rf leap.bitmask-$VERSION -tar xzf leap.bitmask-$VERSION.tar.gz -cp leap.bitmask-$VERSION/src/leap/bitmask/_version.py $TEMPLATE_BUNDLE/apps/leap/bitmask/_version.py -cp leap.bitmask-$VERSION/src/leap/bitmask/util/reqs.txt $TEMPLATE_BUNDLE/apps/leap/bitmask/util/reqs.txt - -# add the other needed projects to $LEAP_LIB -# e.g. TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/lib/leap/ -cp -r $REPOS_ROOT/leap_pycommon/src/leap/common $LEAP_LIB -cp -r $REPOS_ROOT/soledad/common/src/leap/soledad $LEAP_LIB -cp -r $REPOS_ROOT/soledad/client/src/leap/soledad/client $LEAP_LIB/soledad -cp -r $REPOS_ROOT/leap_mail/src/leap/mail $LEAP_LIB -cp -r $REPOS_ROOT/keymanager/src/leap/keymanager $LEAP_LIB - -# copy bitmask launcher to the bundle template -# e.g. TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/Bitmask -cd $REPOS_ROOT/bitmask_launcher/build/ -make -cp src/launcher $BITMASK_BIN - -# copy launcher.py to template bundle -# e.g. TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/ -cd $REPOS_ROOT/bitmask_launcher/src/ -cp launcher.py $TEMPLATE_BUNDLE/apps/ - -# copy relnotes, joint changelog and LICENSE to TEMPLATE_BUNDLE -cp $REPOS_ROOT/bitmask_client/relnotes.txt $TEMPLATE_BUNDLE -cp $JOINT_CHANGELOG $TEMPLATE_BUNDLE/CHANGELOG -cp $REPOS_ROOT/bitmask_client/LICENSE $TEMPLATE_BUNDLE/LICENSE - -# clean *.pyc files -cd $TEMPLATE_BUNDLE -find . -name "*.pyc" -delete - -# remove execution flags (because vbox fs) and set read permissions for all -chmod 644 CHANGELOG LICENSE README - -# create tarball -TMP=/tmp/$BUNDLE_NAME - -rm -rf $TMP && mkdir -p $TMP # clean temp dir -cp -R $TEMPLATE_BUNDLE/* $TMP -cd /tmp -tar cjf $DEST/$BUNDLE_NAME.tar.bz2 $BUNDLE_NAME -cd -rm -rf $TMP - -# go back to develop in all repos -for repo in $REPOSITORIES; do - cd $REPOS_ROOT/$repo - git checkout develop -done diff --git a/pkg/osx/build_bundle.sh b/pkg/osx/build_bundle.sh deleted file mode 100755 index a13746bf..00000000 --- a/pkg/osx/build_bundle.sh +++ /dev/null @@ -1,123 +0,0 @@ -REPOS_ROOT=$1 -VERSION=$2 -TEMPLATE_BUNDLE=$3 -JOINT_CHANGELOG=$4 -DEST=$5 - -# clean template - -rm $TEMPLATE_BUNDLE/CHANGELOG.txt -rm $TEMPLATE_BUNDLE/relnotes.txt -rm -rf $TEMPLATE_BUNDLE/Bitmask.app/Contentes/MacOS/apps/leap -rm $TEMPLATE_BUNDLE/Bitmask.app/Contentes/MacOS/lib/leap/{common,keymanager,soledad,mail} - -# checkout VERSION in all repos - -for i in {leap_client,leap_pycommon,soledad,keymanager,leap_mail} - do - cd $REPOS_ROOT/$i - git checkout $VERSION - done - -# make ui in client - -cd $REPOS_ROOT/leap_client -make - -# cp client - -cp -r $REPOS_ROOT/leap_client/src/leap $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap - -# setup sdist client - -cd $REPOS_ROOT/leap_client -python setup.py sdist - -# extract $VERSION and copy _version.py to TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/_version.py - -cd dist -rm -rf leap.bitmask-$VERSION -tar xzf leap.bitmask-$VERSION.tar.gz -cp leap.bitmask-$VERSION/src/leap/bitmask/_version.py $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/_version.py -cp leap.bitmask-$VERSION/src/leap/bitmask/util/reqs.txt $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/util/reqs.txt - -# cp common, soledad(client and common), mail and keymanager in TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/lib/leap/ - -LEAP_LIB=$TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/lib/leap/ - -cp -r $REPOS_ROOT/leap_pycommon/src/leap/common $LEAP_LIB -cp -r $REPOS_ROOT/soledad/common/src/leap/soledad $LEAP_LIB -cp -r $REPOS_ROOT/soledad/client/src/leap/soledad/client $LEAP_LIB/soledad -cp -r $REPOS_ROOT/leap_mail/src/leap/mail $LEAP_LIB -cp -r $REPOS_ROOT/keymanager/src/leap/keymanager $LEAP_LIB - -# cp leap_client launcher to TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/Bitmask - -BITMASK_BIN=$TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/Bitmask - -cd $REPOS_ROOT/leap_client_launcher/build/ -make -cp src/launcher $BITMASK_BIN - -# cp launcher.py to TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/ - -cd $REPOS_ROOT/leap_client_launcher/src/ -cp launcher.py $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/ - -# install_name_tool it - -install_name_tool -change libboost_python.dylib lib/libboost_python.dylib $BITMASK_BIN -install_name_tool -change libboost_filesystem.dylib lib/libboost_filesystem.dylib $BITMASK_BIN -install_name_tool -change libboost_system.dylib lib/libboost_system.dylib $BITMASK_BIN - -# cp relnotes to TEMPLATE_BUNDLE - -cp $REPOS_ROOT/leap_client/relnotes.txt $TEMPLATE_BUNDLE - -# cp joint_chglog to TEMPLATE_BUNDLE - -cp $JOINT_CHANGELOG $TEMPLATE_BUNDLE/CHANGELOG.txt - -# cp LICENSE to TEMPLATE_BUNDLE - -cp $REPOS_ROOT/leap_client/LICENSE $TEMPLATE_BUNDLE/LICENSE.txt - -# clean pyc$ - -cd $TEMPLATE_BUNDLE -for i in $(find . | grep pyc$); - do - rm $i - done - -# create dmg - -TMP=/tmp/Bitmask -VOLUME_NAME=Bitmask -DMG_FILE=Bitmask-OSX-$VERSION.dmg - -rm -rf $TMP -mkdir -p $TMP -cp -R $TEMPLATE_BUNDLE/* $TMP -cp $REPOS_ROOT/leap_assets/mac/bitmask.icns $TMP/.VolumeIcon.icns -SetFile -c icnC $TMP/.VolumeIcon.icns -hdiutil create -srcfolder $TMP -volname $VOLUME_NAME -format UDRW -ov $DEST/raw-$DMG_FILE - -rm -rf $TMP -mkdir -p $TMP -hdiutil attach $DEST/raw-$DMG_FILE -mountpoint $TMP - -SetFile -a C $TMP -hdiutil detach $TMP - -rm -rf $TMP -rm -f $DEST/$DMG_FILE -hdiutil convert $DEST/raw-$DMG_FILE -format UDZO -o $DEST/$DMG_FILE -rm -f $DEST/raw-$DMG_FILE - -# go back to develop in all repos -for i in {leap_client,leap_pycommon,soledad,keymanager,leap_mail} - do - cd $REPOS_ROOT/$i - git checkout develop - done diff --git a/pkg/osx/build_bundle_from_linux.sh b/pkg/osx/build_bundle_from_linux.sh deleted file mode 100644 index c98e1b7a..00000000 --- a/pkg/osx/build_bundle_from_linux.sh +++ /dev/null @@ -1,84 +0,0 @@ -REPOS_ROOT=$1 -VERSION=$2 -TEMPLATE_BUNDLE=$3 -JOINT_CHANGELOG=$4 -DEST=$5 - -# clean template - -rm $TEMPLATE_BUNDLE/CHANGELOG.txt -rm $TEMPLATE_BUNDLE/relnotes.txt -rm -rf $TEMPLATE_BUNDLE/Bitmask.app/Contentes/MacOS/apps/leap -rm $TEMPLATE_BUNDLE/Bitmask.app/Contentes/MacOS/lib/leap/{common,keymanager,soledad,mail} - -# checkout VERSION in all repos - -for i in {leap_client,leap_pycommon,soledad,keymanager,leap_mail} - do - cd $REPOS_ROOT/$i - git checkout $VERSION - done - -# make ui in client - -cd $REPOS_ROOT/leap_client -make - -# cp client - -cp -r $REPOS_ROOT/leap_client/src/leap $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap - -# setup sdist client - -cd $REPOS_ROOT/leap_client -python setup.py sdist - -# extract $VERSION and copy _version.py to TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/_version.py - -cd dist -rm -rf leap.bitmask-$VERSION -tar xzf leap.bitmask-$VERSION.tar.gz -cp leap.bitmask-$VERSION/src/leap/bitmask/_version.py $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/_version.py -cp leap.bitmask-$VERSION/src/leap/bitmask/util/reqs.txt $TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/util/reqs.txt - -# cp common, soledad(client and common), mail and keymanager in TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/lib/leap/ - -LEAP_LIB=$TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/lib/leap/ - -cp -r $REPOS_ROOT/leap_pycommon/src/leap/common $LEAP_LIB -cp -r $REPOS_ROOT/soledad/common/src/leap/soledad $LEAP_LIB -cp -r $REPOS_ROOT/soledad/client/src/leap/soledad/client $LEAP_LIB/soledad -cp -r $REPOS_ROOT/leap_mail/src/leap/mail $LEAP_LIB -cp -r $REPOS_ROOT/keymanager/src/leap/keymanager $LEAP_LIB - -# cp relnotes to TEMPLATE_BUNDLE - -cp $REPOS_ROOT/leap_client/relnotes.txt $TEMPLATE_BUNDLE - -# cp joint_chglog to TEMPLATE_BUNDLE - -cp $JOINT_CHANGELOG $TEMPLATE_BUNDLE/CHANGELOG.txt - -# cp LICENSE to TEMPLATE_BUNDLE - -cp $REPOS_ROOT/leap_client/LICENSE $TEMPLATE_BUNDLE/LICENSE.txt - -# clean pyc$ - -cd $TEMPLATE_BUNDLE -for i in $(find . | grep pyc$); - do - rm $i - done - -# create dmg - -genisoimage -D -V "Bitmask" -no-pad -r -apple -o raw-Bitmask-OSX-$VERSION.dmg $TEMPLATE_BUNDLE -dmg dmg raw-Bitmask-OSX-$VERSION.dmg Bitmask-OSX-$VERSION.dmg - -# go back to develop in all repos -for i in {leap_client,leap_pycommon,soledad,keymanager,leap_mail} - do - cd $REPOS_ROOT/$i - git checkout develop - done diff --git a/pkg/scripts/bitmask_bootstrap.sh b/pkg/scripts/bitmask_bootstrap.sh deleted file mode 100755 index 70f9867e..00000000 --- a/pkg/scripts/bitmask_bootstrap.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash -###################################################################### -# bitmask_boostrap.sh -# Copyright (C) 2013 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -###################################################################### -# Installs requirements, and -# clones the latest leap-client - -# depends on: -# (authoritative list under docs/dev/quickstart.rst) - -# git python-dev python-setuptools python-virtualenv python-pip python-openssl libsqlite3-dev g++ openvpn -# pyside-tools python-pyside python-qt4 - -# Clone latest git (develop branch) -# change "develop" for any other branch you want. -BRANCH="develop" -BITMASK_DIR="bitmask-develop" - -# Escape code -esc=`echo -en "\033"` - -# Set colors -cc_green="${esc}[0;32m" -cc_yellow="${esc}[0;33m" -cc_blue="${esc}[0;34m" -cc_red="${esc}[0;31m" -cc_normal=`echo -en "${esc}[m\017"` - -echo "${cc_yellow}" -echo "~~~~~~~~~~~~~~~~~~~~~~~" -echo " Bitmask bootstrapping " -echo "~~~~~~~~~~~~~~~~~~~~~~~" -echo "" -echo "${cc_green}Creating virtualenv...${cc_normal}" - -mkdir ${BITMASK_DIR} -virtualenv "${BITMASK_DIR}" -source ./${BITMASK_DIR}/bin/activate - -echo "${cc_green}Installing bitmask...${cc_normal}" - -pip install -e 'git+https://leap.se/git/bitmask_client@'${BRANCH}'#egg=leap.bitmask' - -cd ${BITMASK_DIR} - -# symlink the pyside libraries to the system libs -./src/leap.bitmask/pkg/postmkvenv.sh - -cd ./src/leap.bitmask -make -cd ../../ -source ./bin/activate - -echo "${cc_green}bitmask installed! =)" -echo "${cc_yellow}" -echo "Launch it with: " -echo "~~~~~~~~~~~~~~~~~~~~~~" -echo "bin/bitmask --debug" -echo "~~~~~~~~~~~~~~~~~~~~~~" -echo "If you are not inside the virtualenv, source it first with " -echo "source "${BITMASK_DIR}"/bin/activate" -echo "${cc_normal}" -- cgit v1.2.3 From b4d9e1535d1c8055c30b8ae6544d6153aa378e36 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Fri, 31 Oct 2014 17:38:44 -0300 Subject: Remove unused TUF helpers. These files are now in the bitmask_bundler repo. --- pkg/tuf/init.py | 102 ---------------------------------------- pkg/tuf/release.py | 135 ----------------------------------------------------- 2 files changed, 237 deletions(-) delete mode 100755 pkg/tuf/init.py delete mode 100755 pkg/tuf/release.py (limited to 'pkg') diff --git a/pkg/tuf/init.py b/pkg/tuf/init.py deleted file mode 100755 index 7300da0a..00000000 --- a/pkg/tuf/init.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python -# init.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -""" -Tool to initialize a TUF repo. - -The keys can be generated with: - openssl genrsa -des3 -out private.pem 4096 -The public key can be exported with: - openssl rsa -in private.pem -outform PEM -pubout -out public.pem -""" - -import sys - -from tuf.repository_tool import create_new_repository -from tuf.repository_tool import import_rsa_privatekey_from_file -from tuf.repository_tool import import_rsa_publickey_from_file - - -def usage(): - print ("Usage: %s repo root_private_key root_pub_key targets_pub_key" - " timestamp_pub_key") % (sys.argv[0],) - - -def main(): - if len(sys.argv) < 6: - usage() - return - - repo_path = sys.argv[1] - root_priv_path = sys.argv[2] - root_pub_path = sys.argv[3] - targets_pub_path = sys.argv[4] - timestamp_pub_path = sys.argv[5] - repo = Repo(repo_path, root_priv_path) - repo.build(root_pub_path, targets_pub_path, timestamp_pub_path) - - print "%s/metadata.staged/root.json is ready" % (repo_path,) - - -class Repo(object): - """ - Repository builder class - """ - - def __init__(self, repo_path, key_path): - """ - Constructor - - :param repo_path: path where the repo lives - :type repo_path: str - :param key_path: path where the private root key lives - :type key_path: str - """ - self._repo_path = repo_path - self._key = import_rsa_privatekey_from_file(key_path) - - def build(self, root_pub_path, targets_pub_path, timestamp_pub_path): - """ - Create a new repo - - :param root_pub_path: path where the public root key lives - :type root_pub_path: str - :param targets_pub_path: path where the public targets key lives - :type targets_pub_path: str - :param timestamp_pub_path: path where the public timestamp key lives - :type timestamp_pub_path: str - """ - repository = create_new_repository(self._repo_path) - - pub_root_key = import_rsa_publickey_from_file(root_pub_path) - repository.root.add_verification_key(pub_root_key) - repository.root.load_signing_key(self._key) - - pub_target_key = import_rsa_publickey_from_file(targets_pub_path) - repository.targets.add_verification_key(pub_target_key) - repository.snapshot.add_verification_key(pub_target_key) - repository.targets.compressions = ["gz"] - repository.snapshot.compressions = ["gz"] - - pub_timestamp_key = import_rsa_publickey_from_file(timestamp_pub_path) - repository.timestamp.add_verification_key(pub_timestamp_key) - - repository.write_partial() - - -if __name__ == "__main__": - main() diff --git a/pkg/tuf/release.py b/pkg/tuf/release.py deleted file mode 100755 index 0e1c989c..00000000 --- a/pkg/tuf/release.py +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/env python -# release.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -""" -Tool to generate TUF related files after a release - -The 'repo' folder should contain two folders: - - 'metadata.staged' with all the jsons from the previows release - - 'targets' where the release targets are -""" - -import datetime -import os.path -import sys - -from tuf.repository_tool import load_repository -from tuf.repository_tool import import_rsa_privatekey_from_file - -""" -Days until the expiration of targets.json and snapshot.json. After this ammount -of days the TUF client won't accept this files. -""" -EXPIRATION_DAYS = 90 - - -def usage(): - print "Usage: %s repo key" % (sys.argv[0],) - - -def main(): - if len(sys.argv) < 3: - usage() - return - - repo_path = sys.argv[1] - key_path = sys.argv[2] - targets = Targets(repo_path, key_path) - targets.build() - - print "%s/metadata.staged/(targets|snapshot).json[.gz] are ready" % \ - (repo_path,) - - -class Targets(object): - """ - Targets builder class - """ - - def __init__(self, repo_path, key_path): - """ - Constructor - - :param repo_path: path where the repo lives - :type repo_path: str - :param key_path: path where the private targets key lives - :type key_path: str - """ - self._repo_path = repo_path - self._key = import_rsa_privatekey_from_file(key_path) - - def build(self): - """ - Generate snapshot.json[.gz] and targets.json[.gz] - """ - self._repo = load_repository(self._repo_path) - self._load_targets() - - self._repo.targets.load_signing_key(self._key) - self._repo.snapshot.load_signing_key(self._key) - self._repo.targets.compressions = ["gz"] - self._repo.snapshot.compressions = ["gz"] - self._repo.snapshot.expiration = ( - datetime.datetime.now() + - datetime.timedelta(days=EXPIRATION_DAYS)) - self._repo.targets.expiration = ( - datetime.datetime.now() + - datetime.timedelta(days=EXPIRATION_DAYS)) - self._repo.write_partial() - - def _load_targets(self): - """ - Load a list of targets - """ - targets_path = os.path.join(self._repo_path, 'targets') - target_list = self._repo.get_filepaths_in_directory( - targets_path, - recursive_walk=True, - followlinks=True) - - self._remove_obsolete_targets(target_list) - - for target in target_list: - octal_file_permissions = oct(os.stat(target).st_mode)[3:] - custom_file_permissions = { - 'file_permissions': octal_file_permissions - } - self._repo.targets.add_target(target, custom_file_permissions) - - def _remove_obsolete_targets(self, target_list): - """ - Remove obsolete targets from TUF targets - - :param target_list: list of targets on full path comming from TUF - get_filepaths_in_directory - :type target_list: list(str) - """ - targets_path = os.path.join(self._repo_path, 'targets') - relative_path_list = map(lambda t: t.split("/targets")[1], target_list) - removed_targets = (set(self._repo.targets.target_files.keys()) - - set(relative_path_list)) - - for target in removed_targets: - target_rel_path = target - if target[0] == '/': - target_rel_path = target[1:] - target_path = os.path.join(targets_path, target_rel_path) - self._repo.targets.remove_target(target_path) - - -if __name__ == "__main__": - main() -- cgit v1.2.3 From 8e29190cdf9ef5190e0f7ee3faccb62eb841cb26 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 24 Nov 2014 18:06:47 -0200 Subject: Add script to enable ipdb debugging in bundle directories. --- pkg/tools/enable_ipdb.sh | 78 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100755 pkg/tools/enable_ipdb.sh (limited to 'pkg') diff --git a/pkg/tools/enable_ipdb.sh b/pkg/tools/enable_ipdb.sh new file mode 100755 index 00000000..42ea96a9 --- /dev/null +++ b/pkg/tools/enable_ipdb.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +# This script installs modules needed for using IPythin debug shell in a +# Bitmask bundle directory. It uses a python virtual environment in which it +# installs needed modules and then links them into the appropriate directory +# inside the bundle directory. + +MODULES="ast.py runpy.py" +SITE_MODULES="ipdb IPython simplegeneric.py decorator.py pexpect" + +if [ $# != 1 ]; then + echo "Usage: $0 bundle_path" + exit 1 +fi + +BUNDLE_PATH=`echo $1 | sed -e "s/\/\$//"` +BUNDLE_LIB=${BUNDLE_PATH}/lib +BUNDLE_VENV=${BUNDLE_PATH}/.venv + +function check_bundle_dirs() { + if [ ! -d ${BUNDLE_PATH} ]; then + echo "Argument ${BUNDLE_PATH} is not a directory." + exit 2 + fi + + if [ ! -d ${BUNDLE_LIB} ]; then + echo "Expected library directory ${BUNDLE_LIB} is not a directory." + exit 2 + fi + + if [ ! -w ${BUNDLE_LIB} ]; then + echo "Directory ${BUNDLE_LIB} is not writable." + exit 2 + fi +} + +function confirm_installation() { + echo -n "Are you sure you want to enable IPython debugger in ${BUNDLE_PATH} (y/N)? " + read confirm + if [[ "${confirm}" != "y" && "${confirm}" != "Y" ]]; then + echo "Bailing out..." + exit 0 + fi +} + +function setup_virtualenv() { + if [ ! -d ${BUNDLE_VENV} ]; then + virtualenv ${BUNDLE_VENV} + fi + source ${BUNDLE_VENV}/bin/activate + pip install ipdb +} + +function link_modules() { + for package in ${MODULES}; do + package_path=${BUNDLE_LIB}/${package} + if [[ ! -f ${package_path} && ! -d ${package_path} ]]; then + ln -sf /usr/lib/python2.7/${package} ${BUNDLE_LIB} + fi + done + for package in ${SITE_MODULES}; do + package_path=${BUNDLE_LIB}/${package} + if [[ ! -f ${package_path} && ! -d ${package_path} ]]; then + ln -sf ${BUNDLE_VENV}/lib/python2.7/site-packages/${package} ${BUNDLE_LIB} + fi + done +} + +function main() { + check_bundle_dirs + confirm_installation + setup_virtualenv + link_modules + echo "All done." + exit 0 +} + +main -- cgit v1.2.3 From 43a67207845943d5e93c51844feb6666ac1911f5 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 25 Nov 2014 12:04:31 +0100 Subject: fix typo, add license --- pkg/tools/enable_ipdb.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/tools/enable_ipdb.sh b/pkg/tools/enable_ipdb.sh index 42ea96a9..00a9235b 100755 --- a/pkg/tools/enable_ipdb.sh +++ b/pkg/tools/enable_ipdb.sh @@ -1,10 +1,27 @@ #!/bin/sh -# This script installs modules needed for using IPythin debug shell in a +# enable_ipdb.sh +# This script installs modules needed for using IPython debug shell in a # Bitmask bundle directory. It uses a python virtual environment in which it # installs needed modules and then links them into the appropriate directory # inside the bundle directory. +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + MODULES="ast.py runpy.py" SITE_MODULES="ipdb IPython simplegeneric.py decorator.py pexpect" -- cgit v1.2.3 From 54521d35d239c2e62d42e9c77690b9d1bc94f7db Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 7 Jan 2015 18:49:26 -0300 Subject: Support for 'nobody' (used on Arch) group name. --- pkg/linux/bitmask-root | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'pkg') diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 622a0b8a..6fb1f0b3 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -51,7 +51,29 @@ cmdcheck = subprocess.check_output # CONSTANTS # -VERSION = "4" + +def get_no_group_name(): + """ + Return the right group name to use for the current OS. + Examples: + - Ubuntu: nogroup + - Arch: nobody + + :rtype: str or None + """ + import grp + try: + grp.getgrnam('nobody') + return 'nobody' + except KeyError: + try: + grp.getgrnam('nogroup') + return 'nogroup' + except KeyError: + return None + + +VERSION = "5" SCRIPT = "bitmask-root" NAMESERVER = "10.42.0.1" BITMASK_CHAIN = "bitmask" @@ -68,7 +90,7 @@ IPTABLES = "/sbin/iptables" IP6TABLES = "/sbin/ip6tables" OPENVPN_USER = "nobody" -OPENVPN_GROUP = "nogroup" +OPENVPN_GROUP = get_no_group_name() LEAPOPENVPN = "LEAPOPENVPN" OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle @@ -83,10 +105,12 @@ FIXED_FLAGS = [ "--management-signal", "--script-security", "1", "--user", "nobody", - "--group", "nogroup", "--remap-usr1", "SIGTERM", ] +if OPENVPN_GROUP is not None: + FIXED_FLAGS.extend(["--group", OPENVPN_GROUP]) + ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], -- cgit v1.2.3