| blob | 247d1e6d2e576f80bc42a0d28b93b93c78de2c5a |
1 #!/usr/bin/python2.7
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
23 #
24 # Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
25 #
27 #
28 # NOTE: Any changes to this file are considered a change in client api
29 # interfaces and must be fully documented in doc/client_api_versions.txt
30 # if they are visible changes to the public interfaces provided.
31 #
32 # This also means that changes to the interfaces here must be reflected in
33 # the client version number and compatible_versions specifier found in
34 # modules/client/api.py:__init__.
35 #
37 import calendar
38 import collections
39 import copy
40 import cStringIO
42 import errno
43 import hashlib
44 import os
45 import pycurl
46 import shutil
47 import tempfile
48 import time
49 import urllib
50 import urlparse
51 import uuid
71 PKG_RO_FILE_MODE
73 # The "core" type indicates that a repository contains all of the dependencies
74 # declared by packages in the repository. It is primarily used for operating
75 # system repositories.
78 # The "supplemental" type indicates that a repository contains packages that
79 # rely on or are intended to be used with packages located in another
80 # repository.
83 # Mapping of constant values to names (in the event these ever get changed to
84 # numeric values or it is decided they need "prettier" or different labels).
85 REPO_COLLECTION_TYPES = {
88 }
90 # Supported Protocol Schemes
94 # SSL Protocol Schemes
97 # Supported RepositoryURI sorting policies.
100 # Sort policy mapping.
101 URI_SORT_POLICIES = {
103 }
105 # The strings in the value field refer to the boolean properties of the
106 # Cryptography extension classes. If a property has a value True set, it means
107 # this property is added as an extension value in the certificate generation,
108 # and vice versa.
109 EXTENSIONS_VALUES = {
114 }
116 # Only listed extension values (properties) here can have a value True set in a
117 # certificate extension; any other properties with a value True set will be
118 # treated as unsupported.
119 SUPPORTED_EXTENSION_VALUES = {
122 }
124 # These dictionaries map uses into their extensions.
125 CODE_SIGNING_USE = {
127 }
129 CERT_SIGNING_USE = {
132 }
134 CRL_SIGNING_USE = {
136 }
140 # A special token used in place of the system repository URL which is
141 # replaced at runtime by the actual address and port of the
142 # system-repository.
146 """Class representing a repository URI and any transport-related
147 information."""
149 # These properties are declared here so that they show up in the pydoc
150 # documentation as private, and for clarity in the property declarations
151 # found near the end of the class definition.
159 # Used to store the id of the original object this one was copied
160 # from during __copy__.
167 # Must set first.
173 # Note that the properties set here are intentionally lacking
174 # the '__' prefix which means assignment will occur using the
175 # get/set methods declared for the property near the end of
176 # the class definition.
181 # The proxy parameter is deprecated and remains for backwards
182 # compatibity, for now. If we get given both, then we must
183 # complain - this error is for internal use only.
186 "'proxy' values were used to create a "
201 return uri
208 return False
215 return True
234 return None
240 return
244 p = proxy
264 # for now, we only support a single proxy per RepositoryURI
310 # if we're setting the URI to an existing value, do nothing.
312 return
314 # This is not ideal, but determining whether we're operating
315 # on a ProxyURI saves us duplicating code in that class,
316 # which we would otherwise need, due to __protected members
317 # here.
323 # Decompose URI to verify attributes.
330 # The set of currently supported protocol schemes.
332 SUPPORTED_PROXY_SCHEMES:
338 # XXX valid_pub_url's check isn't quite right and could prevent
339 # usage of IDNs (international domain names).
347 # Normalize URI scheme.
361 """Allow the __uri field of the object to be overridden in
362 special cases."""
371 """Change the scheme of this uri."""
377 return
382 """Get the host and port of this URI if it's a http uri."""
387 return netloc
391 """Returns the URI path as a pathname if the URI is a file
392 URI or '' otherwise."""
410 "An integer value representing the importance of this repository "
417 "A list of proxies that can be used to access this repository."
418 "At runtime, a $http_proxy environment variable might override this."
419 )
421 @property
423 """The URI scheme."""
430 "A boolean value indicating whether any URI provided for this "
431 "object should have a trailing slash appended when setting the "
436 """A class to represent the URI of a proxy. The 'uri' value can be
437 'None' if 'system' is set to True."""
446 """A property to specify whether we should use the system
447 publisher as the proxy. Note that this method modifies the
448 'uri' property when set or cleared."""
454 # Set a special value for the uri, intentionally an
455 # invalid URI which should get caught by any consumers
456 # using it by mistake. This also allows us to reuse
457 # the __eq__, __cmp__, etc. methods from the parent
458 # (where there is no public way of setting the URI to
459 # SYSREPO_PROXY, '<sysrepo>')
465 """A method used to prevent certain properties defined in the
466 parent class from being set on ProxyURI objects."""
468 # We don't expect this string to be exposed to users.
475 # Ensure we can't set any of the following properties.
493 """A TransportRepoURI allows for multiple representations of a given
494 RepositoryURI, each with different properties.
496 One RepositoryURI could be represented by several TransportRepoURIs,
497 used to allow the transport to properly track repo statistics for
498 for each discrete path to a given URI, perhaps using different proxies
499 or trying one of several SSL key/cert pairs."""
503 # Must set first.
518 return False
526 return True
539 return res
542 """Returns a value that can be used to identify this RepoURI
543 uniquely for the transport system. Normally, this would be done
544 using __hash__() however, TransportRepoURI objects are not
545 guaranteed to be immutable.
547 The key is a (uri, proxy) tuple, where the proxy is
548 the proxy used to reach that URI. Note that in the transport
549 system, we may choose to override the proxy value here.
551 If this key format changes, a corresponding change should be
552 made in pkg.client.transport.engine.__cleanup_requests(..)"""
572 # Changing the proxy value causes us to clear any cached
573 # value we have in __runtime_proxy.
577 """Returns the proxy that should be used at runtime, which may
578 differ from the persisted proxy value. We check for http_proxy,
579 https_proxy and all_proxy OS environment variables.
581 To avoid repeated environment lookups, we cache the results."""
583 # we don't permit the proxy used by system publishers to be
584 # overridden by environment variables.
594 """The runtime proxy value is always computed dynamically,
595 we should not allow a caller to set it."""
599 @staticmethod
601 """Build a list of TransportRepositoryURI objects using
602 properties from the given RepositoryURI, 'repouri'.
604 This is to allow the transport to try different paths to
605 a given RepositoryURI, if more than one is possible."""
607 trans_repouris = []
608 # we just use the proxies for now, but in future, we may want
609 # other per-origin/mirror properties
627 return trans_repouris
630 "The proxy that is used to access this repository."
631 "At runtime, a $http_proxy environnent variable might override this."
632 )
635 "The proxy to use to access this repository. This value checks"
640 """Class representing a repository object.
642 A repository object represents a location where clients can publish
643 and retrieve package content and/or metadata. It has the following
644 characteristics:
646 - may have one or more origins (URIs) for publication and
647 retrieval of package metadata and content.
649 - may have zero or more mirrors (URIs) for retrieval of package
650 content."""
652 # These properties are declared here so that they show up in the pydoc
653 # documentation as private, and for clarity in the property declarations
654 # found near the end of the class definition.
656 __legal_uris = []
657 __mirrors = []
658 __origins = []
661 __related_uris = []
662 __sort_policy = URI_SORT_PRIORITY
664 # Used to store the id of the original object this one was copied
665 # from during __copy__.
676 """Initializes a repository object.
678 'collection_type' is an optional constant value indicating the
679 type of packages in the repository.
681 'description' is an optional string value containing a
682 descriptive paragraph for the repository.
684 'legal_uris' should be a list of RepositoryURI objects or URI
685 strings indicating where licensing, legal, and terms of service
686 information for the repository can be found.
688 'mirrors' is an optional list of RepositoryURI objects or URI
689 strings indicating where package content can be retrieved.
691 'name' is an optional, short, descriptive name for the
692 repository.
694 'origins' should be a list of RepositoryURI objects or URI
695 strings indicating where package metadata can be retrieved.
697 'refresh_seconds' is an optional integer value indicating the
698 number of seconds clients should wait before refreshing cached
699 repository catalog or repository metadata information.
701 'registered' is an optional boolean value indicating whether
702 a client has registered with the repository's publisher.
704 'registration_uri' is an optional RepositoryURI object or a URI
705 string indicating a location clients can use to register or
706 obtain credentials needed to access the repository.
708 'related_uris' is an optional list of RepositoryURI objects or a
709 list of URI strings indicating the location of related
710 repositories that a client may be interested in.
712 'sort_policy' is an optional constant value indicating how
713 legal_uris, mirrors, origins, and related_uris should be
714 sorted."""
716 # Note that the properties set here are intentionally lacking
717 # the '__' prefix which means assignment will occur using the
718 # get/set methods declared for the property near the end of
719 # the class definition.
721 # Must be set first so that it will apply to attributes set
722 # afterwards.
766 return repo
770 value = []
774 uris = []
783 return uris
828 """Adds the specified legal URI to the repository.
830 'uri' can be a RepositoryURI object or a URI string. If
831 it is a RepositoryURI object, all other parameters will be
832 ignored."""
839 """Adds the specified mirror to the repository.
841 'mirror' can be a RepositoryURI object or a URI string. If
842 it is a RepositoryURI object, all other parameters will be
843 ignored."""
850 mirror)
852 mirror)
859 """Adds the specified origin to the repository.
861 'origin' can be a RepositoryURI object or a URI string. If
862 it is a RepositoryURI object, all other parameters will be
863 ignored."""
870 origin)
872 origin)
879 """Adds the specified related URI to the repository.
881 'uri' can be a RepositoryURI object or a URI string. If
882 it is a RepositoryURI object, all other parameters will be
883 ignored."""
889 """Returns a RepositoryURI object representing the mirror
890 that matches 'mirror'.
892 'mirror' can be a RepositoryURI object or a URI string."""
898 return m
902 """Returns a RepositoryURI object representing the origin
903 that matches 'origin'.
905 'origin' can be a RepositoryURI object or a URI string."""
911 return o
915 """Returns a boolean value indicating whether a matching
916 'mirror' exists for the repository.
918 'mirror' can be a RepositoryURI object or a URI string."""
925 """Returns a boolean value indicating whether a matching
926 'origin' exists for the repository.
928 'origin' can be a RepositoryURI object or a URI string."""
935 """Removes the legal URI matching 'uri' from the repository.
937 'uri' can be a RepositoryURI object or a URI string."""
941 # Immediate return as the index into the array
942 # changes with each removal.
944 return
948 """Removes the mirror matching 'mirror' from the repository.
950 'mirror' can be a RepositoryURI object or a URI string."""
959 # Immediate return as the index into the array
960 # changes with each removal.
962 return
966 """Removes the origin matching 'origin' from the repository.
968 'origin' can be a RepositoryURI object or a URI string."""
977 # Immediate return as the index into the array
978 # changes with each removal.
980 return
984 """Removes the related URI matching 'uri' from the repository.
986 'uri' can be a RepositoryURI object or a URI string."""
990 # Immediate return as the index into the array
991 # changes with each removal.
993 return
998 """Updates an existing mirror object matching 'mirror'.
1000 'mirror' can be a RepositoryURI object or a URI string.
1002 This method is deprecated, and may be removed in future API
1003 versions."""
1018 """Updates an existing origin object matching 'origin'.
1020 'origin' can be a RepositoryURI object or a URI string.
1022 This method is deprecated, and may be removed in future API
1023 versions."""
1037 """Discards the current list of repository mirrors."""
1042 """Discards the current list of repository origins."""
1048 """A constant value indicating the type of packages in the
1049 repository. The following collection types are recognized:
1051 REPO_CTYPE_CORE
1052 The "core" type indicates that the repository contains
1053 all of the dependencies declared by packages in the
1054 repository. It is primarily used for operating system
1055 repositories.
1057 REPO_CTYPE_SUPPLEMENTAL
1058 The "supplemental" type indicates that the repository
1059 contains packages that rely on or are intended to be
1064 """A list of RepositoryURI objects indicating where licensing,
1065 legal, and terms of service information for the repository can be
1069 """A list of RepositoryURI objects indicating where package content
1070 can be retrieved. If any value in the list provided is a URI
1074 """A list of RepositoryURI objects indicating where package content
1075 can be retrieved. If any value in the list provided is a URI
1080 """A RepositoryURI object indicating a location clients can use to
1081 register or obtain credentials needed to access the repository. If
1082 the value provided is a URI string, it will be replaced with a
1087 """A list of RepositoryURI objects indicating the location of
1088 related repositories that a client may be interested in. If any
1089 value in the list provided is a URI string, it will be replaced with
1094 """An integer value indicating the number of seconds clients should
1095 wait before refreshing cached repository metadata information. A
1096 value of None indicates that refreshes should be performed at the
1101 """A constant value indicating how legal_uris, mirrors, origins, and
1102 related_uris should be sorted. The following policies are
1103 recognized:
1105 URI_SORT_PRIORITY
1106 The "priority" policy indicate that URIs should be
1107 sorted according to the value of their priority
1112 """Class representing a publisher object and a set of interfaces to set
1113 and retrieve its information.
1115 A publisher is a forward or reverse domain name identifying a source
1116 (e.g. "publisher") of packages."""
1118 # These properties are declared here so that they show up in the pydoc
1119 # documentation as private, and for clarity in the property declarations
1120 # found near the end of the class definition.
1132 # Used to store the id of the original object this one was copied
1133 # from during __copy__.
1136 # Used to record those CRLs which are unreachable during the current
1137 # operation.
1144 """Initialize a new publisher object.
1146 'catalog' is an optional Catalog object to use in place of
1147 retrieving one from the publisher's meta_root. This option
1148 may only be used when meta_root is not provided.
1149 """
1160 # Note that the properties set here are intentionally lacking
1161 # the '__' prefix which means assignment will occur using the
1162 # get/set methods declared for the property near the end of
1163 # the class definition.
1178 # Writing out an EmptyI to a config file and reading it back
1179 # in doesn't work correctly at the moment, but reading and
1180 # writing an empty list does. So if intermediate_certs is empty,
1181 # make sure it's stored as an empty list.
1182 #
1183 # The relevant implementation is probably the line which
1184 # strips ][ from the input in imageconfig.read_list.
1204 # A dictionary to story the mapping for subject -> certificate
1205 # for those certificates we couldn't store on disk.
1208 # Must be done last.
1218 @staticmethod
1220 """Supports deprecated compatibility interface."""
1238 return pub
1245 return False
1248 """Deprecated compatibility interface allowing publisher
1249 attributes to be read as pub["attribute"]."""
1263 return None
1267 return None
1271 return None
1276 return None
1283 return None
1284 raise
1292 return True
1298 # Aliases must comply with the same restrictions that prefixes
1299 # have as they are intended to be useable in any case where
1300 # a prefix may be used.
1318 return
1326 # If no value was provided, attempt to remove the
1327 # tracking file.
1331 # If the file can't be removed due to
1332 # permissions, a read-only filesystem, or
1333 # because it doesn't exist, continue on.
1336 raise
1337 return
1341 # If the file is a symlink we catch an
1342 # exception and do not update the file.
1355 # If the file can't be written due to
1356 # permissions or because the filesystem is
1357 # read-only, continue on.
1359 raise
1361 # If a time was provided, write out a special file that
1362 # can be used to track the information with the actual
1363 # time (in UTC) contained within.
1367 raise
1369 # Assume meta_root doesn't exist and create it.
1373 # If the directory can't be created due to
1374 # permissions, move on.
1375 pass
1377 # If the directory can't be created due to a
1378 # read-only filesystem, move on.
1380 raise
1382 # Try one last time.
1423 """Private helper function to check the publisher's metadata
1424 for configuration or other issues and log appropriate warnings
1425 or errors. Currently only checks catalog metadata."""
1429 # Nothing to validate.
1430 return
1432 # Validation doesn't apply.
1433 return
1435 # Nothing to do.
1436 return
1438 # XXX For now, perform this check using the catalog data.
1439 # In the future, it should be done using the output of the
1440 # publisher/0 operation.
1448 of the following origin(s):
1450 {origins}
1452 The catalog retrieved from one of the origin(s) listed above only
1459 This is either a result of invalid origin information being provided
1461 provided when this publisher was added.
1463 # Remaining messages are for pkg client only.
1464 return
1467 To resolve this issue, correct the origin information provided for
1470 publisher.
1475 To re-add this publisher with the correct name, execute the following
1476 commands as a privileged user:
1481 return
1484 The origin(s) listed above contain package data for more than one
1485 publisher, but this issue can likely be resolved by executing one
1486 of the following commands as a privileged user:
1495 Afterwards, the old publisher should be removed by executing the
1496 following command as a privileged user:
1501 @property
1503 """A reference to the Catalog object for the publisher's
1504 selected repository, or None if available."""
1509 return None
1514 # Current meta_root structure is likely in
1515 # a state of transition, so don't provide a
1516 # meta_root. Assume that an empty catalog
1517 # is desired instead. (This can happen during
1518 # an image format upgrade.)
1524 @property
1526 """The absolute pathname of the directory containing the
1527 Catalog data for the publisher, or None if meta_root is
1528 not defined."""
1534 """Create the publisher's meta_root."""
1551 # If the path already exists, move on.
1552 # Otherwise, raise the exception.
1553 raise
1554 # Optional roots not needed for all operations.
1561 pass
1563 # If the path already exists, move on.
1564 # Otherwise, raise the exception.
1565 raise
1568 """Returns a list of Repository objects representing the unique
1569 groups of origins available. Each group is based on the origins
1570 that share identical package catalog data."""
1573 # Guard against failure for publishers with no
1574 # transport information.
1578 # No way to identify unique sets.
1581 # Index origins by tuple of (catalog creation, catalog modified)
1593 # Now return a list of Repository objects (copies of the
1594 # currently selected one) assigning each set of origins.
1595 # Sort by index to ensure consistent ordering.
1596 rval = []
1602 return rval
1605 """Returns whether this publisher has any configuration which
1606 should prevent its removal."""
1612 @property
1614 """A boolean value indicating whether the publisher's
1615 metadata for the currently selected repository needs to be
1616 refreshed."""
1619 # Nowhere to obtain metadata from; this should rarely
1620 # occur except during publisher initialization.
1621 return False
1625 # There is no record of when the publisher metadata was
1626 # last refreshed, so assume it should be refreshed now.
1627 return True
1634 # There is no indicator of how often often publisher
1635 # metadata should be refreshed, so assume it should be
1636 # now.
1637 return True
1640 # The number of seconds that has elapsed since the
1641 # publisher metadata was last refreshed exceeds or
1642 # equals the specified interval.
1643 return True
1644 return False
1648 return
1649 # A digest of the URI string is used here to attempt to avoid
1650 # path length problems. In order for this image to interoperate
1651 # with older clients, we must use sha-1 here.
1657 return
1662 """Private helper function that builds publisher catalog based
1663 on catalog from each origin."""
1665 # First, remove catalogs for any origins that no longer exist.
1666 # We must interoperate with older clients, so force the use of
1667 # sha-1 here.
1668 ohashes = [
1671 ]
1678 continue
1680 # Discard anything that isn't an origin.
1681 pass
1683 # An origin was removed, so publisher should inform
1684 # image to force image catalog rebuild.
1687 # Not an origin or origin no longer exists; either way,
1688 # it shouldn't exist here.
1697 # if the catalog already exists on disk, is empty, and if
1698 # no origins are configured, we're done.
1702 return removals
1704 # Discard existing catalog.
1708 # Ensure all old catalog files are removed.
1718 # If there's only one origin, then just symlink its catalog
1719 # files into place.
1720 # Symlinking includes updates for publication tools.
1729 fname)
1732 return removals
1734 # If there's more than one origin, then create a new catalog
1735 # based on a composite of the catalogs for all origins.
1739 # Mark all operations as occurring at this time.
1748 # Client hasn't retrieved this part.
1749 continue
1754 # Avoid accessor overhead since these will be
1755 # used for every entry.
1769 # Don't care.
1770 continue
1772 # Destination entry is in
1773 # catalog already.
1778 s
1781 )
1783 s
1786 )
1789 # Ignore any packages
1790 # that are different
1791 # from the first
1792 # encountered for this
1793 # package version.
1794 # The client expects
1795 # these to always be
1796 # the same. This seems
1797 # saner than failing.
1798 continue
1801 # Nothing to do.
1802 continue
1804 # Destination entry is one just
1805 # added.
1809 }
1819 # Now go back and trim each entry to minimize footprint. This
1820 # ensures each package entry only has state and source info
1821 # recorded when needed.
1826 # Package is available from all origins, so
1827 # there's no need to require which ones
1828 # have it.
1832 # At least one source is not V0, so the lazy-
1833 # load fallback for the package metadata isn't
1834 # needed.
1837 # Ensure only one instance of state value.
1843 # Finally, write out publisher catalog.
1847 return removals
1850 """Transforms the contents of the provided version 0 Catalog
1851 into a version 1 Catalog, replacing the current Catalog."""
1855 # last_modified can be none if the catalog is empty.
1858 # There's no point in signing this catalog since it's simply
1859 # a transformation of a v0 catalog.
1863 # A check for a previous non-zero package count is made to
1864 # determine whether the last_modified date alone can be
1865 # relied on. This works around some oddities with empty
1866 # v0 catalogs.
1868 # Could be 'None'
1875 # Already converted.
1876 return
1877 # Simply rebuild the entire v1 catalog every time, this
1878 # avoids many of the problems that could happen due to
1879 # deficiencies in the v0 implementation.
1885 # Now populate the v1 Catalog with the v0 Catalog's data.
1889 # Normally, the Catalog's attributes are automatically
1890 # populated as a result of catalog operations. But in
1891 # this case, we want the v1 Catalog's attributes to
1892 # match those of the v0 catalog.
1895 # While this is a v1 catalog format-wise, v0 data is stored.
1896 # This allows consumers to be aware that certain data won't be
1897 # available in this catalog (such as dependencies, etc.).
1900 # Finally, save the new Catalog, and replace the old in-memory
1901 # catalog.
1907 """The method to refresh the publisher's metadata against
1908 a catalog/0 source. If the more recent catalog/1 version
1909 isn't supported, this routine gets invoked as a fallback.
1910 Returns a tuple of (changed, refreshed) where 'changed'
1911 indicates whether new catalog data was found and 'refreshed'
1912 indicates that catalog data was actually retrieved to determine
1913 if there were any updates."""
1918 # Catalog needs v0 -> v1 transformation if repository only
1919 # offers v0 catalog.
1937 raise
1944 # No refresh needed.
1949 # Note that this currently retrieves a v0 catalog that
1950 # has to be converted to v1 format.
1954 # If an incremental update fails, attempt a full
1955 # catalog retrieval instead.
1965 raise
1974 # If the catalog was rebuilt, or the timestamp of the
1975 # catalog changed, then an update has occurred.
1981 """The method to refresh the publisher's metadata against
1982 a catalog/1 source. If the more recent catalog/1 version
1983 isn't supported, __refresh_v0 is invoked as a fallback.
1984 Returns a tuple of (changed, refreshed) where 'changed'
1985 indicates whether new catalog data was found and 'refreshed'
1986 indicates that catalog data was actually retrieved to determine
1987 if there were any updates."""
1989 # If full_refresh is True, then redownload should be True to
1990 # ensure a non-cached version of the catalog is retrieved.
1991 # If full_refresh is False, but mismatched is True, then
1992 # the retrieval requests should indicate that content should
1993 # be revalidated before being returned. Note that this
1994 # only applies to the catalog v1 case.
1995 redownload = full_refresh
2005 # No v1 catalogs available.
2007 # Ensure v1 -> v0 transition works right.
2011 repo)
2013 # If a v0 catalog is present, remove it before proceeding to
2014 # ensure transitions between catalog versions work correctly.
2020 # If above succeeded, we now have a catalog.attrs file. Parse
2021 # this to determine what other constituent parts need to be
2022 # downloaded.
2023 flist = []
2032 # XXX Skip parts that aren't in the C locale for
2033 # now.
2035 continue
2042 # More catalog files to retrieve.
2049 # Couldn't find a v1 catalog after getting one
2050 # before. This would be a bizzare error, but we
2051 # can try for a v0 catalog anyway.
2055 # Clear _catalog, so we'll read in the new catalog.
2059 # At this point the client should have a set of the constituent
2060 # pieces that are necessary to construct a catalog. If a
2061 # catalog already exists, call apply_updates. Otherwise,
2062 # move the files to the appropriate location.
2068 # This is a full refresh. Destroy
2069 # the existing catalog.
2077 # Apply_updates validates the newly constructed catalog.
2078 # If refresh didn't call apply_updates, arrange to
2079 # have the new catalog validated.
2087 # If signature validation fails here, that means
2088 # that the attributes and individual parts were
2089 # self-consistent and not corrupt, but that the
2090 # attributes and parts didn't match. This could
2091 # be the result of a broken source providing
2092 # an attributes file that is much older or newer
2093 # than the catalog parts being provided.
2100 """Private helper method used to refresh catalog data for each
2101 origin. Returns a tuple of (changed, refreshed) where 'changed'
2102 indicates whether new catalog data was found and 'refreshed'
2103 indicates that catalog data was actually retrieved to determine
2104 if there were any updates."""
2106 # Create a copy of the current repository object that only
2107 # contains the origin specified.
2111 # Create temporary directory for assembly of catalog pieces.
2122 raise
2124 # Ensure that the temporary directory gets removed regardless
2125 # of success or failure.
2132 # Perform publisher metadata sanity checks.
2135 return rval
2137 # Cleanup tempdir.
2142 """The method to handle the overall refresh process. It
2143 determines if a refresh is actually needed, and then calls
2144 the first version-specific refresh method in the chain."""
2156 # If a catalog hasn't been retrieved for
2157 # any of the origins, then a refresh is
2158 # needed now.
2160 break
2162 # Ensure consistent directory structure.
2165 # Check if we already have a v1 catalog on disk.
2167 # If catalog is on disk, check if refresh is necessary.
2169 # No refresh needed.
2170 return False
2185 # Update refresh time.
2188 # Finally, build a new catalog for this publisher based on a
2189 # composite of the catalogs from all origins.
2193 return any_changed
2197 """Refreshes the publisher's metadata, returning a boolean
2198 value indicating whether any updates to the publisher's
2199 metadata occurred.
2201 'full_refresh' is an optional boolean value indicating whether
2202 a full retrieval of publisher metadata (e.g. catalogs) or only
2203 an update to the existing metadata should be performed. When
2204 True, 'immediate' is also set to True.
2206 'immediate' is an optional boolean value indicating whether
2207 a refresh should occur now. If False, a publisher's selected
2208 repository will be checked for updates only if needs_refresh
2209 is True.
2211 'include_updates' is an optional boolean value indicating
2212 whether all catalog updates should be retrieved additionally to
2213 the catalog."""
2224 # Completely unexpected failure.
2225 # These exceptions should never
2226 # be raised for a full refresh
2227 # case anyway, so the error should
2228 # definitely be raised.
2229 raise
2231 # The incremental update likely failed for one or
2232 # more of the following reasons:
2233 #
2234 # * The origin for the publisher has changed.
2235 #
2236 # * The catalog that the publisher is offering
2237 # is now completely different (due to a restore
2238 # from backup or --rebuild possibly).
2239 #
2240 # * The catalog that the publisher is offering
2241 # has been restored to an older version, and
2242 # packages that already exist in this client's
2243 # copy of the catalog have been re-addded.
2244 #
2245 # * The type of incremental update operation that
2246 # that was performed on the catalog isn't supported
2247 # by this version of the client, so a full retrieval
2248 # is required.
2249 #
2253 # If this was a full refresh, don't bother
2254 # retrying as it implies that the content
2255 # retrieved wasn't cached.
2256 raise
2258 # Retrieval of the catalog attributes and/or parts was
2259 # successful, but the identity (digest or other
2260 # information) didn't match the catalog attributes.
2261 # This could be the result of a misbehaving or stale
2262 # cache.
2267 # Assembly of the catalog failed, but this could be due
2268 # to a transient error. So, retry at least once more.
2272 # Assembly of the catalog failed, but this could be due
2273 # to a transient error. So, retry at least once more.
2277 """Removes the publisher's meta_root."""
2293 raise
2296 """Replaces the current client_uuid with a new UUID."""
2301 """Verify that the publisher's configuration (such as prefix)
2302 matches that provided by the repository. If the configuration
2303 does not match as expected, an UnknownRepositoryPublishers
2304 exception will be raised.
2306 'repo_uri' is an optional RepositoryURI object or URI string
2307 containing the location of the repository. If not provided,
2308 the publisher's repository will be used instead."""
2313 # Transport actually allows both type of objects.
2314 repo = self
2316 repo = repo_uri
2323 # Nothing more can be done (because the target origin
2324 # can't be contacted, or because it doesn't support
2325 # retrieval of publisher configuration data).
2326 return
2343 """Add the cert as a CA for manifest signing for this publisher.
2345 The 'cert' parameter is a string of the certificate to add.
2346 """
2350 # If the user had previously revoked this certificate, remove
2351 # the certificate from that list.
2359 """Record that the cert with hash 's' is no longer trusted
2360 as a CA. This method currently assumes it's only invoked as
2361 a result of user action."""
2372 """If the cert with hash 's' has been added or removed by the
2373 user, undo the add or removal."""
2384 @staticmethod
2386 # In order to interoperate with older images, we must use SHA-1
2387 # here.
2391 @staticmethod
2393 """Convert a string to a X509 cert."""
2402 "certificate but it could not be "
2405 "was expected to be a PEM certificate, but it "
2409 """Add the pem representation of the certificate 'cert' to the
2410 certificates this publisher knows about."""
2426 # Note that while we store certs by their subject hashes,
2427 # we use our own hashing since cryptography has no interface
2428 # for the subject hash and other crypto frameworks have been
2429 # inconsistent with OpenSSL.
2439 continue
2445 pass
2448 c)
2450 return pkg_hash
2454 """Given a pkg5 hash, retrieve the cert that's associated with
2455 it.
2457 The 'pkg_hash' parameter contains the file hash of the
2458 certificate to retrieve.
2460 The 'verify_hash' parameter determines the file that's read
2461 from disk matches the expected hash.
2463 The 'only_retrieve' parameter determines whether a X509 object
2464 is built from the certificate retrieved or if the certificate
2465 is only stored on disk. """
2471 return None
2483 pass
2485 return None
2492 pth)
2493 return c
2496 """Rebuild subject hash metadata."""
2498 # clean up the old subject hash files to prevent
2499 # junk files residing in the directory
2503 # if unprivileged user, we can't add
2504 # certs to it
2505 pass
2510 continue
2517 """Given 'name', a Cryptograhy 'Name' object, return the certs
2518 with that name as a subject."""
2520 res = []
2536 # When switching to a different hash algorithm, the hash
2537 # name of file changes so that we couldn't find the
2538 # file. We try harder to rebuild the subject's metadata
2539 # if it's the first time we fail (count == 0).
2546 raise
2551 raise t
2553 return res
2556 """Return a dictionary of the CA certificates for this
2557 publisher."""
2562 # CA certs approved for this publisher are stored by hash to
2563 # prevent the later substitution or confusion over what certs
2564 # have or have not been approved.
2575 """Update the properties set for this publisher with the ones
2576 provided as arguments. The order of application is that any
2577 existing properties are unset, then properties are set to their
2578 new values, then values are added to properties, and finally
2579 values are removed from properties."""
2581 # Delay validation so that any intermittent inconsistent state
2582 # doesn't cause problems.
2584 # Remove existing properties.
2587 # Add or reset new properties.
2589 # Add new values to properties.
2594 "Cannot add a value to a single valued "
2599 # Remove values from properties.
2603 "Cannot remove a value from the property "
2608 "Cannot remove a value from a single "
2609 "valued property, unset must be used. The "
2620 "because the value is not in the "
2627 """Check that the properties set for this publisher are
2628 consistent with each other."""
2635 "At least one name must be provided for "
2639 """CRLs seem to frequently come in DER format, so try reading
2640 the CRL using both of the formats before giving up."""
2657 """Given a URI (for now only http URIs are supported), return
2658 the CRL object created from the file stored at that uri."""
2678 # If we've already read the CRL, use the previously created
2679 # object.
2686 # Check if we already have a CRL for this URI.
2688 # If we already have a CRL that we can read, check
2689 # whether it's time to retrieve a new one from the
2690 # location.
2694 pass
2701 return crl
2702 # If the CRL is already known to be unavailable, don't try
2703 # connecting to it again.
2705 return crl
2706 # If no CRL already exists or it's time to try to get a new one,
2707 # try to retrieve it from the server.
2725 # If the CRL is unavailable, add it to the list
2726 # of bad crls.
2728 # If we should treat failure to get a new CRL
2729 # as a failure, raise an exception here. If not,
2730 # if we should use an old CRL if it exists,
2731 # return that here. If none is available and
2732 # that means the cert should not be treated as
2733 # revoked, return None here.
2734 return crl
2739 return crl
2742 # Because the file was made using mkstemp, we need to
2743 # chmod it to match the other files in var/pkg.
2750 pass
2751 return ncrl
2755 """Verify the signature of a certificate or CRL 'c' against a
2756 provided public key 'key'."""
2773 return True
2775 return False
2778 """Determines whether the certificate has been revoked by the
2779 CRL located at 'crl_uri'.
2781 The 'cert' parameter is the certificate to check for revocation.
2783 The 'ca_dict' is a dictionary which maps subject hashes to
2784 certs treated as trust anchors."""
2788 # If we couldn't retrieve a CRL from the distribution point
2789 # and no CRL is cached on disk, assume the cert has not been
2790 # revoked. It's possible that this should be an image or
2791 # publisher setting in the future.
2793 return True
2795 # A CRL has been found, now it needs to be validated like
2796 # a certificate is.
2805 # If t isn't approved for signing crls,
2806 # the exception __check_extensions
2807 # raises will take the code to the
2808 # except below.
2813 pass
2824 pass
2827 break
2829 return True
2831 # For a certificate to be revoked, its CRL must be validated
2832 # and revoked the certificate.
2837 continue
2846 """Determines whether the certificate has been revoked by one of
2847 its CRLs.
2849 The 'cert' parameter is the certificate to check for revocation.
2851 The 'ca_dict' is a dictionary which maps subject hashes to
2852 certs treated as trust anchors."""
2854 # If the certificate doesn't have a CRL location listed, treat
2855 # it as valid.
2857 # The CRLs to be retrieved are stored in the
2858 # CRLDistributionPoints extensions which is structured like
2859 # this:
2860 #
2861 # CRLDitsributionPoints = [
2862 # CRLDistributionPoint = [
2863 # union {
2864 # full_name = [ GeneralName, ... ]
2865 # relative_name = [ GeneralName, ... ]
2866 # }, ... ]
2867 # , ... ]
2868 #
2869 # Relative names are a feature in X509 certs which allow to
2870 # specify a location relative to another certificate. We are not
2871 # supporting this and I'm not sure anybody is using this for
2872 # CRLs.
2873 # Full names are absolute locations but can be in different
2874 # formats (refer to RFC5280) but in general only the URI type is
2875 # used for CRLs. So this is the only thing we support here.
2881 return
2885 # we don't support relative names
2886 continue
2890 # we only support URIs
2891 continue
2903 """Check whether the critical extensions in this certificate
2904 are supported and allow the provided use(s)."""
2915 continue
2916 # If there is only one extension value, it must
2917 # be the problematic one. Otherwise, we also
2918 # output the first unsupported value as the
2919 # problematic value following extension value.
2941 # Cryptography error:
2942 # encipher_only/decipher_only is
2943 # undefined unless key_agreement
2944 # is true
2947 vs = [
2948 key
2951 ]
2952 # Check whether the values for the extension are
2953 # recognized.
2955 # For each use, check to see whether it's
2956 # permitted by the certificate's extension
2957 # values.
2959 continue
2964 # If the extension name is unrecognized and critical,
2965 # then the chain cannot be verified.
2972 """Validates the certificate against the given trust anchors.
2974 The 'cert' parameter is the certificate to validate.
2976 The 'ca_dict' parameter is a dictionary which maps subject
2977 hashes to certs treated as trust anchors.
2979 The 'cur_pathlen' parameter is an integer indicating how many
2980 certificates have been found between cert and the leaf cert.
2982 The 'use_crls' parameter is a boolean indicating whether
2983 certificates should be checked to see if they've been revoked.
2985 The 'required_names' parameter is a set of strings that must
2986 be seen as a CN in the chain of trust for the certificate."""
2992 certs_with_problems = []
3002 """Function for merging usage dictionaries."""
3009 return res
3014 for c
3017 ]:
3021 usages = {}
3025 # Check whether we can validate this certificate.
3028 # Check whether this certificate has been revoked.
3032 # If this certificate's CN is in the set of required
3033 # names, remove it.
3036 # Find the certificate that issued this certificate.
3041 # See whether this certificate was issued by any of the
3042 # given trust anchors.
3047 # Remove any required names found in the
3048 # trust anchor.
3050 # If there are more names to check for
3051 # continue up the chain of trust to look
3052 # for them.
3055 break
3057 # If the subject and issuer for this certificate are
3058 # identical and the certificate hasn't been verified
3059 # then this is an untrusted self-signed cert and should
3060 # be rejected.
3064 raise \
3066 cert)
3067 # This break should break the
3068 # while continue_loop loop.
3069 break
3071 # If the certificate hasn't been issued by a trust
3072 # anchor or more names need to be found, continue
3073 # looking up the chain of trust.
3076 # Keep track of certs that would have verified
3077 # this certificate but had critical extensions
3078 # we can't handle yet for error reporting.
3079 certs_with_problems = []
3081 # If the certificate is approved to
3082 # sign another certificate, verifies
3083 # the current certificate, and hasn't
3084 # been revoked, consider it as the
3085 # next link in the chain. check_ca
3086 # checks both the basicConstraints
3087 # extension and the keyUsage extension.
3092 # Check whether this certificate
3093 # has a critical extension we
3094 # don't understand.
3098 cur_pathlen)
3104 # If this certificate has no
3105 # problems with it, it's the
3106 # next link in the chain so make
3107 # it the current certificate and
3108 # add one to cur_pathlen since
3109 # there's one more chain cert
3110 # between the code signing cert
3111 # and the root of the chain.
3114 cert = c
3116 break
3117 # If there's not another link in the chain to be
3118 # found, stop the iteration.
3121 # If the certificate wasn't verified against a trust anchor,
3122 # raise an exception.
3125 certs_with_problems)
3131 __set_client_uuid,
3141 "publisher's selected repository was last refreshed for new "
3142 "metadata (such as catalog updates). 'None' if the publisher "
3153 __set_repository,
3161 """Accessor method for properties dictionary"""
3164 @staticmethod
3166 """Take a list in string representation and convert it back
3167 to a Python list."""
3170 # Strip brackets and any whitespace
3172 # Strip comma and any whitespeace
3174 # Strip empty whitespace, single, and double quotation marks
3176 # Eliminate any empty strings
3179 return lst
3182 """Accessor method to add a property"""
3185 "set a property for a system publisher. The "
3200 # If __delay_validation is set, then
3201 # it's possible that
3202 # signature-required-names was
3203 # set by a previous call to set_prop
3204 # file. If so, don't overwrite the
3205 # values that have already been read.
3222 return
3229 """Accessor method for properties"""
3232 "unset a property for a system publisher. The "
3240 """Support iteritems on properties"""
3244 """Support keys() on properties"""
3248 """Support values() on properties"""
3252 """Support getdefault() on properties"""
3256 """Support setdefault() on properties"""
3257 # Must set it this way so that the logic in __set_prop is used.
3262 return value
3265 """Support update() on properties"""
3268 # Must iterate through each value and
3269 # set it this way so that the logic
3270 # in __set_prop is used.
3274 """Support pop() on properties"""
3286 @property
3288 """Return the signature policy for the publisher."""