bin/rm-config

   1 #! /usr/bin/python3
   2
   3 import argparse
   4 import hashlib
   5 import io
   6 import logging
   7 from pathlib import Path
   8 import re
   9 import shlex
  10 import subprocess
  11 import sys
  12 import tempfile
  13 from xdg.BaseDirectory import xdg_config_home  # type: ignore
  14 from voluptuous import Any, Schema  # type: ignore
  15 from voluptuous.validators import (  # type: ignore
  16     And, Date, IsDir, IsFile, Match, NotIn
  17 )
  18 import yaml
  19
  20 LOG_FORMAT = "%(levelname)s %(message)s"
  21 log = logging.getLogger()
  22
  23 STAGES = [
  24     "base",
  25     "built-almost-final",
  26     "finalized-changelog",
  27     "reproduced-images",
  28     "built-iuks",
  29 ]
  30
  31 # pylint: disable=E1120
  32 InputStr = And(str, NotIn(["FIXME"]))
  33 IsBuildManifest = And(IsFile(), Match(re.compile(r".*[.]build-manifest$")))
  34 IsIsoFile = And(IsFile(), Match(re.compile(r".*[.]iso$")))
  35 IsImgFile = And(IsFile(), Match(re.compile(r".*[.]img$")))
  36
  37 STAGE_SCHEMA = {
  38     "base": {
  39         "tails_signature_key": InputStr,
  40         "isos": IsDir(),
  41         "artifacts": IsDir(),
  42         "master_checkout": IsDir(),
  43         "release_checkout": IsDir(),
  44         "version": InputStr,
  45         "previous_version": InputStr,
  46         "previous_stable_version": InputStr,
  47         "next_planned_major_version": InputStr,
  48         "second_next_planned_major_version": InputStr,
  49         "next_planned_bugfix_version": InputStr,
  50         "next_planned_version": InputStr,
  51         "next_potential_emergency_version": InputStr,
  52         "next_stable_changelog_version": InputStr,
  53         "release_date": Date(),
  54         "major_release": Any(0, 1),
  55         "dist": Any("stable", "alpha"),
  56         "release_branch": InputStr,
  57         "tag": InputStr,
  58         "previous_tag": InputStr,
  59         "website_release_branch": InputStr,
  60         "iuks_dir": IsDir(),
  61         "iuks_hashes": InputStr,
  62         "milestone": InputStr,
  63         "tails_signature_key_long_id": InputStr,
  64         "iuk_source_versions": InputStr,
  65     },
  66     "built-almost-final": {
  67         "almost_final_build_manifest": IsBuildManifest,
  68     },
  69     "finalized-changelog": {
  70         "source_date_epoch": int,
  71     },
  72     "reproduced-images": {
  73         "matching_jenkins_images_build_id": int,
  74     },
  75     "built-iuks": {
  76         "iso_path": IsIsoFile,
  77         "img_path": IsImgFile,
  78         "iso_sha256sum": str,
  79         "img_sha256sum": str,
  80         "iso_size_in_bytes": int,
  81         "img_size_in_bytes": int,
  82         "candidate_jenkins_iuks_build_id": int,
  83         "iuks_hashes": IsFile(),
  84     }
  85 }
  86 # pylint: enable=E1120
  87
  88
  89 def git_repo_root():
  90     """Returns the root of the current Git repository as a Path object"""
  91     return Path(
  92         subprocess.check_output(["git", "rev-parse", "--show-toplevel"],
  93                                 encoding="utf8").rstrip("\n"))
  94
  95
  96 def sha256_file(filename):
  97     """Returns the hex-encoded SHA256 hash of FILENAME"""
  98     sha256 = hashlib.sha256()
  99     with io.open(filename, mode="rb") as input_fd:
 100         content = input_fd.read()
 101         sha256.update(content)
 102     return sha256.hexdigest()
 103
 104
 105 class Config():
 106     """Load, validate, generate, and output Release Management configuration"""
 107     def __init__(self, stage: str):
 108         self.stage = stage
 109         self.config_files = [
 110             git_repo_root() / "config/release_management/defaults.yml"
 111         ] + list(
 112             (Path(xdg_config_home) / "tails/release_management").glob("*.yml"))
 113         self.data = self.load_config_files()
 114         self.data.update(self.generate_config())
 115         log.debug("Configuration:\n%s", self.data)
 116         self.validate()
 117
 118     def load_config_files(self):
 119         """
 120         Load all relevant configuration files and return the resulting
 121         configuration dict
 122         """
 123         data = {}
 124         for config_file in self.config_files:
 125             log.debug("Loading %s", config_file)
 126             data.update(yaml.safe_load(open(config_file, 'r')))
 127         return data
 128
 129     def generate_config(self):
 130         """
 131         Returns a dict of supplemental, programmatically-generated,
 132         configuration.
 133         """
 134         version = self.data["version"]
 135         tails_signature_key = self.data["tails_signature_key"]
 136         tag = version.replace("~", "-")
 137         release_branch = "testing" \
 138             if self.data["major_release"] == 1 \
 139             else "stable"
 140         iuks_dir = Path(self.data["isos"]) / "iuks/v2"
 141         iuk_hashes = Path(iuks_dir) / ("to_%s.sha256sum" % version)
 142         iuk_source_versions = subprocess.check_output(
 143             [git_repo_root() / "bin/iuk-source-versions", version],
 144             encoding="utf8").rstrip("\n")
 145         generated_config = {
 146             "release_branch": release_branch,
 147             "tag": tag,
 148             "previous_tag": self.data["previous_version"].replace("~", "-"),
 149             "website_release_branch": "web/release-%s" % tag,
 150             "iuk_source_versions": iuk_source_versions,
 151             "iuks_dir": str(iuks_dir),
 152             "iuks_hashes": str(iuk_hashes),
 153             "milestone": re.sub('~.*', '', self.data["version"]),
 154             "tails_signature_key_long_id": tails_signature_key[24:],
 155         }
 156         if self.stage == 'built-iuks':
 157             iso_path = Path(self.data["isos"]) \
 158                 / ("tails-amd64-%s/tails-amd64-%s.iso" % (version, version))
 159             img_path = Path(self.data["isos"]) \
 160                 / ("tails-amd64-%s/tails-amd64-%s.img" % (version, version))
 161             generated_config.update({
 162                 "iso_path": str(iso_path),
 163                 "img_path": str(img_path),
 164                 "iso_sha256sum": sha256_file(iso_path),
 165                 "img_sha256sum": sha256_file(img_path),
 166                 "iso_size_in_bytes": iso_path.stat().st_size,
 167                 "img_size_in_bytes": img_path.stat().st_size,
 168             })
 169         return generated_config
 170
 171     def schema(self):
 172         """
 173         Returns a configuration validation schema function for
 174         the current stage
 175         """
 176         schema = {}
 177         for stage in STAGES:
 178             schema.update(STAGE_SCHEMA[stage])
 179             if stage == self.stage:
 180                 break
 181         log.debug("Schema:\n%s", schema)
 182         return Schema(schema, required=True)
 183
 184     def validate(self):
 185         """Checks that the configuration is valid, else raise exception"""
 186         schema = self.schema()
 187         schema(self.data)
 188
 189     def to_shell(self):
 190         """
 191         Returns shell commands that, if executed, would export the
 192         configuration into the environment.
 193         """
 194         return "\n".join([
 195             "export %(key)s=%(val)s" % {
 196                 "key": k.upper(),
 197                 "val": shlex.quote(str(v))
 198             } for (k, v) in self.data.items()
 199         ]) + "\n"
 200
 201
 202 def generate_boilerplate(stage: str):
 203     """Generate boilerplate for STAGE"""
 204     log.debug("Generating boilerplate for stage '%s'", stage)
 205     with open(git_repo_root() /
 206               ("config/release_management/templates/%s.yml" % stage)) as src:
 207         with open(
 208                 Path(xdg_config_home) / "tails/release_management/current.yml",
 209                 'a') as dst:
 210             dst.write(src.read())
 211
 212
 213 def generate_environment(stage: str):
 214     """
 215     Prints to stdout the path to a file that contains commands
 216     that export the configuration for STAGE to the environment.
 217     """
 218     log.debug("Generating environment for stage '%s'", stage)
 219     config = Config(stage=stage)
 220     shell_snippet = tempfile.NamedTemporaryFile(delete=False)
 221     with open(shell_snippet.name, 'w') as shell_snippet_fd:
 222         shell_snippet_fd.write(config.to_shell())
 223     print(shell_snippet.name)
 224
 225
 226 def validate_configuration(stage: str):
 227     """Validate configuration for STAGE, raise exception if invalid"""
 228     log.debug("Validating configuration for stage '%s'", stage)
 229     Config(stage=stage)
 230     log.info("Configuration is valid")
 231
 232
 233 def main():
 234     """Command-line entry point"""
 235     parser = argparse.ArgumentParser(
 236         description="Query and manage Release Management configuration")
 237     parser.add_argument("--debug", action="store_true", help="debug output")
 238     subparsers = parser.add_subparsers(help="sub-command help", dest="command")
 239
 240     parser_generate_boilerplate = subparsers.add_parser(
 241         "generate-boilerplate",
 242         help="Creates a configuration file template that you will fill")
 243     parser_generate_boilerplate.add_argument("--stage",
 244                                              type=str,
 245                                              action="store",
 246                                              default="base",
 247                                              help="")
 248     parser_generate_boilerplate.set_defaults(func=generate_boilerplate)
 249
 250     parser_validate_configuration = subparsers.add_parser(
 251         "validate-configuration", help="Validate configuration files")
 252     parser_validate_configuration.add_argument("--stage",
 253                                                type=str,
 254                                                action="store",
 255                                                default="base",
 256                                                help="")
 257     parser_validate_configuration.set_defaults(func=validate_configuration)
 258
 259     parser_generate_environment = subparsers.add_parser(
 260         "generate-environment",
 261         help="Creates a shell sourceable file with resulting environment")
 262     parser_generate_environment.add_argument("--stage",
 263                                              type=str,
 264                                              action="store",
 265                                              default="base",
 266                                              help="")
 267     parser_generate_environment.set_defaults(func=generate_environment)
 268
 269     args = parser.parse_args()
 270
 271     if args.debug:
 272         logging.basicConfig(level=logging.DEBUG, format=LOG_FORMAT)
 273     else:
 274         logging.basicConfig(level=logging.INFO, format=LOG_FORMAT)
 275
 276     if args.command is None:
 277         parser.print_help()
 278     else:
 279         args.func(stage=args.stage)
 280
 281
 282 if __name__ == '__main__':
 283     sys.exit(main())