From 87d9f2978513e76aae86b25bb8660e49bae20061 Mon Sep 17 00:00:00 2001 From: davidovski Date: Mon, 22 Nov 2021 12:27:24 +0000 Subject: added automatic key importing fixed best source to actually use available sources instead of just any --- src/verbs/install.py | 35 +++++++++++++++++++---------------- src/verbs/sync.py | 36 +++++++++++++++++++++++------------- xipkg.conf | 5 +++++ 3 files changed, 47 insertions(+), 29 deletions(-) diff --git a/src/verbs/install.py b/src/verbs/install.py index 6871f2e..0984793 100644 --- a/src/verbs/install.py +++ b/src/verbs/install.py @@ -6,15 +6,15 @@ import time import requests import hashlib -def get_best_source(exclude=[], sources_list="/var/lib/xipkg/sources"): - # TODO implement exclude +def get_best_source(available, sources_list="/var/lib/xipkg/sources"): source_speeds = {} with open(sources_list, "r") as file: for line in file.readlines(): split = line.split(" ") if len(split) > 0: try: - source_speeds[split[0]] = float(split[1]) + if split[0] in available: + source_speeds[split[0]] = float(split[1]) except: pass @@ -50,19 +50,22 @@ def verify_signature(package_file, package_info, with open(sig_cached_path, "wb") as file: file.write(package_info["SIGNATURE"]) - keys = os.listdir(keychain_dir) - for key in keys: - key_path = util.add_path(keychain_dir, key) - - command = f"openssl dgst -verify {key_path} -signature {sig_cached_path} {package_file}" + if os.path.exists(keychain_dir): + keys = os.listdir(keychain_dir) + for key in keys: + key_path = util.add_path(keychain_dir, key) + + command = f"openssl dgst -verify {key_path} -signature {sig_cached_path} {package_file}" - if "OK" in os.popen(command).read(): - return True - elif verbose: - print(colors.RED - + f"Failed to verify signature against {key}" - + colors.RESET) + if "OK" in os.popen(command).read(): + return True + elif verbose: + print(colors.RED + + f"Failed to verify signature against {key}" + + colors.RESET) + elif verbose: + print(colors.BLACK + "There are no keys to verify with") return False def retrieve_package_info(sources, checksum, package_name, config, @@ -72,7 +75,7 @@ def retrieve_package_info(sources, checksum, package_name, config, cache_dir=config["dir"]["cache"] # TODO we may potentially do this a few times while resolving deps, might want to cache things here - for source in get_best_source(sources_list=sources_list): + for source in get_best_source(sources, sources_list=sources_list): url = sources[source] package_info_url = util.add_path(url, package_name + ".xipkg.info") @@ -100,7 +103,7 @@ def retrieve_package(sources, package_info, package_name, config, checksum = package_info["CHECKSUM"] - for source in get_best_source(sources_list=sources_list): + for source in get_best_source(sources, sources_list=sources_list): url = sources[source] if verbose: print(colors.LIGHT_BLACK + f"using source {source} at {url}") diff --git a/src/verbs/sync.py b/src/verbs/sync.py index 3821f82..8dde22d 100644 --- a/src/verbs/sync.py +++ b/src/verbs/sync.py @@ -71,18 +71,21 @@ def save_package(package, info, location): # security problem to automatically decide to verify keys # users should do this manually whenever they add a new source ###### !!! ####### -def import_key(source, url, verbose=False): +def import_key(source, url, config, verbose=False): keyname = "xi.pub" - status, response = curl(url + keyname if url[-1] == "/" else f"/{keyname}") - if status == 200: - key_path = os.path.join(config["dir"]["keychain"], source + ".pub") - with open(key_path, "w"): - key_path.write(key_path) + keychain_dir = config["dir"]["keychain"] + util.mkdir(keychain_dir) + key_path = os.path.join(keychain_dir, source + ".pub") - elif verbose: - print(colors.BG_RED + f"" + colors.RESET) + if os.path.exists(key_path): + if verbose: + print(colors.LIGHT_BLACK + f"Skipping already imported key from {source}") + return 0 + else: + key_path = util.curl_to_file(url + keyname if url[-1] == "/" else f"/{keyname}", key_path) + return 1 def test_source(source, url): # requesting a resource may not be the best way to do this, caching etc @@ -123,11 +126,9 @@ def sync(args, options, config): v = options["v"] - # test_sources(sources, config["dir"]["sources"], test_count=int(config["pings"])) - for repo in repos: - if v: - print(colors.LIGHT_BLACK + f"downloading package lists for {repo}...") + if v: print(colors.LIGHT_BLACK + f"downloading package lists for {repo}...") + packages, speeds = sync_packages(repo, sources, verbose=v) if v: print(colors.LIGHT_BLACK + f"downloaded {len(packages)} packages from {len(sources)} sources") @@ -148,7 +149,16 @@ def sync(args, options, config): util.loading_bar(total, total, f"Synced {repo}") print(colors.RESET) - + if "key_authority" in config: + imported = 0 + authorities = config["key_authority"] + for authority in authorities: + if authority in sources: + url = sources[authority] + imported += import_key(authority, url, config, verbose=v) + elif v: + print(colors.RED + f"Cannot find authority {authority} in sources") + if imported > 0: print(colors.CYAN + f"Imported keys from {imported} sources") #total = len(sources) #completed = 0 #for source, url in sources: diff --git a/xipkg.conf b/xipkg.conf index e26980e..6eb1a1d 100644 --- a/xipkg.conf +++ b/xipkg.conf @@ -12,6 +12,11 @@ sources { invalid https://xilinux.invalid/repo/ } +# The sources to download the keys from +key_authority [ + davidovski +] + repos [ core extra -- cgit v1.2.1