Spotter-VM/basic/srv/vm/mgr/pkgmgr.py

143 lines
5.4 KiB
Python
Raw Normal View History

2018-10-02 22:13:39 +02:00
# -*- coding: utf-8 -*-
2018-10-15 15:40:40 +02:00
import hashlib
2018-10-02 22:13:39 +02:00
import json
2018-10-15 14:58:24 +02:00
import os
2018-10-02 22:13:39 +02:00
import requests
import shutil
2018-10-15 14:58:24 +02:00
import subprocess
2018-10-02 22:13:39 +02:00
import tempfile
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import load_pem_public_key
PUB_FILE = '/srv/vm/packages.pub'
2018-10-02 22:13:39 +02:00
LXC_ROOT = '/var/lib/lxc'
class PackageManager:
2018-10-26 17:31:40 +02:00
def __init__(self, conf):
2018-10-02 22:13:39 +02:00
# Load JSON configuration
2018-10-26 17:31:40 +02:00
self.conf = conf
2018-10-02 22:13:39 +02:00
self.online_packages = {}
self.pending = 0
2018-10-02 22:13:39 +02:00
2018-10-26 15:38:35 +02:00
def get_repo_resource(self, url, stream=False):
return requests.get('{}/{}'.format(self.conf['repo']['url'], url), auth=(self.conf['repo']['user'], self.conf['repo']['pwd']), stream=stream)
2018-10-15 15:40:40 +02:00
def fetch_online_packages(self):
2018-10-02 22:13:39 +02:00
# Fetches and verifies online packages. Can raise InvalidSignature
2018-10-26 15:38:35 +02:00
packages = self.get_repo_resource('packages').content
packages_sig = self.get_repo_resource('packages.sig').content
with open(PUB_FILE, 'rb') as f:
2018-10-02 22:13:39 +02:00
pub_key = load_pem_public_key(f.read(), default_backend())
pub_key.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
2018-10-15 15:40:40 +02:00
self.online_packages = json.loads(packages)
2018-10-02 22:13:39 +02:00
def register_pending_installation(self, name):
2018-10-26 17:31:40 +02:00
# Registers pending installation. Fetch online packages here instead of install_pacakges() to fail early if the repo isn't reachable
self.fetch_online_packages()
self.pending = 1
deps = [d for d in self.get_deps(name) if d not in self.conf['packages']]
return sum(self.online_packages[d]['size'] for d in deps)
2018-10-26 17:31:40 +02:00
2018-10-02 22:13:39 +02:00
def install_package(self, name):
2018-10-26 15:38:35 +02:00
# Main installation function. Wrapper for download, registration and install script
deps = [d for d in self.get_deps(name) if d not in self.conf['packages']]
2018-10-26 17:31:40 +02:00
for dep in deps:
self.download_package(dep)
self.register_package(dep)
self.run_install_script(dep)
self.pending = 0
2018-10-26 14:12:12 +02:00
def uninstall_package(self, name):
# Main uninstallation function. Wrapper for uninstall script, filesystem purge and unregistration
# TODO: Get dependencies which can be uninstalled
self.run_uninstall_script(name)
self.purge_package(name)
self.unregister_package(name)
2018-10-02 22:13:39 +02:00
def download_package(self, name):
# Downloads, verifies, unpacks and sets up a package
2018-10-15 14:58:24 +02:00
tmp_archive = tempfile.mkstemp('.tar.xz')[1]
2018-10-26 15:38:35 +02:00
r = self.get_repo_resource('{}.tar.xz'.format(name), True)
2018-10-15 14:58:24 +02:00
with open(tmp_archive, 'wb') as f:
for chunk in r.iter_content(chunk_size=65536):
2018-10-02 22:13:39 +02:00
if chunk:
self.pending += f.write(chunk)
2018-10-02 22:13:39 +02:00
# Verify hash
2018-10-15 14:58:24 +02:00
if self.online_packages[name]['sha512'] != hash_file(tmp_archive):
2018-10-02 22:13:39 +02:00
raise InvalidSignature(name)
# Unpack
2018-10-26 14:12:12 +02:00
subprocess.run(['tar', 'xJf', tmp_archive], cwd='/')
2018-10-15 14:58:24 +02:00
os.unlink(tmp_archive)
2018-10-02 22:13:39 +02:00
2018-10-26 14:12:12 +02:00
def purge_package(self, name):
# Removes package and shared data from filesystem
shutil.rmtree(os.path.join(LXC_ROOT, self.conf['packages'][name]['lxcpath']))
srv_dir = os.path.join('/srv/', name)
if os.path.exsit(srv_dir):
shutil.rmtree(srv_dir)
def run_install_script(self, name):
# Runs install.sh for a package, if the script is present
install_dir = os.path.join('/srv/', name, 'install')
install_script = os.path.join('/srv/', name, 'install.sh')
if os.path.exists(install_script):
subprocess.run(install_script)
os.unlink(install_script)
if os.path.exists(install_dir):
shutil.rmtree(install_dir)
def run_uninstall_script(self, name):
# Runs uninstall.sh for a package, if the script is present
uninstall_script = os.path.join('/srv/', name, 'uninstall.sh')
if os.path.exists(uninstall_script):
subprocess.run(uninstall_script)
2018-10-15 14:58:24 +02:00
def register_package(self, name):
2018-10-21 10:09:02 +02:00
# Registers a package in local configuration
2018-10-15 14:58:24 +02:00
metadata = self.online_packages[name]
self.conf['packages'][name] = {
2018-10-26 14:12:12 +02:00
'deps': metadata['deps'],
'lxcpath': metadata['lxcpath'],
'version': metadata['version']
2018-10-02 22:13:39 +02:00
}
2018-10-21 10:09:02 +02:00
# If host definition is present, register the package as application
2018-10-15 15:40:40 +02:00
if 'host' in metadata:
self.conf['apps'][name] = {
'title': metadata['title'],
'host': metadata['host'],
'login': 'N/A',
'password': 'N/A',
'visible': False
}
2018-10-21 10:09:02 +02:00
self.conf.save()
2018-10-02 22:13:39 +02:00
2018-10-26 14:12:12 +02:00
def unregister_package(self, name):
# Removes a package from local configuration
del self.conf['packages'][name]
if name in self.conf['apps']:
del self.conf['apps'][name]
self.conf.save()
2018-10-02 22:13:39 +02:00
def get_deps(self, name):
2018-10-21 10:09:02 +02:00
# Flatten dependency tree for a package
2018-10-15 14:58:24 +02:00
deps = self.online_packages[name]['deps'].copy()
2018-10-02 22:13:39 +02:00
for dep in deps:
deps[:0] = [d for d in self.get_deps(dep) if d not in deps]
2018-10-15 14:58:24 +02:00
deps.append(name)
2018-10-02 22:13:39 +02:00
return deps
def hash_file(file_path):
sha512 = hashlib.sha512()
with open(file_path, 'rb') as f:
while True:
data = f.read(65536)
if not data:
break
sha512.update(data)
return sha512.hexdigest()