From 51c0703d71007c4dc26142e502c13130ef48c7c4 Mon Sep 17 00:00:00 2001
From: Disassembler <disassembler@dasm.cz>
Date: Fri, 14 Feb 2020 11:08:02 +0100
Subject: [PATCH] Move load_pem_public_key to repo_online

---
 usr/lib/python3.8/spoc/config.py      | 12 +++---------
 usr/lib/python3.8/spoc/image.py       |  2 +-
 usr/lib/python3.8/spoc/repo_online.py | 10 ++++++++--
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/usr/lib/python3.8/spoc/config.py b/usr/lib/python3.8/spoc/config.py
index bd39d0c..8627470 100644
--- a/usr/lib/python3.8/spoc/config.py
+++ b/usr/lib/python3.8/spoc/config.py
@@ -6,7 +6,6 @@ import urllib.parse
 
 config = configparser.ConfigParser()
 config.read('/etc/spoc/spoc.conf')
-print ('CONFIG LOADED') # TODO: Debug, remove
 
 def get_repo_auth(config):
     username = config.get('repo', 'username', fallback='')
@@ -15,12 +14,7 @@ def get_repo_auth(config):
         return None
     return (username, password)
 
-def get_repo_pubkey(config):
-    pubkey = config.get('repo', 'public-key', fallback='')
-    pubkey = f'-----BEGIN PUBLIC KEY-----\n{pubkey}\n-----END PUBLIC KEY-----'
-    return pubkey.encode()
-
-NETWORK_INTERFACE = config.get('general', 'network-interface', 'spocbr0')
+NETWORK_INTERFACE = config.get('general', 'network-interface', fallback='spocbr0')
 
 DATA_DIR =          config.get('general', 'data-dir', fallback='/var/lib/spoc')
 APPS_DIR =          os.path.join(DATA_DIR, 'apps')
@@ -28,7 +22,7 @@ CONTAINERS_DIR =    os.path.join(DATA_DIR, 'containers')
 LAYERS_DIR =        os.path.join(DATA_DIR, 'layers')
 VOLUME_DIR =        os.path.join(DATA_DIR, 'volumes')
 HOSTS_FILE =        os.path.join(DATA_DIR, 'hosts')
-REPO_FILE =         os.path.join(DATA_DIR, 'packages.json')
+REPO_FILE =         os.path.join(DATA_DIR, 'repository.json')
 LOG_DIR =           config.get('general', 'log-dir', fallback='/var/log/spoc')
 LOCK_FILE =         '/run/lock/spoc.lock'
 
@@ -43,4 +37,4 @@ REPO_URL =          config.get('repo', 'url', fallback='https://localhost')
 REPO_PACKAGES_URL = urllib.parse.urljoin(REPO_URL, 'packages.json')
 REPO_SIG_URL =      urllib.parse.urljoin(REPO_URL, 'packages.sig')
 REPO_AUTH =         get_repo_auth(config)
-REPO_PUBKEY =       get_repo_pubkey(config)
+REPO_PUBKEY =       config.get('repo', 'public-key', fallback='')
diff --git a/usr/lib/python3.8/spoc/image.py b/usr/lib/python3.8/spoc/image.py
index 39e06b3..2ae32be 100644
--- a/usr/lib/python3.8/spoc/image.py
+++ b/usr/lib/python3.8/spoc/image.py
@@ -17,7 +17,7 @@ class Image:
         self.name = name
         self.layer_path = os.path.join(LAYERS_DIR, name)
         self.archive_path = os.path.join(PUB_LAYERS_DIR, f'{name}.tar.xz')
-        self.online_path = urllib.parse.urljoin(REPO_URL, 'images', f'{image_name}.tar.xz')
+        self.online_path = urllib.parse.urljoin(REPO_URL, 'images', f'{name}.tar.xz')
         self.layers = [name]
         self.env = {}
         self.uid = None
diff --git a/usr/lib/python3.8/spoc/repo_online.py b/usr/lib/python3.8/spoc/repo_online.py
index d6de9a5..ca89b78 100644
--- a/usr/lib/python3.8/spoc/repo_online.py
+++ b/usr/lib/python3.8/spoc/repo_online.py
@@ -17,6 +17,12 @@ from .config import REPO_AUTH, REPO_PUBKEY, REPO_PACKAGES_URL, REPO_SIG_URL
 TYPE_APP = 'apps'
 TYPE_IMAGE = 'images'
 
+def get_pubkey():
+    pubkey = f'-----BEGIN PUBLIC KEY-----\n{REPO_PUBKEY}\n-----END PUBLIC KEY-----'
+    return load_pem_public_key(pubkey.encode(), default_backend())
+
+PUBLIC_KEY = get_pubkey()
+
 def download_archive(src, dst, expected_hash):
     # Download archive via http(s), verify hash and decompress
     with tempfile.TemporaryFile() as tmp_archive:
@@ -30,7 +36,7 @@ def download_archive(src, dst, expected_hash):
                     tmp_archive.write(chunk)
                     hasher.update(chunk)
         # Verify hash
-        REPO_PUBKEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(sha512)))
+        PUBLIC_KEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(sha512)))
         # Extract the tar.xz file
         tmp_archive.seek(0)
         with tarfile.open(fileobj=tmp_archive) as tar:
@@ -40,7 +46,7 @@ def load():
     with requests.Session(auth=REPO_AUTH) as session:
         packages = session.get(REPO_PACKAGES_URL, timout=5).content
         packages_sig = bytes.fromhex(session.get(REPO_SIG_URL, timout=5).content)
-    REPO_PUBKEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
+    PUBLIC_KEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
     return json.loads(packages)
 
 def get_entries(entry_type):