Move load_pem_public_key to repo_online

2020-02-14 11:08:02 +01:00 · 2020-02-14 11:08:02 +01:00 · 51c0703d71
commit 51c0703d71
parent 64adcf3647
3 changed files with 12 additions and 12 deletions
--- a/usr/lib/python3.8/spoc/config.py
+++ b/usr/lib/python3.8/spoc/config.py
@ -6,7 +6,6 @@ import urllib.parse

 config = configparser.ConfigParser()
 config.read('/etc/spoc/spoc.conf')
-print ('CONFIG LOADED') # TODO: Debug, remove

 def get_repo_auth(config):
    username = config.get('repo', 'username', fallback='')
@ -15,12 +14,7 @@ def get_repo_auth(config):
        return None
    return (username, password)

-def get_repo_pubkey(config):
-    pubkey = config.get('repo', 'public-key', fallback='')
-    pubkey = f'-----BEGIN PUBLIC KEY-----\n{pubkey}\n-----END PUBLIC KEY-----'
-    return pubkey.encode()
-
-NETWORK_INTERFACE = config.get('general', 'network-interface', 'spocbr0')
+NETWORK_INTERFACE = config.get('general', 'network-interface', fallback='spocbr0')

 DATA_DIR =          config.get('general', 'data-dir', fallback='/var/lib/spoc')
 APPS_DIR =          os.path.join(DATA_DIR, 'apps')
@ -28,7 +22,7 @@ CONTAINERS_DIR =    os.path.join(DATA_DIR, 'containers')
 LAYERS_DIR =        os.path.join(DATA_DIR, 'layers')
 VOLUME_DIR =        os.path.join(DATA_DIR, 'volumes')
 HOSTS_FILE =        os.path.join(DATA_DIR, 'hosts')
-REPO_FILE =         os.path.join(DATA_DIR, 'packages.json')
+REPO_FILE =         os.path.join(DATA_DIR, 'repository.json')
 LOG_DIR =           config.get('general', 'log-dir', fallback='/var/log/spoc')
 LOCK_FILE =         '/run/lock/spoc.lock'

@ -43,4 +37,4 @@ REPO_URL =          config.get('repo', 'url', fallback='https://localhost')
 REPO_PACKAGES_URL = urllib.parse.urljoin(REPO_URL, 'packages.json')
 REPO_SIG_URL =      urllib.parse.urljoin(REPO_URL, 'packages.sig')
 REPO_AUTH =         get_repo_auth(config)
-REPO_PUBKEY =       get_repo_pubkey(config)
+REPO_PUBKEY =       config.get('repo', 'public-key', fallback='')
--- a/usr/lib/python3.8/spoc/image.py
+++ b/usr/lib/python3.8/spoc/image.py
@ -17,7 +17,7 @@ class Image:
        self.name = name
        self.layer_path = os.path.join(LAYERS_DIR, name)
        self.archive_path = os.path.join(PUB_LAYERS_DIR, f'{name}.tar.xz')
-        self.online_path = urllib.parse.urljoin(REPO_URL, 'images', f'{image_name}.tar.xz')
+        self.online_path = urllib.parse.urljoin(REPO_URL, 'images', f'{name}.tar.xz')
        self.layers = [name]
        self.env = {}
        self.uid = None
--- a/usr/lib/python3.8/spoc/repo_online.py
+++ b/usr/lib/python3.8/spoc/repo_online.py
@ -17,6 +17,12 @@ from .config import REPO_AUTH, REPO_PUBKEY, REPO_PACKAGES_URL, REPO_SIG_URL
 TYPE_APP = 'apps'
 TYPE_IMAGE = 'images'

+def get_pubkey():
+    pubkey = f'-----BEGIN PUBLIC KEY-----\n{REPO_PUBKEY}\n-----END PUBLIC KEY-----'
+    return load_pem_public_key(pubkey.encode(), default_backend())
+
+PUBLIC_KEY = get_pubkey()
+
 def download_archive(src, dst, expected_hash):
    # Download archive via http(s), verify hash and decompress
    with tempfile.TemporaryFile() as tmp_archive:
@ -30,7 +36,7 @@ def download_archive(src, dst, expected_hash):
                    tmp_archive.write(chunk)
                    hasher.update(chunk)
        # Verify hash
-        REPO_PUBKEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(sha512)))
+        PUBLIC_KEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(sha512)))
        # Extract the tar.xz file
        tmp_archive.seek(0)
        with tarfile.open(fileobj=tmp_archive) as tar:
@ -40,7 +46,7 @@ def load():
    with requests.Session(auth=REPO_AUTH) as session:
        packages = session.get(REPO_PACKAGES_URL, timout=5).content
        packages_sig = bytes.fromhex(session.get(REPO_SIG_URL, timout=5).content)
-    REPO_PUBKEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
+    PUBLIC_KEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
    return json.loads(packages)

 def get_entries(entry_type):