Move load_pem_public_key to repo_online

This commit is contained in:
Disassembler 2020-02-14 11:08:02 +01:00
parent 64adcf3647
commit 51c0703d71
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
3 changed files with 12 additions and 12 deletions

View File

@ -6,7 +6,6 @@ import urllib.parse
config = configparser.ConfigParser()
config.read('/etc/spoc/spoc.conf')
print ('CONFIG LOADED') # TODO: Debug, remove
def get_repo_auth(config):
username = config.get('repo', 'username', fallback='')
@ -15,12 +14,7 @@ def get_repo_auth(config):
return None
return (username, password)
def get_repo_pubkey(config):
pubkey = config.get('repo', 'public-key', fallback='')
pubkey = f'-----BEGIN PUBLIC KEY-----\n{pubkey}\n-----END PUBLIC KEY-----'
return pubkey.encode()
NETWORK_INTERFACE = config.get('general', 'network-interface', 'spocbr0')
NETWORK_INTERFACE = config.get('general', 'network-interface', fallback='spocbr0')
DATA_DIR = config.get('general', 'data-dir', fallback='/var/lib/spoc')
APPS_DIR = os.path.join(DATA_DIR, 'apps')
@ -28,7 +22,7 @@ CONTAINERS_DIR = os.path.join(DATA_DIR, 'containers')
LAYERS_DIR = os.path.join(DATA_DIR, 'layers')
VOLUME_DIR = os.path.join(DATA_DIR, 'volumes')
HOSTS_FILE = os.path.join(DATA_DIR, 'hosts')
REPO_FILE = os.path.join(DATA_DIR, 'packages.json')
REPO_FILE = os.path.join(DATA_DIR, 'repository.json')
LOG_DIR = config.get('general', 'log-dir', fallback='/var/log/spoc')
LOCK_FILE = '/run/lock/spoc.lock'
@ -43,4 +37,4 @@ REPO_URL = config.get('repo', 'url', fallback='https://localhost')
REPO_PACKAGES_URL = urllib.parse.urljoin(REPO_URL, 'packages.json')
REPO_SIG_URL = urllib.parse.urljoin(REPO_URL, 'packages.sig')
REPO_AUTH = get_repo_auth(config)
REPO_PUBKEY = get_repo_pubkey(config)
REPO_PUBKEY = config.get('repo', 'public-key', fallback='')

View File

@ -17,7 +17,7 @@ class Image:
self.name = name
self.layer_path = os.path.join(LAYERS_DIR, name)
self.archive_path = os.path.join(PUB_LAYERS_DIR, f'{name}.tar.xz')
self.online_path = urllib.parse.urljoin(REPO_URL, 'images', f'{image_name}.tar.xz')
self.online_path = urllib.parse.urljoin(REPO_URL, 'images', f'{name}.tar.xz')
self.layers = [name]
self.env = {}
self.uid = None

View File

@ -17,6 +17,12 @@ from .config import REPO_AUTH, REPO_PUBKEY, REPO_PACKAGES_URL, REPO_SIG_URL
TYPE_APP = 'apps'
TYPE_IMAGE = 'images'
def get_pubkey():
pubkey = f'-----BEGIN PUBLIC KEY-----\n{REPO_PUBKEY}\n-----END PUBLIC KEY-----'
return load_pem_public_key(pubkey.encode(), default_backend())
PUBLIC_KEY = get_pubkey()
def download_archive(src, dst, expected_hash):
# Download archive via http(s), verify hash and decompress
with tempfile.TemporaryFile() as tmp_archive:
@ -30,7 +36,7 @@ def download_archive(src, dst, expected_hash):
tmp_archive.write(chunk)
hasher.update(chunk)
# Verify hash
REPO_PUBKEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(sha512)))
PUBLIC_KEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(sha512)))
# Extract the tar.xz file
tmp_archive.seek(0)
with tarfile.open(fileobj=tmp_archive) as tar:
@ -40,7 +46,7 @@ def load():
with requests.Session(auth=REPO_AUTH) as session:
packages = session.get(REPO_PACKAGES_URL, timout=5).content
packages_sig = bytes.fromhex(session.get(REPO_SIG_URL, timout=5).content)
REPO_PUBKEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
PUBLIC_KEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
return json.loads(packages)
def get_entries(entry_type):