Spotter-Cluster/vmmgr
2
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

Download packages into more secure place than /tmp

Browse Source
This commit is contained in:
Disassembler 2019-03-01 14:59:30 +01:00
parent d5cec3491b
commit 8889900650
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr/lib/python3.6/vmmgr/paths.py
View File

@ -9,7 +9,10 @@ ACME_CRON = '/etc/periodic/daily/acme-sh'
ACME_DIR = '/etc/acme.sh.d' ACME_DIR = '/etc/acme.sh.d'
CERT_KEY_FILE = '/etc/ssl/services.key' CERT_KEY_FILE = '/etc/ssl/services.key'
CERT_PUB_FILE = '/etc/ssl/services.pem' CERT_PUB_FILE = '/etc/ssl/services.pem'
# Package manager
PKG_SIG_FILE = '/etc/vmmgr/packages.pub' PKG_SIG_FILE = '/etc/vmmgr/packages.pub'
PKG_TEMP_DIR = '/var/cache/vmmgr'
# LXC # LXC
HOSTS_FILE = '/etc/hosts' HOSTS_FILE = '/etc/hosts'
@ -19,7 +22,6 @@ LXC_ROOT = '/var/lib/lxc'
# OS # OS
ISSUE_FILE = '/etc/issue' ISSUE_FILE = '/etc/issue'
NGINX_DIR = '/etc/nginx/conf.d' NGINX_DIR = '/etc/nginx/conf.d'
REPO_FILE = '/etc/apk/repositories'
# URLs # URLs
MYIP_URL = 'https://tools.dasm.cz/myip.php' MYIP_URL = 'https://tools.dasm.cz/myip.php'

7
usr/lib/python3.6/vmmgr/pkgmgr.py
View File

@ -10,7 +10,7 @@ from enum import Enum
from werkzeug.exceptions import BadRequest, NotFound, Unauthorized from werkzeug.exceptions import BadRequest, NotFound, Unauthorized
from . import crypto from . import crypto
from .paths import LXC_ROOT from .paths import LXC_ROOT, PKG_TEMP_DIR
class Stage(Enum): class Stage(Enum):
DOWNLOAD = 1 DOWNLOAD = 1
@ -85,7 +85,8 @@ class PkgMgr:
def download_package(self, name, item): def download_package(self, name, item):
# Download tar.xz package and verify its hash. Can raise InvalidSignature # Download tar.xz package and verify its hash. Can raise InvalidSignature
pkg_archive = '{}_{}-{}.tar.xz'.format(name, self.online_packages[name]['version'], self.online_packages[name]['release']) pkg_archive = '{}_{}-{}.tar.xz'.format(name, self.online_packages[name]['version'], self.online_packages[name]['release'])
tmp_archive = os.path.join('/tmp', pkg_archive) tmp_archive = os.path.join(PKG_TEMP_DIR, pkg_archive)
os.makedirs(PKG_TEMP_DIR, 0o700, True)
# If the archive already exists in temp (presumably because the previous installation was interrupted), it was already verified and can be reused # If the archive already exists in temp (presumably because the previous installation was interrupted), it was already verified and can be reused
if os.path.exists(tmp_archive): if os.path.exists(tmp_archive):
item.bytes_downloaded += os.path.getsize(tmp_archive) item.bytes_downloaded += os.path.getsize(tmp_archive)
@ -105,7 +106,7 @@ class PkgMgr:
def unpack_package(self, name): def unpack_package(self, name):
# Unpack archive # Unpack archive
pkg_archive = '{}_{}-{}.tar.xz'.format(name, self.online_packages[name]['version'], self.online_packages[name]['release']) pkg_archive = '{}_{}-{}.tar.xz'.format(name, self.online_packages[name]['version'], self.online_packages[name]['release'])
tmp_archive = os.path.join('/tmp', pkg_archive) tmp_archive = os.path.join(PKG_TEMP_DIR, pkg_archive)
subprocess.run(['tar', 'xJf', tmp_archive], cwd='/', check=True) subprocess.run(['tar', 'xJf', tmp_archive], cwd='/', check=True)
os.unlink(tmp_archive) os.unlink(tmp_archive)

2
usr/lib/python3.6/vmmgr/vmmgr.py
View File

@ -10,7 +10,7 @@ import urllib
from . import crypto from . import crypto
from . import templates from . import templates
from . import net from . import net
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL, REPO_FILE from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL
class VMMgr: class VMMgr:
def __init__(self, conf): def __init__(self, conf):