From 1f8832c4ccd66d0991525f94d09263468d2ed7a2 Mon Sep 17 00:00:00 2001 From: Oliver Smith Date: Mon, 17 Sep 2018 10:06:57 +0000 Subject: [PATCH] install apk keys and binfmt data with setup.py --- MANIFEST.in | 1 + pmb/chroot/apk_static.py | 3 ++- pmb/config/__init__.py | 2 +- {keys => pmb/data/keys}/README | 0 .../keys}/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub | 0 .../keys}/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub | 0 .../keys}/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub | 0 .../keys}/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub | 0 .../keys}/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub | 0 .../keys}/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub | 0 .../keys}/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub | 0 {keys => pmb/data/keys}/pmos-5a03a13a.rsa.pub | 0 {data => pmb/data}/qemu-user-binfmt.txt | 0 pmb/parse/binfmt_info.py | 2 +- setup.py | 0 test/test_apk_static.py | 3 ++- test/test_keys.py | 3 ++- 17 files changed, 9 insertions(+), 5 deletions(-) rename {keys => pmb/data/keys}/README (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub (100%) rename {keys => pmb/data/keys}/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub (100%) rename {keys => pmb/data/keys}/pmos-5a03a13a.rsa.pub (100%) rename {data => pmb/data}/qemu-user-binfmt.txt (100%) mode change 100644 => 100755 setup.py diff --git a/MANIFEST.in b/MANIFEST.in index 1aba38f6..0e481d1c 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1 +1,2 @@ include LICENSE +recursive-include pmb/data * diff --git a/pmb/chroot/apk_static.py b/pmb/chroot/apk_static.py index aa13b59d..fe4811cc 100644 --- a/pmb/chroot/apk_static.py +++ b/pmb/chroot/apk_static.py @@ -56,8 +56,9 @@ def read_signature_info(tar): logging.debug("sigkey: " + sigkey) # Get path to keyfile on disk - sigkey_path = pmb.config.pmb_src + "/keys/" + sigkey + sigkey_path = pmb.config.apk_keys_path + "/" + sigkey if "/" in sigkey or not os.path.exists(sigkey_path): + logging.debug("sigkey_path: " + sigkey_path) raise RuntimeError("Invalid signature key: " + sigkey) return (sigfilename, sigkey_path) diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py index 32b31571..fcea76bb 100644 --- a/pmb/config/__init__.py +++ b/pmb/config/__init__.py @@ -32,7 +32,7 @@ from pmb.config.merge_with_args import merge_with_args # version = "0.9.0" pmb_src = os.path.normpath(os.path.realpath(__file__) + "/../../..") -apk_keys_path = pmb_src + "/keys" +apk_keys_path = pmb_src + "/pmb/data/keys" # Update this frequently to prevent a MITM attack with an outdated version # (which may contain a vulnerable apk/libressl, and allows an attacker to diff --git a/keys/README b/pmb/data/keys/README similarity index 100% rename from keys/README rename to pmb/data/keys/README diff --git a/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub diff --git a/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub diff --git a/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub diff --git a/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub diff --git a/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub diff --git a/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub diff --git a/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub b/pmb/data/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub similarity index 100% rename from keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub rename to pmb/data/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub diff --git a/keys/pmos-5a03a13a.rsa.pub b/pmb/data/keys/pmos-5a03a13a.rsa.pub similarity index 100% rename from keys/pmos-5a03a13a.rsa.pub rename to pmb/data/keys/pmos-5a03a13a.rsa.pub diff --git a/data/qemu-user-binfmt.txt b/pmb/data/qemu-user-binfmt.txt similarity index 100% rename from data/qemu-user-binfmt.txt rename to pmb/data/qemu-user-binfmt.txt diff --git a/pmb/parse/binfmt_info.py b/pmb/parse/binfmt_info.py index b6bb46aa..6028720f 100644 --- a/pmb/parse/binfmt_info.py +++ b/pmb/parse/binfmt_info.py @@ -26,7 +26,7 @@ import pmb.config def binfmt_info(args, arch_qemu): # Parse the info file full = {} - info = pmb.config.pmb_src + "/data/qemu-user-binfmt.txt" + info = pmb.config.pmb_src + "/pmb/data/qemu-user-binfmt.txt" logging.verbose("parsing: " + info) with open(info, "r") as handle: for line in handle: diff --git a/setup.py b/setup.py old mode 100644 new mode 100755 diff --git a/test/test_apk_static.py b/test/test_apk_static.py index 96cb1715..59ddf08a 100644 --- a/test/test_apk_static.py +++ b/test/test_apk_static.py @@ -26,6 +26,7 @@ import pytest pmb_src = os.path.realpath(os.path.join(os.path.dirname(__file__) + "/..")) sys.path.append(pmb_src) import pmb.chroot.apk_static +import pmb.config import pmb.parse.apkindex import pmb.helpers.logging @@ -70,7 +71,7 @@ def test_read_signature_info(args): assert "Invalid signature key" in str(e.value) # Signature file with realistic name - path = glob.glob(pmb_src + "/keys/*.pub")[0] + path = glob.glob(pmb.config.apk_keys_path + "/*.pub")[0] name = os.path.basename(path) path_archive = "sbin/apk.static.SIGN.RSA." + name pmb.chroot.user(args, ["mv", tmp_path + "/sbin/apk.static.SIGN.RSA.invalid.pub", diff --git a/test/test_keys.py b/test/test_keys.py index f1638e42..bc730680 100644 --- a/test/test_keys.py +++ b/test/test_keys.py @@ -27,6 +27,7 @@ sys.path.append(os.path.realpath( os.path.join(os.path.dirname(__file__) + "/.."))) import pmb.parse.apkindex import pmb.helpers.logging +import pmb.config @pytest.fixture @@ -66,7 +67,7 @@ def test_keys(args): assert len(keys_upstream) # Check if the keys are mirrored correctly - mirror_path_keys = os.path.dirname(__file__) + "/../keys" + mirror_path_keys = pmb.config.apk_keys_path for key, original_path in keys_upstream.items(): mirror_path = mirror_path_keys + "/" + key assert filecmp.cmp(mirror_path, original_path, False)