install apk keys and binfmt data with setup.py
This commit is contained in:
parent
cff9185401
commit
1f8832c4cc
|
@ -1 +1,2 @@
|
||||||
include LICENSE
|
include LICENSE
|
||||||
|
recursive-include pmb/data *
|
||||||
|
|
|
@ -56,8 +56,9 @@ def read_signature_info(tar):
|
||||||
logging.debug("sigkey: " + sigkey)
|
logging.debug("sigkey: " + sigkey)
|
||||||
|
|
||||||
# Get path to keyfile on disk
|
# Get path to keyfile on disk
|
||||||
sigkey_path = pmb.config.pmb_src + "/keys/" + sigkey
|
sigkey_path = pmb.config.apk_keys_path + "/" + sigkey
|
||||||
if "/" in sigkey or not os.path.exists(sigkey_path):
|
if "/" in sigkey or not os.path.exists(sigkey_path):
|
||||||
|
logging.debug("sigkey_path: " + sigkey_path)
|
||||||
raise RuntimeError("Invalid signature key: " + sigkey)
|
raise RuntimeError("Invalid signature key: " + sigkey)
|
||||||
|
|
||||||
return (sigfilename, sigkey_path)
|
return (sigfilename, sigkey_path)
|
||||||
|
|
|
@ -32,7 +32,7 @@ from pmb.config.merge_with_args import merge_with_args
|
||||||
#
|
#
|
||||||
version = "0.9.0"
|
version = "0.9.0"
|
||||||
pmb_src = os.path.normpath(os.path.realpath(__file__) + "/../../..")
|
pmb_src = os.path.normpath(os.path.realpath(__file__) + "/../../..")
|
||||||
apk_keys_path = pmb_src + "/keys"
|
apk_keys_path = pmb_src + "/pmb/data/keys"
|
||||||
|
|
||||||
# Update this frequently to prevent a MITM attack with an outdated version
|
# Update this frequently to prevent a MITM attack with an outdated version
|
||||||
# (which may contain a vulnerable apk/libressl, and allows an attacker to
|
# (which may contain a vulnerable apk/libressl, and allows an attacker to
|
||||||
|
|
|
@ -26,7 +26,7 @@ import pmb.config
|
||||||
def binfmt_info(args, arch_qemu):
|
def binfmt_info(args, arch_qemu):
|
||||||
# Parse the info file
|
# Parse the info file
|
||||||
full = {}
|
full = {}
|
||||||
info = pmb.config.pmb_src + "/data/qemu-user-binfmt.txt"
|
info = pmb.config.pmb_src + "/pmb/data/qemu-user-binfmt.txt"
|
||||||
logging.verbose("parsing: " + info)
|
logging.verbose("parsing: " + info)
|
||||||
with open(info, "r") as handle:
|
with open(info, "r") as handle:
|
||||||
for line in handle:
|
for line in handle:
|
||||||
|
|
|
@ -26,6 +26,7 @@ import pytest
|
||||||
pmb_src = os.path.realpath(os.path.join(os.path.dirname(__file__) + "/.."))
|
pmb_src = os.path.realpath(os.path.join(os.path.dirname(__file__) + "/.."))
|
||||||
sys.path.append(pmb_src)
|
sys.path.append(pmb_src)
|
||||||
import pmb.chroot.apk_static
|
import pmb.chroot.apk_static
|
||||||
|
import pmb.config
|
||||||
import pmb.parse.apkindex
|
import pmb.parse.apkindex
|
||||||
import pmb.helpers.logging
|
import pmb.helpers.logging
|
||||||
|
|
||||||
|
@ -70,7 +71,7 @@ def test_read_signature_info(args):
|
||||||
assert "Invalid signature key" in str(e.value)
|
assert "Invalid signature key" in str(e.value)
|
||||||
|
|
||||||
# Signature file with realistic name
|
# Signature file with realistic name
|
||||||
path = glob.glob(pmb_src + "/keys/*.pub")[0]
|
path = glob.glob(pmb.config.apk_keys_path + "/*.pub")[0]
|
||||||
name = os.path.basename(path)
|
name = os.path.basename(path)
|
||||||
path_archive = "sbin/apk.static.SIGN.RSA." + name
|
path_archive = "sbin/apk.static.SIGN.RSA." + name
|
||||||
pmb.chroot.user(args, ["mv", tmp_path + "/sbin/apk.static.SIGN.RSA.invalid.pub",
|
pmb.chroot.user(args, ["mv", tmp_path + "/sbin/apk.static.SIGN.RSA.invalid.pub",
|
||||||
|
|
|
@ -27,6 +27,7 @@ sys.path.append(os.path.realpath(
|
||||||
os.path.join(os.path.dirname(__file__) + "/..")))
|
os.path.join(os.path.dirname(__file__) + "/..")))
|
||||||
import pmb.parse.apkindex
|
import pmb.parse.apkindex
|
||||||
import pmb.helpers.logging
|
import pmb.helpers.logging
|
||||||
|
import pmb.config
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
|
@ -66,7 +67,7 @@ def test_keys(args):
|
||||||
assert len(keys_upstream)
|
assert len(keys_upstream)
|
||||||
|
|
||||||
# Check if the keys are mirrored correctly
|
# Check if the keys are mirrored correctly
|
||||||
mirror_path_keys = os.path.dirname(__file__) + "/../keys"
|
mirror_path_keys = pmb.config.apk_keys_path
|
||||||
for key, original_path in keys_upstream.items():
|
for key, original_path in keys_upstream.items():
|
||||||
mirror_path = mirror_path_keys + "/" + key
|
mirror_path = mirror_path_keys + "/" + key
|
||||||
assert filecmp.cmp(mirror_path, original_path, False)
|
assert filecmp.cmp(mirror_path, original_path, False)
|
||||||
|
|
Loading…
Reference in New Issue