[csw-devel] SF.net SVN: opencsw:[398] catalog_signatures/catalog_gpg

Thu Jul 21 15:52:22 CEST 2011

Em 21/07/2011 03:57, <bdwalton at users.sourceforge.net> escreveu:
>
> Revision: 398
>          http://opencsw.svn.sourceforge.net/opencsw/?rev=398&view=rev
> Author:   bdwalton
> Date:     2011-07-21 02:57:36 +0000 (Thu, 21 Jul 2011)
>
> Log Message:
> -----------
> initial proof of concept for a restful catalog signing daemon
>
> Signed-off-by: Ben Walton <bwalton at artsci.utoronto.ca>
>
> Added Paths:
> -----------
>    catalog_signatures/catalog_gpg
>
> Added: catalog_signatures/catalog_gpg
> ===================================================================
> --- catalog_signatures/catalog_gpg                              (rev 0)
> +++ catalog_signatures/catalog_gpg      2011-07-21 02:57:36 UTC (rev 398)
> @@ -0,0 +1,80 @@
> +#!/usr/bin/env ruby
> +
> +require 'webrick'
> +require 'pp'
> +
> +class GPGDaemon < WEBrick::HTTPServlet::AbstractServlet
> +  VALID_TREES = %w(unstable current)
> +  VALID_ARCHES = %w(i386 sparc)
> +  VALID_RELEASE = %w(5.9 5.10 5.11)

These are defined separately in many places now. Adding a new OS release can
be a major event now. We need to think about creating a single point of
truth.

> +
> +  def initialize(server, mirror_path)
> +    @mirror_path = mirror_path
> +    @gpg = "gpg --batch --yes --no-tty -a --output /dev/stdout"
> +  end
> +
> +  def do_GET(request, response)
> +    mode, *rest = request.path.split('/')[1..-1]
> +    mode = 'detach-sign' if mode.eql?('detachsign')
> +
> +    tmp = File.join(@mirror_path, rest.join('.'))
> +    p = validate_path(rest.join('/'))
> +
> +    if p
> +      cmd = "#{@gpg} --#{mode} '#{p}'"
> +      content = `cmd`
> +      if $?.eql?(0)
> +        response.status = 200
> +        response['Content-type'] = 'text/plain'
> +        response.body = content
> +      else
> +        response.status = 500
> +        response['Content-type'] = 'text/plain'
> +        response.body = "500 There was a problem processing the request."
> +      end
> +    else
> +      response.status = 400
> +      response['Content-type'] = 'text/plain'
> +      response.body = "400 Invalid request."
> +    end
> +  end
> +
> +  private
> +  def validate_path(path)
> +
> +    begin
> +      parts = path.split('/')
> +      cat_file = File.join(@mirror_path, path, 'catalog')
> +
> +      return false unless parts.size.eql?(3)
> +      return false unless VALID_TREES.include?(parts[0])
> +      return false unless VALID_ARCHES.include?(parts[1])
> +      return false unless VALID_RELEASE.include?(parts[2])
> +
> +      begin
> +        cat_stat = File.stat(cat_file)
> +        return false unless cat_stat.file? or cat.stat.symlink?
> +      rescue Errno::ENOENT, Errno::ENOTDIR => e
> +        #FIXME: Use the webrick logger here...
> +        $stderr.puts "Bad catalog file lookup on #{cat_file}"
> +        return false
> +      end
> +
> +      return cat_file
> +    rescue => e
> +      # if we missed something here, we should log it, but return
> +      # false to prevent leaking something
> +      # FIXME: Use the webrick logger here...
> +      #stderr.puts "Rescued exception: #{e.class} -> #{e.message}"
> +      return false
> +    end
> +  end
> +end
> +
> +mirror_path = File.dirname($0)
> +
> +server = WEBrick::HTTPServer.new({ :Port => 9981 })
> +server.mount "/clearsign", GPGDaemon, mirror_path
> +server.mount "/detachsign", GPGDaemon, mirror_path
> +trap('INT') { server.shutdown }
> +server.start
>
>
> Property changes on: catalog_signatures/catalog_gpg
> ___________________________________________________________________
> Added: svn:executable
>   + *
>
>
> This was sent by the SourceForge.net collaborative development platform,
the world's largest Open Source development site.
> _______________________________________________
> devel mailing list
> devel at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/devel/attachments/20110721/7feb9fc5/attachment-0001.html>