upstream/oracle/pkg-gate: src/modules/client/publisher.py@11a8cae074e0 (annotated)

1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	1	#!/usr/bin/python
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3	# CDDL HEADER START
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	4	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	5	# The contents of this file are subject to the terms of the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	6	# Common Development and Distribution License (the "License").
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	7	# You may not use this file except in compliance with the License.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	8	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	9	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	10	# or http://www.opensolaris.org/os/licensing.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	11	# See the License for the specific language governing permissions
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	12	# and limitations under the License.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	13	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	14	# When distributing Covered Code, include this CDDL HEADER in each
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	15	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	16	# If applicable, add the following below this CDDL HEADER, with the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	17	# fields enclosed by brackets "[]" replaced with your own identifying
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	18	# information: Portions Copyright [yyyy] [name of copyright owner]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	19	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	20	# CDDL HEADER END
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	21	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	22
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	23	#
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	24	# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	25	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	26
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	27	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	28	# NOTE: Any changes to this file are considered a change in client api
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	29	# interfaces and must be fully documented in doc/client_api_versions.txt
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	30	# if they are visible changes to the public interfaces provided.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	31	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	32	# This also means that changes to the interfaces here must be reflected in
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	33	# the client version number and compatible_versions specifier found in
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	34	# modules/client/api.py:__init__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	35	#
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	36
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	37	import calendar
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	38	import collections
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	39	import copy
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	40	import cStringIO
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	41	import datetime as dt
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	42	import errno
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	43	import hashlib
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	44	import os
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	45	import pycurl
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	46	import shutil
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	47	import tempfile
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	48	import time
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	49	import urllib
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	50	import urlparse
1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	51	import uuid
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	52
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	53	from pkg.client import global_settings
2272 d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	54	from pkg.client.debugvalues import DebugValues
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	55	logger = global_settings.logger
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	56
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	57	import pkg.catalog
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	58	import pkg.client.api_errors as api_errors
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	59	import pkg.client.sigpolicy as sigpolicy
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	60	import pkg.client.pkgdefs as pkgdefs
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	61	import pkg.misc as misc
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	62	import pkg.portable as portable
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	63	import pkg.server.catalog as old_catalog
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	64	import M2Crypto as m2
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	65
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	66	from pkg.misc import EmptyDict, EmptyI, SIGNATURE_POLICY, DictProperty, \
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	67	PKG_RO_FILE_MODE
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	68
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	69	# The "core" type indicates that a repository contains all of the dependencies
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	70	# declared by packages in the repository. It is primarily used for operating
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	71	# system repositories.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	72	REPO_CTYPE_CORE = "core"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	73
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	74	# The "supplemental" type indicates that a repository contains packages that
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	75	# rely on or are intended to be used with packages located in another
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	76	# repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	77	REPO_CTYPE_SUPPLEMENTAL = "supplemental"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	78
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	79	# Mapping of constant values to names (in the event these ever get changed to
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	80	# numeric values or it is decided they need "prettier" or different labels).
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	81	REPO_COLLECTION_TYPES = {
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	82	REPO_CTYPE_CORE: "core",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	83	REPO_CTYPE_SUPPLEMENTAL: "supplemental",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	84	}
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	85
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	86	# Supported Protocol Schemes
1895 0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	87	SUPPORTED_SCHEMES = set(("file", "http", "https"))
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	88
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	89	# SSL Protocol Schemes
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	90	SSL_SCHEMES = set(("https",))
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	91
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	92	# Supported RepositoryURI sorting policies.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	93	URI_SORT_PRIORITY = "priority"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	94
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	95	# Sort policy mapping.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	96	URI_SORT_POLICIES = {
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	97	URI_SORT_PRIORITY: lambda obj: (obj.priority, obj.uri),
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	98	}
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	99
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	100	# This dictionary records the recognized values of extensions.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	101	SUPPORTED_EXTENSION_VALUES = {
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	102	"basicConstraints": ("CA:TRUE", "CA:FALSE", "PATHLEN:"),
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	103	"keyUsage": ("DIGITAL SIGNATURE", "CERTIFICATE SIGN", "CRL SIGN")
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	104	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	105
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	106	# These dictionaries map uses into their extensions.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	107	CODE_SIGNING_USE = {
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	108	"keyUsage": ["DIGITAL SIGNATURE"]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	109	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	110
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	111	CERT_SIGNING_USE = {
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	112	"basicConstraints": ["CA:TRUE"],
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	113	"keyUsage": ["CERTIFICATE SIGN"]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	114	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	115
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	116	CRL_SIGNING_USE = {
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	117	"keyUsage": ["CRL SIGN"]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	118	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	119
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	120	POSSIBLE_USES = [CODE_SIGNING_USE, CERT_SIGNING_USE, CRL_SIGNING_USE]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	121
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	122	class RepositoryURI(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	123	"""Class representing a repository URI and any transport-related
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	124	information."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	125
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	126	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	127	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	128	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	129	__priority = None
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	130	__proxy = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	131	__ssl_cert = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	132	__ssl_key = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	133	__trailing_slash = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	134	__uri = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	135
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	136	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	137	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	138	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	139
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	140	def __init__(self, uri, priority=None, ssl_cert=None, ssl_key=None,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	141	trailing_slash=True, proxy=None, system=False):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	142	# Must set first.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	143	self.__trailing_slash = trailing_slash
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	144
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	145	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	146	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	147	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	148	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	149	self.priority = priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	150	self.uri = uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	151	self.ssl_cert = ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	152	self.ssl_key = ssl_key
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	153	self.proxy = proxy
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	154	self.system = system
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	155
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	156	def __copy__(self):
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	157	uri = RepositoryURI(self.__uri, priority=self.__priority,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	158	ssl_cert=self.__ssl_cert, ssl_key=self.__ssl_key,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	159	trailing_slash=self.__trailing_slash, proxy=self.__proxy,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	160	system=self.system)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	161	uri._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	162	return uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	163
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	164	def __eq__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	165	if isinstance(other, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	166	return self.uri == other.uri and \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	167	self.proxy == other.proxy
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	168	if isinstance(other, str):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	169	return self.proxy is None and self.uri == other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	170	return False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	171
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	172	def __ne__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	173	if isinstance(other, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	174	return self.uri != other.uri or \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	175	self.proxy != other.proxy
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	176	if isinstance(other, str):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	177	return self.proxy is not None or self.uri != other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	178	return True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	179
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	180	def __cmp__(self, other):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	181	if not other:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	182	return 1
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	183	if not isinstance(other, RepositoryURI):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	184	other = RepositoryURI(other)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	185	res = cmp(self.uri, other.uri)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	186	if res != 0:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	187	return res
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	188	return cmp(self.proxy, other.proxy)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	189
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	190	def __set_priority(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	191	if value is not None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	192	try:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	193	value = int(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	194	except (TypeError, ValueError):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	195	raise api_errors.BadRepositoryURIPriority(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	196	self.__priority = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	197
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	198	def __set_proxy(self, proxy):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	199	if not proxy:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	200	return
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	201	self.__proxy = proxy
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	202	assert not self.__ssl_cert
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	203	assert not self.__ssl_key
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	204
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	205	def __set_ssl_cert(self, filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	206	if self.scheme not in SSL_SCHEMES and filename:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	207	raise api_errors.UnsupportedRepositoryURIAttribute(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	208	"ssl_cert", scheme=self.scheme)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	209	if filename:
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	210	if not isinstance(filename, basestring):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	211	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	212	"ssl_cert", value=filename)
2433 7af4ccfa1c06 5060 cert and key files should be validated when adding or updating publishers Shawn Walker <shawn.walker@oracle.com> parents: 2414 diff changeset	213	filename = os.path.normpath(filename)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	214	if filename == "":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	215	filename = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	216	self.__ssl_cert = filename
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	217
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	218	def __set_ssl_key(self, filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	219	if self.scheme not in SSL_SCHEMES and filename:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	220	raise api_errors.UnsupportedRepositoryURIAttribute(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	221	"ssl_key", scheme=self.scheme)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	222	if filename:
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	223	if not isinstance(filename, basestring):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	224	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	225	"ssl_key", value=filename)
2433 7af4ccfa1c06 5060 cert and key files should be validated when adding or updating publishers Shawn Walker <shawn.walker@oracle.com> parents: 2414 diff changeset	226	filename = os.path.normpath(filename)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	227	if filename == "":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	228	filename = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	229	self.__ssl_key = filename
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	230
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	231	def __set_trailing_slash(self, value):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	232	if value not in (True, False):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	233	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	234	"trailing_slash", value=value)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	235	self.__trailing_slash = value
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	236
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	237	def __set_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	238	if uri is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	239	raise api_errors.BadRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	240
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	241	# Decompose URI to verify attributes.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	242	scheme, netloc, path, params, query = \
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	243	urlparse.urlsplit(uri, allow_fragments=0)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	244
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	245	# The set of currently supported protocol schemes.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	246	if scheme.lower() not in SUPPORTED_SCHEMES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	247	raise api_errors.UnsupportedRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	248
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	249	# XXX valid_pub_url's check isn't quite right and could prevent
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	250	# usage of IDNs (international domain names).
1895 0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	251	if (scheme.lower().startswith("http") and not netloc) or \
0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	252	not misc.valid_pub_url(uri):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	253	raise api_errors.BadRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	254
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	255	if scheme.lower() == "file" and netloc:
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	256	raise api_errors.BadRepositoryURI(uri)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	257
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	258	# Normalize URI scheme.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	259	uri = uri.replace(scheme, scheme.lower(), 1)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	260
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	261	if self.__trailing_slash:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	262	uri = misc.url_affix_trailing_slash(uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	263
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	264	if scheme.lower() not in SSL_SCHEMES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	265	self.__ssl_cert = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	266	self.__ssl_key = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	267
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	268	self.__uri = uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	269
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	270	def __str__(self):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	271	if not self.__proxy:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	272	return self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	273	return "proxy://%s" % self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	274
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	275	def change_scheme(self, new_scheme):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	276	"""Change the scheme of this uri."""
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	277
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	278	assert self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	279	scheme, netloc, path, params, query, fragment = \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	280	urlparse.urlparse(self.__uri, allow_fragments=False)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	281	if new_scheme == scheme:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	282	return
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	283	self.uri = urlparse.urlunparse(
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	284	(new_scheme, netloc, path, params, query, fragment))
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	285
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	286	def get_host(self):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	287	"""Get the host and port of this URI if it's a http uri."""
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	288
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	289	scheme, netloc, path, params, query, fragment = \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	290	urlparse.urlparse(self.__uri, allow_fragments=0)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	291	if scheme != "file":
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	292	return netloc
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	293	return ""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	294
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	295	def get_pathname(self):
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	296	"""Returns the URI path as a pathname if the URI is a file
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	297	URI or '' otherwise."""
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	298
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	299	scheme, netloc, path, params, query, fragment = \
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	300	urlparse.urlparse(self.__uri, allow_fragments=0)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	301	if scheme == "file":
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	302	return urllib.url2pathname(path)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	303	return ""
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	304
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	305	ssl_cert = property(lambda self: self.__ssl_cert, __set_ssl_cert, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	306	"The absolute pathname of a PEM-encoded SSL certificate file.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	307
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	308	ssl_key = property(lambda self: self.__ssl_key, __set_ssl_key, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	309	"The absolute pathname of a PEM-encoded SSL key file.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	310
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	311	uri = property(lambda self: self.__uri, __set_uri, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	312	"The URI used to access a repository.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	313
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	314	priority = property(lambda self: self.__priority, __set_priority, None,
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	315	"An integer value representing the importance of this repository "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	316	"URI relative to others.")
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	317
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	318	proxy = property(lambda self: self.__proxy, __set_proxy, None, "The "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	319	"proxy to use to access this repository.")
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	320
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	321	@property
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	322	def scheme(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	323	"""The URI scheme."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	324	if not self.__uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	325	return ""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	326	return urlparse.urlsplit(self.__uri, allow_fragments=0)[0]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	327
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	328	trailing_slash = property(lambda self: self.__trailing_slash,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	329	__set_trailing_slash, None,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	330	"A boolean value indicating whether any URI provided for this "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	331	"object should have a trailing slash appended when setting the "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	332	"URI property.")
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	333
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	334
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	335	class Repository(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	336	"""Class representing a repository object.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	337
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	338	A repository object represents a location where clients can publish
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	339	and retrieve package content and/or metadata. It has the following
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	340	characteristics:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	341
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	342	- may have one or more origins (URIs) for publication and
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	343	retrieval of package metadata and content.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	344
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	345	- may have zero or more mirrors (URIs) for retrieval of package
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	346	content."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	347
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	348	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	349	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	350	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	351	__collection_type = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	352	__legal_uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	353	__mirrors = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	354	__origins = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	355	__refresh_seconds = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	356	__registration_uri = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	357	__related_uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	358	__sort_policy = URI_SORT_PRIORITY
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	359
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	360	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	361	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	362	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	363
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	364	name = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	365	description = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	366	registered = False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	367
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	368	def __init__(self, collection_type=REPO_CTYPE_CORE, description=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	369	legal_uris=None, mirrors=None, name=None, origins=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	370	refresh_seconds=None, registered=False, registration_uri=None,
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	371	related_uris=None, sort_policy=URI_SORT_PRIORITY):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	372	"""Initializes a repository object.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	373
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	374	'collection_type' is an optional constant value indicating the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	375	type of packages in the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	376
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	377	'description' is an optional string value containing a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	378	descriptive paragraph for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	379
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	380	'legal_uris' should be a list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	381	strings indicating where licensing, legal, and terms of service
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	382	information for the repository can be found.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	383
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	384	'mirrors' is an optional list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	385	strings indicating where package content can be retrieved.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	386
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	387	'name' is an optional, short, descriptive name for the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	388	repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	389
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	390	'origins' should be a list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	391	strings indicating where package metadata can be retrieved.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	392
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	393	'refresh_seconds' is an optional integer value indicating the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	394	number of seconds clients should wait before refreshing cached
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	395	repository catalog or repository metadata information.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	396
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	397	'registered' is an optional boolean value indicating whether
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	398	a client has registered with the repository's publisher.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	399
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	400	'registration_uri' is an optional RepositoryURI object or a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	401	string indicating a location clients can use to register or
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	402	obtain credentials needed to access the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	403
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	404	'related_uris' is an optional list of RepositoryURI objects or a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	405	list of URI strings indicating the location of related
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	406	repositories that a client may be interested in.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	407
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	408	'sort_policy' is an optional constant value indicating how
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	409	legal_uris, mirrors, origins, and related_uris should be
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	410	sorted."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	411
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	412	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	413	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	414	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	415	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	416
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	417	# Must be set first so that it will apply to attributes set
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	418	# afterwards.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	419	self.sort_policy = sort_policy
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	420
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	421	self.collection_type = collection_type
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	422	self.description = description
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	423	self.legal_uris = legal_uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	424	self.mirrors = mirrors
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	425	self.name = name
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	426	self.origins = origins
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	427	self.refresh_seconds = refresh_seconds
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	428	self.registered = registered
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	429	self.registration_uri = registration_uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	430	self.related_uris = related_uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	431
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	432	def __add_uri(self, attr, uri, dup_check=None, priority=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	433	ssl_cert=None, ssl_key=None, trailing_slash=True):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	434	if not isinstance(uri, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	435	uri = RepositoryURI(uri, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	436	ssl_cert=ssl_cert, ssl_key=ssl_key,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	437	trailing_slash=trailing_slash)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	438
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	439	if dup_check:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	440	dup_check(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	441
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	442	ulist = getattr(self, attr)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	443	ulist.append(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	444	ulist.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	445
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	446	def __copy__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	447	cluris = [copy.copy(u) for u in self.legal_uris]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	448	cmirrors = [copy.copy(u) for u in self.mirrors]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	449	cruris = [copy.copy(u) for u in self.related_uris]
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	450	corigins = [copy.copy(u) for u in self.origins]
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	451
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	452	repo = Repository(collection_type=self.collection_type,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	453	description=self.description,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	454	legal_uris=cluris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	455	mirrors=cmirrors, name=self.name,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	456	origins=corigins,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	457	refresh_seconds=self.refresh_seconds,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	458	registered=self.registered,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	459	registration_uri=copy.copy(self.registration_uri),
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	460	related_uris=cruris)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	461	repo._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	462	return repo
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	463
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	464	def __replace_uris(self, attr, value, trailing_slash=True):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	465	if value is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	466	value = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	467	if not isinstance(value, list):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	468	raise api_errors.BadRepositoryAttributeValue(attr,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	469	value=value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	470	uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	471	for u in value:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	472	if not isinstance(u, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	473	u = RepositoryURI(u,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	474	trailing_slash=trailing_slash)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	475	elif trailing_slash:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	476	u.uri = misc.url_affix_trailing_slash(u.uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	477	uris.append(u)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	478	uris.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	479	return uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	480
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	481	def __set_collection_type(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	482	if value not in REPO_COLLECTION_TYPES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	483	raise api_errors.BadRepositoryCollectionType(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	484	self.__collection_type = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	485
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	486	def __set_legal_uris(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	487	self.__legal_uris = self.__replace_uris("legal_uris", value,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	488	trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	489
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	490	def __set_mirrors(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	491	self.__mirrors = self.__replace_uris("mirrors", value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	492
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	493	def __set_origins(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	494	self.__origins = self.__replace_uris("origins", value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	495
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	496	def __set_registration_uri(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	497	if value and not isinstance(value, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	498	value = RepositoryURI(value, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	499	self.__registration_uri = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	500
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	501	def __set_related_uris(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	502	self.__related_uris = self.__replace_uris("related_uris",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	503	value, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	504
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	505	def __set_refresh_seconds(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	506	if value is not None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	507	try:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	508	value = int(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	509	except (TypeError, ValueError):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	510	raise api_errors.BadRepositoryAttributeValue(
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	511	"refresh_seconds", value=value)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	512	if value < 0:
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	513	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	514	"refresh_seconds", value=value)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	515	self.__refresh_seconds = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	516
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	517	def __set_sort_policy(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	518	if value not in URI_SORT_POLICIES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	519	raise api_errors.BadRepositoryURISortPolicy(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	520	self.__sort_policy = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	521
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	522	def add_legal_uri(self, uri, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	523	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	524	"""Adds the specified legal URI to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	525
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	526	'uri' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	527	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	528	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	529
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	530	self.__add_uri("legal_uris", uri, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	531	ssl_cert=ssl_cert, ssl_key=ssl_key, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	532
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	533	def add_mirror(self, mirror, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	534	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	535	"""Adds the specified mirror to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	536
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	537	'mirror' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	538	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	539	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	540
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	541	def dup_check(mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	542	if self.has_mirror(mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	543	raise api_errors.DuplicateRepositoryMirror(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	544	mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	545
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	546	self.__add_uri("mirrors", mirror, dup_check=dup_check,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	547	priority=priority, ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	548
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	549	def add_origin(self, origin, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	550	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	551	"""Adds the specified origin to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	552
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	553	'origin' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	554	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	555	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	556
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	557	def dup_check(origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	558	if self.has_origin(origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	559	raise api_errors.DuplicateRepositoryOrigin(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	560	origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	561
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	562	self.__add_uri("origins", origin, dup_check=dup_check,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	563	priority=priority, ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	564
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	565	def add_related_uri(self, uri, priority=None, ssl_cert=None,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	566	ssl_key=None):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	567	"""Adds the specified related URI to the repository.
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	568
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	569	'uri' can be a RepositoryURI object or a URI string. If
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	570	it is a RepositoryURI object, all other parameters will be
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	571	ignored."""
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	572
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	573	self.__add_uri("related_uris", uri, priority=priority,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	574	ssl_cert=ssl_cert, ssl_key=ssl_key, trailing_slash=False)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	575
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	576	def get_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	577	"""Returns a RepositoryURI object representing the mirror
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	578	that matches 'mirror'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	579
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	580	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	581
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	582	if not isinstance(mirror, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	583	mirror = misc.url_affix_trailing_slash(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	584	for m in self.mirrors:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	585	if mirror == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	586	return m
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	587	raise api_errors.UnknownRepositoryMirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	588
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	589	def get_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	590	"""Returns a RepositoryURI object representing the origin
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	591	that matches 'origin'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	592
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	593	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	594
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	595	if not isinstance(origin, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	596	origin = misc.url_affix_trailing_slash(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	597	for o in self.origins:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	598	if origin == o.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	599	return o
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	600	raise api_errors.UnknownRepositoryOrigin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	601
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	602	def has_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	603	"""Returns a boolean value indicating whether a matching
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	604	'mirror' exists for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	605
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	606	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	607
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	608	if not isinstance(mirror, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	609	mirror = RepositoryURI(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	610	return mirror in self.mirrors
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	611
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	612	def has_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	613	"""Returns a boolean value indicating whether a matching
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	614	'origin' exists for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	615
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	616	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	617
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	618	if not isinstance(origin, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	619	origin = RepositoryURI(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	620	return origin in self.origins
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	621
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	622	def remove_legal_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	623	"""Removes the legal URI matching 'uri' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	624
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	625	'uri' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	626
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	627	for i, m in enumerate(self.legal_uris):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	628	if uri == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	629	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	630	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	631	del self.legal_uris[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	632	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	633	raise api_errors.UnknownLegalURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	634
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	635	def remove_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	636	"""Removes the mirror matching 'mirror' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	637
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	638	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	639
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	640	if not isinstance(mirror, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	641	mirror = misc.url_affix_trailing_slash(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	642	for i, m in enumerate(self.mirrors):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	643	if mirror == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	644	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	645	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	646	del self.mirrors[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	647	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	648	raise api_errors.UnknownRepositoryMirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	649
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	650	def remove_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	651	"""Removes the origin matching 'origin' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	652
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	653	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	654
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	655	if not isinstance(origin, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	656	origin = RepositoryURI(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	657	for i, o in enumerate(self.origins):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	658	if origin == o.uri and origin.proxy == o.proxy:
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	659	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	660	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	661	del self.origins[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	662	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	663	raise api_errors.UnknownRepositoryOrigin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	664
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	665	def remove_related_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	666	"""Removes the related URI matching 'uri' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	667
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	668	'uri' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	669
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	670	for i, m in enumerate(self.related_uris):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	671	if uri == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	672	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	673	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	674	del self.related_uris[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	675	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	676	raise api_errors.UnknownRelatedURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	677
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	678	def update_mirror(self, mirror, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	679	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	680	"""Updates an existing mirror object matching 'mirror'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	681
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	682	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	683
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	684	if not isinstance(mirror, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	685	mirror = RepositoryURI(mirror, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	686	ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	687
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	688	target = self.get_mirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	689	target.priority = mirror.priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	690	target.ssl_cert = mirror.ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	691	target.ssl_key = mirror.ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	692	self.mirrors.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	693
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	694	def update_origin(self, origin, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	695	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	696	"""Updates an existing origin object matching 'origin'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	697
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	698	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	699
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	700	if not isinstance(origin, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	701	origin = RepositoryURI(origin, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	702	ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	703
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	704	target = self.get_origin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	705	target.priority = origin.priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	706	target.ssl_cert = origin.ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	707	target.ssl_key = origin.ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	708	self.origins.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	709
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	710	def reset_mirrors(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	711	"""Discards the current list of repository mirrors."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	712
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	713	self.mirrors = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	714
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	715	def reset_origins(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	716	"""Discards the current list of repository origins."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	717
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	718	self.origins = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	719
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	720	collection_type = property(lambda self: self.__collection_type,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	721	__set_collection_type, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	722	"""A constant value indicating the type of packages in the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	723	repository. The following collection types are recognized:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	724
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	725	REPO_CTYPE_CORE
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	726	The "core" type indicates that the repository contains
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	727	all of the dependencies declared by packages in the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	728	repository. It is primarily used for operating system
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	729	repositories.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	730
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	731	REPO_CTYPE_SUPPLEMENTAL
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	732	The "supplemental" type indicates that the repository
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	733	contains packages that rely on or are intended to be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	734	used with packages located in another repository.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	735
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	736	legal_uris = property(lambda self: self.__legal_uris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	737	__set_legal_uris, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	738	"""A list of RepositoryURI objects indicating where licensing,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	739	legal, and terms of service information for the repository can be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	740	found.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	741
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	742	mirrors = property(lambda self: self.__mirrors, __set_mirrors, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	743	"""A list of RepositoryURI objects indicating where package content
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	744	can be retrieved. If any value in the list provided is a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	745	string, it will be replaced with a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	746
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	747	origins = property(lambda self: self.__origins, __set_origins, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	748	"""A list of RepositoryURI objects indicating where package content
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	749	can be retrieved. If any value in the list provided is a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	750	string, it will be replaced with a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	751
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	752	registration_uri = property(lambda self: self.__registration_uri,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	753	__set_registration_uri, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	754	"""A RepositoryURI object indicating a location clients can use to
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	755	register or obtain credentials needed to access the repository. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	756	the value provided is a URI string, it will be replaced with a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	757	RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	758
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	759	related_uris = property(lambda self: self.__related_uris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	760	__set_related_uris, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	761	"""A list of RepositoryURI objects indicating the location of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	762	related repositories that a client may be interested in. If any
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	763	value in the list provided is a URI string, it will be replaced with
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	764	a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	765
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	766	refresh_seconds = property(lambda self: self.__refresh_seconds,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	767	__set_refresh_seconds, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	768	"""An integer value indicating the number of seconds clients should
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	769	wait before refreshing cached repository metadata information. A
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	770	value of None indicates that refreshes should be performed at the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	771	client's discretion.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	772
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	773	sort_policy = property(lambda self: self.__sort_policy,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	774	__set_sort_policy, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	775	"""A constant value indicating how legal_uris, mirrors, origins, and
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	776	related_uris should be sorted. The following policies are
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	777	recognized:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	778
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	779	URI_SORT_PRIORITY
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	780	The "priority" policy indicate that URIs should be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	781	sorted according to the value of their priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	782	attribute.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	783
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	784
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	785	class Publisher(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	786	"""Class representing a publisher object and a set of interfaces to set
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	787	and retrieve its information.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	788
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	789	A publisher is a forward or reverse domain name identifying a source
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	790	(e.g. "publisher") of packages."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	791
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	792	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	793	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	794	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	795	__alias = None
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	796	__catalog = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	797	__client_uuid = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	798	__disabled = False
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	799	__meta_root = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	800	__origin_root = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	801	__prefix = None
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	802	__repository = None
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	803	__sticky = True
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	804	transport = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	805
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	806	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	807	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	808	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	809
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	810	# Used to record those CRLs which are unreachable during the current
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	811	# operation.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	812	__bad_crls = set()
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	813
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	814	def __init__(self, prefix, alias=None, catalog=None, client_uuid=None,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	815	disabled=False, meta_root=None, repository=None,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	816	transport=None, sticky=True, props=None, revoked_ca_certs=EmptyI,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	817	approved_ca_certs=EmptyI, sys_pub=False):
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	818	"""Initialize a new publisher object.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	819
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	820	'catalog' is an optional Catalog object to use in place of
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	821	retrieving one from the publisher's meta_root. This option
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	822	may only be used when meta_root is not provided.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	823	"""
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	824
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	825	assert not (catalog and meta_root)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	826
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	827	if client_uuid is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	828	self.reset_client_uuid()
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	829	else:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	830	self.__client_uuid = client_uuid
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	831
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	832	self.sys_pub = False
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	833
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	834	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	835	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	836	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	837	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	838	self.alias = alias
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	839	self.disabled = disabled
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	840	self.prefix = prefix
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	841	self.transport = transport
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	842	self.meta_root = meta_root
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	843	self.sticky = sticky
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	844
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	845
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	846	self.__sig_policy = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	847	self.__delay_validation = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	848
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	849	self.__properties = {}
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	850	self.__tmp_crls = {}
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	851
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	852	# Writing out an EmptyI to a config file and reading it back
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	853	# in doesn't work correctly at the moment, but reading and
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	854	# writing an empty list does. So if intermediate_certs is empty,
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	855	# make sure it's stored as an empty list.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	856	#
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	857	# The relevant implementation is probably the line which
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	858	# strips ][ from the input in imageconfig.read_list.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	859	if revoked_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	860	self.revoked_ca_certs = revoked_ca_certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	861	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	862	self.revoked_ca_certs = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	863
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	864	if approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	865	self.approved_ca_certs = approved_ca_certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	866	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	867	self.approved_ca_certs = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	868
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	869	if props:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	870	self.properties.update(props)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	871
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	872	self.ca_dict = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	873
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	874	if repository:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	875	self.repository = repository
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	876	self.sys_pub = sys_pub
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	877
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	878	# A dictionary to story the mapping for subject -> certificate
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	879	# for those certificates we couldn't store on disk.
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	880	self.__issuers = {}
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	881
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	882	# Must be done last.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	883	self.__catalog = catalog
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	884
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	885	def __cmp__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	886	if other is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	887	return 1
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	888	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	889	return cmp(self.prefix, other.prefix)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	890	return cmp(self.prefix, other)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	891
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	892	@staticmethod
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	893	def __contains__(key):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	894	"""Supports deprecated compatibility interface."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	895
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	896	return key in ("client_uuid", "disabled", "mirrors", "origin",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	897	"prefix", "ssl_cert", "ssl_key")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	898
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	899	def __copy__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	900	selected = None
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	901	pub = Publisher(self.__prefix, alias=self.__alias,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	902	client_uuid=self.__client_uuid, disabled=self.__disabled,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	903	meta_root=self.meta_root,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	904	repository=copy.copy(self.repository),
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	905	transport=self.transport, sticky=self.__sticky,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	906	props=self.properties,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	907	revoked_ca_certs=self.revoked_ca_certs,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	908	approved_ca_certs=self.approved_ca_certs,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	909	sys_pub=self.sys_pub)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	910	pub._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	911	return pub
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	912
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	913	def __eq__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	914	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	915	return self.prefix == other.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	916	if isinstance(other, str):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	917	return self.prefix == other
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	918	return False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	919
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	920	def __getitem__(self, key):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	921	"""Deprecated compatibility interface allowing publisher
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	922	attributes to be read as pub["attribute"]."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	923
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	924	if key == "client_uuid":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	925	return self.__client_uuid
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	926	if key == "disabled":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	927	return self.__disabled
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	928	if key == "prefix":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	929	return self.__prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	930
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	931	repo = self.repository
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	932	if key == "mirrors":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	933	return [str(m) for m in repo.mirrors]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	934	if key == "origin":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	935	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	936	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	937	return repo.origins[0].uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	938	if key == "ssl_cert":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	939	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	940	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	941	return repo.origins[0].ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	942	if key == "ssl_key":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	943	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	944	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	945	return repo.origins[0].ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	946
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	947	def __get_last_refreshed(self):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	948	if not self.meta_root:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	949	return None
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	950
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	951	lcfile = os.path.join(self.meta_root, "last_refreshed")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	952	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	953	mod_time = os.stat(lcfile).st_mtime
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	954	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	955	if e.errno == errno.ENOENT:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	956	return None
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	957	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	958	return dt.datetime.utcfromtimestamp(mod_time)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	959
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	960	def __ne__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	961	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	962	return self.prefix != other.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	963	if isinstance(other, str):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	964	return self.prefix != other
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	965	return True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	966
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	967	def __set_alias(self, value):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	968	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	969	raise api_errors.ModifyingSyspubException(
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	970	"Cannot set the alias of a system publisher")
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	971	# Aliases must comply with the same restrictions that prefixes
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	972	# have as they are intended to be useable in any case where
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	973	# a prefix may be used.
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	974	if value is not None and value != "" and \
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	975	not misc.valid_pub_prefix(value):
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	976	raise api_errors.BadPublisherAlias(value)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	977	self.__alias = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	978
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	979	def __set_disabled(self, disabled):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	980	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	981	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	982	"enable or disable a system publisher"))
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	983
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	984	if disabled:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	985	self.__disabled = True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	986	else:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	987	self.__disabled = False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	988
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	989	def __set_last_refreshed(self, value):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	990	if not self.meta_root:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	991	return
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	992
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	993	if value is not None and not isinstance(value, dt.datetime):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	994	raise api_errors.BadRepositoryAttributeValue(
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	995	"last_refreshed", value=value)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	996
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	997	lcfile = os.path.join(self.meta_root, "last_refreshed")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	998	if not value:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	999	# If no value was provided, attempt to remove the
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1000	# tracking file.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1001	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1002	portable.remove(lcfile)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1003	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1004	# If the file can't be removed due to
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1005	# permissions, a read-only filesystem, or
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1006	# because it doesn't exist, continue on.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1007	if e.errno not in (errno.ENOENT, errno.EACCES,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1008	errno.EROFS):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1009	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1010	return
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1011
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1012	def create_tracker():
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1013	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1014	f = open(lcfile, "wb")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1015	f.write("%s\n" % misc.time_to_timestamp(
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1016	calendar.timegm(value.utctimetuple())))
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1017	f.close()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1018	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1019	# If the file can't be written due to
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1020	# permissions or because the filesystem is
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1021	# read-only, continue on.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1022	if e.errno not in (errno.EACCES, errno.EROFS):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1023	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1024
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1025	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1026	# If a time was provided, write out a special file that
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1027	# can be used to track the information with the actual
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1028	# time (in UTC) contained within.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1029	create_tracker()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1030	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1031	if e.errno != errno.ENOENT:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1032	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1033
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1034	# Assume meta_root doesn't exist and create it.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1035	try:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1036	self.create_meta_root()
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1037	except api_errors.PermissionsException:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1038	# If the directory can't be created due to
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1039	# permissions, move on.
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1040	pass
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1041	except EnvironmentError, e:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1042	# If the directory can't be created due to a
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1043	# read-only filesystem, move on.
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1044	if e.errno != errno.EROFS:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1045	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1046	else:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1047	# Try one last time.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1048	create_tracker()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1049
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1050	def __set_meta_root(self, pathname):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1051	if pathname:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1052	pathname = os.path.abspath(pathname)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1053	self.__meta_root = pathname
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1054	if self.__catalog:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1055	self.__catalog.meta_root = self.catalog_root
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1056	if self.__meta_root:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1057	self.__origin_root = os.path.join(self.__meta_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1058	"origins")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1059	self.cert_root = os.path.join(self.__meta_root, "certs")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1060	self.__subj_root = os.path.join(self.cert_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1061	"subject_hashes")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1062	self.__crl_root = os.path.join(self.cert_root, "crls")
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1063
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1064	def __set_prefix(self, prefix):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1065	if not misc.valid_pub_prefix(prefix):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1066	raise api_errors.BadPublisherPrefix(prefix)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1067	self.__prefix = prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1068
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1069	def __set_repository(self, value):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1070	if not isinstance(value, Repository):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1071	raise api_errors.UnknownRepository(value)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1072	self.__repository = value
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1073	self.__catalog = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1074
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1075	def __set_client_uuid(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1076	self.__client_uuid = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1077
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1078	def __set_stickiness(self, value):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1079	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1080	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1081	"change the stickiness of a system publisher"))
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1082	self.__sticky = bool(value)
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1083
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1084	def __str__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1085	return self.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1086
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1087	def __validate_metadata(self, croot, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1088	"""Private helper function to check the publisher's metadata
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1089	for configuration or other issues and log appropriate warnings
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1090	or errors. Currently only checks catalog metadata."""
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1091
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1092	c = pkg.catalog.Catalog(meta_root=croot, read_only=True)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1093	if not c.exists:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1094	# Nothing to validate.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1095	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1096	if not c.version > 0:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1097	# Validation doesn't apply.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1098	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1099	if not c.package_count:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1100	# Nothing to do.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1101	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1102
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1103	# XXX For now, perform this check using the catalog data.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1104	# In the future, it should be done using the output of the
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1105	# publisher/0 operation.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1106	pubs = c.publishers()
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1107
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1108	if self.prefix not in pubs:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1109	origins = repo.origins
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1110	origin = origins[0]
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1111	logger.error(_("""
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1112	Unable to retrieve package data for publisher '%(prefix)s' from one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1113	of the following origin(s):
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1114
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1115	%(origins)s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1116
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1117	The catalog retrieved from one of the origin(s) listed above only
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1118	contains package data for: %(pubs)s.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1119	""") % { "origins": "\n".join(str(o) for o in origins), "prefix": self.prefix,
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1120	"pubs": ", ".join(pubs) })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1121
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1122	if global_settings.client_name != "pkg":
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1123	logger.error(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1124	This is either a result of invalid origin information being provided
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1125	for publisher '%s', or because the wrong publisher name was
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1126	provided when this publisher was added.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1127	""") % self.prefix)
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1128	# Remaining messages are for pkg client only.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1129	return
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1130
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1131	logger.error(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1132	To resolve this issue, correct the origin information provided for
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1133	publisher '%(prefix)s' using the pkg set-publisher subcommand, or re-add
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1134	the publisher using the correct name and remove the '%(prefix)s'
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1135	publisher.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1136	""") % { "prefix": self.prefix })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1137
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1138	if len(pubs) == 1:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1139	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1140	To re-add this publisher with the correct name, execute the following
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1141	commands as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1142
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1143	pkg set-publisher -P -g %(origin)s %(pub)s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1144	pkg unset-publisher %(prefix)s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1145	""") % { "origin": origin, "prefix": self.prefix, "pub": list(pubs)[0] })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1146	return
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1147
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1148	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1149	The origin(s) listed above contain package data for more than one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1150	publisher, but this issue can likely be resolved by executing one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1151	of the following commands as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1152	"""))
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1153
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1154	for pfx in pubs:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1155	logger.warning(_("pkg set-publisher -P -g "
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1156	"%(origin)s %(pub)s\n") % {
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1157	"origin": origin, "pub": pfx })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1158
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1159	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1160	Afterwards, the old publisher should be removed by executing the
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1161	following command as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1162
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1163	pkg unset-publisher %s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1164	""") % self.prefix)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1165
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1166	@property
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1167	def catalog(self):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1168	"""A reference to the Catalog object for the publisher's
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1169	selected repository, or None if available."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1170
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1171	if not self.meta_root:
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1172	if self.__catalog:
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1173	return self.__catalog
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1174	return None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1175
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1176	if not self.__catalog:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1177	croot = self.catalog_root
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1178	if not os.path.isdir(croot):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1179	# Current meta_root structure is likely in
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1180	# a state of transition, so don't provide a
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1181	# meta_root. Assume that an empty catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1182	# is desired instead. (This can happen during
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1183	# an image format upgrade.)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1184	croot = None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1185	self.__catalog = pkg.catalog.Catalog(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1186	meta_root=croot)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1187	return self.__catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1188
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1189	@property
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1190	def catalog_root(self):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1191	"""The absolute pathname of the directory containing the
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1192	Catalog data for the publisher, or None if meta_root is
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1193	not defined."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1194
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1195	if self.meta_root:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1196	return os.path.join(self.meta_root, "catalog")
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1197
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1198	def create_meta_root(self):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1199	"""Create the publisher's meta_root."""
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1200
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1201	if not self.meta_root:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1202	raise api_errors.BadPublisherMetaRoot(self.meta_root,
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1203	operation="create_meta_root")
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1204
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1205	for path in (self.meta_root, self.catalog_root):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1206	try:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1207	os.makedirs(path)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1208	except EnvironmentError, e:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1209	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1210	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1211	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1212	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1213	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1214	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1215	elif e.errno != errno.EEXIST:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1216	# If the path already exists, move on.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1217	# Otherwise, raise the exception.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1218	raise
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1219	# Optional roots not needed for all operations.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1220	for path in (self.cert_root, self.__origin_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1221	self.__subj_root, self.__crl_root):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1222	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1223	os.makedirs(path)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1224	except EnvironmentError, e:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1225	if e.errno in (errno.EACCES, errno.EROFS):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1226	pass
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1227	elif e.errno != errno.EEXIST:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1228	# If the path already exists, move on.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1229	# Otherwise, raise the exception.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1230	raise
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1231
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1232	def get_origin_sets(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1233	"""Returns a list of Repository objects representing the unique
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1234	groups of origins available. Each group is based on the origins
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1235	that share identical package catalog data."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1236
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1237	if not self.repository or not self.repository.origins:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1238	# Guard against failure for publishers with no
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1239	# transport information.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1240	return []
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1241
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1242	if not self.meta_root or not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1243	# No way to identify unique sets.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1244	return [self.repository]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1245
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1246	# Index origins by tuple of (catalog creation, catalog modified)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1247	osets = collections.defaultdict(list)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1248
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1249	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1250	cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1251	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1252	if not cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1253	key = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1254	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1255	key = (str(cat.created), str(cat.last_modified))
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1256	osets[key].append(origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1257
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1258	# Now return a list of Repository objects (copies of the
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1259	# currently selected one) assigning each set of origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1260	# Sort by index to ensure consistent ordering.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1261	rval = []
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1262	for k in sorted(osets):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1263	nrepo = copy.copy(self.repository)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1264	nrepo.origins = osets[k]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1265	rval.append(nrepo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1266
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1267	return rval
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1268
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1269	def has_configuration(self):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1270	"""Returns whether this publisher has any configuration which
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1271	should prevent its removal."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1272
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1273	return bool(self.__repository.origins or
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1274	self.__repository.mirrors or self.__sig_policy or
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1275	self.approved_ca_certs or self.revoked_ca_certs)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1276
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1277	@property
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1278	def needs_refresh(self):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1279	"""A boolean value indicating whether the publisher's
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1280	metadata for the currently selected repository needs to be
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1281	refreshed."""
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1282
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1283	if not self.repository or not self.meta_root:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1284	# Nowhere to obtain metadata from; this should rarely
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1285	# occur except during publisher initialization.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1286	return False
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1287
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1288	lc = self.last_refreshed
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1289	if not lc:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1290	# There is no record of when the publisher metadata was
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1291	# last refreshed, so assume it should be refreshed now.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1292	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1293
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1294	ts_now = time.time()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1295	ts_last = calendar.timegm(lc.utctimetuple())
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1296
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1297	rs = self.repository.refresh_seconds
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1298	if not rs:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1299	# There is no indicator of how often often publisher
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1300	# metadata should be refreshed, so assume it should be
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1301	# now.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1302	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1303
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1304	if (ts_now - ts_last) >= rs:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1305	# The number of seconds that has elapsed since the
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1306	# publisher metadata was last refreshed exceeds or
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1307	# equals the specified interval.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1308	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1309	return False
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1310
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1311	def __get_origin_path(self, origin):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1312	if not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1313	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1314	# A digest of the URI string is used here to attempt to avoid
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1315	# path length problems.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1316	return os.path.join(self.__origin_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1317	hashlib.sha1(origin.uri).hexdigest())
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1318
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1319	def __gen_origin_paths(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1320	if not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1321	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1322	for origin in self.repository.origins:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1323	yield origin, self.__get_origin_path(origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1324
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1325	def __rebuild_catalog(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1326	"""Private helper function that builds publisher catalog based
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1327	on catalog from each origin."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1328
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1329	# First, remove catalogs for any origins that no longer exist.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1330	ohashes = [
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1331	hashlib.sha1(o.uri).hexdigest()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1332	for o in self.repository.origins
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1333	]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1334
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1335	for entry in os.listdir(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1336	opath = os.path.join(self.__origin_root, entry)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1337	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1338	if entry in ohashes:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1339	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1340	except Exception:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1341	# Discard anything that isn't an origin.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1342	pass
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1343
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1344	# Not an origin or origin no longer exists; either way,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1345	# it shouldn't exist here.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1346	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1347	if os.path.isdir(opath):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1348	shutil.rmtree(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1349	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1350	portable.remove(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1351	except EnvironmentError, e:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1352	raise api_errors._convert_error(e)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1353
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1354	# Discard existing catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1355	self.catalog.destroy()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1356	self.__catalog = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1357
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1358	# Ensure all old catalog files are removed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1359	for entry in os.listdir(self.catalog_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1360	if entry == "attrs" or entry == "catalog" or \
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1361	entry.startswith("catalog."):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1362	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1363	portable.remove(os.path.join(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1364	self.catalog_root, entry))
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1365	except EnvironmentError, e:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1366	raise apx._convert_error(e)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1367
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1368	# If there's only one origin, then just symlink its catalog
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1369	# files into place.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1370	opaths = [entry for entry in self.__gen_origin_paths()]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1371	if len(opaths) == 1:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1372	opath = opaths[0][1]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1373	for fname in os.listdir(opath):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1374	if fname.startswith("catalog."):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1375	src = os.path.join(opath, fname)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1376	dest = os.path.join(self.catalog_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1377	fname)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1378	os.symlink(misc.relpath(src,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1379	self.catalog_root), dest)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1380	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1381
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1382	# If there's more than one origin, then create a new catalog
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1383	# based on a composite of the catalogs for all origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1384	ncat = pkg.catalog.Catalog(batch_mode=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1385	meta_root=self.catalog_root, sign=False)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1386
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1387	# Mark all operations as occurring at this time.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1388	op_time = dt.datetime.utcnow()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1389
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1390	for origin, opath in opaths:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1391	src_cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1392	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1393	for name in src_cat.parts:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1394	spart = src_cat.get_part(name, must_exist=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1395	if spart is None:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1396	# Client hasn't retrieved this part.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1397	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1398
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1399	npart = ncat.get_part(name)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1400	base = name.startswith("catalog.base.")
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1401
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1402	# Avoid accessor overhead since these will be
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1403	# used for every entry.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1404	cat_ver = src_cat.version
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1405
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1406	for t, sentry in spart.tuple_entries(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1407	pubs=[self.prefix]):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1408	pub, stem, ver = t
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1409
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1410	entry = dict(sentry.iteritems())
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1411	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1412	npart.add(metadata=entry,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1413	op_time=op_time, pub=pub,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1414	stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1415	except api_errors.DuplicateCatalogEntry:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1416	if not base:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1417	# Don't care.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1418	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1419
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1420	# Destination entry is in
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1421	# catalog already.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1422	entry = npart.get_entry(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1423	pub=pub, stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1424
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1425	src_sigs = set(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1426	s
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1427	for s in sentry
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1428	if s.startswith("signature-")
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1429	)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1430	dest_sigs = set(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1431	s
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1432	for s in entry
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1433	if s.startswith("signature-")
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1434	)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1435
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1436	if src_sigs != dest_sigs:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1437	# Ignore any packages
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1438	# that are different
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1439	# from the first
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1440	# encountered for this
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1441	# package version.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1442	# The client expects
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1443	# these to always be
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1444	# the same. This seems
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1445	# saner than failing.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1446	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1447	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1448	if not base:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1449	# Nothing to do.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1450	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1451
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1452	# Destination entry is one just
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1453	# added.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1454	entry["metadata"] = {
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1455	"sources": [],
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1456	"states": [],
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1457	}
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1458
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1459	entry["metadata"]["sources"].append(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1460	origin.uri)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1461
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1462	states = entry["metadata"]["states"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1463	if src_cat.version == 0:
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	1464	states.append(
3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	1465	pkgdefs.PKG_STATE_V0)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1466
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1467	# Now go back and trim each entry to minimize footprint. This
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1468	# ensures each package entry only has state and source info
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1469	# recorded when needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1470	for t, entry in ncat.tuple_entries():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1471	pub, stem, ver = t
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1472	mdata = entry["metadata"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1473	if len(mdata["sources"]) == len(opaths):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1474	# Package is available from all origins, so
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1475	# there's no need to require which ones
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1476	# have it.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1477	del mdata["sources"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1478
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1479	if len(mdata["states"]) < len(opaths):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1480	# At least one source is not V0, so the lazy-
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1481	# load fallback for the package metadata isn't
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1482	# needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1483	del mdata["states"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1484	elif len(mdata["states"]) > 1:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1485	# Ensure only one instance of state value.
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	1486	mdata["states"] = [pkgdefs.PKG_STATE_V0]
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1487	if not mdata:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1488	mdata = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1489	ncat.update_entry(mdata, pub=pub, stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1490
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1491	# Finally, write out publisher catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1492	ncat.batch_mode = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1493	ncat.finalize()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1494	ncat.save()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1495
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1496	def __convert_v0_catalog(self, v0_cat, v1_root):
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1497	"""Transforms the contents of the provided version 0 Catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1498	into a version 1 Catalog, replacing the current Catalog."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1499
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1500	v0_lm = v0_cat.last_modified()
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1501	if v0_lm:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1502	# last_modified can be none if the catalog is empty.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1503	v0_lm = pkg.catalog.ts_to_datetime(v0_lm)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1504
1358 6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1505	# There's no point in signing this catalog since it's simply
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1506	# a transformation of a v0 catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1507	v1_cat = pkg.catalog.Catalog(batch_mode=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1508	meta_root=v1_root, sign=False)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1509
1358 6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1510	# A check for a previous non-zero package count is made to
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1511	# determine whether the last_modified date alone can be
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1512	# relied on. This works around some oddities with empty
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1513	# v0 catalogs.
1606 7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1514	try:
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1515	# Could be 'None'
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1516	n0_pkgs = int(v0_cat.npkgs())
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1517	except (TypeError, ValueError):
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1518	n0_pkgs = 0
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1519
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1520	if v1_cat.exists and n0_pkgs != v1_cat.package_version_count:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1521	if v0_lm == v1_cat.last_modified:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1522	# Already converted.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1523	return
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1524	# Simply rebuild the entire v1 catalog every time, this
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1525	# avoids many of the problems that could happen due to
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1526	# deficiencies in the v0 implementation.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1527	v1_cat.destroy()
1606 7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1528	self.__catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1529	v1_cat = pkg.catalog.Catalog(meta_root=v1_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1530	sign=False)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1531
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1532	# Now populate the v1 Catalog with the v0 Catalog's data.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1533	for f in v0_cat.fmris():
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1534	v1_cat.add_package(f)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1535
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1536	# Normally, the Catalog's attributes are automatically
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1537	# populated as a result of catalog operations. But in
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1538	# this case, we want the v1 Catalog's attributes to
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1539	# match those of the v0 catalog.
1369 e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1540	v1_cat.last_modified = v0_lm
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1541
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1542	# While this is a v1 catalog format-wise, v0 data is stored.
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1543	# This allows consumers to be aware that certain data won't be
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1544	# available in this catalog (such as dependencies, etc.).
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1545	v1_cat.version = 0
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1546
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1547	# Finally, save the new Catalog, and replace the old in-memory
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1548	# catalog.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1549	v1_cat.batch_mode = False
1549 cc81f5023603 13110 image catalog rebuild could be faster Shawn Walker <srw@sun.com> parents: 1516 diff changeset	1550	v1_cat.finalize()
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1551	v1_cat.save()
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1552
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1553	def __refresh_v0(self, croot, full_refresh, immediate, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1554	"""The method to refresh the publisher's metadata against
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1555	a catalog/0 source. If the more recent catalog/1 version
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1556	isn't supported, this routine gets invoked as a fallback.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1557	Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1558	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1559	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1560	if there were any updates."""
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1561
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1562	if full_refresh:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1563	immediate = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1564
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1565	# Catalog needs v0 -> v1 transformation if repository only
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1566	# offers v0 catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1567	v0_cat = old_catalog.ServerCatalog(croot, read_only=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1568	publisher=self.prefix)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1569
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1570	new_cat = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1571	v0_lm = None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1572	if v0_cat.exists:
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1573	repo = self.repository
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1574	if full_refresh or v0_cat.origin() not in repo.origins:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1575	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1576	v0_cat.destroy(root=croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1577	except EnvironmentError, e:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1578	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1579	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1580	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1581	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1582	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1583	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1584	raise
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1585	immediate = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1586	else:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1587	new_cat = False
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1588	v0_lm = v0_cat.last_modified()
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1589
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1590	if not immediate and not self.needs_refresh:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1591	# No refresh needed.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1592	return False, False
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1593
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1594	import pkg.updatelog as old_ulog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1595	try:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1596	# Note that this currently retrieves a v0 catalog that
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1597	# has to be converted to v1 format.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1598	self.transport.get_catalog(self, v0_lm, path=croot,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1599	alt_repo=repo)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1600	except old_ulog.UpdateLogException:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1601	# If an incremental update fails, attempt a full
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1602	# catalog retrieval instead.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1603	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1604	v0_cat.destroy(root=croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1605	except EnvironmentError, e:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1606	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1607	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1608	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1609	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1610	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1611	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1612	raise
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1613	self.transport.get_catalog(self, path=croot,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1614	alt_repo=repo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1615
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1616	v0_cat = pkg.server.catalog.ServerCatalog(croot, read_only=True,
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1617	publisher=self.prefix)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1618
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1619	self.__convert_v0_catalog(v0_cat, croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1620	if new_cat or v0_lm != v0_cat.last_modified():
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1621	# If the catalog was rebuilt, or the timestamp of the
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1622	# catalog changed, then an update has occurred.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1623	return True, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1624	return False, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1625
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1626	def __refresh_v1(self, croot, tempdir, full_refresh, immediate,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1627	mismatched, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1628	"""The method to refresh the publisher's metadata against
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1629	a catalog/1 source. If the more recent catalog/1 version
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1630	isn't supported, __refresh_v0 is invoked as a fallback.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1631	Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1632	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1633	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1634	if there were any updates."""
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1635
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1636	# If full_refresh is True, then redownload should be True to
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1637	# ensure a non-cached version of the catalog is retrieved.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1638	# If full_refresh is False, but mismatched is True, then
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1639	# the retrieval requests should indicate that content should
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1640	# be revalidated before being returned. Note that this
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1641	# only applies to the catalog v1 case.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1642	redownload = full_refresh
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1643	revalidate = not redownload and mismatched
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1644
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1645	v1_cat = pkg.catalog.Catalog(meta_root=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1646	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1647	self.transport.get_catalog1(self, ["catalog.attrs"],
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1648	path=tempdir, redownload=redownload,
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1649	revalidate=revalidate, alt_repo=repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1650	except api_errors.UnsupportedRepositoryOperation:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1651	# No v1 catalogs available.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1652	if v1_cat.exists:
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1653	# Ensure v1 -> v0 transition works right.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1654	v1_cat.destroy()
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1655	self.__catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1656	return self.__refresh_v0(croot, full_refresh, immediate,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1657	repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1658
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1659	# If a v0 catalog is present, remove it before proceeding to
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1660	# ensure transitions between catalog versions work correctly.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1661	v0_cat = old_catalog.ServerCatalog(croot, read_only=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1662	publisher=self.prefix)
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1663	if v0_cat.exists:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1664	v0_cat.destroy(root=croot)
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1665
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1666	# If above succeeded, we now have a catalog.attrs file. Parse
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1667	# this to determine what other constituent parts need to be
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1668	# downloaded.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1669	flist = []
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1670	if not full_refresh and v1_cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1671	flist = v1_cat.get_updates_needed(tempdir)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1672	if flist == None:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1673	return False, True
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1674	else:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1675	attrs = pkg.catalog.CatalogAttrs(meta_root=tempdir)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1676	for name in attrs.parts:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1677	locale = name.split(".", 2)[2]
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1678	# XXX Skip parts that aren't in the C locale for
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1679	# now.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1680	if locale != "C":
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1681	continue
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1682	flist.append(name)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1683
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1684	if flist:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1685	# More catalog files to retrieve.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1686	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1687	self.transport.get_catalog1(self, flist,
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1688	path=tempdir, redownload=redownload,
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1689	revalidate=revalidate, alt_repo=repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1690	except api_errors.UnsupportedRepositoryOperation:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1691	# Couldn't find a v1 catalog after getting one
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1692	# before. This would be a bizzare error, but we
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1693	# can try for a v0 catalog anyway.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1694	return self.__refresh_v0(croot, full_refresh,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1695	immediate, repo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1696
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1697	# Clear __catalog, so we'll read in the new catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1698	self.__catalog = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1699	v1_cat = pkg.catalog.Catalog(meta_root=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1700
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1701	# At this point the client should have a set of the constituent
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1702	# pieces that are necessary to construct a catalog. If a
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1703	# catalog already exists, call apply_updates. Otherwise,
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1704	# move the files to the appropriate location.
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1705	validate = False
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1706	if not full_refresh and v1_cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1707	v1_cat.apply_updates(tempdir)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1708	else:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1709	if v1_cat.exists:
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1710	# This is a full refresh. Destroy
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1711	# the existing catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1712	v1_cat.destroy()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1713
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1714	for fn in os.listdir(tempdir):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1715	srcpath = os.path.join(tempdir, fn)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1716	dstpath = os.path.join(croot, fn)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1717	pkg.portable.rename(srcpath, dstpath)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1718
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1719	# Apply_updates validates the newly constructed catalog.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1720	# If refresh didn't call apply_updates, arrange to
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1721	# have the new catalog validated.
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1722	validate = True
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1723
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1724	if validate:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1725	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1726	v1_cat = pkg.catalog.Catalog(meta_root=croot)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1727	v1_cat.validate()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1728	except api_errors.BadCatalogSignatures:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1729	# If signature validation fails here, that means
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1730	# that the attributes and individual parts were
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1731	# self-consistent and not corrupt, but that the
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1732	# attributes and parts didn't match. This could
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1733	# be the result of a broken source providing
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1734	# an attributes file that is much older or newer
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1735	# than the catalog parts being provided.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1736	v1_cat.destroy()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1737	raise api_errors.MismatchedCatalog(self.prefix)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1738	return True, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1739
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1740	def __refresh_origin(self, croot, full_refresh, immediate, mismatched,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1741	origin):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1742	"""Private helper method used to refresh catalog data for each
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1743	origin. Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1744	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1745	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1746	if there were any updates."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1747
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1748	# Create a copy of the current repository object that only
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1749	# contains the origin specified.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1750	repo = copy.copy(self.repository)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1751	repo.origins = [origin]
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1752
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1753	# Create temporary directory for assembly of catalog pieces.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1754	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1755	misc.makedirs(croot)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1756	tempdir = tempfile.mkdtemp(dir=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1757	except EnvironmentError, e:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1758	if e.errno == errno.EACCES:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1759	raise api_errors.PermissionsException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1760	e.filename)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1761	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1762	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1763	e.filename)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1764	raise
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1765
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1766	# Ensure that the temporary directory gets removed regardless
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1767	# of success or failure.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1768	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1769	rval = self.__refresh_v1(croot, tempdir,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1770	full_refresh, immediate, mismatched, repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1771
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1772	# Perform publisher metadata sanity checks.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1773	self.__validate_metadata(croot, repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1774
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1775	return rval
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1776	finally:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1777	# Cleanup tempdir.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1778	shutil.rmtree(tempdir, True)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1779
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1780	def __refresh(self, full_refresh, immediate, mismatched=False):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1781	"""The method to handle the overall refresh process. It
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1782	determines if a refresh is actually needed, and then calls
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1783	the first version-specific refresh method in the chain."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1784
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1785	assert self.transport
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1786
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1787	if full_refresh:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1788	immediate = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1789
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1790	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1791	misc.makedirs(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1792	cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1793	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1794	if not cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1795	# If a catalog hasn't been retrieved for
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1796	# any of the origins, then a refresh is
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1797	# needed now.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1798	immediate = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1799	break
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1800
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1801	# Ensure consistent directory structure.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1802	self.create_meta_root()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1803
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1804	# Check if we already have a v1 catalog on disk.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1805	if not full_refresh and self.catalog.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1806	# If catalog is on disk, check if refresh is necessary.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1807	if not immediate and not self.needs_refresh:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1808	# No refresh needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1809	return False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1810
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1811	any_changed = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1812	any_refreshed = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1813	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1814	changed, refreshed = self.__refresh_origin(opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1815	full_refresh, immediate, mismatched, origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1816	if changed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1817	any_changed = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1818	if refreshed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1819	any_refreshed = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1820
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1821	if any_refreshed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1822	# Update refresh time.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1823	self.last_refreshed = dt.datetime.utcnow()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1824
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1825	# Finally, build a new catalog for this publisher based on a
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1826	# composite of the catalogs from all origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1827	self.__rebuild_catalog()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1828
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1829	return any_changed
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1830
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1831	def refresh(self, full_refresh=False, immediate=False):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1832	"""Refreshes the publisher's metadata, returning a boolean
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1833	value indicating whether any updates to the publisher's
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1834	metadata occurred.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1835
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1836	'full_refresh' is an optional boolean value indicating whether
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1837	a full retrieval of publisher metadata (e.g. catalogs) or only
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1838	an update to the existing metadata should be performed. When
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1839	True, 'immediate' is also set to True.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1840
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1841	'immediate' is an optional boolean value indicating whether
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1842	a refresh should occur now. If False, a publisher's selected
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1843	repository will be checked for updates only if needs_refresh
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1844	is True."""
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1845
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1846	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1847	return self.__refresh(full_refresh, immediate)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1848	except (api_errors.BadCatalogUpdateIdentity,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1849	api_errors.DuplicateCatalogEntry,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1850	api_errors.ObsoleteCatalogUpdate,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1851	api_errors.UnknownUpdateType):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1852	if full_refresh:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1853	# Completely unexpected failure.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1854	# These exceptions should never
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1855	# be raised for a full refresh
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1856	# case anyway, so the error should
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1857	# definitely be raised.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1858	raise
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1859
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1860	# The incremental update likely failed for one or
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1861	# more of the following reasons:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1862	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1863	# * The origin for the publisher has changed.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1864	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1865	# * The catalog that the publisher is offering
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1866	# is now completely different (due to a restore
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1867	# from backup or --rebuild possibly).
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1868	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1869	# * The catalog that the publisher is offering
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1870	# has been restored to an older version, and
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1871	# packages that already exist in this client's
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1872	# copy of the catalog have been re-addded.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1873	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1874	# * The type of incremental update operation that
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1875	# that was performed on the catalog isn't supported
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1876	# by this version of the client, so a full retrieval
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1877	# is required.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1878	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1879	return self.__refresh(True, True)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1880	except api_errors.MismatchedCatalog:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1881	if full_refresh:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1882	# If this was a full refresh, don't bother
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1883	# retrying as it implies that the content
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1884	# retrieved wasn't cached.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1885	raise
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1886
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1887	# Retrieval of the catalog attributes and/or parts was
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1888	# successful, but the identity (digest or other
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1889	# information) didn't match the catalog attributes.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1890	# This could be the result of a misbehaving or stale
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1891	# cache.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1892	return self.__refresh(False, True, mismatched=True)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1893	except (api_errors.BadCatalogSignatures,
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1894	api_errors.InvalidCatalogFile):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1895	# Assembly of the catalog failed, but this could be due
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1896	# to a transient error. So, retry at least once more.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1897	return self.__refresh(True, True)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1898	except (api_errors.BadCatalogSignatures,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1899	api_errors.InvalidCatalogFile):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1900	# Assembly of the catalog failed, but this could be due
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1901	# to a transient error. So, retry at least once more.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1902	return self.__refresh(True, True)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1903
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1904	def remove_meta_root(self):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1905	"""Removes the publisher's meta_root."""
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1906
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1907	if not self.meta_root:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1908	raise api_errors.BadPublisherMetaRoot(self.meta_root,
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1909	operation="remove_meta_root")
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1910
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1911	try:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1912	shutil.rmtree(self.meta_root)
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1913	except EnvironmentError, e:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1914	if e.errno == errno.EACCES:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1915	raise api_errors.PermissionsException(
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1916	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1917	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1918	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1919	e.filename)
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1920	if e.errno not in (errno.ENOENT, errno.ESRCH):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1921	raise
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1922
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1923	def reset_client_uuid(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1924	"""Replaces the current client_uuid with a new UUID."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1925
1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	1926	self.__client_uuid = str(uuid.uuid1())
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1927
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1928	def validate_config(self, repo_uri=None):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1929	"""Verify that the publisher's configuration (such as prefix)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1930	matches that provided by the repository. If the configuration
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1931	does not match as expected, an UnknownRepositoryPublishers
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1932	exception will be raised.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1933
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1934	'repo_uri' is an optional RepositoryURI object or URI string
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1935	containing the location of the repository. If not provided,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1936	the publisher's repository will be used instead."""
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1937
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1938	if repo_uri and not isinstance(repo_uri, RepositoryURI):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1939	repo = RepositoryURI(repo_uri)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1940	elif not repo_uri:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1941	# Transport actually allows both type of objects.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1942	repo = self
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1943	else:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1944	repo = repo_uri
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1945
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1946	pubs = None
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1947	try:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1948	pubs = self.transport.get_publisherdata(repo)
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1949	except (api_errors.TransportError,
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1950	api_errors.UnsupportedRepositoryOperation):
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1951	# Nothing more can be done (because the target origin
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1952	# can't be contacted, or beacuse it doesn't support
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1953	# retrievel of publisher configuration data).
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1954	return
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1955
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1956	if not pubs:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1957	raise api_errors.RepoPubConfigUnavailable(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1958	location=repo_uri, pub=self)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1959
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1960	if self.prefix not in pubs:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1961	known = [p.prefix for p in pubs]
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1962	if repo_uri:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1963	raise api_errors.UnknownRepositoryPublishers(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1964	known=known, unknown=[self.prefix],
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1965	location=repo_uri)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1966	raise api_errors.UnknownRepositoryPublishers(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1967	known=known, unknown=[self.prefix],
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1968	origins=self.repository.origins)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1969
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1970	def approve_ca_cert(self, cert):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1971	"""Add the cert as a CA for manifest signing for this publisher.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1972
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1973	The 'cert' parameter is a string of the certificate to add.
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1974	"""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1975
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	1976	cert = self.__string_to_cert(cert)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	1977	hsh = self.__add_cert(cert)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	1978	# If the user had previously revoked this certificate, remove
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1979	# the certificate from that list.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	1980	if hsh in self.revoked_ca_certs:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1981	t = set(self.revoked_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1982	t.remove(hsh)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1983	self.revoked_ca_certs = list(t)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	1984	self.approved_ca_certs.append(hsh)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1985
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1986	def revoke_ca_cert(self, s):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1987	"""Record that the cert with hash 's' is no longer trusted
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1988	as a CA. This method currently assumes it's only invoked as
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1989	a result of user action."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1990
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1991	self.revoked_ca_certs.append(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1992	self.revoked_ca_certs = list(set(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1993	self.revoked_ca_certs))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1994	if s in self.approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1995	t = set(self.approved_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1996	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1997	self.approved_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1998
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1999	def unset_ca_cert(self, s):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2000	"""If the cert with hash 's' has been added or removed by the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2001	user, undo the add or removal."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2002
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2003	if s in self.approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2004	t = set(self.approved_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2005	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2006	self.approved_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2007	if s in self.revoked_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2008	t = set(self.revoked_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2009	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2010	self.revoked_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2011
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2012	@staticmethod
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2013	def __hash_cert(c):
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2014	return hashlib.sha1(c.as_pem()).hexdigest()
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2015
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2016	@staticmethod
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2017	def __string_to_cert(s, pkg_hash=None):
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2018	"""Convert a string to a X509 cert."""
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2019
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2020	try:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2021	return m2.X509.load_cert_string(s)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2022	except m2.X509.X509Error, e:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2023	if pkg_hash is not None:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2024	raise api_errors.BadFileFormat(_("The file "
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2025	"with hash %s was expected to be a PEM "
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2026	"certificate but it could not be read.") %
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2027	pkg_hash)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2028	raise api_errors.BadFileFormat(_("The following string "
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2029	"was expected to be a PEM certificate, but it "
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2030	"could not be parsed as such:\n%s" % s))
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2031
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2032	def __add_cert(self, cert):
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2033	"""Add the pem representation of the certificate 'cert' to the
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2034	certificates this publisher knows about."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2035
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2036	self.create_meta_root()
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2037	pkg_hash = self.__hash_cert(cert)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2038	pkg_hash_pth = os.path.join(self.cert_root, pkg_hash)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2039	file_problem = False
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2040	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2041	with open(pkg_hash_pth, "wb") as fh:
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2042	fh.write(cert.as_pem())
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2043	except EnvironmentError, e:
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2044	file_problem = True
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2045
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2046	# Note that while we store certs by their subject hashes,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2047	# M2Crypto's subject hashes differ from what openssl reports
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2048	# the subject hash to be.
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2049	subj_hsh = cert.get_subject().as_hash()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2050	c = 0
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2051	made_link = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2052	while not made_link:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2053	fn = os.path.join(self.__subj_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2054	"%s.%s" % (subj_hsh, c))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2055	if os.path.exists(fn):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2056	c += 1
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2057	continue
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2058	if not file_problem:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2059	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2060	portable.link(pkg_hash_pth, fn)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2061	made_link = True
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2062	except EnvironmentError, e:
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2063	pass
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2064	if not made_link:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2065	self.__issuers.setdefault(subj_hsh, []).append(
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2066	c)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2067	made_link = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2068	return pkg_hash
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2069
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2070	def get_cert_by_hash(self, pkg_hash, verify_hash=False,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2071	only_retrieve=False):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2072	"""Given a pkg5 hash, retrieve the cert that's associated with
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2073	it.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2074
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2075	The 'pkg_hash' parameter contains the file hash of the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2076	certificate to retrieve.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2077
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2078	The 'verify_hash' parameter determines the file that's read
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2079	from disk matches the expected hash.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2080
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2081	The 'only_retrieve' parameter determines whether a X509 object
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2082	is built from the certificate retrieved or if the certificate
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2083	is only stored on disk. """
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2084
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2085	assert not (verify_hash and only_retrieve)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2086	pth = os.path.join(self.cert_root, pkg_hash)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2087	pth_exists = os.path.exists(pth)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2088	if pth_exists and only_retrieve:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2089	return None
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2090	if pth_exists:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2091	with open(pth, "rb") as fh:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2092	s = fh.read()
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2093	else:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2094	s = self.transport.get_content(self, pkg_hash)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2095	c = self.__string_to_cert(s, pkg_hash)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2096	if not pth_exists:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2097	try:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2098	self.__add_cert(c)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2099	except api_errors.PermissionsException:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2100	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2101	if only_retrieve:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2102	return None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2103
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2104	if verify_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2105	h = misc.get_data_digest(cStringIO.StringIO(s),
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2106	length=len(s))[0]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2107	if h != pkg_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2108	raise api_errors.ModifiedCertificateException(c,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2109	pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2110	return c
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2111
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2112	def __get_certs_by_name(self, name):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2113	"""Given 'name', a M2Crypto X509_Name, return the certs with
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2114	that name as a subject."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2115
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2116	res = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2117	c = 0
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2118	name_hsh = name.as_hash()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2119	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2120	while True:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2121	pth = os.path.join(self.__subj_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2122	"%s.%s" % (name_hsh, c))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2123	cert = m2.X509.load_cert(pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2124	res.append(cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2125	c += 1
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2126	except EnvironmentError, e:
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2127	t = api_errors._convert_error(e,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2128	[errno.ENOENT])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2129	if t:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2130	raise t
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2131	res.extend(self.__issuers.get(name_hsh, []))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2132	return res
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2133
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2134	def get_ca_certs(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2135	"""Return a dictionary of the CA certificates for this
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2136	publisher."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2137
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2138	if self.ca_dict is not None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2139	return self.ca_dict
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2140	self.ca_dict = {}
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2141	# CA certs approved for this publisher are stored by hash to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2142	# prevent the later substitution or confusion over what certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2143	# have or have not been approved.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2144	for h in set(self.approved_ca_certs):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2145	c = self.get_cert_by_hash(h, verify_hash=True)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2146	s = c.get_subject().as_hash()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2147	self.ca_dict.setdefault(s, [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2148	self.ca_dict[s].append(c)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2149	return self.ca_dict
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2150
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2151	def update_props(self, set_props=EmptyI, add_prop_values=EmptyDict,
9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2152	remove_prop_values=EmptyDict, unset_props=EmptyI):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2153	"""Update the properties set for this publisher with the ones
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2154	provided as arguments. The order of application is that any
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2155	existing properties are unset, then properties are set to their
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2156	new values, then values are added to properties, and finally
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2157	values are removed from properties."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2158
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2159	# Delay validation so that any intermittent inconsistent state
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2160	# doesn't cause problems.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2161	self.__delay_validation = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2162	# Remove existing properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2163	for n in unset_props:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2164	self.properties.pop(n, None)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2165	# Add or reset new properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2166	self.properties.update(set_props)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2167	# Add new values to properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2168	for n in add_prop_values.keys():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2169	self.properties.setdefault(n, [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2170	self.properties[n].extend(add_prop_values[n])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2171	# Remove values from properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2172	for n in remove_prop_values.keys():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2173	if n not in self.properties:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2174	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2175	"Cannot remove a value from the property "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2176	"%(name)s because the property does not "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2177	"exist.") % {"name":n})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2178	if not isinstance(self.properties[n], list):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2179	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2180	"Cannot remove a value from a single "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2181	"valued property, unset must be used. The "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2182	"property name is '%(name)s' and the "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2183	"current value is '%(value)s'") %
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2184	{"name":n, "value":self.properties[n]})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2185	for v in remove_prop_values[n]:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2186	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2187	self.properties[n].remove(v)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2188	except ValueError:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2189	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2190	"Cannot remove the value %(value)s "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2191	"from the property %(name)s "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2192	"because the value is not in the "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2193	"property's list.") %
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2194	{"value":v, "name":n})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2195	self.__delay_validation = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2196	self.__validate_properties()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2197
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2198	def __validate_properties(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2199	"""Check that the properties set for this publisher are
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2200	consistent with each other."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2201
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2202	if self.__properties.get(SIGNATURE_POLICY, "") == \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2203	"require-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2204	if not self.__properties.get("signature-required-names",
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2205	None):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2206	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2207	"At least one name must be provided for "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2208	"the signature-required-names policy."))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2209
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2210	def __format_safe_read_crl(self, pth):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2211	"""CRLs seem to frequently come in DER format, so try reading
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2212	the CRL using both of the formats before giving up."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2213
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2214	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2215	return m2.X509.load_crl(pth)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2216	except m2.X509.X509Error:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2217	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2218	return m2.X509.load_crl(pth,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2219	format=m2.X509.FORMAT_DER)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2220	except m2.X509.X509Error:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2221	raise api_errors.BadFileFormat(_("The CRL file "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2222	"%s is not in a recognized format.") %
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2223	pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2224
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2225	def __get_crl(self, uri):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2226	"""Given a URI (for now only http URIs are supported), return
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2227	the CRL object created from the file stored at that uri."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2228
2263 42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2229	uri = uri.strip()
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2230	if uri.startswith("Full Name:"):
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2231	uri = uri[len("Full Name:"):]
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2232	uri = uri.strip()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2233	if uri.startswith("URI:"):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2234	uri = uri[4:]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2235	if not uri.startswith("http://") and \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2236	not uri.startswith("file://"):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2237	raise api_errors.InvalidResourceLocation(uri.strip())
2272 d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2238	crl_host = DebugValues.get_value("crl_host")
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2239	if crl_host:
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2240	orig = urlparse.urlparse(uri)
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2241	crl = urlparse.urlparse(crl_host)
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2242	uri = urlparse.urlunparse(urlparse.ParseResult(
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2243	scheme=crl.scheme, netloc=crl.netloc,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2244	path=orig.path,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2245	params=orig.params, query=orig.params,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2246	fragment=orig.fragment))
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2247	# If we've already read the CRL, use the previously created
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2248	# object.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2249	if uri in self.__tmp_crls:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2250	return self.__tmp_crls[uri]
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2251	fn = urllib.quote(uri, "")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2252	assert os.path.isdir(self.__crl_root)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2253	fpath = os.path.join(self.__crl_root, fn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2254	crl = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2255	# Check if we already have a CRL for this URI.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2256	if os.path.exists(fpath):
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2257	# If we already have a CRL that we can read, check
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2258	# whether it's time to retrieve a new one from the
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2259	# location.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2260	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2261	crl = self.__format_safe_read_crl(fpath)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2262	except EnvironmentError:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2263	pass
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2264	else:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2265	nu = crl.get_next_update().get_datetime()
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2266	# get_datetime is supposed to return a UTC time,
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2267	# so assert that's the case.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2268	assert nu.tzinfo.utcoffset(nu) == \
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2269	dt.timedelta(0)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2270	# Add timezone info to cur_time so that cur_time
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2271	# and nu can be compared.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2272	cur_time = dt.datetime.now(nu.tzinfo)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2273	if cur_time < nu:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2274	self.__tmp_crls[uri] = crl
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2275	return crl
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2276	# If the CRL is already known to be unavailable, don't try
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2277	# connecting to it again.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2278	if uri in Publisher.__bad_crls:
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2279	return crl
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2280	# If no CRL already exists or it's time to try to get a new one,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2281	# try to retrieve it from the server.
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2282	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2283	tmp_fd, tmp_pth = tempfile.mkstemp(dir=self.__crl_root)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2284	except EnvironmentError, e:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2285	if e.errno in (errno.EACCES, errno.EPERM):
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2286	tmp_fd, tmp_pth = tempfile.mkstemp()
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2287	else:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2288	raise apx._convert_error(e)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2289	with os.fdopen(tmp_fd, "wb") as fh:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2290	hdl = pycurl.Curl()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2291	hdl.setopt(pycurl.URL, uri)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2292	hdl.setopt(pycurl.WRITEDATA, fh)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2293	hdl.setopt(pycurl.FAILONERROR, 1)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2294	hdl.setopt(pycurl.CONNECTTIMEOUT,
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2295	global_settings.PKG_CLIENT_CONNECT_TIMEOUT)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2296	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2297	hdl.perform()
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2298	except pycurl.error:
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2299	# If the CRL is unavailable, add it to the list
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2300	# of bad crls.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2301	Publisher.__bad_crls.add(uri)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2302	# If we should treat failure to get a new CRL
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2303	# as a failure, raise an exception here. If not,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2304	# if we should use an old CRL if it exists,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2305	# return that here. If none is available and
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2306	# that means the cert should not be treated as
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2307	# revoked, return None here.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2308	return crl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2309	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2310	ncrl = self.__format_safe_read_crl(tmp_pth)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2311	except api_errors.BadFileFormat:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2312	portable.remove(tmp_pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2313	return crl
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2314	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2315	portable.rename(tmp_pth, fpath)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2316	# Because the file was made using mkstemp, we need to
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2317	# chmod it to match the other files in var/pkg.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2318	os.chmod(fpath, PKG_RO_FILE_MODE)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2319	except EnvironmentError:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2320	self.__tmp_crls[uri] = ncrl
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2321	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2322	portable.remove(tmp_pth)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2323	except EnvironmentError:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2324	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2325	return ncrl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2326
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2327	def __check_crls(self, cert, ca_dict):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2328	"""Determines whether the certificate has been revoked by its
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2329	CRL.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2330
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2331	The 'cert' parameter is the certificate to check for revocation.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2332
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2333	The 'ca_dict' is a dictionary which maps subject hashes to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2334	certs treated as trust anchors."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2335
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2336	# If the certificate doesn't have a CRL location listed, treat
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2337	# it as valid.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2338	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2339	ext = cert.get_ext("crlDistributionPoints")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2340	except LookupError, e:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2341	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2342	uri = ext.get_value()
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2343	crl = self.__get_crl(uri)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2344	# If we couldn't retrieve a CRL from the distribution point
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2345	# and no CRL is cached on disk, assume the cert has not been
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2346	# revoked. It's possible that this should be an image or
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2347	# publisher setting in the future.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2348	if not crl:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2349	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2350
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2351	# A CRL has been found, now it needs to be validated like
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2352	# a certificate is.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2353	verified_crl = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2354	crl_issuer = crl.get_issuer()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2355	tas = ca_dict.get(crl_issuer.as_hash(), [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2356	for t in tas:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2357	try:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2358	if crl.verify(t.get_pubkey()):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2359	# If t isn't approved for signing crls,
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2360	# the exception __check_extensions
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2361	# raises will take the code to the
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2362	# except below.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2363	self.__check_extensions(t,
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2364	CRL_SIGNING_USE, 0)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2365	verified_crl = True
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2366	except api_errors.SigningException:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2367	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2368	if not verified_crl:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2369	crl_cas = self.__get_certs_by_name(crl_issuer)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2370	for c in crl_cas:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2371	if crl.verify(c.get_pubkey()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2372	try:
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2373	self.verify_chain(c, ca_dict, 0,
2458 7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2374	True,
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2375	usages=CRL_SIGNING_USE)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2376	except api_errors.SigningException:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2377	pass
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2378	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2379	verified_crl = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2380	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2381	if not verified_crl:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2382	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2383	# For a certificate to be revoked, its CRL must be validated
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2384	# and revoked the certificate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2385	rev = crl.is_revoked(cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2386	if rev:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2387	raise api_errors.RevokedCertificate(cert, rev[1])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2388
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2389	def __check_revocation(self, cert, ca_dict, use_crls):
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2390	hsh = self.__hash_cert(cert)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2391	if hsh in self.revoked_ca_certs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2392	raise api_errors.RevokedCertificate(cert,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2393	"User manually revoked certificate.")
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2394	if use_crls:
5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2395	self.__check_crls(cert, ca_dict)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2396
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2397	def __check_extensions(self, cert, usages, cur_pathlen):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2398	"""Check whether the critical extensions in this certificate
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2399	are supported and allow the provided use(s)."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2400
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2401	def check_values(vs):
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2402	for v in vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2403	if v in supported_vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2404	continue
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2405	if v.startswith("PATHLEN:") and \
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2406	"PATHLEN:" in supported_vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2407	try:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2408	cert_pathlen = int(v[len("PATHLEN:"):])
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2409	except ValueError, e:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2410	raise api_errors.UnsupportedExtensionValue(cert, ext, v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2411	if cur_pathlen > cert_pathlen:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2412	raise api_errors.PathlenTooShort(cert, cur_pathlen, cert_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2413	continue
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2414	if len(vs) < 2:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2415	raise api_errors.UnsupportedExtensionValue(cert, ext)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2416	else:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2417	raise api_errors.UnsupportedExtensionValue(cert, ext, v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2418
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2419
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2420	for i in range(0, cert.get_ext_count()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2421	ext = cert.get_ext_at(i)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2422	name = ext.get_name()
2378 b8e3f6867b6c 18324 pkg needs to not traceback if m2crypto can't understand an x509 extension Brock Pytlik <brock.pytlik@oracle.com> parents: 2352 diff changeset	2423	if name == "UNDEF":
b8e3f6867b6c 18324 pkg needs to not traceback if m2crypto can't understand an x509 extension Brock Pytlik <brock.pytlik@oracle.com> parents: 2352 diff changeset	2424	continue
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2425	v = ext.get_value().upper()
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2426	# Check whether the extension name is recognized.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2427	if name in SUPPORTED_EXTENSION_VALUES:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2428	supported_vs = \
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2429	SUPPORTED_EXTENSION_VALUES[name]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2430	vs = [s.strip() for s in v.split(",")]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2431	# Check whether the values for the extension are
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2432	# recognized.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2433	check_values(vs)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2434	uses = usages.get(name, [])
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2435	if isinstance(uses, basestring):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2436	uses = [uses]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2437	# For each use, check to see whether it's
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2438	# permitted by the certificate's extension
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2439	# values.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2440	for u in uses:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2441	if u not in vs:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2442	raise api_errors.InappropriateCertificateUse(cert, ext, u)
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2443	# If the extension name is unrecognized and critical,
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2444	# then the chain cannot be verified.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2445	elif ext.get_critical():
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2446	raise api_errors.UnsupportedCriticalExtension(
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2447	cert, ext)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2448
2458 7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2449	def verify_chain(self, cert, ca_dict, cur_pathlen, use_crls,
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2450	required_names=None, usages=None):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2451	"""Validates the certificate against the given trust anchors.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2452
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2453	The 'cert' parameter is the certificate to validate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2454
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2455	The 'ca_dict' parameter is a dictionary which maps subject
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2456	hashes to certs treated as trust anchors.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2457
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2458	The 'cur_pathlen' parameter is an integer indicating how many
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2459	certificates have been found between cert and the leaf cert.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2460
2458 7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2461	The 'use_crls' parameter is a boolean indicating whether
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2462	certificates should be checked to see if they've been revoked.
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2463
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2464	The 'required_names' parameter is a set of strings that must
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2465	be seen as a CN in the chain of trust for the certificate."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2466
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2467	if required_names is None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2468	required_names = set()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2469	verified = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2470	continue_loop = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2471	certs_with_problems = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2472
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2473	ca_dict = copy.copy(ca_dict)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2474	for k, v in self.get_ca_certs().iteritems():
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2475	if k in ca_dict:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2476	ca_dict[k].extend(v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2477	else:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2478	ca_dict[k] = v
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2479
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2480	def merge_dicts(d1, d2):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2481	"""Function for merging usage dictionaries."""
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2482	res = copy.deepcopy(d1)
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2483	for k in d2:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2484	if k in res:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2485	res[k].extend(d2[k])
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2486	else:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2487	res[k] = d2[k]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2488	return res
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2489
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2490	def discard_names(cert, required_names):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2491	for cert_cn in [
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2492	str(c.get_data())
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2493	for c
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2494	in cert.get_subject().get_entries_by_nid(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2495	m2.X509.X509_Name.nid["CN"])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2496	]:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2497	required_names.discard(cert_cn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2498
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2499	if not usages:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2500	usages = {}
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2501	for u in POSSIBLE_USES:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2502	usages = merge_dicts(usages, u)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2503
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2504	# Check whether we can validate this certificate.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2505	self.__check_extensions(cert, usages, cur_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2506
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2507	# Check whether this certificate has been revoked.
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2508	self.__check_revocation(cert, ca_dict, use_crls)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2509
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2510	while continue_loop:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2511	# If this certificate's CN is in the set of required
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2512	# names, remove it.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2513	discard_names(cert, required_names)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2514
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2515	# Find the certificate that issued this certificate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2516	issuer = cert.get_issuer()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2517	issuer_hash = issuer.as_hash()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2518
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2519	# See whether this certificate was issued by any of the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2520	# given trust anchors.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2521	for c in ca_dict.get(issuer_hash, []):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2522	if cert.verify(c.get_pubkey()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2523	verified = True
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2524	# Remove any required names found in the
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2525	# trust anchor.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2526	discard_names(c, required_names)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2527	# If there are more names to check for
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2528	# continue up the chain of trust to look
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2529	# for them.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2530	if not required_names:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2531	continue_loop = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2532	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2533
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2534	# If the subject and issuer for this certificate are
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2535	# identical and the certificate hasn't been verified
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2536	# then this is an untrusted self-signed cert and should
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2537	# be rejected.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2538	if cert.get_subject().as_hash() == issuer_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2539	if not verified:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2540	raise \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2541	api_errors.UntrustedSelfSignedCert(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2542	cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2543	# This break should break the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2544	# while continue_loop loop.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2545	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2546
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2547	# If the certificate hasn't been issued by a trust
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2548	# anchor or more names need to be found, continue
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2549	# looking up the chain of trust.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2550	if continue_loop:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2551	up_chain = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2552	# Keep track of certs that would have verified
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2553	# this certificate but had critical extensions
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2554	# we can't handle yet for error reporting.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2555	certs_with_problems = []
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2556	for c in self.__get_certs_by_name(issuer):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2557	# If the certificate is approved to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2558	# sign another certificate, verifies
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2559	# the current certificate, and hasn't
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2560	# been revoked, consider it as the
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2561	# next link in the chain. check_ca
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2562	# checks both the basicConstraints
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2563	# extension and the keyUsage extension.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2564	if c.check_ca() and \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2565	cert.verify(c.get_pubkey()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2566	problem = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2567	# Check whether this certificate
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2568	# has a critical extension we
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2569	# don't understand.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2570	try:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2571	self.__check_extensions(
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2572	c, CERT_SIGNING_USE,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2573	cur_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2574	self.__check_revocation(c,
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2575	ca_dict, use_crls)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2576	except (api_errors.UnsupportedCriticalExtension, api_errors.RevokedCertificate), e:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2577	certs_with_problems.append(e)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2578	problem = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2579	# If this certificate has no
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2580	# problems with it, it's the
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2581	# next link in the chain so make
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2582	# it the current certificate and
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2583	# add one to cur_pathlen since
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2584	# there's one more chain cert
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2585	# between the code signing cert
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2586	# and the root of the chain.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2587	if not problem:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2588	up_chain = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2589	cert = c
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2590	cur_pathlen += 1
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2591	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2592	# If there's not another link in the chain to be
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2593	# found, stop the iteration.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2594	if not up_chain:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2595	continue_loop = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2596	# If the certificate wasn't verified against a trust anchor,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2597	# raise an exception.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2598	if not verified:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2599	raise api_errors.BrokenChain(cert,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2600	certs_with_problems)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2601
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2602	alias = property(lambda self: self.__alias, __set_alias,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2603	doc="An alternative name for a publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2604
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2605	client_uuid = property(lambda self: self.__client_uuid,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2606	__set_client_uuid,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2607	doc="A Universally Unique Identifier (UUID) used to identify a "
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2608	"client image to a publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2609
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2610	disabled = property(lambda self: self.__disabled, __set_disabled,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2611	doc="A boolean value indicating whether the publisher should be "
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2612	"used for packaging operations.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2613
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2614	last_refreshed = property(__get_last_refreshed, __set_last_refreshed,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2615	doc="A datetime object representing the time (in UTC) the "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2616	"publisher's selected repository was last refreshed for new "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2617	"metadata (such as catalog updates). 'None' if the publisher "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2618	"hasn't been refreshed yet or the time is not available.")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2619
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2620	meta_root = property(lambda self: self.__meta_root, __set_meta_root,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2621	doc="The absolute pathname of the directory where the publisher's "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2622	"metadata should be written to and read from.")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2623
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2624	prefix = property(lambda self: self.__prefix, __set_prefix,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2625	doc="The name of the publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2626
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2627	repository = property(lambda self: self.__repository,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2628	__set_repository,
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2629	doc="A reference to the selected repository object.")
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2630
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2631	sticky = property(lambda self: self.__sticky, __set_stickiness,
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2632	doc="Whether or not installed packages from this publisher are"
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2633	" always preferred to other publishers.")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2634
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2635	def __get_prop(self, name):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2636	"""Accessor method for properties dictionary"""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2637	return self.__properties[name]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2638
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2639	@staticmethod
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2640	def __read_list(list_str):
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2641	"""Take a list in string representation and convert it back
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2642	to a Python list."""
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2643
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2644	list_str = list_str.encode("utf-8")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2645	# Strip brackets and any whitespace
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2646	list_str = list_str.strip("][ ")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2647	# Strip comma and any whitespeace
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2648	lst = list_str.split(", ")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2649	# Strip empty whitespace, single, and double quotation marks
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2650	lst = [ s.strip("' \"") for s in lst ]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2651	# Eliminate any empty strings
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2652	lst = [ s for s in lst if s != '' ]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2653
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2654	return lst
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2655
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2656	def __set_prop(self, name, values):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2657	"""Accessor method to add a property"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2658	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2659	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2660	"set a property for a system publisher. The "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2661	"property was:%s") % name)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2662
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2663	if name == SIGNATURE_POLICY:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2664	self.__sig_policy = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2665	if isinstance(values, basestring):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2666	values = [values]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2667	policy_name = values[0]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2668	if policy_name not in sigpolicy.Policy.policies():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2669	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2670	"%(val)s is not a valid value for this "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2671	"property:%(prop)s") % {"val": policy_name,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2672	"prop": SIGNATURE_POLICY})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2673	if policy_name == "require-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2674	if self.__delay_validation:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2675	# If __delay_validation is set, then
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2676	# it's possible that
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2677	# signature-required-names was
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2678	# set by a previous call to set_prop
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2679	# file. If so, don't overwrite the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2680	# values that have already been read.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2681	self.__properties.setdefault(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2682	"signature-required-names", [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2683	self.__properties[
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2684	"signature-required-names"].extend(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2685	values[1:])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2686	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2687	self.__properties[
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2688	"signature-required-names"] = \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2689	values[1:]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2690	self.__validate_properties()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2691	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2692	if len(values) > 1:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2693	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2694	"The %s signature-policy takes no "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2695	"argument.") % policy_name)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2696	self.__properties[SIGNATURE_POLICY] = policy_name
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2697	return
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2698	if name == "signature-required-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2699	if isinstance(values, basestring):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2700	values = self.__read_list(values)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2701	self.__properties[name] = values
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2702
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2703	def __del_prop(self, name):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2704	"""Accessor method for properties"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2705	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2706	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2707	"unset a property for a system publisher. The "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2708	"property was:%s") % name)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2709	del self.__properties[name]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2710
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2711	def __prop_iter(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2712	return self.__properties.__iter__()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2713
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2714	def __prop_iteritems(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2715	"""Support iteritems on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2716	return self.__properties.iteritems()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2717
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2718	def __prop_keys(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2719	"""Support keys() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2720	return self.__properties.keys()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2721
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2722	def __prop_values(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2723	"""Support values() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2724	return self.__properties.values()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2725
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2726	def __prop_getdefault(self, name, value):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2727	"""Support getdefault() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2728	return self.__properties.get(name, value)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2729
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2730	def __prop_setdefault(self, name, value):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2731	"""Support setdefault() on properties"""
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2732	# Must set it this way so that the logic in __set_prop is used.
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2733	try:
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2734	return self.__properties[name]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2735	except KeyError:
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2736	self.properties[name] = value
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2737	return value
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2738
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2739	def __prop_update(self, d):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2740	"""Support update() on properties"""
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2741
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2742	for k, v in d.iteritems():
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2743	# Must iterate through each value and
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2744	# set it this way so that the logic
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2745	# in __set_prop is used.
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2746	self.properties[k] = v
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2747
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2748	def __prop_pop(self, d, default):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2749	"""Support pop() on properties"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2750	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2751	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2752	"unset a property for a system publisher."))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2753	return self.__properties.pop(d, default)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2754
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2755	properties = DictProperty(__get_prop, __set_prop, __del_prop,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2756	__prop_iteritems, __prop_keys, __prop_values, __prop_iter,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2757	doc="A dict holding the properties for an image.",
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2758	fgetdefault=__prop_getdefault, fsetdefault=__prop_setdefault,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2759	update=__prop_update, pop=__prop_pop)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2760
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2761	@property
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2762	def signature_policy(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2763	"""Return the signature policy for the publisher."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2764
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2765	if self.__sig_policy is not None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2766	return self.__sig_policy
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2767	txt = self.properties.get(SIGNATURE_POLICY,
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2768	sigpolicy.DEFAULT_POLICY)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2769	names = self.properties.get("signature-required-names", [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2770	self.__sig_policy = sigpolicy.Policy.policy_factory(txt, names)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2771	return self.__sig_policy

author	Edward Pilatowicz <edward.pilatowicz@oracle.com>
	Mon, 11 Jul 2011 13:49:50 -0700
changeset 2690	11a8cae074e0
parent 2616	3c00fe4465d3
child 2693	cfee571ea6d5
permissions	-rw-r--r--