upstream/oracle/pkg-gate: src/modules/client/publisher.py@52e8eec3014c (annotated)

1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	1	#!/usr/bin/python
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3	# CDDL HEADER START
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	4	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	5	# The contents of this file are subject to the terms of the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	6	# Common Development and Distribution License (the "License").
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	7	# You may not use this file except in compliance with the License.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	8	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	9	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	10	# or http://www.opensolaris.org/os/licensing.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	11	# See the License for the specific language governing permissions
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	12	# and limitations under the License.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	13	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	14	# When distributing Covered Code, include this CDDL HEADER in each
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	15	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	16	# If applicable, add the following below this CDDL HEADER, with the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	17	# fields enclosed by brackets "[]" replaced with your own identifying
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	18	# information: Portions Copyright [yyyy] [name of copyright owner]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	19	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	20	# CDDL HEADER END
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	21	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	22
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	23	#
3304 4e3ad216d1e2 17424143 publisher get_cert_by_hash always downloads some certs Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3293 diff changeset	24	# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	25	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	26
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	27	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	28	# NOTE: Any changes to this file are considered a change in client api
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	29	# interfaces and must be fully documented in doc/client_api_versions.txt
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	30	# if they are visible changes to the public interfaces provided.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	31	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	32	# This also means that changes to the interfaces here must be reflected in
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	33	# the client version number and compatible_versions specifier found in
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	34	# modules/client/api.py:__init__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	35	#
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	36
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	37	import calendar
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	38	import collections
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	39	import copy
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	40	import cStringIO
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	41	import datetime as dt
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	42	import errno
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	43	import hashlib
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	44	import os
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	45	import pycurl
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	46	import shutil
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	47	import six
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	48	import tempfile
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	49	import time
1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	50	import uuid
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	51
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	52	from cryptography import x509
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	53	from cryptography.hazmat.backends import default_backend
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	54	from cryptography.hazmat.primitives import serialization
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	55	from cryptography.hazmat.primitives.asymmetric import padding
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	56	from six.moves.urllib.parse import quote, urlsplit, urlparse, urlunparse, \
3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	57	ParseResult
3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	58	from six.moves.urllib.request import url2pathname
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	59
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	60	import pkg.catalog
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	61	import pkg.client.api_errors as api_errors
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	62	import pkg.client.sigpolicy as sigpolicy
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	63	import pkg.client.pkgdefs as pkgdefs
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	64	import pkg.digest as digest
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	65	import pkg.misc as misc
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	66	import pkg.portable as portable
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	67	import pkg.server.catalog as old_catalog
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	68
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	69	from pkg.client import global_settings
3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	70	from pkg.client.debugvalues import DebugValues
3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	71	logger = global_settings.logger
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	72	from pkg.misc import EmptyDict, EmptyI, SIGNATURE_POLICY, DictProperty, \
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	73	PKG_RO_FILE_MODE
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	74
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	75	# The "core" type indicates that a repository contains all of the dependencies
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	76	# declared by packages in the repository. It is primarily used for operating
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	77	# system repositories.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	78	REPO_CTYPE_CORE = "core"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	79
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	80	# The "supplemental" type indicates that a repository contains packages that
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	81	# rely on or are intended to be used with packages located in another
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	82	# repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	83	REPO_CTYPE_SUPPLEMENTAL = "supplemental"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	84
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	85	# Mapping of constant values to names (in the event these ever get changed to
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	86	# numeric values or it is decided they need "prettier" or different labels).
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	87	REPO_COLLECTION_TYPES = {
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	88	REPO_CTYPE_CORE: "core",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	89	REPO_CTYPE_SUPPLEMENTAL: "supplemental",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	90	}
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	91
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	92	# Supported Protocol Schemes
1895 0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	93	SUPPORTED_SCHEMES = set(("file", "http", "https"))
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	94	SUPPORTED_PROXY_SCHEMES = ("http")
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	95
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	96	# SSL Protocol Schemes
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	97	SSL_SCHEMES = set(("https",))
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	98
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	99	# Supported RepositoryURI sorting policies.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	100	URI_SORT_PRIORITY = "priority"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	101
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	102	# Sort policy mapping.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	103	URI_SORT_POLICIES = {
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	104	URI_SORT_PRIORITY: lambda obj: (obj.priority, obj.uri),
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	105	}
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	106
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	107	# The strings in the value field refer to the boolean properties of the
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	108	# Cryptography extension classes. If a property has a value True set, it means
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	109	# this property is added as an extension value in the certificate generation,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	110	# and vice versa.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	111	EXTENSIONS_VALUES = {
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	112	x509.BasicConstraints: ["ca", "path_length"],
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	113	x509.KeyUsage: ["digital_signature", "content_commitment",
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	114	"key_encipherment", "data_encipherment", "key_agreement", "key_cert_sign",
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	115	"crl_sign", "encipher_only", "decipher_only"]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	116	}
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	117
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	118	# Only listed extension values (properties) here can have a value True set in a
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	119	# certificate extension; any other properties with a value True set will be
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	120	# treated as unsupported.
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	121	SUPPORTED_EXTENSION_VALUES = {
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	122	x509.BasicConstraints: ("ca", "path_length"),
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	123	x509.KeyUsage: ("digital_signature", "key_cert_sign", "crl_sign")
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	124	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	125
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	126	# These dictionaries map uses into their extensions.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	127	CODE_SIGNING_USE = {
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	128	x509.KeyUsage: ["digital_signature"],
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	129	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	130
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	131	CERT_SIGNING_USE = {
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	132	x509.BasicConstraints: ["ca"],
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	133	x509.KeyUsage: ["key_cert_sign"],
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	134	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	135
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	136	CRL_SIGNING_USE = {
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	137	x509.KeyUsage: ["crl_sign"],
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	138	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	139
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	140	POSSIBLE_USES = [CODE_SIGNING_USE, CERT_SIGNING_USE, CRL_SIGNING_USE]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	141
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	142	# A special token used in place of the system repository URL which is
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	143	# replaced at runtime by the actual address and port of the
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	144	# system-repository.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	145	SYSREPO_PROXY = "<sysrepo>"
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	146
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	147	class RepositoryURI(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	148	"""Class representing a repository URI and any transport-related
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	149	information."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	150
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	151	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	152	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	153	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	154	__priority = None
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	155	__proxies = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	156	__ssl_cert = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	157	__ssl_key = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	158	__trailing_slash = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	159	__uri = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	160
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	161	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	162	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	163	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	164
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	165	def __init__(self, uri, priority=None, ssl_cert=None, ssl_key=None,
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	166	trailing_slash=True, proxy=None, system=False, proxies=None):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	167
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	168
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	169	# Must set first.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	170	self.__trailing_slash = trailing_slash
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	171	self.__scheme = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	172	self.__netloc = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	173	self.__proxies = []
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	174
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	175	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	176	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	177	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	178	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	179	self.priority = priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	180	self.uri = uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	181	self.ssl_cert = ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	182	self.ssl_key = ssl_key
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	183	# The proxy parameter is deprecated and remains for backwards
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	184	# compatibity, for now. If we get given both, then we must
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	185	# complain - this error is for internal use only.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	186	if proxy and proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	187	raise api_errors.PublisherError("Both 'proxies' and "
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	188	"'proxy' values were used to create a "
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	189	"RepositoryURI object.")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	190
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	191	if proxy:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	192	self.proxies = [ProxyURI(proxy)]
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	193	if proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	194	self.proxies = proxies
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	195	self.system = system
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	196
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	197	def __copy__(self):
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	198	uri = RepositoryURI(self.__uri, priority=self.__priority,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	199	ssl_cert=self.__ssl_cert, ssl_key=self.__ssl_key,
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	200	trailing_slash=self.__trailing_slash,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	201	proxies=self.__proxies, system=self.system)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	202	uri._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	203	return uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	204
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	205	def __eq__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	206	if isinstance(other, RepositoryURI):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	207	return self.uri == other.uri
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	208	if isinstance(other, str):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	209	return self.uri == other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	210	return False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	211
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	212	def __ne__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	213	if isinstance(other, RepositoryURI):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	214	return self.uri != other.uri
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	215	if isinstance(other, str):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	216	return self.uri != other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	217	return True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	218
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	219	__hash__ = object.__hash__
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	220
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	221	def __lt__(self, other):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	222	if not other:
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	223	return False
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	224	if not isinstance(other, RepositoryURI):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	225	other = RepositoryURI(other)
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	226	return self.uri < other.uri
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	227
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	228	def __gt__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	229	if not other:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	230	return True
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	231	if not isinstance(other, RepositoryURI):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	232	other = RepositoryURI(other)
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	233	return self.uri > other.uri
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	234
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	235	def __le__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	236	return self == other or self < other
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	237
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	238	def __ge__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	239	return self == other or self > other
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	240
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	241	def __set_priority(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	242	if value is not None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	243	try:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	244	value = int(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	245	except (TypeError, ValueError):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	246	raise api_errors.BadRepositoryURIPriority(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	247	self.__priority = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	248
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	249	def __get_proxy(self):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	250	if not self.__proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	251	return None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	252	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	253	return self.__proxies[0].uri
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	254
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	255	def __set_proxy(self, proxy):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	256	if not proxy:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	257	return
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	258	if not isinstance(proxy, ProxyURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	259	p = ProxyURI(proxy)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	260	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	261	p = proxy
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	262
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	263	self.__proxies = [p]
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	264
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	265	def __set_proxies(self, proxies):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	266
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	267	for proxy in proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	268	if not isinstance(proxy, ProxyURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	269	raise api_errors.BadRepositoryAttributeValue(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	270	"proxies", value=proxy)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	271
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	272	if proxies and self.scheme == "file":
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	273	raise api_errors.UnsupportedRepositoryURIAttribute(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	274	"proxies", scheme=self.scheme)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	275
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	276	if not (isinstance(proxies, list) or
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	277	isinstance(proxies, tuple)):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	278	raise api_errors.BadRepositoryAttributeValue(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	279	"proxies", value=proxies)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	280
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	281	# for now, we only support a single proxy per RepositoryURI
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	282	if len(proxies) > 1:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	283	raise api_errors.BadRepositoryAttributeValue(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	284	"proxies", value=proxies)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	285
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	286	if proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	287	self.__proxies = proxies
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	288	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	289	self.__proxies = []
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	290
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	291	def __set_ssl_cert(self, filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	292	if self.scheme not in SSL_SCHEMES and filename:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	293	raise api_errors.UnsupportedRepositoryURIAttribute(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	294	"ssl_cert", scheme=self.scheme)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	295	if filename:
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	296	if not isinstance(filename, six.string_types):
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	297	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	298	"ssl_cert", value=filename)
2433 7af4ccfa1c06 5060 cert and key files should be validated when adding or updating publishers Shawn Walker <shawn.walker@oracle.com> parents: 2414 diff changeset	299	filename = os.path.normpath(filename)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	300	if filename == "":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	301	filename = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	302	self.__ssl_cert = filename
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	303
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	304	def __set_ssl_key(self, filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	305	if self.scheme not in SSL_SCHEMES and filename:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	306	raise api_errors.UnsupportedRepositoryURIAttribute(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	307	"ssl_key", scheme=self.scheme)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	308	if filename:
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	309	if not isinstance(filename, six.string_types):
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	310	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	311	"ssl_key", value=filename)
2433 7af4ccfa1c06 5060 cert and key files should be validated when adding or updating publishers Shawn Walker <shawn.walker@oracle.com> parents: 2414 diff changeset	312	filename = os.path.normpath(filename)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	313	if filename == "":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	314	filename = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	315	self.__ssl_key = filename
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	316
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	317	def __set_trailing_slash(self, value):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	318	if value not in (True, False):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	319	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	320	"trailing_slash", value=value)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	321	self.__trailing_slash = value
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	322
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	323	def __set_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	324	if uri is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	325	raise api_errors.BadRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	326
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	327	# if we're setting the URI to an existing value, do nothing.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	328	if uri == self.__uri:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	329	return
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	330
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	331	# This is not ideal, but determining whether we're operating
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	332	# on a ProxyURI saves us duplicating code in that class,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	333	# which we would otherwise need, due to __protected members
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	334	# here.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	335	if isinstance(self, ProxyURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	336	is_proxy = True
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	337	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	338	is_proxy = False
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	339
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	340	# Decompose URI to verify attributes.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	341	scheme, netloc, path, params, query = \
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	342	urlsplit(uri, allow_fragments=0)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	343
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	344	self.__scheme = scheme.lower()
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	345	self.__netloc = netloc
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	346
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	347	# The set of currently supported protocol schemes.
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	348	if is_proxy and self.__scheme not in \
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	349	SUPPORTED_PROXY_SCHEMES:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	350	raise api_errors.UnsupportedProxyURI(uri)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	351	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	352	if self.__scheme not in SUPPORTED_SCHEMES:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	353	raise api_errors.UnsupportedRepositoryURI(uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	354
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	355	# XXX valid_pub_url's check isn't quite right and could prevent
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	356	# usage of IDNs (international domain names).
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	357	if (self.__scheme.startswith("http") and not netloc) or \
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	358	not misc.valid_pub_url(uri, proxy=is_proxy):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	359	raise api_errors.BadRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	360
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	361	if self.__scheme == "file" and netloc:
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	362	raise api_errors.BadRepositoryURI(uri)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	363
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	364	# Normalize URI scheme.
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	365	uri = uri.replace(scheme, self.__scheme, 1)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	366
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	367	if self.__trailing_slash:
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	368	uri = uri.rstrip("/")
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	369	uri = misc.url_affix_trailing_slash(uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	370
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	371	if self.__scheme not in SSL_SCHEMES:
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	372	self.__ssl_cert = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	373	self.__ssl_key = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	374
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	375	self.__uri = uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	376
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	377	def _override_uri(self, uri):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	378	"""Allow the __uri field of the object to be overridden in
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	379	special cases."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	380	if uri not in [None, SYSREPO_PROXY]:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	381	raise api_errors.BadRepositoryURI(uri)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	382	self.__uri = uri
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	383
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	384	def __str__(self):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	385	return str(self.__uri)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	386
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	387	def change_scheme(self, new_scheme):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	388	"""Change the scheme of this uri."""
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	389
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	390	assert self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	391	scheme, netloc, path, params, query, fragment = \
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	392	urlparse(self.__uri, allow_fragments=False)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	393	if new_scheme == scheme:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	394	return
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	395	self.uri = urlunparse(
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	396	(new_scheme, netloc, path, params, query, fragment))
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	397
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	398	def get_host(self):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	399	"""Get the host and port of this URI if it's a http uri."""
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	400
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	401	scheme, netloc, path, params, query, fragment = \
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	402	urlparse(self.__uri, allow_fragments=0)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	403	if scheme != "file":
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	404	return netloc
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	405	return ""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	406
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	407	def get_pathname(self):
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	408	"""Returns the URI path as a pathname if the URI is a file
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	409	URI or '' otherwise."""
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	410
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	411	scheme, netloc, path, params, query, fragment = \
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	412	urlparse(self.__uri, allow_fragments=0)
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	413	if scheme == "file":
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	414	return url2pathname(path)
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	415	return ""
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	416
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	417	ssl_cert = property(lambda self: self.__ssl_cert, __set_ssl_cert, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	418	"The absolute pathname of a PEM-encoded SSL certificate file.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	419
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	420	ssl_key = property(lambda self: self.__ssl_key, __set_ssl_key, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	421	"The absolute pathname of a PEM-encoded SSL key file.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	422
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	423	uri = property(lambda self: self.__uri, __set_uri, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	424	"The URI used to access a repository.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	425
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	426	priority = property(lambda self: self.__priority, __set_priority, None,
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	427	"An integer value representing the importance of this repository "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	428	"URI relative to others.")
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	429
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	430	proxy = property(__get_proxy, __set_proxy, None, "The proxy to use to "
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	431	"access this repository.")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	432
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	433	proxies = property(lambda self: self.__proxies, __set_proxies, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	434	"A list of proxies that can be used to access this repository."
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	435	"At runtime, a $http_proxy environment variable might override this."
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	436	)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	437
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	438	@property
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	439	def scheme(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	440	"""The URI scheme."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	441	if not self.__uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	442	return ""
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	443	return urlsplit(self.__uri, allow_fragments=0)[0]
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	444
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	445	trailing_slash = property(lambda self: self.__trailing_slash,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	446	__set_trailing_slash, None,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	447	"A boolean value indicating whether any URI provided for this "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	448	"object should have a trailing slash appended when setting the "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	449	"URI property.")
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	450
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	451
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	452	class ProxyURI(RepositoryURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	453	"""A class to represent the URI of a proxy. The 'uri' value can be
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	454	'None' if 'system' is set to True."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	455
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	456	def __init__(self, uri, system=False):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	457	self.__system = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	458	self.system = system
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	459	if not system:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	460	self.uri = uri
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	461
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	462	def __set_system(self, value):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	463	"""A property to specify whether we should use the system
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	464	publisher as the proxy. Note that this method modifies the
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	465	'uri' property when set or cleared."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	466	if value not in (True, False):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	467	raise api_errors.BadRepositoryAttributeValue(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	468	"system", value=value)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	469	self.__system = value
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	470	if value:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	471	# Set a special value for the uri, intentionally an
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	472	# invalid URI which should get caught by any consumers
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	473	# using it by mistake. This also allows us to reuse
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	474	# the __eq__, __cmp__, etc. methods from the parent
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	475	# (where there is no public way of setting the URI to
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	476	# SYSREPO_PROXY, '<sysrepo>')
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	477	self._override_uri(SYSREPO_PROXY)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	478	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	479	self._override_uri(None)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	480
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	481	def __unsupported(self, value):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	482	"""A method used to prevent certain properties defined in the
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	483	parent class from being set on ProxyURI objects."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	484
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	485	# We don't expect this string to be exposed to users.
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	486	raise ValueError("This property cannot be set to {0} on a "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	487	"ProxyURI object.".format(value))
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	488
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	489	system = property(lambda self: self.__system, __set_system, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	490	"True, if we should use the system publisher as a proxy.")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	491
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	492	# Ensure we can't set any of the following properties.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	493	proxies = property(lambda self: None, __unsupported, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	494	"proxies is an invalid property for ProxyURI properties")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	495
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	496	ssl_cert = property(lambda self: None, __unsupported, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	497	"ssl_cert is an invalid property for ProxyURI properties")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	498
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	499	ssl_key = property(lambda self: None, __unsupported, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	500	"ssl_key is an invalid property for ProxyURI properties")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	501
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	502	priority = property(lambda self: None, __unsupported, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	503	"priority is an invalid property for ProxyURI properties")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	504
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	505	trailing_slash = property(lambda self: None, __unsupported, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	506	"trailing_slash is an invalid property for ProxyURI properties")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	507
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	508
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	509	class TransportRepoURI(RepositoryURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	510	"""A TransportRepoURI allows for multiple representations of a given
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	511	RepositoryURI, each with different properties.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	512
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	513	One RepositoryURI could be represented by several TransportRepoURIs,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	514	used to allow the transport to properly track repo statistics for
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	515	for each discrete path to a given URI, perhaps using different proxies
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	516	or trying one of several SSL key/cert pairs."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	517
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	518	def __init__(self, uri, priority=None, ssl_cert=None, ssl_key=None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	519	trailing_slash=True, proxy=None, system=False):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	520	# Must set first.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	521	self.__proxy = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	522	self.__runtime_proxy = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	523	self.proxy = proxy
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	524
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	525	RepositoryURI.__init__(self, uri, priority=priority,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	526	ssl_cert=ssl_cert, ssl_key=ssl_key,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	527	trailing_slash=trailing_slash, system=system)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	528
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	529	def __eq__(self, other):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	530	if isinstance(other, TransportRepoURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	531	return self.uri == other.uri and \
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	532	self.proxy == other.proxy
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	533	if isinstance(other, six.string_types):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	534	return self.uri == other and self.proxy == None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	535	return False
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	536
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	537	def __ne__(self, other):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	538	if isinstance(other, TransportRepoURI):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	539	return self.uri != other.uri or \
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	540	self.proxy != other.proxy
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	541	if isinstance(other, six.string_types):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	542	return self.uri != other or self.proxy != None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	543	return True
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	544
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	545	__hash__ = object.__hash__
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	546
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	547	def __lt__(self, other):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	548	if not other:
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	549	return False
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	550	if isinstance(other, six.string_types):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	551	other = TransportRepoURI(other)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	552	elif not isinstance(other, TransportRepoURI):
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	553	return False
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	554	if self.uri < other.uri:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	555	return True
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	556	if self.uri != other.uri:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	557	return False
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	558	return self.proxy < other.proxy
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	559
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	560	def __gt__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	561	if not other:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	562	return True
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	563	if isinstance(other, six.string_types):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	564	other = TransportRepoURI(other)
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	565	elif not isinstance(other, TransportRepoURI):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	566	return True
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	567	if self.uri > other.uri:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	568	return True
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	569	if self.uri != other.uri:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	570	return False
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	571	return self.proxy > other.proxy
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	572
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	573	def __le__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	574	return self == other or self < other
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	575
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	576	def __ge__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	577	return self == other or self > other
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	578
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	579	def key(self):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	580	"""Returns a value that can be used to identify this RepoURI
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	581	uniquely for the transport system. Normally, this would be done
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	582	using __hash__() however, TransportRepoURI objects are not
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	583	guaranteed to be immutable.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	584
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	585	The key is a (uri, proxy) tuple, where the proxy is
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	586	the proxy used to reach that URI. Note that in the transport
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	587	system, we may choose to override the proxy value here.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	588
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	589	If this key format changes, a corresponding change should be
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	590	made in pkg.client.transport.engine.__cleanup_requests(..)"""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	591
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	592	u = self.uri
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	593	p = self.__proxy
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	594
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	595	if self.uri:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	596	u = self.uri.rstrip("/")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	597	return (u, p)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	598
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	599	def __set_proxy(self, proxy):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	600	assert not self.ssl_cert
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	601	assert not self.ssl_key
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	602
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	603	if proxy and self.scheme == "file":
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	604	raise api_errors.UnsupportedRepositoryURIAttribute(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	605	"proxy", scheme=self.scheme)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	606	if proxy:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	607	self.__proxy = proxy.rstrip("/")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	608	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	609	self.__proxy = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	610	# Changing the proxy value causes us to clear any cached
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	611	# value we have in __runtime_proxy.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	612	self.__runtime_proxy = None
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	613
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	614	def __get_runtime_proxy(self):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	615	"""Returns the proxy that should be used at runtime, which may
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	616	differ from the persisted proxy value. We check for http_proxy,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	617	https_proxy and all_proxy OS environment variables.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	618
2764 7220dcd7755f 7189150 zone install can fail w/ proxy env vars set; tries to reach sysrepo through proxy Tim Foster <tim.s.foster@oracle.com> parents: 2749 diff changeset	619	To avoid repeated environment lookups, we cache the results."""
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	620
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	621	# we don't permit the proxy used by system publishers to be
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	622	# overridden by environment variables.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	623	if self.system:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	624	return self.proxy
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	625
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	626	if not self.__runtime_proxy:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	627	self.__runtime_proxy = misc.get_runtime_proxy(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	628	self.__proxy, self.uri)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	629	return self.__runtime_proxy
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	630
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	631	def __set_runtime_proxy(self, runtime_proxy):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	632	"""The runtime proxy value is always computed dynamically,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	633	we should not allow a caller to set it."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	634
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	635	assert False, "Refusing to set a runtime_proxy value."
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	636
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	637	@staticmethod
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	638	def fromrepouri(repouri):
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	639	"""Build a list of TransportRepositoryURI objects using
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	640	properties from the given RepositoryURI, 'repouri'.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	641
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	642	This is to allow the transport to try different paths to
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	643	a given RepositoryURI, if more than one is possible."""
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	644
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	645	trans_repouris = []
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	646	# we just use the proxies for now, but in future, we may want
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	647	# other per-origin/mirror properties
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	648	if repouri.proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	649	for p in repouri.proxies:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	650	t = TransportRepoURI(repouri.uri,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	651	priority=repouri.priority,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	652	ssl_cert=repouri.ssl_cert,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	653	ssl_key=repouri.ssl_key,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	654	system=repouri.system,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	655	trailing_slash=repouri.trailing_slash,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	656	proxy=p.uri)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	657	trans_repouris.append(t)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	658	else:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	659	trans_repouris.append(TransportRepoURI(repouri.uri,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	660	priority=repouri.priority,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	661	ssl_cert=repouri.ssl_cert,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	662	ssl_key=repouri.ssl_key,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	663	system=repouri.system,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	664	trailing_slash=repouri.trailing_slash))
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	665	return trans_repouris
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	666
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	667	proxy = property(lambda self: self.__proxy, __set_proxy, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	668	"The proxy that is used to access this repository."
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	669	"At runtime, a $http_proxy environnent variable might override this."
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	670	)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	671
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	672	runtime_proxy = property(__get_runtime_proxy, __set_runtime_proxy, None,
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	673	"The proxy to use to access this repository. This value checks"
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	674	"OS environment variables, and expands any $user:$password values.")
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	675
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	676
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	677	class Repository(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	678	"""Class representing a repository object.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	679
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	680	A repository object represents a location where clients can publish
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	681	and retrieve package content and/or metadata. It has the following
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	682	characteristics:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	683
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	684	- may have one or more origins (URIs) for publication and
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	685	retrieval of package metadata and content.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	686
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	687	- may have zero or more mirrors (URIs) for retrieval of package
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	688	content."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	689
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	690	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	691	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	692	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	693	__collection_type = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	694	__legal_uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	695	__mirrors = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	696	__origins = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	697	__refresh_seconds = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	698	__registration_uri = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	699	__related_uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	700	__sort_policy = URI_SORT_PRIORITY
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	701
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	702	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	703	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	704	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	705
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	706	name = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	707	description = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	708	registered = False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	709
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	710	def __init__(self, collection_type=REPO_CTYPE_CORE, description=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	711	legal_uris=None, mirrors=None, name=None, origins=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	712	refresh_seconds=None, registered=False, registration_uri=None,
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	713	related_uris=None, sort_policy=URI_SORT_PRIORITY):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	714	"""Initializes a repository object.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	715
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	716	'collection_type' is an optional constant value indicating the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	717	type of packages in the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	718
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	719	'description' is an optional string value containing a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	720	descriptive paragraph for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	721
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	722	'legal_uris' should be a list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	723	strings indicating where licensing, legal, and terms of service
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	724	information for the repository can be found.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	725
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	726	'mirrors' is an optional list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	727	strings indicating where package content can be retrieved.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	728
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	729	'name' is an optional, short, descriptive name for the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	730	repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	731
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	732	'origins' should be a list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	733	strings indicating where package metadata can be retrieved.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	734
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	735	'refresh_seconds' is an optional integer value indicating the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	736	number of seconds clients should wait before refreshing cached
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	737	repository catalog or repository metadata information.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	738
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	739	'registered' is an optional boolean value indicating whether
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	740	a client has registered with the repository's publisher.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	741
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	742	'registration_uri' is an optional RepositoryURI object or a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	743	string indicating a location clients can use to register or
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	744	obtain credentials needed to access the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	745
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	746	'related_uris' is an optional list of RepositoryURI objects or a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	747	list of URI strings indicating the location of related
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	748	repositories that a client may be interested in.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	749
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	750	'sort_policy' is an optional constant value indicating how
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	751	legal_uris, mirrors, origins, and related_uris should be
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	752	sorted."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	753
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	754	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	755	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	756	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	757	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	758
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	759	# Must be set first so that it will apply to attributes set
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	760	# afterwards.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	761	self.sort_policy = sort_policy
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	762
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	763	self.collection_type = collection_type
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	764	self.description = description
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	765	self.legal_uris = legal_uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	766	self.mirrors = mirrors
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	767	self.name = name
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	768	self.origins = origins
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	769	self.refresh_seconds = refresh_seconds
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	770	self.registered = registered
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	771	self.registration_uri = registration_uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	772	self.related_uris = related_uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	773
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	774	def __add_uri(self, attr, uri, dup_check=None, priority=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	775	ssl_cert=None, ssl_key=None, trailing_slash=True):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	776	if not isinstance(uri, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	777	uri = RepositoryURI(uri, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	778	ssl_cert=ssl_cert, ssl_key=ssl_key,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	779	trailing_slash=trailing_slash)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	780
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	781	if dup_check:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	782	dup_check(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	783
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	784	ulist = getattr(self, attr)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	785	ulist.append(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	786	ulist.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	787
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	788	def __copy__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	789	cluris = [copy.copy(u) for u in self.legal_uris]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	790	cmirrors = [copy.copy(u) for u in self.mirrors]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	791	cruris = [copy.copy(u) for u in self.related_uris]
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	792	corigins = [copy.copy(u) for u in self.origins]
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	793
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	794	repo = Repository(collection_type=self.collection_type,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	795	description=self.description,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	796	legal_uris=cluris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	797	mirrors=cmirrors, name=self.name,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	798	origins=corigins,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	799	refresh_seconds=self.refresh_seconds,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	800	registered=self.registered,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	801	registration_uri=copy.copy(self.registration_uri),
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	802	related_uris=cruris)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	803	repo._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	804	return repo
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	805
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	806	def __replace_uris(self, attr, value, trailing_slash=True):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	807	if value is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	808	value = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	809	if not isinstance(value, list):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	810	raise api_errors.BadRepositoryAttributeValue(attr,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	811	value=value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	812	uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	813	for u in value:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	814	if not isinstance(u, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	815	u = RepositoryURI(u,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	816	trailing_slash=trailing_slash)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	817	elif trailing_slash:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	818	u.uri = misc.url_affix_trailing_slash(u.uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	819	uris.append(u)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	820	uris.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	821	return uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	822
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	823	def __set_collection_type(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	824	if value not in REPO_COLLECTION_TYPES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	825	raise api_errors.BadRepositoryCollectionType(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	826	self.__collection_type = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	827
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	828	def __set_legal_uris(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	829	self.__legal_uris = self.__replace_uris("legal_uris", value,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	830	trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	831
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	832	def __set_mirrors(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	833	self.__mirrors = self.__replace_uris("mirrors", value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	834
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	835	def __set_origins(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	836	self.__origins = self.__replace_uris("origins", value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	837
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	838	def __set_registration_uri(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	839	if value and not isinstance(value, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	840	value = RepositoryURI(value, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	841	self.__registration_uri = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	842
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	843	def __set_related_uris(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	844	self.__related_uris = self.__replace_uris("related_uris",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	845	value, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	846
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	847	def __set_refresh_seconds(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	848	if value is not None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	849	try:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	850	value = int(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	851	except (TypeError, ValueError):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	852	raise api_errors.BadRepositoryAttributeValue(
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	853	"refresh_seconds", value=value)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	854	if value < 0:
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	855	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	856	"refresh_seconds", value=value)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	857	self.__refresh_seconds = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	858
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	859	def __set_sort_policy(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	860	if value not in URI_SORT_POLICIES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	861	raise api_errors.BadRepositoryURISortPolicy(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	862	self.__sort_policy = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	863
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	864	def add_legal_uri(self, uri, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	865	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	866	"""Adds the specified legal URI to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	867
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	868	'uri' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	869	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	870	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	871
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	872	self.__add_uri("legal_uris", uri, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	873	ssl_cert=ssl_cert, ssl_key=ssl_key, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	874
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	875	def add_mirror(self, mirror, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	876	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	877	"""Adds the specified mirror to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	878
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	879	'mirror' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	880	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	881	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	882
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	883	def dup_check(mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	884	if self.has_mirror(mirror):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	885	o = self.get_mirror(mirror)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	886	if o.system:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	887	raise api_errors.DuplicateSyspubMirror(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	888	mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	889	raise api_errors.DuplicateRepositoryMirror(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	890	mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	891
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	892	self.__add_uri("mirrors", mirror, dup_check=dup_check,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	893	priority=priority, ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	894
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	895	def add_origin(self, origin, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	896	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	897	"""Adds the specified origin to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	898
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	899	'origin' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	900	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	901	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	902
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	903	def dup_check(origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	904	if self.has_origin(origin):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	905	o = self.get_origin(origin)
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	906	if o.system:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	907	raise api_errors.DuplicateSyspubOrigin(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	908	origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	909	raise api_errors.DuplicateRepositoryOrigin(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	910	origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	911
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	912	self.__add_uri("origins", origin, dup_check=dup_check,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	913	priority=priority, ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	914
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	915	def add_related_uri(self, uri, priority=None, ssl_cert=None,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	916	ssl_key=None):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	917	"""Adds the specified related URI to the repository.
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	918
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	919	'uri' can be a RepositoryURI object or a URI string. If
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	920	it is a RepositoryURI object, all other parameters will be
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	921	ignored."""
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	922
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	923	self.__add_uri("related_uris", uri, priority=priority,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	924	ssl_cert=ssl_cert, ssl_key=ssl_key, trailing_slash=False)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	925
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	926	def get_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	927	"""Returns a RepositoryURI object representing the mirror
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	928	that matches 'mirror'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	929
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	930	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	931
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	932	if not isinstance(mirror, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	933	mirror = misc.url_affix_trailing_slash(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	934	for m in self.mirrors:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	935	if mirror == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	936	return m
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	937	raise api_errors.UnknownRepositoryMirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	938
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	939	def get_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	940	"""Returns a RepositoryURI object representing the origin
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	941	that matches 'origin'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	942
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	943	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	944
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	945	if not isinstance(origin, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	946	origin = misc.url_affix_trailing_slash(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	947	for o in self.origins:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	948	if origin == o.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	949	return o
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	950	raise api_errors.UnknownRepositoryOrigin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	951
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	952	def has_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	953	"""Returns a boolean value indicating whether a matching
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	954	'mirror' exists for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	955
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	956	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	957
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	958	if not isinstance(mirror, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	959	mirror = RepositoryURI(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	960	return mirror in self.mirrors
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	961
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	962	def has_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	963	"""Returns a boolean value indicating whether a matching
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	964	'origin' exists for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	965
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	966	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	967
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	968	if not isinstance(origin, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	969	origin = RepositoryURI(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	970	return origin in self.origins
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	971
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	972	def remove_legal_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	973	"""Removes the legal URI matching 'uri' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	974
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	975	'uri' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	976
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	977	for i, m in enumerate(self.legal_uris):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	978	if uri == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	979	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	980	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	981	del self.legal_uris[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	982	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	983	raise api_errors.UnknownLegalURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	984
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	985	def remove_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	986	"""Removes the mirror matching 'mirror' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	987
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	988	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	989
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	990	if not isinstance(mirror, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	991	mirror = misc.url_affix_trailing_slash(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	992	for i, m in enumerate(self.mirrors):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	993	if mirror == m.uri:
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	994	if m.system:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	995	api_errors.RemoveSyspubMirror(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	996	mirror.uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	997	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	998	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	999	del self.mirrors[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1000	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1001	raise api_errors.UnknownRepositoryMirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1002
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1003	def remove_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1004	"""Removes the origin matching 'origin' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1005
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1006	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1007
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1008	if not isinstance(origin, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1009	origin = RepositoryURI(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1010	for i, o in enumerate(self.origins):
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1011	if origin == o.uri:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1012	if o.system:
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1013	raise api_errors.RemoveSyspubOrigin(
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1014	origin.uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1015	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1016	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1017	del self.origins[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1018	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1019	raise api_errors.UnknownRepositoryOrigin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1020
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1021	def remove_related_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1022	"""Removes the related URI matching 'uri' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1023
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1024	'uri' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1025
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1026	for i, m in enumerate(self.related_uris):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1027	if uri == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1028	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1029	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1030	del self.related_uris[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1031	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1032	raise api_errors.UnknownRelatedURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1033
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1034	def update_mirror(self, mirror, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1035	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1036	"""Updates an existing mirror object matching 'mirror'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1037
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1038	'mirror' can be a RepositoryURI object or a URI string.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1039
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1040	This method is deprecated, and may be removed in future API
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1041	versions."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1042
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1043	if not isinstance(mirror, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1044	mirror = RepositoryURI(mirror, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1045	ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1046
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1047	target = self.get_mirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1048	target.priority = mirror.priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1049	target.ssl_cert = mirror.ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1050	target.ssl_key = mirror.ssl_key
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1051	target.proxies = mirror.proxies
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1052	self.mirrors.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1053
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1054	def update_origin(self, origin, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1055	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1056	"""Updates an existing origin object matching 'origin'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1057
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1058	'origin' can be a RepositoryURI object or a URI string.
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1059
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1060	This method is deprecated, and may be removed in future API
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1061	versions."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1062
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1063	if not isinstance(origin, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1064	origin = RepositoryURI(origin, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1065	ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1066
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1067	target = self.get_origin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1068	target.priority = origin.priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1069	target.ssl_cert = origin.ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1070	target.ssl_key = origin.ssl_key
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	1071	target.proxies = origin.proxies
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1072	self.origins.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1073
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1074	def reset_mirrors(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1075	"""Discards the current list of repository mirrors."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1076
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1077	self.mirrors = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1078
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1079	def reset_origins(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1080	"""Discards the current list of repository origins."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1081
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1082	self.origins = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1083
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1084	collection_type = property(lambda self: self.__collection_type,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1085	__set_collection_type, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1086	"""A constant value indicating the type of packages in the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1087	repository. The following collection types are recognized:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1088
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1089	REPO_CTYPE_CORE
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1090	The "core" type indicates that the repository contains
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1091	all of the dependencies declared by packages in the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1092	repository. It is primarily used for operating system
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1093	repositories.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1094
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1095	REPO_CTYPE_SUPPLEMENTAL
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1096	The "supplemental" type indicates that the repository
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1097	contains packages that rely on or are intended to be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1098	used with packages located in another repository.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1099
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1100	legal_uris = property(lambda self: self.__legal_uris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1101	__set_legal_uris, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1102	"""A list of RepositoryURI objects indicating where licensing,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1103	legal, and terms of service information for the repository can be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1104	found.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1105
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1106	mirrors = property(lambda self: self.__mirrors, __set_mirrors, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1107	"""A list of RepositoryURI objects indicating where package content
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1108	can be retrieved. If any value in the list provided is a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1109	string, it will be replaced with a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1110
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1111	origins = property(lambda self: self.__origins, __set_origins, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1112	"""A list of RepositoryURI objects indicating where package content
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1113	can be retrieved. If any value in the list provided is a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1114	string, it will be replaced with a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1115
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1116	registration_uri = property(lambda self: self.__registration_uri,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1117	__set_registration_uri, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1118	"""A RepositoryURI object indicating a location clients can use to
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1119	register or obtain credentials needed to access the repository. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1120	the value provided is a URI string, it will be replaced with a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1121	RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1122
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1123	related_uris = property(lambda self: self.__related_uris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1124	__set_related_uris, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1125	"""A list of RepositoryURI objects indicating the location of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1126	related repositories that a client may be interested in. If any
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1127	value in the list provided is a URI string, it will be replaced with
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1128	a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1129
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1130	refresh_seconds = property(lambda self: self.__refresh_seconds,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1131	__set_refresh_seconds, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1132	"""An integer value indicating the number of seconds clients should
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1133	wait before refreshing cached repository metadata information. A
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1134	value of None indicates that refreshes should be performed at the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1135	client's discretion.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1136
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1137	sort_policy = property(lambda self: self.__sort_policy,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1138	__set_sort_policy, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1139	"""A constant value indicating how legal_uris, mirrors, origins, and
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1140	related_uris should be sorted. The following policies are
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1141	recognized:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1142
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1143	URI_SORT_PRIORITY
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1144	The "priority" policy indicate that URIs should be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1145	sorted according to the value of their priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1146	attribute.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1147
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1148
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1149	class Publisher(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1150	"""Class representing a publisher object and a set of interfaces to set
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1151	and retrieve its information.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1152
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1153	A publisher is a forward or reverse domain name identifying a source
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1154	(e.g. "publisher") of packages."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1155
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1156	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1157	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1158	# found near the end of the class definition.
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1159	_catalog = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1160	__alias = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1161	__client_uuid = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1162	__disabled = False
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1163	__meta_root = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1164	__origin_root = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1165	__prefix = None
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1166	__repository = None
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1167	__sticky = True
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1168	transport = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1169
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1170	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1171	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1172	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1173
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1174	# Used to record those CRLs which are unreachable during the current
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1175	# operation.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1176	__bad_crls = set()
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1177
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1178	def __init__(self, prefix, alias=None, catalog=None, client_uuid=None,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1179	disabled=False, meta_root=None, repository=None,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1180	transport=None, sticky=True, props=None, revoked_ca_certs=EmptyI,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1181	approved_ca_certs=EmptyI, sys_pub=False):
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1182	"""Initialize a new publisher object.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1183
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1184	'catalog' is an optional Catalog object to use in place of
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1185	retrieving one from the publisher's meta_root. This option
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1186	may only be used when meta_root is not provided.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1187	"""
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1188
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1189	assert not (catalog and meta_root)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1190
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1191	if client_uuid is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1192	self.reset_client_uuid()
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1193	else:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1194	self.__client_uuid = client_uuid
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1195
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1196	self.sys_pub = False
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1197
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1198	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1199	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1200	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1201	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1202	self.alias = alias
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1203	self.disabled = disabled
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1204	self.prefix = prefix
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1205	self.transport = transport
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1206	self.meta_root = meta_root
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1207	self.sticky = sticky
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1208
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1209
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1210	self.__sig_policy = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1211	self.__delay_validation = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1212
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1213	self.__properties = {}
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	1214	self.__tmp_crls = {}
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1215
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1216	# Writing out an EmptyI to a config file and reading it back
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1217	# in doesn't work correctly at the moment, but reading and
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1218	# writing an empty list does. So if intermediate_certs is empty,
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1219	# make sure it's stored as an empty list.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1220	#
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1221	# The relevant implementation is probably the line which
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1222	# strips ][ from the input in imageconfig.read_list.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1223	if revoked_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1224	self.revoked_ca_certs = revoked_ca_certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1225	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1226	self.revoked_ca_certs = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1227
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1228	if approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1229	self.approved_ca_certs = approved_ca_certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1230	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1231	self.approved_ca_certs = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1232
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1233	if props:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1234	self.properties.update(props)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1235
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1236	self.ca_dict = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1237
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1238	if repository:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1239	self.repository = repository
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1240	self.sys_pub = sys_pub
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1241
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	1242	# A dictionary to story the mapping for subject -> certificate
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	1243	# for those certificates we couldn't store on disk.
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	1244	self.__issuers = {}
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	1245
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1246	# Must be done last.
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1247	self._catalog = catalog
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1248
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1249	def __lt__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1250	if other is None:
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1251	return False
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1252	if isinstance(other, Publisher):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1253	return self.prefix < other.prefix
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1254	return self.prefix < other
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1255
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1256	def __gt__(self, other):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1257	if other is None:
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1258	return True
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1259	if isinstance(other, Publisher):
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1260	return self.prefix > other.prefix
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1261	return self.prefix > other
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1262
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1263	def __le__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1264	return not self > other
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1265
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1266	def __ge__(self, other):
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1267	return not self < other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1268
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1269	@staticmethod
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1270	def __contains__(key):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1271	"""Supports deprecated compatibility interface."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1272
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1273	return key in ("client_uuid", "disabled", "mirrors", "origin",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1274	"prefix", "ssl_cert", "ssl_key")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1275
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1276	def __copy__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1277	selected = None
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	1278	pub = Publisher(self.__prefix, alias=self.__alias,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	1279	client_uuid=self.__client_uuid, disabled=self.__disabled,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1280	meta_root=self.meta_root,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1281	repository=copy.copy(self.repository),
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1282	transport=self.transport, sticky=self.__sticky,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1283	props=self.properties,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1284	revoked_ca_certs=self.revoked_ca_certs,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1285	approved_ca_certs=self.approved_ca_certs,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1286	sys_pub=self.sys_pub)
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1287	pub._catalog = self._catalog
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1288	pub._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1289	return pub
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1290
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1291	def __eq__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1292	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1293	return self.prefix == other.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1294	if isinstance(other, str):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1295	return self.prefix == other
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1296	return False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1297
3245 d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1298	__hash__ = object.__hash__
d04bb3ca0128 20780066 change ordering comparisons for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3234 diff changeset	1299
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1300	def __getitem__(self, key):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1301	"""Deprecated compatibility interface allowing publisher
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1302	attributes to be read as pub["attribute"]."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1303
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1304	if key == "client_uuid":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1305	return self.__client_uuid
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1306	if key == "disabled":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1307	return self.__disabled
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1308	if key == "prefix":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1309	return self.__prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1310
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1311	repo = self.repository
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1312	if key == "mirrors":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1313	return [str(m) for m in repo.mirrors]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1314	if key == "origin":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1315	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1316	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1317	return repo.origins[0].uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1318	if key == "ssl_cert":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1319	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1320	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1321	return repo.origins[0].ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1322	if key == "ssl_key":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1323	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1324	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1325	return repo.origins[0].ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1326
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1327	def __get_last_refreshed(self):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1328	if not self.meta_root:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1329	return None
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1330
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1331	lcfile = os.path.join(self.meta_root, "last_refreshed")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1332	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1333	mod_time = os.stat(lcfile).st_mtime
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1334	except EnvironmentError as e:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1335	if e.errno == errno.ENOENT:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1336	return None
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1337	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1338	return dt.datetime.utcfromtimestamp(mod_time)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1339
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1340	def __ne__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1341	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1342	return self.prefix != other.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1343	if isinstance(other, str):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1344	return self.prefix != other
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1345	return True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1346
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1347	def __set_alias(self, value):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1348	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1349	raise api_errors.ModifyingSyspubException(
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1350	"Cannot set the alias of a system publisher")
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1351	# Aliases must comply with the same restrictions that prefixes
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1352	# have as they are intended to be useable in any case where
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1353	# a prefix may be used.
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1354	if value is not None and value != "" and \
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1355	not misc.valid_pub_prefix(value):
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1356	raise api_errors.BadPublisherAlias(value)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1357	self.__alias = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1358
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1359	def __set_disabled(self, disabled):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1360	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1361	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1362	"enable or disable a system publisher"))
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1363
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1364	if disabled:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1365	self.__disabled = True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1366	else:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1367	self.__disabled = False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1368
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1369	def __set_last_refreshed(self, value):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1370	if not self.meta_root:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1371	return
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1372
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1373	if value is not None and not isinstance(value, dt.datetime):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1374	raise api_errors.BadRepositoryAttributeValue(
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1375	"last_refreshed", value=value)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1376
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1377	lcfile = os.path.join(self.meta_root, "last_refreshed")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1378	if not value:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1379	# If no value was provided, attempt to remove the
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1380	# tracking file.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1381	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1382	portable.remove(lcfile)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1383	except EnvironmentError as e:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1384	# If the file can't be removed due to
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1385	# permissions, a read-only filesystem, or
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1386	# because it doesn't exist, continue on.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1387	if e.errno not in (errno.ENOENT, errno.EACCES,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1388	errno.EROFS):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1389	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1390	return
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1391
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1392	def create_tracker():
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1393	try:
3065 1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1394	# If the file is a symlink we catch an
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1395	# exception and do not update the file.
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1396	fd = os.open(lcfile,
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1397	os.O_WRONLY\|os.O_NOFOLLOW\|os.O_CREAT)
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1398	os.write(fd, "{0}\n".format(
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1399	misc.time_to_timestamp(
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1400	calendar.timegm(value.utctimetuple()))))
3065 1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1401	os.close(fd)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1402	except EnvironmentError as e:
3065 1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1403	if e.errno == errno.ELOOP:
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1404	raise api_errors.UnexpectedLinkError(
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1405	os.path.dirname(lcfile),
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1406	os.path.basename(lcfile),
1dbcb0bd5069 15786486 problem in UTILITY/ZONES Kartik Gupta <kartik.k.gupta@oracle.com> parents: 2962 diff changeset	1407	e.errno)
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1408	# If the file can't be written due to
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1409	# permissions or because the filesystem is
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1410	# read-only, continue on.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1411	if e.errno not in (errno.EACCES, errno.EROFS):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1412	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1413	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1414	# If a time was provided, write out a special file that
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1415	# can be used to track the information with the actual
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1416	# time (in UTC) contained within.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1417	create_tracker()
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1418	except EnvironmentError as e:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1419	if e.errno != errno.ENOENT:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1420	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1421
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1422	# Assume meta_root doesn't exist and create it.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1423	try:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1424	self.create_meta_root()
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1425	except api_errors.PermissionsException:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1426	# If the directory can't be created due to
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1427	# permissions, move on.
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1428	pass
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1429	except EnvironmentError as e:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1430	# If the directory can't be created due to a
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1431	# read-only filesystem, move on.
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1432	if e.errno != errno.EROFS:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1433	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1434	else:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1435	# Try one last time.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1436	create_tracker()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1437
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1438	def __set_meta_root(self, pathname):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1439	if pathname:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1440	pathname = os.path.abspath(pathname)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1441	self.__meta_root = pathname
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1442	if self._catalog:
05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1443	self._catalog.meta_root = self.catalog_root
3318 864be9e4db61 15780631 problem in UTILITY/ZONES Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3304 diff changeset	1444	self._catalog.file_root = self.__meta_root
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1445	if self.__meta_root:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1446	self.__origin_root = os.path.join(self.__meta_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1447	"origins")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1448	self.cert_root = os.path.join(self.__meta_root, "certs")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1449	self.__subj_root = os.path.join(self.cert_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1450	"subject_hashes")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1451	self.__crl_root = os.path.join(self.cert_root, "crls")
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1452
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1453	def __set_prefix(self, prefix):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1454	if not misc.valid_pub_prefix(prefix):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1455	raise api_errors.BadPublisherPrefix(prefix)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1456	self.__prefix = prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1457
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1458	def __set_repository(self, value):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1459	if not isinstance(value, Repository):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1460	raise api_errors.UnknownRepository(value)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1461	self.__repository = value
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1462	self._catalog = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1463
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1464	def __set_client_uuid(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1465	self.__client_uuid = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1466
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1467	def __set_stickiness(self, value):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1468	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1469	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1470	"change the stickiness of a system publisher"))
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1471	self.__sticky = bool(value)
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1472
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1473	def __str__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1474	return self.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1475
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1476	def __validate_metadata(self, croot, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1477	"""Private helper function to check the publisher's metadata
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1478	for configuration or other issues and log appropriate warnings
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1479	or errors. Currently only checks catalog metadata."""
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1480
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1481	c = pkg.catalog.Catalog(meta_root=croot, read_only=True)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1482	if not c.exists:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1483	# Nothing to validate.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1484	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1485	if not c.version > 0:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1486	# Validation doesn't apply.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1487	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1488	if not c.package_count:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1489	# Nothing to do.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1490	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1491
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1492	# XXX For now, perform this check using the catalog data.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1493	# In the future, it should be done using the output of the
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1494	# publisher/0 operation.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1495	pubs = c.publishers()
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1496
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1497	if self.prefix not in pubs:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1498	origins = repo.origins
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1499	origin = origins[0]
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1500	logger.error(_("""
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1501	Unable to retrieve package data for publisher '{prefix}' from one
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1502	of the following origin(s):
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1503
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1504	{origins}
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1505
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1506	The catalog retrieved from one of the origin(s) listed above only
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1507	contains package data for: {pubs}.
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1508	""").format(origins="\n".join(str(o) for o in origins), prefix=self.prefix,
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1509	pubs=", ".join(pubs)))
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1510
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1511	if global_settings.client_name != "pkg":
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1512	logger.error(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1513	This is either a result of invalid origin information being provided
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1514	for publisher '{0}', or because the wrong publisher name was
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1515	provided when this publisher was added.
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1516	""").format(self.prefix))
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1517	# Remaining messages are for pkg client only.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1518	return
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1519
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1520	logger.error(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1521	To resolve this issue, correct the origin information provided for
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1522	publisher '{prefix}' using the pkg set-publisher subcommand, or re-add
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1523	the publisher using the correct name and remove the '{prefix}'
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1524	publisher.
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1525	""").format(prefix=self.prefix))
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1526
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1527	if len(pubs) == 1:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1528	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1529	To re-add this publisher with the correct name, execute the following
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1530	commands as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1531
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1532	pkg set-publisher -P -g {origin} {pub}
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1533	pkg unset-publisher {prefix}
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1534	""").format(origin=origin, prefix=self.prefix, pub=list(pubs)[0]))
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1535	return
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1536
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1537	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1538	The origin(s) listed above contain package data for more than one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1539	publisher, but this issue can likely be resolved by executing one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1540	of the following commands as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1541	"""))
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1542
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1543	for pfx in pubs:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1544	logger.warning(_("pkg set-publisher -P -g "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1545	"{origin} {pub}\n").format(
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1546	origin=origin, pub=pfx))
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1547
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1548	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1549	Afterwards, the old publisher should be removed by executing the
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1550	following command as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1551
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1552	pkg unset-publisher {0}
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	1553	""").format(self.prefix))
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1554
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1555	@property
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1556	def catalog(self):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1557	"""A reference to the Catalog object for the publisher's
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1558	selected repository, or None if available."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1559
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1560	if not self.meta_root:
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1561	if self._catalog:
05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1562	return self._catalog
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1563	return None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1564
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1565	if not self._catalog:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1566	croot = self.catalog_root
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1567	if not os.path.isdir(croot):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1568	# Current meta_root structure is likely in
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1569	# a state of transition, so don't provide a
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1570	# meta_root. Assume that an empty catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1571	# is desired instead. (This can happen during
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1572	# an image format upgrade.)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1573	croot = None
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1574	self._catalog = pkg.catalog.Catalog(
3318 864be9e4db61 15780631 problem in UTILITY/ZONES Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3304 diff changeset	1575	meta_root=croot, file_root=self.meta_root)
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1576	return self._catalog
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1577
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1578	@property
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1579	def catalog_root(self):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1580	"""The absolute pathname of the directory containing the
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1581	Catalog data for the publisher, or None if meta_root is
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1582	not defined."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1583
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1584	if self.meta_root:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1585	return os.path.join(self.meta_root, "catalog")
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1586
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1587	def create_meta_root(self):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1588	"""Create the publisher's meta_root."""
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1589
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1590	if not self.meta_root:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1591	raise api_errors.BadPublisherMetaRoot(self.meta_root,
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1592	operation="create_meta_root")
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1593
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1594	for path in (self.meta_root, self.catalog_root):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1595	try:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1596	os.makedirs(path)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1597	except EnvironmentError as e:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1598	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1599	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1600	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1601	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1602	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1603	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1604	elif e.errno != errno.EEXIST:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1605	# If the path already exists, move on.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1606	# Otherwise, raise the exception.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1607	raise
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1608	# Optional roots not needed for all operations.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1609	for path in (self.cert_root, self.__origin_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1610	self.__subj_root, self.__crl_root):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1611	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1612	os.makedirs(path)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1613	except EnvironmentError as e:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1614	if e.errno in (errno.EACCES, errno.EROFS):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1615	pass
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1616	elif e.errno != errno.EEXIST:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1617	# If the path already exists, move on.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1618	# Otherwise, raise the exception.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1619	raise
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1620
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1621	def get_origin_sets(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1622	"""Returns a list of Repository objects representing the unique
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1623	groups of origins available. Each group is based on the origins
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1624	that share identical package catalog data."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1625
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1626	if not self.repository or not self.repository.origins:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1627	# Guard against failure for publishers with no
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1628	# transport information.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1629	return []
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1630
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1631	if not self.meta_root or not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1632	# No way to identify unique sets.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1633	return [self.repository]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1634
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1635	# Index origins by tuple of (catalog creation, catalog modified)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1636	osets = collections.defaultdict(list)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1637
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1638	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1639	cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1640	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1641	if not cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1642	key = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1643	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1644	key = (str(cat.created), str(cat.last_modified))
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1645	osets[key].append(origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1646
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1647	# Now return a list of Repository objects (copies of the
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1648	# currently selected one) assigning each set of origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1649	# Sort by index to ensure consistent ordering.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1650	rval = []
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1651	for k in sorted(osets):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1652	nrepo = copy.copy(self.repository)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1653	nrepo.origins = osets[k]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1654	rval.append(nrepo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1655
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1656	return rval
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1657
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1658	def has_configuration(self):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1659	"""Returns whether this publisher has any configuration which
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1660	should prevent its removal."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1661
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1662	return bool(self.__repository.origins or
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1663	self.__repository.mirrors or self.__sig_policy or
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1664	self.approved_ca_certs or self.revoked_ca_certs)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1665
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1666	@property
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1667	def needs_refresh(self):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1668	"""A boolean value indicating whether the publisher's
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1669	metadata for the currently selected repository needs to be
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1670	refreshed."""
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1671
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1672	if not self.repository or not self.meta_root:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1673	# Nowhere to obtain metadata from; this should rarely
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1674	# occur except during publisher initialization.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1675	return False
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1676
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1677	lc = self.last_refreshed
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1678	if not lc:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1679	# There is no record of when the publisher metadata was
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1680	# last refreshed, so assume it should be refreshed now.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1681	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1682
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1683	ts_now = time.time()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1684	ts_last = calendar.timegm(lc.utctimetuple())
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1685
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1686	rs = self.repository.refresh_seconds
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1687	if not rs:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1688	# There is no indicator of how often often publisher
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1689	# metadata should be refreshed, so assume it should be
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1690	# now.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1691	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1692
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1693	if (ts_now - ts_last) >= rs:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1694	# The number of seconds that has elapsed since the
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1695	# publisher metadata was last refreshed exceeds or
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1696	# equals the specified interval.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1697	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1698	return False
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1699
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1700	def __get_origin_path(self, origin):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1701	if not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1702	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1703	# A digest of the URI string is used here to attempt to avoid
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	1704	# path length problems. In order for this image to interoperate
ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	1705	# with older clients, we must use sha-1 here.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1706	return os.path.join(self.__origin_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1707	hashlib.sha1(origin.uri).hexdigest())
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1708
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1709	def __gen_origin_paths(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1710	if not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1711	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1712	for origin in self.repository.origins:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1713	yield origin, self.__get_origin_path(origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1714
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1715	def __rebuild_catalog(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1716	"""Private helper function that builds publisher catalog based
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1717	on catalog from each origin."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1718
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1719	# First, remove catalogs for any origins that no longer exist.
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	1720	# We must interoperate with older clients, so force the use of
ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	1721	# sha-1 here.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1722	ohashes = [
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1723	hashlib.sha1(o.uri).hexdigest()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1724	for o in self.repository.origins
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1725	]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1726
2749 9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1727	removals = False
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1728	for entry in os.listdir(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1729	opath = os.path.join(self.__origin_root, entry)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1730	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1731	if entry in ohashes:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1732	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1733	except Exception:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1734	# Discard anything that isn't an origin.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1735	pass
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1736
2749 9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1737	# An origin was removed, so publisher should inform
9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1738	# image to force image catalog rebuild.
9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1739	removals = True
9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1740
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1741	# Not an origin or origin no longer exists; either way,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1742	# it shouldn't exist here.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1743	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1744	if os.path.isdir(opath):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1745	shutil.rmtree(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1746	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1747	portable.remove(opath)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1748	except EnvironmentError as e:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1749	raise api_errors._convert_error(e)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1750
2768 e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1751	# if the catalog already exists on disk, is empty, and if
e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1752	# no origins are configured, we're done.
e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1753	if self.catalog.exists and \
e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1754	self.catalog.package_count == 0 and \
e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1755	len(self.repository.origins) == 0:
e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1756	return removals
e6d766b946a7 7120901 recursive pkg op fails: Parent image has a incompatible newer version Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2764 diff changeset	1757
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1758	# Discard existing catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1759	self.catalog.destroy()
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1760	self._catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1761
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1762	# Ensure all old catalog files are removed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1763	for entry in os.listdir(self.catalog_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1764	if entry == "attrs" or entry == "catalog" or \
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1765	entry.startswith("catalog."):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1766	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1767	portable.remove(os.path.join(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1768	self.catalog_root, entry))
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1769	except EnvironmentError as e:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1770	raise apx._convert_error(e)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1771
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1772	# If there's only one origin, then just symlink its catalog
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1773	# files into place.
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	1774	# Symlinking includes updates for publication tools.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1775	opaths = [entry for entry in self.__gen_origin_paths()]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1776	if len(opaths) == 1:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1777	opath = opaths[0][1]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1778	for fname in os.listdir(opath):
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	1779	if fname.startswith("catalog.") or \
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	1780	fname.startswith("update."):
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1781	src = os.path.join(opath, fname)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1782	dest = os.path.join(self.catalog_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1783	fname)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1784	os.symlink(misc.relpath(src,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1785	self.catalog_root), dest)
2749 9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1786	return removals
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1787
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1788	# If there's more than one origin, then create a new catalog
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1789	# based on a composite of the catalogs for all origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1790	ncat = pkg.catalog.Catalog(batch_mode=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1791	meta_root=self.catalog_root, sign=False)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1792
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1793	# Mark all operations as occurring at this time.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1794	op_time = dt.datetime.utcnow()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1795
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1796	for origin, opath in opaths:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1797	src_cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1798	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1799	for name in src_cat.parts:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1800	spart = src_cat.get_part(name, must_exist=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1801	if spart is None:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1802	# Client hasn't retrieved this part.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1803	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1804
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1805	npart = ncat.get_part(name)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1806	base = name.startswith("catalog.base.")
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1807
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1808	# Avoid accessor overhead since these will be
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1809	# used for every entry.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1810	cat_ver = src_cat.version
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1811
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1812	for t, sentry in spart.tuple_entries(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1813	pubs=[self.prefix]):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1814	pub, stem, ver = t
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1815
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	1816	entry = dict(six.iteritems(sentry))
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1817	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1818	npart.add(metadata=entry,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1819	op_time=op_time, pub=pub,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1820	stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1821	except api_errors.DuplicateCatalogEntry:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1822	if not base:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1823	# Don't care.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1824	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1825
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1826	# Destination entry is in
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1827	# catalog already.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1828	entry = npart.get_entry(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1829	pub=pub, stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1830
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1831	src_sigs = set(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1832	s
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1833	for s in sentry
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1834	if s.startswith("signature-")
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1835	)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1836	dest_sigs = set(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1837	s
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1838	for s in entry
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1839	if s.startswith("signature-")
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1840	)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1841
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1842	if src_sigs != dest_sigs:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1843	# Ignore any packages
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1844	# that are different
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1845	# from the first
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1846	# encountered for this
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1847	# package version.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1848	# The client expects
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1849	# these to always be
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1850	# the same. This seems
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1851	# saner than failing.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1852	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1853	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1854	if not base:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1855	# Nothing to do.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1856	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1857
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1858	# Destination entry is one just
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1859	# added.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1860	entry["metadata"] = {
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1861	"sources": [],
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1862	"states": [],
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1863	}
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1864
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1865	entry["metadata"]["sources"].append(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1866	origin.uri)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1867
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1868	states = entry["metadata"]["states"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1869	if src_cat.version == 0:
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	1870	states.append(
3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	1871	pkgdefs.PKG_STATE_V0)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1872
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1873	# Now go back and trim each entry to minimize footprint. This
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1874	# ensures each package entry only has state and source info
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1875	# recorded when needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1876	for t, entry in ncat.tuple_entries():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1877	pub, stem, ver = t
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1878	mdata = entry["metadata"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1879	if len(mdata["sources"]) == len(opaths):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1880	# Package is available from all origins, so
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1881	# there's no need to require which ones
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1882	# have it.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1883	del mdata["sources"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1884
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1885	if len(mdata["states"]) < len(opaths):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1886	# At least one source is not V0, so the lazy-
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1887	# load fallback for the package metadata isn't
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1888	# needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1889	del mdata["states"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1890	elif len(mdata["states"]) > 1:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1891	# Ensure only one instance of state value.
2616 3c00fe4465d3 19148 PKG_STATE_* defines need a new home Edward Pilatowicz <edward.pilatowicz@oracle.com> parents: 2558 diff changeset	1892	mdata["states"] = [pkgdefs.PKG_STATE_V0]
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1893	if not mdata:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1894	mdata = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1895	ncat.update_entry(mdata, pub=pub, stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1896
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1897	# Finally, write out publisher catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1898	ncat.batch_mode = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1899	ncat.finalize()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1900	ncat.save()
2749 9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	1901	return removals
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1902
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1903	def __convert_v0_catalog(self, v0_cat, v1_root):
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1904	"""Transforms the contents of the provided version 0 Catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1905	into a version 1 Catalog, replacing the current Catalog."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1906
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1907	v0_lm = v0_cat.last_modified()
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1908	if v0_lm:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1909	# last_modified can be none if the catalog is empty.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1910	v0_lm = pkg.catalog.ts_to_datetime(v0_lm)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1911
1358 6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1912	# There's no point in signing this catalog since it's simply
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1913	# a transformation of a v0 catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1914	v1_cat = pkg.catalog.Catalog(batch_mode=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1915	meta_root=v1_root, sign=False)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1916
1358 6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1917	# A check for a previous non-zero package count is made to
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1918	# determine whether the last_modified date alone can be
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1919	# relied on. This works around some oddities with empty
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1920	# v0 catalogs.
1606 7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1921	try:
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1922	# Could be 'None'
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1923	n0_pkgs = int(v0_cat.npkgs())
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1924	except (TypeError, ValueError):
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1925	n0_pkgs = 0
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1926
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1927	if v1_cat.exists and n0_pkgs != v1_cat.package_version_count:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1928	if v0_lm == v1_cat.last_modified:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1929	# Already converted.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1930	return
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1931	# Simply rebuild the entire v1 catalog every time, this
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1932	# avoids many of the problems that could happen due to
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1933	# deficiencies in the v0 implementation.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1934	v1_cat.destroy()
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	1935	self._catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1936	v1_cat = pkg.catalog.Catalog(meta_root=v1_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1937	sign=False)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1938
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1939	# Now populate the v1 Catalog with the v0 Catalog's data.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1940	for f in v0_cat.fmris():
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1941	v1_cat.add_package(f)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1942
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1943	# Normally, the Catalog's attributes are automatically
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1944	# populated as a result of catalog operations. But in
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1945	# this case, we want the v1 Catalog's attributes to
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1946	# match those of the v0 catalog.
1369 e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1947	v1_cat.last_modified = v0_lm
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1948
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1949	# While this is a v1 catalog format-wise, v0 data is stored.
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1950	# This allows consumers to be aware that certain data won't be
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1951	# available in this catalog (such as dependencies, etc.).
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1952	v1_cat.version = 0
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1953
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1954	# Finally, save the new Catalog, and replace the old in-memory
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1955	# catalog.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1956	v1_cat.batch_mode = False
1549 cc81f5023603 13110 image catalog rebuild could be faster Shawn Walker <srw@sun.com> parents: 1516 diff changeset	1957	v1_cat.finalize()
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1958	v1_cat.save()
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1959
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1960	def __refresh_v0(self, croot, full_refresh, immediate, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1961	"""The method to refresh the publisher's metadata against
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1962	a catalog/0 source. If the more recent catalog/1 version
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1963	isn't supported, this routine gets invoked as a fallback.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1964	Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1965	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1966	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1967	if there were any updates."""
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1968
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1969	if full_refresh:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1970	immediate = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1971
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1972	# Catalog needs v0 -> v1 transformation if repository only
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1973	# offers v0 catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1974	v0_cat = old_catalog.ServerCatalog(croot, read_only=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1975	publisher=self.prefix)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1976
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1977	new_cat = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1978	v0_lm = None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1979	if v0_cat.exists:
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1980	repo = self.repository
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1981	if full_refresh or v0_cat.origin() not in repo.origins:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1982	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1983	v0_cat.destroy(root=croot)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	1984	except EnvironmentError as e:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1985	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1986	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1987	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1988	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1989	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1990	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1991	raise
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1992	immediate = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1993	else:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1994	new_cat = False
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1995	v0_lm = v0_cat.last_modified()
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1996
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1997	if not immediate and not self.needs_refresh:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1998	# No refresh needed.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1999	return False, False
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2000
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2001	import pkg.updatelog as old_ulog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2002	try:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2003	# Note that this currently retrieves a v0 catalog that
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2004	# has to be converted to v1 format.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2005	self.transport.get_catalog(self, v0_lm, path=croot,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2006	alt_repo=repo)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2007	except old_ulog.UpdateLogException:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2008	# If an incremental update fails, attempt a full
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2009	# catalog retrieval instead.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2010	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2011	v0_cat.destroy(root=croot)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2012	except EnvironmentError as e:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2013	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2014	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2015	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2016	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2017	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2018	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2019	raise
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2020	self.transport.get_catalog(self, path=croot,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2021	alt_repo=repo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2022
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2023	v0_cat = pkg.server.catalog.ServerCatalog(croot, read_only=True,
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2024	publisher=self.prefix)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2025
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2026	self.__convert_v0_catalog(v0_cat, croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2027	if new_cat or v0_lm != v0_cat.last_modified():
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2028	# If the catalog was rebuilt, or the timestamp of the
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	2029	# catalog changed, then an update has occurred.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2030	return True, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2031	return False, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2032
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2033	def __refresh_v1(self, croot, tempdir, full_refresh, immediate,
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2034	mismatched, repo, progtrack=None, include_updates=False):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2035	"""The method to refresh the publisher's metadata against
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2036	a catalog/1 source. If the more recent catalog/1 version
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2037	isn't supported, __refresh_v0 is invoked as a fallback.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2038	Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2039	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2040	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2041	if there were any updates."""
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2042
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2043	# If full_refresh is True, then redownload should be True to
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2044	# ensure a non-cached version of the catalog is retrieved.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2045	# If full_refresh is False, but mismatched is True, then
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2046	# the retrieval requests should indicate that content should
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2047	# be revalidated before being returned. Note that this
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2048	# only applies to the catalog v1 case.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2049	redownload = full_refresh
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2050	revalidate = not redownload and mismatched
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2051
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2052	v1_cat = pkg.catalog.Catalog(meta_root=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2053	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2054	self.transport.get_catalog1(self, ["catalog.attrs"],
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2055	path=tempdir, redownload=redownload,
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2056	revalidate=revalidate, alt_repo=repo,
cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2057	progtrack=progtrack)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2058	except api_errors.UnsupportedRepositoryOperation:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2059	# No v1 catalogs available.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2060	if v1_cat.exists:
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2061	# Ensure v1 -> v0 transition works right.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2062	v1_cat.destroy()
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	2063	self._catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2064	return self.__refresh_v0(croot, full_refresh, immediate,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2065	repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2066
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2067	# If a v0 catalog is present, remove it before proceeding to
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2068	# ensure transitions between catalog versions work correctly.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2069	v0_cat = old_catalog.ServerCatalog(croot, read_only=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2070	publisher=self.prefix)
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2071	if v0_cat.exists:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2072	v0_cat.destroy(root=croot)
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2073
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2074	# If above succeeded, we now have a catalog.attrs file. Parse
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2075	# this to determine what other constituent parts need to be
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2076	# downloaded.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2077	flist = []
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2078	if not full_refresh and v1_cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2079	flist = v1_cat.get_updates_needed(tempdir)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2080	if flist == None:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2081	return False, True
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2082	else:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2083	attrs = pkg.catalog.CatalogAttrs(meta_root=tempdir)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2084	for name in attrs.parts:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2085	locale = name.split(".", 2)[2]
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2086	# XXX Skip parts that aren't in the C locale for
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2087	# now.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2088	if locale != "C":
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2089	continue
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2090	flist.append(name)
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2091	if include_updates:
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2092	for update in attrs.updates:
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2093	flist.append(update)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2094
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2095	if flist:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2096	# More catalog files to retrieve.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2097	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2098	self.transport.get_catalog1(self, flist,
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2099	path=tempdir, redownload=redownload,
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2100	revalidate=revalidate, alt_repo=repo,
cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2101	progtrack=progtrack)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2102	except api_errors.UnsupportedRepositoryOperation:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2103	# Couldn't find a v1 catalog after getting one
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2104	# before. This would be a bizzare error, but we
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2105	# can try for a v0 catalog anyway.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2106	return self.__refresh_v0(croot, full_refresh,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2107	immediate, repo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2108
2808 05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	2109	# Clear _catalog, so we'll read in the new catalog.
05c6015a8c62 7195369 corrupt manifests can end up on disk when -g is used Dan Price <daniel.price@oracle.com> parents: 2768 diff changeset	2110	self._catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2111	v1_cat = pkg.catalog.Catalog(meta_root=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2112
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2113	# At this point the client should have a set of the constituent
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2114	# pieces that are necessary to construct a catalog. If a
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	2115	# catalog already exists, call apply_updates. Otherwise,
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2116	# move the files to the appropriate location.
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2117	validate = False
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2118	if not full_refresh and v1_cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2119	v1_cat.apply_updates(tempdir)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2120	else:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2121	if v1_cat.exists:
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2122	# This is a full refresh. Destroy
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2123	# the existing catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2124	v1_cat.destroy()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2125
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2126	for fn in os.listdir(tempdir):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2127	srcpath = os.path.join(tempdir, fn)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2128	dstpath = os.path.join(croot, fn)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2129	pkg.portable.rename(srcpath, dstpath)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2130
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2131	# Apply_updates validates the newly constructed catalog.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2132	# If refresh didn't call apply_updates, arrange to
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2133	# have the new catalog validated.
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2134	validate = True
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2135
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2136	if validate:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2137	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2138	v1_cat = pkg.catalog.Catalog(meta_root=croot)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2139	v1_cat.validate()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2140	except api_errors.BadCatalogSignatures:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2141	# If signature validation fails here, that means
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2142	# that the attributes and individual parts were
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2143	# self-consistent and not corrupt, but that the
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2144	# attributes and parts didn't match. This could
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2145	# be the result of a broken source providing
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2146	# an attributes file that is much older or newer
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2147	# than the catalog parts being provided.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2148	v1_cat.destroy()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2149	raise api_errors.MismatchedCatalog(self.prefix)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2150	return True, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2151
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2152	def __refresh_origin(self, croot, full_refresh, immediate, mismatched,
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2153	origin, progtrack=None, include_updates=False):
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2154	"""Private helper method used to refresh catalog data for each
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2155	origin. Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2156	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2157	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2158	if there were any updates."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2159
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2160	# Create a copy of the current repository object that only
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2161	# contains the origin specified.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2162	repo = copy.copy(self.repository)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2163	repo.origins = [origin]
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	2164
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2165	# Create temporary directory for assembly of catalog pieces.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2166	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2167	misc.makedirs(croot)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2168	tempdir = tempfile.mkdtemp(dir=croot)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2169	except EnvironmentError as e:
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2170	if e.errno == errno.EACCES:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2171	raise api_errors.PermissionsException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2172	e.filename)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2173	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2174	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2175	e.filename)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2176	raise
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2177
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2178	# Make a test contact to the repo to see if it is responding.
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2179	# We need to pass in a publisher object which only has one
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2180	# origin so create one from our current publisher.
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2181	test_pub = copy.copy(self)
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2182	test_pub.repository = repo
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2183	self.transport.version_check(test_pub)
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2184
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2185	# Ensure that the temporary directory gets removed regardless
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2186	# of success or failure.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2187	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2188	rval = self.__refresh_v1(croot, tempdir,
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2189	full_refresh, immediate, mismatched, repo,
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2190	progtrack=progtrack,
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2191	include_updates=include_updates)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2192
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2193	# Perform publisher metadata sanity checks.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2194	self.__validate_metadata(croot, repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2195
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2196	return rval
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2197	finally:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2198	# Cleanup tempdir.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2199	shutil.rmtree(tempdir, True)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2200
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2201	def __refresh(self, full_refresh, immediate, mismatched=False,
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2202	progtrack=None, include_updates=False, ignore_errors=False):
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2203	"""The method to handle the overall refresh process. It
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2204	determines if a refresh is actually needed, and then calls
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2205	the first version-specific refresh method in the chain."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2206
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2207	assert self.transport
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2208
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2209	if full_refresh:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2210	immediate = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2211
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2212	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2213	misc.makedirs(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2214	cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2215	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2216	if not cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2217	# If a catalog hasn't been retrieved for
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2218	# any of the origins, then a refresh is
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2219	# needed now.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2220	immediate = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2221	break
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2222
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2223	# Ensure consistent directory structure.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2224	self.create_meta_root()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2225
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2226	# Check if we already have a v1 catalog on disk.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2227	if not full_refresh and self.catalog.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2228	# If catalog is on disk, check if refresh is necessary.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2229	if not immediate and not self.needs_refresh:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2230	# No refresh needed.
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2231	return False, None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2232
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2233	any_changed = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2234	any_refreshed = False
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2235	failed = []
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2236	total = 0
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2237	for origin, opath in self.__gen_origin_paths():
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2238	total += 1
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2239	try:
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2240	changed, refreshed = self.__refresh_origin(
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2241	opath, full_refresh, immediate, mismatched,
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2242	origin, progtrack=progtrack,
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2243	include_updates=include_updates)
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2244	except api_errors.InvalidDepotResponseException as e:
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2245	failed.append((origin, e))
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2246	else:
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2247	if changed:
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2248	any_changed = True
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2249	if refreshed:
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2250	any_refreshed = True
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2251
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2252	if any_refreshed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2253	# Update refresh time.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2254	self.last_refreshed = dt.datetime.utcnow()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2255
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2256	# Finally, build a new catalog for this publisher based on a
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2257	# composite of the catalogs from all origins.
2749 9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	2258	if self.__rebuild_catalog():
9d664b5d7896 7175436 removal-only of origins with set-publisher can result in stale image catalog Shawn Walker <shawn.walker@oracle.com> parents: 2701 diff changeset	2259	any_changed = True
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2260
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2261	errors = None
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2262	if failed:
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2263	errors = api_errors.CatalogOriginRefreshException(
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2264	failed, total)
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2265
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2266	return any_changed, errors
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	2267
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2268	def refresh(self, full_refresh=False, immediate=False, progtrack=None,
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2269	include_updates=False):
3293 a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2270	"""Refreshes the publisher's metadata, returning a tuple
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2271	containing a boolean value indicating whether any updates to the
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2272	publisher's metadata occurred and an error object, which is
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2273	either a CatalogOriginRefreshException containing all the failed
a3347e4614da 15715250 implicit catalog refreshes shouldn't fail if publishers are unreachable Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3245 diff changeset	2274	origins for this publisher or None.
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2275
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2276	'full_refresh' is an optional boolean value indicating whether
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2277	a full retrieval of publisher metadata (e.g. catalogs) or only
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2278	an update to the existing metadata should be performed. When
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2279	True, 'immediate' is also set to True.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2280
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2281	'immediate' is an optional boolean value indicating whether
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2282	a refresh should occur now. If False, a publisher's selected
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2283	repository will be checked for updates only if needs_refresh
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2284	is True.
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2285
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2286	'include_updates' is an optional boolean value indicating
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2287	whether all catalog updates should be retrieved additionally to
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2288	the catalog."""
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2289
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2290	try:
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2291	return self.__refresh(full_refresh, immediate,
2898 723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2292	progtrack=progtrack,
723ece284e97 16595528 pkgrecv should have a clone mode to exactly replicate repositories Erik Trauschke <Erik.Trauschke@oracle.com> parents: 2808 diff changeset	2293	include_updates=include_updates)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2294	except (api_errors.BadCatalogUpdateIdentity,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2295	api_errors.DuplicateCatalogEntry,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2296	api_errors.ObsoleteCatalogUpdate,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2297	api_errors.UnknownUpdateType):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2298	if full_refresh:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2299	# Completely unexpected failure.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2300	# These exceptions should never
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2301	# be raised for a full refresh
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2302	# case anyway, so the error should
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2303	# definitely be raised.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2304	raise
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2305
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2306	# The incremental update likely failed for one or
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2307	# more of the following reasons:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2308	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2309	# * The origin for the publisher has changed.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2310	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2311	# * The catalog that the publisher is offering
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2312	# is now completely different (due to a restore
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2313	# from backup or --rebuild possibly).
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2314	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2315	# * The catalog that the publisher is offering
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2316	# has been restored to an older version, and
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2317	# packages that already exist in this client's
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2318	# copy of the catalog have been re-addded.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2319	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2320	# * The type of incremental update operation that
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2321	# that was performed on the catalog isn't supported
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2322	# by this version of the client, so a full retrieval
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2323	# is required.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2324	#
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2325	return self.__refresh(True, True, progtrack=progtrack)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2326	except api_errors.MismatchedCatalog:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2327	if full_refresh:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2328	# If this was a full refresh, don't bother
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2329	# retrying as it implies that the content
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2330	# retrieved wasn't cached.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2331	raise
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2332
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2333	# Retrieval of the catalog attributes and/or parts was
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2334	# successful, but the identity (digest or other
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2335	# information) didn't match the catalog attributes.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2336	# This could be the result of a misbehaving or stale
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2337	# cache.
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2338	return self.__refresh(False, True, mismatched=True,
cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2339	progtrack=progtrack)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2340	except (api_errors.BadCatalogSignatures,
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2341	api_errors.InvalidCatalogFile):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2342	# Assembly of the catalog failed, but this could be due
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2343	# to a transient error. So, retry at least once more.
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2344	return self.__refresh(True, True, progtrack=progtrack)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2345	except (api_errors.BadCatalogSignatures,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2346	api_errors.InvalidCatalogFile):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2347	# Assembly of the catalog failed, but this could be due
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2348	# to a transient error. So, retry at least once more.
2693 cfee571ea6d5 7154388 Progress tracking API and functionality improvements Dan Price <daniel.price@oracle.com> parents: 2616 diff changeset	2349	return self.__refresh(True, True, progtrack=progtrack)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2350
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2351	def remove_meta_root(self):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2352	"""Removes the publisher's meta_root."""
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2353
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2354	if not self.meta_root:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2355	raise api_errors.BadPublisherMetaRoot(self.meta_root,
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2356	operation="remove_meta_root")
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2357
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2358	try:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2359	shutil.rmtree(self.meta_root)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2360	except EnvironmentError as e:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2361	if e.errno == errno.EACCES:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2362	raise api_errors.PermissionsException(
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2363	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2364	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2365	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	2366	e.filename)
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2367	if e.errno not in (errno.ENOENT, errno.ESRCH):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2368	raise
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	2369
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2370	def reset_client_uuid(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2371	"""Replaces the current client_uuid with a new UUID."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2372
1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	2373	self.__client_uuid = str(uuid.uuid1())
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2374
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2375	def validate_config(self, repo_uri=None):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2376	"""Verify that the publisher's configuration (such as prefix)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2377	matches that provided by the repository. If the configuration
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2378	does not match as expected, an UnknownRepositoryPublishers
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2379	exception will be raised.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2380
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2381	'repo_uri' is an optional RepositoryURI object or URI string
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2382	containing the location of the repository. If not provided,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2383	the publisher's repository will be used instead."""
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2384
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2385	if repo_uri and not isinstance(repo_uri, RepositoryURI):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2386	repo = RepositoryURI(repo_uri)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2387	elif not repo_uri:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2388	# Transport actually allows both type of objects.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2389	repo = self
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2390	else:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2391	repo = repo_uri
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2392
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2393	pubs = None
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2394	try:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2395	pubs = self.transport.get_publisherdata(repo)
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	2396	except (api_errors.TransportError,
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	2397	api_errors.UnsupportedRepositoryOperation):
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	2398	# Nothing more can be done (because the target origin
2701 55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	2399	# can't be contacted, or because it doesn't support
55bf0cb749ae 7136244 granular configuration of http_proxy option Tim Foster <tim.s.foster@oracle.com> parents: 2693 diff changeset	2400	# retrieval of publisher configuration data).
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2401	return
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2402
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2403	if not pubs:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2404	raise api_errors.RepoPubConfigUnavailable(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2405	location=repo_uri, pub=self)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2406
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2407	if self.prefix not in pubs:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2408	known = [p.prefix for p in pubs]
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2409	if repo_uri:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2410	raise api_errors.UnknownRepositoryPublishers(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2411	known=known, unknown=[self.prefix],
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2412	location=repo_uri)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2413	raise api_errors.UnknownRepositoryPublishers(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2414	known=known, unknown=[self.prefix],
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2415	origins=self.repository.origins)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	2416
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2417	def approve_ca_cert(self, cert):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2418	"""Add the cert as a CA for manifest signing for this publisher.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2419
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2420	The 'cert' parameter is a string of the certificate to add.
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2421	"""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2422
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2423	cert = self.__string_to_cert(cert)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2424	hsh = self.__add_cert(cert)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2425	# If the user had previously revoked this certificate, remove
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2426	# the certificate from that list.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2427	if hsh in self.revoked_ca_certs:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2428	t = set(self.revoked_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2429	t.remove(hsh)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2430	self.revoked_ca_certs = list(t)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2431	self.approved_ca_certs.append(hsh)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2432
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2433	def revoke_ca_cert(self, s):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2434	"""Record that the cert with hash 's' is no longer trusted
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2435	as a CA. This method currently assumes it's only invoked as
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2436	a result of user action."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2437
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2438	self.revoked_ca_certs.append(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2439	self.revoked_ca_certs = list(set(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2440	self.revoked_ca_certs))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2441	if s in self.approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2442	t = set(self.approved_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2443	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2444	self.approved_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2445
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2446	def unset_ca_cert(self, s):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2447	"""If the cert with hash 's' has been added or removed by the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2448	user, undo the add or removal."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2449
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2450	if s in self.approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2451	t = set(self.approved_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2452	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2453	self.approved_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2454	if s in self.revoked_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2455	t = set(self.revoked_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2456	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2457	self.revoked_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2458
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2459	@staticmethod
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2460	def __hash_cert(c):
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	2461	# In order to interoperate with older images, we must use SHA-1
ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	2462	# here.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2463	return hashlib.sha1(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2464	c.public_bytes(serialization.Encoding.PEM)).hexdigest()
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2465
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2466	@staticmethod
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2467	def __string_to_cert(s, pkg_hash=None):
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2468	"""Convert a string to a X509 cert."""
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2469
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2470	try:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2471	return x509.load_pem_x509_certificate(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2472	misc.force_bytes(s), default_backend())
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2473	except ValueError:
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2474	if pkg_hash is not None:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2475	raise api_errors.BadFileFormat(_("The file "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2476	"with hash {0} was expected to be a PEM "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2477	"certificate but it could not be "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2478	"read.").format(pkg_hash))
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2479	raise api_errors.BadFileFormat(_("The following string "
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2480	"was expected to be a PEM certificate, but it "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2481	"could not be parsed as such:\n{0}".format(s)))
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2482
3304 4e3ad216d1e2 17424143 publisher get_cert_by_hash always downloads some certs Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3293 diff changeset	2483	def __add_cert(self, cert, pkg_hash=None):
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2484	"""Add the pem representation of the certificate 'cert' to the
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2485	certificates this publisher knows about."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2486
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2487	self.create_meta_root()
3304 4e3ad216d1e2 17424143 publisher get_cert_by_hash always downloads some certs Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3293 diff changeset	2488	if not pkg_hash:
4e3ad216d1e2 17424143 publisher get_cert_by_hash always downloads some certs Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3293 diff changeset	2489	pkg_hash = self.__hash_cert(cert)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2490	pkg_hash_pth = os.path.join(self.cert_root, pkg_hash)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2491	file_problem = False
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2492	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2493	with open(pkg_hash_pth, "wb") as fh:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2494	fh.write(cert.public_bytes(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2495	serialization.Encoding.PEM))
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2496	except EnvironmentError as e:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2497	if e.errno == errno.EACCES:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2498	raise api_errors.PermissionsException(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2499	e.filename)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2500	file_problem = True
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2501
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2502	# Note that while we store certs by their subject hashes,
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2503	# we use our own hashing since cryptography has no interface
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2504	# for the subject hash and other crypto frameworks have been
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2505	# inconsistent with OpenSSL.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2506	subj_hsh = hashlib.sha1(misc.force_bytes(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2507	cert.subject)).hexdigest()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2508	c = 0
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2509	made_link = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2510	while not made_link:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2511	fn = os.path.join(self.__subj_root,
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2512	"{0}.{1}".format(subj_hsh, c))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2513	if os.path.exists(fn):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2514	c += 1
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2515	continue
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2516	if not file_problem:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2517	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2518	portable.link(pkg_hash_pth, fn)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2519	made_link = True
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2520	except EnvironmentError as e:
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2521	pass
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2522	if not made_link:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2523	self.__issuers.setdefault(subj_hsh, []).append(
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2524	c)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2525	made_link = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2526	return pkg_hash
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2527
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2528	def get_cert_by_hash(self, pkg_hash, verify_hash=False,
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	2529	only_retrieve=False, hash_func=digest.DEFAULT_HASH_FUNC):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2530	"""Given a pkg5 hash, retrieve the cert that's associated with
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2531	it.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2532
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2533	The 'pkg_hash' parameter contains the file hash of the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2534	certificate to retrieve.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2535
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2536	The 'verify_hash' parameter determines the file that's read
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2537	from disk matches the expected hash.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2538
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2539	The 'only_retrieve' parameter determines whether a X509 object
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2540	is built from the certificate retrieved or if the certificate
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2541	is only stored on disk. """
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2542
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2543	assert not (verify_hash and only_retrieve)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2544	pth = os.path.join(self.cert_root, pkg_hash)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2545	pth_exists = os.path.exists(pth)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2546	if pth_exists and only_retrieve:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2547	return None
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2548	if pth_exists:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2549	with open(pth, "rb") as fh:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2550	s = fh.read()
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2551	else:
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	2552	s = self.transport.get_content(self, pkg_hash,
ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	2553	hash_func=hash_func)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2554	c = self.__string_to_cert(s, pkg_hash)
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2555	if not pth_exists:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2556	try:
3304 4e3ad216d1e2 17424143 publisher get_cert_by_hash always downloads some certs Erik Trauschke <Erik.Trauschke@oracle.com> parents: 3293 diff changeset	2557	self.__add_cert(c, pkg_hash=pkg_hash)
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2558	except api_errors.PermissionsException:
619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2559	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2560	if only_retrieve:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2561	return None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2562
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2563	if verify_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2564	h = misc.get_data_digest(cStringIO.StringIO(s),
2962 ce8cd4c07986 15433013 content hash handling should handle different hash functions Tim Foster <tim.s.foster@oracle.com> parents: 2898 diff changeset	2565	length=len(s), hash_func=hash_func)[0]
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2566	if h != pkg_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2567	raise api_errors.ModifiedCertificateException(c,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2568	pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2569	return c
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2570
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2571	def __rebuild_subj_root(self):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2572	"""Rebuild subject hash metadata."""
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2573
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2574	# clean up the old subject hash files to prevent
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2575	# junk files residing in the directory
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2576	try:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2577	shutil.rmtree(self.__subj_root)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2578	except EnvironmentError:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2579	# if unprivileged user, we can't add
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2580	# certs to it
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2581	pass
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2582	else:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2583	for p in os.listdir(self.cert_root):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2584	path = os.path.join(self.cert_root, p)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2585	if not os.path.isfile(path):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2586	continue
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2587	with open(path, "rb") as fh:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2588	s = fh.read()
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2589	cert = self.__string_to_cert(s)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2590	self.__add_cert(cert)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2591
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2592	def __get_certs_by_name(self, name):
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2593	"""Given 'name', a Cryptograhy 'Name' object, return the certs
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2594	with that name as a subject."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2595
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2596	res = []
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2597	count = 0
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2598	name_hsh = hashlib.sha1(misc.force_bytes(name)).hexdigest()
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2599
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2600	def load_cert(pth):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2601	with open(pth, "rb") as f:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2602	return x509.load_pem_x509_certificate(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2603	f.read(), default_backend())
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2604
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2605	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2606	while True:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2607	pth = os.path.join(self.__subj_root,
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2608	"{0}.{1}".format(name_hsh, count))
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2609	res.append(load_cert(pth))
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2610	count += 1
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2611	except EnvironmentError as e:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2612	# When switching to a different hash algorithm, the hash
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2613	# name of file changes so that we couldn't find the
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2614	# file. We try harder to rebuild the subject's metadata
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2615	# if it's the first time we fail (count == 0).
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2616	if count == 0 and e.errno == errno.ENOENT:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2617	self.__rebuild_subj_root()
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2618	try:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2619	res.append(load_cert(pth))
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2620	except EnvironmentError as e:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2621	if e.errno != errno.ENOENT:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2622	raise
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2623
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2624	t = api_errors._convert_error(e,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2625	[errno.ENOENT])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2626	if t:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2627	raise t
2467 619206169257 18620 pkg verify needs administrative privs when 'require-signatures' Brock Pytlik <brock.pytlik@oracle.com> parents: 2458 diff changeset	2628	res.extend(self.__issuers.get(name_hsh, []))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2629	return res
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2630
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2631	def get_ca_certs(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2632	"""Return a dictionary of the CA certificates for this
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2633	publisher."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2634
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2635	if self.ca_dict is not None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2636	return self.ca_dict
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2637	self.ca_dict = {}
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2638	# CA certs approved for this publisher are stored by hash to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2639	# prevent the later substitution or confusion over what certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2640	# have or have not been approved.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2641	for h in set(self.approved_ca_certs):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2642	c = self.get_cert_by_hash(h, verify_hash=True)
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2643	s = hashlib.sha1(misc.force_bytes(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2644	c.subject)).hexdigest()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2645	self.ca_dict.setdefault(s, [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2646	self.ca_dict[s].append(c)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2647	return self.ca_dict
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2648
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2649	def update_props(self, set_props=EmptyI, add_prop_values=EmptyDict,
9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2650	remove_prop_values=EmptyDict, unset_props=EmptyI):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2651	"""Update the properties set for this publisher with the ones
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2652	provided as arguments. The order of application is that any
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2653	existing properties are unset, then properties are set to their
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2654	new values, then values are added to properties, and finally
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2655	values are removed from properties."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2656
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2657	# Delay validation so that any intermittent inconsistent state
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2658	# doesn't cause problems.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2659	self.__delay_validation = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2660	# Remove existing properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2661	for n in unset_props:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2662	self.properties.pop(n, None)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2663	# Add or reset new properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2664	self.properties.update(set_props)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2665	# Add new values to properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2666	for n in add_prop_values.keys():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2667	self.properties.setdefault(n, [])
3185 2e55bdb918e4 20283125 pkg set-publisher traceback for --add-property-value after --set-property Xiaobo Shen <xiaobo.shen@oracle.com> parents: 3171 diff changeset	2668	if not isinstance(self.properties[n], list):
2e55bdb918e4 20283125 pkg set-publisher traceback for --add-property-value after --set-property Xiaobo Shen <xiaobo.shen@oracle.com> parents: 3171 diff changeset	2669	raise api_errors.InvalidPropertyValue(_(
2e55bdb918e4 20283125 pkg set-publisher traceback for --add-property-value after --set-property Xiaobo Shen <xiaobo.shen@oracle.com> parents: 3171 diff changeset	2670	"Cannot add a value to a single valued "
2e55bdb918e4 20283125 pkg set-publisher traceback for --add-property-value after --set-property Xiaobo Shen <xiaobo.shen@oracle.com> parents: 3171 diff changeset	2671	"property, The property name is '{name}' "
2e55bdb918e4 20283125 pkg set-publisher traceback for --add-property-value after --set-property Xiaobo Shen <xiaobo.shen@oracle.com> parents: 3171 diff changeset	2672	"and the current value is '{value}'"
2e55bdb918e4 20283125 pkg set-publisher traceback for --add-property-value after --set-property Xiaobo Shen <xiaobo.shen@oracle.com> parents: 3171 diff changeset	2673	).format(name=n, value=self.properties[n]))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2674	self.properties[n].extend(add_prop_values[n])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2675	# Remove values from properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2676	for n in remove_prop_values.keys():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2677	if n not in self.properties:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2678	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2679	"Cannot remove a value from the property "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2680	"{name} because the property does not "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2681	"exist.").format(name=n))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2682	if not isinstance(self.properties[n], list):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2683	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2684	"Cannot remove a value from a single "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2685	"valued property, unset must be used. The "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2686	"property name is '{name}' and the "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2687	"current value is '{value}'").format(
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2688	name=n, value=self.properties[n]))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2689	for v in remove_prop_values[n]:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2690	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2691	self.properties[n].remove(v)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2692	except ValueError:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2693	raise api_errors.InvalidPropertyValue(_(
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2694	"Cannot remove the value {value} "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2695	"from the property {name} "
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2696	"because the value is not in the "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2697	"property's list.").format(
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2698	value=v, name=n))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2699	self.__delay_validation = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2700	self.__validate_properties()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2701
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2702	def __validate_properties(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2703	"""Check that the properties set for this publisher are
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2704	consistent with each other."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2705
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2706	if self.__properties.get(SIGNATURE_POLICY, "") == \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2707	"require-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2708	if not self.__properties.get("signature-required-names",
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2709	None):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2710	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2711	"At least one name must be provided for "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2712	"the signature-required-names policy."))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2713
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2714	def __format_safe_read_crl(self, pth):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2715	"""CRLs seem to frequently come in DER format, so try reading
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2716	the CRL using both of the formats before giving up."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2717
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2718	with open(pth, "rb") as f:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2719	raw = f.read()
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2720
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2721	try:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2722	return x509.load_pem_x509_crl(raw, default_backend())
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2723	except ValueError:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2724	try:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2725	return x509.load_der_x509_crl(raw,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2726	default_backend())
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2727	except ValueError:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2728	raise api_errors.BadFileFormat(_("The CRL file "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2729	"{0} is not in a recognized "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	2730	"format.").format(pth))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2731
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2732	def __get_crl(self, uri):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2733	"""Given a URI (for now only http URIs are supported), return
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2734	the CRL object created from the file stored at that uri."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2735
2263 42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2736	uri = uri.strip()
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2737	if uri.startswith("Full Name:"):
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2738	uri = uri[len("Full Name:"):]
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2739	uri = uri.strip()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2740	if uri.startswith("URI:"):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2741	uri = uri[4:]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2742	if not uri.startswith("http://") and \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2743	not uri.startswith("file://"):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2744	raise api_errors.InvalidResourceLocation(uri.strip())
2272 d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2745	crl_host = DebugValues.get_value("crl_host")
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2746	if crl_host:
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	2747	orig = urlparse(uri)
3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	2748	crl = urlparse(crl_host)
3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	2749	uri = urlunparse(ParseResult(
2272 d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2750	scheme=crl.scheme, netloc=crl.netloc,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2751	path=orig.path,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2752	params=orig.params, query=orig.params,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2753	fragment=orig.fragment))
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2754	# If we've already read the CRL, use the previously created
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2755	# object.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2756	if uri in self.__tmp_crls:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2757	return self.__tmp_crls[uri]
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	2758	fn = quote(uri, "")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2759	assert os.path.isdir(self.__crl_root)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2760	fpath = os.path.join(self.__crl_root, fn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2761	crl = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2762	# Check if we already have a CRL for this URI.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2763	if os.path.exists(fpath):
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2764	# If we already have a CRL that we can read, check
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2765	# whether it's time to retrieve a new one from the
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2766	# location.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2767	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2768	crl = self.__format_safe_read_crl(fpath)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2769	except EnvironmentError:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2770	pass
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2771	else:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2772	nu = crl.next_update
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2773	cur_time = dt.datetime.utcnow()
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2774
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2775	if cur_time < nu:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2776	self.__tmp_crls[uri] = crl
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2777	return crl
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2778	# If the CRL is already known to be unavailable, don't try
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2779	# connecting to it again.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2780	if uri in Publisher.__bad_crls:
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2781	return crl
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2782	# If no CRL already exists or it's time to try to get a new one,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2783	# try to retrieve it from the server.
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2784	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2785	tmp_fd, tmp_pth = tempfile.mkstemp(dir=self.__crl_root)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	2786	except EnvironmentError as e:
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2787	if e.errno in (errno.EACCES, errno.EPERM):
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2788	tmp_fd, tmp_pth = tempfile.mkstemp()
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2789	else:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2790	raise apx._convert_error(e)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2791	with os.fdopen(tmp_fd, "wb") as fh:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2792	hdl = pycurl.Curl()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2793	hdl.setopt(pycurl.URL, uri)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2794	hdl.setopt(pycurl.WRITEDATA, fh)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2795	hdl.setopt(pycurl.FAILONERROR, 1)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2796	hdl.setopt(pycurl.CONNECTTIMEOUT,
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2797	global_settings.PKG_CLIENT_CONNECT_TIMEOUT)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2798	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2799	hdl.perform()
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2800	except pycurl.error:
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2801	# If the CRL is unavailable, add it to the list
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2802	# of bad crls.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2803	Publisher.__bad_crls.add(uri)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2804	# If we should treat failure to get a new CRL
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2805	# as a failure, raise an exception here. If not,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2806	# if we should use an old CRL if it exists,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2807	# return that here. If none is available and
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2808	# that means the cert should not be treated as
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2809	# revoked, return None here.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2810	return crl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2811	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2812	ncrl = self.__format_safe_read_crl(tmp_pth)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2813	except api_errors.BadFileFormat:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2814	portable.remove(tmp_pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2815	return crl
2529 de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2816	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2817	portable.rename(tmp_pth, fpath)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2818	# Because the file was made using mkstemp, we need to
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2819	# chmod it to match the other files in var/pkg.
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2820	os.chmod(fpath, PKG_RO_FILE_MODE)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2821	except EnvironmentError:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2822	self.__tmp_crls[uri] = ncrl
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2823	try:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2824	portable.remove(tmp_pth)
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2825	except EnvironmentError:
de3a83014795 18872 traceback in __get_crl running pkg verify as non-root Brock Pytlik <brock.pytlik@oracle.com> parents: 2467 diff changeset	2826	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2827	return ncrl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2828
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2829
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2830	def __verify_x509_signature(self, c, key):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2831	"""Verify the signature of a certificate or CRL 'c' against a
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2832	provided public key 'key'."""
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2833
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2834	verifier = key.verifier(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2835	c.signature, padding.PKCS1v15(),
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2836	c.signature_hash_algorithm)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2837
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2838	if isinstance(c, x509.Certificate):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2839	data = c.tbs_certificate_bytes
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2840	elif isinstance(c, x509.CertificateRevocationList):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2841	data = c.tbs_certlist_bytes
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2842	else:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2843	raise AssertionError("Invalid x509 object for "
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2844	"signature verification: {0}".format(type(c)))
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2845
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2846	verifier.update(data)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2847	try:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2848	verifier.verify()
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2849	return True
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2850	except Exception:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2851	return False
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2852
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2853	def __check_crl(self, cert, ca_dict, crl_uri):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2854	"""Determines whether the certificate has been revoked by the
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2855	CRL located at 'crl_uri'.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2856
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2857	The 'cert' parameter is the certificate to check for revocation.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2858
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2859	The 'ca_dict' is a dictionary which maps subject hashes to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2860	certs treated as trust anchors."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2861
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2862	crl = self.__get_crl(crl_uri)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2863
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2864	# If we couldn't retrieve a CRL from the distribution point
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2865	# and no CRL is cached on disk, assume the cert has not been
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2866	# revoked. It's possible that this should be an image or
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2867	# publisher setting in the future.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2868	if not crl:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2869	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2870
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2871	# A CRL has been found, now it needs to be validated like
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2872	# a certificate is.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2873	verified_crl = False
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2874	crl_issuer = crl.issuer
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2875	tas = ca_dict.get(hashlib.sha1(misc.force_bytes(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2876	crl_issuer)).hexdigest(), [])
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2877	for t in tas:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2878	try:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2879	if self.__verify_x509_signature(crl,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2880	t.public_key()):
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2881	# If t isn't approved for signing crls,
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2882	# the exception __check_extensions
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2883	# raises will take the code to the
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2884	# except below.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2885	self.__check_extensions(t,
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2886	CRL_SIGNING_USE, 0)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2887	verified_crl = True
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2888	except api_errors.SigningException:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2889	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2890	if not verified_crl:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2891	crl_cas = self.__get_certs_by_name(crl_issuer)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2892	for c in crl_cas:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2893	if self.__verify_x509_signature(crl,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2894	c.public_key()):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2895	try:
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2896	self.verify_chain(c, ca_dict, 0,
2458 7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2897	True,
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	2898	usages=CRL_SIGNING_USE)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2899	except api_errors.SigningException:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2900	pass
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2901	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2902	verified_crl = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2903	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2904	if not verified_crl:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2905	return True
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2906
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2907	# For a certificate to be revoked, its CRL must be validated
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2908	# and revoked the certificate.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2909
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2910	assert crl.issuer == cert.issuer
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2911	for rev in crl:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2912	if rev.serial_number != cert.serial:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2913	continue
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2914	try:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2915	reason = rev.extensions.get_extension_for_oid(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2916	x509.OID_CRL_REASON).value
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2917	except x509.ExtensionNotFound:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2918	reason = None
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2919	raise api_errors.RevokedCertificate(cert, reason)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2920
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2921	def __check_crls(self, cert, ca_dict):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2922	"""Determines whether the certificate has been revoked by one of
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2923	its CRLs.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2924
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2925	The 'cert' parameter is the certificate to check for revocation.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2926
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2927	The 'ca_dict' is a dictionary which maps subject hashes to
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2928	certs treated as trust anchors."""
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2929
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2930	# If the certificate doesn't have a CRL location listed, treat
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2931	# it as valid.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2932
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2933	# The CRLs to be retrieved are stored in the
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2934	# CRLDistributionPoints extensions which is structured like
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2935	# this:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2936	#
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2937	# CRLDitsributionPoints = [
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2938	# CRLDistributionPoint = [
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2939	# union {
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2940	# full_name = [ GeneralName, ... ]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2941	# relative_name = [ GeneralName, ... ]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2942	# }, ... ]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2943	# , ... ]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2944	#
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2945	# Relative names are a feature in X509 certs which allow to
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2946	# specify a location relative to another certificate. We are not
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2947	# supporting this and I'm not sure anybody is using this for
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2948	# CRLs.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2949	# Full names are absolute locations but can be in different
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2950	# formats (refer to RFC5280) but in general only the URI type is
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2951	# used for CRLs. So this is the only thing we support here.
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2952
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2953	try:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2954	dps = cert.extensions.get_extension_for_oid(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2955	x509.oid.ExtensionOID.CRL_DISTRIBUTION_POINTS).value
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2956	except x509.ExtensionNotFound:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2957	return
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2958
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2959	for dp in dps:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2960	if not dp.full_name:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2961	# we don't support relative names
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2962	continue
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2963	for uri in dp.full_name:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2964	if not isinstance(uri,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2965	x509.UniformResourceIdentifier):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2966	# we only support URIs
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2967	continue
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2968	self.__check_crl(cert, ca_dict, str(uri.value))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2969
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2970	def __check_revocation(self, cert, ca_dict, use_crls):
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2971	hsh = self.__hash_cert(cert)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2972	if hsh in self.revoked_ca_certs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2973	raise api_errors.RevokedCertificate(cert,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2974	"User manually revoked certificate.")
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2975	if use_crls:
5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	2976	self.__check_crls(cert, ca_dict)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2977
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2978	def __check_extensions(self, cert, usages, cur_pathlen):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2979	"""Check whether the critical extensions in this certificate
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2980	are supported and allow the provided use(s)."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2981
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2982	try:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2983	exts = cert.extensions
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2984	except (ValueError, x509.UnsupportedExtension) as e:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2985	raise api_errors.InvalidCertificateExtensions(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2986	cert, e)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2987
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2988	def check_values(vs):
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2989	for v in vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2990	if v in supported_vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2991	continue
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2992	# If there is only one extension value, it must
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2993	# be the problematic one. Otherwise, we also
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2994	# output the first unsupported value as the
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2995	# problematic value following extension value.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2996	if len(vs) < 2:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2997	raise api_errors.UnsupportedExtensionValue(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2998	cert, ext, ", ".join(vs))
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	2999	raise api_errors.UnsupportedExtensionValue(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3000	cert, ext, ", ".join(vs), v)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3001
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3002	for ext in exts:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3003	etype = type(ext.value)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3004	if etype in SUPPORTED_EXTENSION_VALUES:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3005	supported_vs = SUPPORTED_EXTENSION_VALUES[etype]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3006	keys = EXTENSIONS_VALUES[etype]
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3007	if etype == x509.BasicConstraints:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3008	pathlen = ext.value.path_length
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3009	if pathlen is not None and \
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3010	cur_pathlen > pathlen:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3011	raise api_errors.PathlenTooShort(cert,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3012	cur_pathlen, pathlen)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3013	elif etype == x509.KeyUsage:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3014	keys = list(EXTENSIONS_VALUES[etype])
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3015	if not getattr(ext.value,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3016	"key_agreement"):
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3017	# Cryptography error:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3018	# encipher_only/decipher_only is
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3019	# undefined unless key_agreement
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3020	# is true
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3021	keys.remove("encipher_only")
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3022	keys.remove("decipher_only")
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3023	vs = [
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3024	key
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3025	for key in keys
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3026	if getattr(ext.value, key)
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3027	]
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3028	# Check whether the values for the extension are
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3029	# recognized.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3030	check_values(vs)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3031	# For each use, check to see whether it's
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3032	# permitted by the certificate's extension
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3033	# values.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3034	if etype not in usages:
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3035	continue
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3036	for u in usages[etype]:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3037	if u not in vs:
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3038	raise api_errors.InappropriateCertificateUse(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3039	cert, ext, u, ", ".join(vs))
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3040	# If the extension name is unrecognized and critical,
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3041	# then the chain cannot be verified.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3042	elif ext.critical:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3043	raise api_errors.UnsupportedCriticalExtension(
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3044	cert, ext)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	3045
2458 7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	3046	def verify_chain(self, cert, ca_dict, cur_pathlen, use_crls,
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	3047	required_names=None, usages=None):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3048	"""Validates the certificate against the given trust anchors.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3049
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3050	The 'cert' parameter is the certificate to validate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3051
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3052	The 'ca_dict' parameter is a dictionary which maps subject
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3053	hashes to certs treated as trust anchors.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3054
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3055	The 'cur_pathlen' parameter is an integer indicating how many
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3056	certificates have been found between cert and the leaf cert.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3057
2458 7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	3058	The 'use_crls' parameter is a boolean indicating whether
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	3059	certificates should be checked to see if they've been revoked.
7c1227ad555e 18466 pkg needs an option to skip crl verification Brock Pytlik <brock.pytlik@oracle.com> parents: 2433 diff changeset	3060
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3061	The 'required_names' parameter is a set of strings that must
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3062	be seen as a CN in the chain of trust for the certificate."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3063
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3064	if required_names is None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3065	required_names = set()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3066	verified = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3067	continue_loop = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3068	certs_with_problems = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3069
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3070	ca_dict = copy.copy(ca_dict)
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3071	for k, v in six.iteritems(self.get_ca_certs()):
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3072	if k in ca_dict:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3073	ca_dict[k].extend(v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3074	else:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3075	ca_dict[k] = v
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3076
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3077	def merge_dicts(d1, d2):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3078	"""Function for merging usage dictionaries."""
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3079	res = copy.deepcopy(d1)
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3080	for k in d2:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3081	if k in res:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3082	res[k].extend(d2[k])
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3083	else:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3084	res[k] = d2[k]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3085	return res
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3086
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3087	def discard_names(cert, required_names):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3088	for cert_cn in [
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3089	str(c.value)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3090	for c
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3091	in cert.subject.get_attributes_for_oid(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3092	x509.oid.NameOID.COMMON_NAME)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3093	]:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3094	required_names.discard(cert_cn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3095
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3096	if not usages:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3097	usages = {}
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3098	for u in POSSIBLE_USES:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3099	usages = merge_dicts(usages, u)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3100
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3101	# Check whether we can validate this certificate.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3102	self.__check_extensions(cert, usages, cur_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3103
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3104	# Check whether this certificate has been revoked.
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	3105	self.__check_revocation(cert, ca_dict, use_crls)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3106
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3107	while continue_loop:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3108	# If this certificate's CN is in the set of required
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3109	# names, remove it.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3110	discard_names(cert, required_names)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3111
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3112	# Find the certificate that issued this certificate.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3113	issuer = cert.issuer
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3114	issuer_hash = hashlib.sha1(misc.force_bytes(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3115	issuer)).hexdigest()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3116
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3117	# See whether this certificate was issued by any of the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3118	# given trust anchors.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3119	for c in ca_dict.get(issuer_hash, []):
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3120	if self.__verify_x509_signature(cert,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3121	c.public_key()):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3122	verified = True
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3123	# Remove any required names found in the
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3124	# trust anchor.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3125	discard_names(c, required_names)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3126	# If there are more names to check for
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3127	# continue up the chain of trust to look
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3128	# for them.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3129	if not required_names:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3130	continue_loop = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3131	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3132
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3133	# If the subject and issuer for this certificate are
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3134	# identical and the certificate hasn't been verified
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3135	# then this is an untrusted self-signed cert and should
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3136	# be rejected.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3137	if hashlib.sha1(misc.force_bytes(
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3138	cert.subject)).hexdigest() == issuer_hash:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3139	if not verified:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3140	raise \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3141	api_errors.UntrustedSelfSignedCert(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3142	cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3143	# This break should break the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3144	# while continue_loop loop.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3145	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3146
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3147	# If the certificate hasn't been issued by a trust
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3148	# anchor or more names need to be found, continue
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3149	# looking up the chain of trust.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3150	if continue_loop:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3151	up_chain = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3152	# Keep track of certs that would have verified
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3153	# this certificate but had critical extensions
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3154	# we can't handle yet for error reporting.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3155	certs_with_problems = []
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3156	for c in self.__get_certs_by_name(issuer):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3157	# If the certificate is approved to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3158	# sign another certificate, verifies
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3159	# the current certificate, and hasn't
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3160	# been revoked, consider it as the
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3161	# next link in the chain. check_ca
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3162	# checks both the basicConstraints
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3163	# extension and the keyUsage extension.
3321 52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3164	if misc.check_ca(c) and \
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3165	self.__verify_x509_signature(cert,
52e8eec3014c 17377205 IPS should not use M2Crypto Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3318 diff changeset	3166	c.public_key()):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3167	problem = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3168	# Check whether this certificate
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3169	# has a critical extension we
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3170	# don't understand.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3171	try:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	3172	self.__check_extensions(
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3173	c, CERT_SIGNING_USE,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3174	cur_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3175	self.__check_revocation(c,
2558 5903fa459c85 18937 check-certificate-revocation is ignored in some cases Shawn Walker <shawn.walker@oracle.com> parents: 2529 diff changeset	3176	ca_dict, use_crls)
3171 525f5bdb3f62 20434301 change exception handling syntax for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3158 diff changeset	3177	except (api_errors.UnsupportedCriticalExtension, api_errors.RevokedCertificate) as e:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3178	certs_with_problems.append(e)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3179	problem = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3180	# If this certificate has no
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3181	# problems with it, it's the
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3182	# next link in the chain so make
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3183	# it the current certificate and
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3184	# add one to cur_pathlen since
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3185	# there's one more chain cert
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3186	# between the code signing cert
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3187	# and the root of the chain.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3188	if not problem:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3189	up_chain = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3190	cert = c
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	3191	cur_pathlen += 1
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3192	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3193	# If there's not another link in the chain to be
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3194	# found, stop the iteration.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3195	if not up_chain:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3196	continue_loop = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3197	# If the certificate wasn't verified against a trust anchor,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3198	# raise an exception.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3199	if not verified:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3200	raise api_errors.BrokenChain(cert,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3201	certs_with_problems)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3202
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3203	alias = property(lambda self: self.__alias, __set_alias,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3204	doc="An alternative name for a publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3205
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3206	client_uuid = property(lambda self: self.__client_uuid,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3207	__set_client_uuid,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3208	doc="A Universally Unique Identifier (UUID) used to identify a "
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3209	"client image to a publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3210
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3211	disabled = property(lambda self: self.__disabled, __set_disabled,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3212	doc="A boolean value indicating whether the publisher should be "
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3213	"used for packaging operations.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3214
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3215	last_refreshed = property(__get_last_refreshed, __set_last_refreshed,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3216	doc="A datetime object representing the time (in UTC) the "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3217	"publisher's selected repository was last refreshed for new "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3218	"metadata (such as catalog updates). 'None' if the publisher "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3219	"hasn't been refreshed yet or the time is not available.")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3220
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3221	meta_root = property(lambda self: self.__meta_root, __set_meta_root,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3222	doc="The absolute pathname of the directory where the publisher's "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3223	"metadata should be written to and read from.")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	3224
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3225	prefix = property(lambda self: self.__prefix, __set_prefix,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3226	doc="The name of the publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3227
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3228	repository = property(lambda self: self.__repository,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3229	__set_repository,
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3230	doc="A reference to the selected repository object.")
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	3231
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	3232	sticky = property(lambda self: self.__sticky, __set_stickiness,
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	3233	doc="Whether or not installed packages from this publisher are"
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	3234	" always preferred to other publishers.")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3235
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3236	def __get_prop(self, name):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3237	"""Accessor method for properties dictionary"""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3238	return self.__properties[name]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3239
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3240	@staticmethod
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3241	def __read_list(list_str):
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3242	"""Take a list in string representation and convert it back
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3243	to a Python list."""
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3244
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3245	list_str = list_str.encode("utf-8")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3246	# Strip brackets and any whitespace
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3247	list_str = list_str.strip("][ ")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3248	# Strip comma and any whitespeace
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3249	lst = list_str.split(", ")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3250	# Strip empty whitespace, single, and double quotation marks
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3251	lst = [ s.strip("' \"") for s in lst ]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3252	# Eliminate any empty strings
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3253	lst = [ s for s in lst if s != '' ]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3254
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3255	return lst
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3256
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3257	def __set_prop(self, name, values):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3258	"""Accessor method to add a property"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3259	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3260	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3261	"set a property for a system publisher. The "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3262	"property was:{0}").format(name))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3263
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3264	if name == SIGNATURE_POLICY:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3265	self.__sig_policy = None
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3266	if isinstance(values, six.string_types):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3267	values = [values]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3268	policy_name = values[0]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3269	if policy_name not in sigpolicy.Policy.policies():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3270	raise api_errors.InvalidPropertyValue(_(
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3271	"{val} is not a valid value for this "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3272	"property:{prop}").format(val=policy_name,
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3273	prop=SIGNATURE_POLICY))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3274	if policy_name == "require-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3275	if self.__delay_validation:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3276	# If __delay_validation is set, then
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3277	# it's possible that
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3278	# signature-required-names was
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3279	# set by a previous call to set_prop
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3280	# file. If so, don't overwrite the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3281	# values that have already been read.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3282	self.__properties.setdefault(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3283	"signature-required-names", [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3284	self.__properties[
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3285	"signature-required-names"].extend(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3286	values[1:])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3287	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3288	self.__properties[
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3289	"signature-required-names"] = \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3290	values[1:]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3291	self.__validate_properties()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3292	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3293	if len(values) > 1:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3294	raise api_errors.InvalidPropertyValue(_(
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3295	"The {0} signature-policy takes no "
58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3296	"argument.").format(policy_name))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3297	self.__properties[SIGNATURE_POLICY] = policy_name
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3298	return
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3299	if name == "signature-required-names":
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3300	if isinstance(values, six.string_types):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3301	values = self.__read_list(values)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3302	self.__properties[name] = values
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3303
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3304	def __del_prop(self, name):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3305	"""Accessor method for properties"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3306	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3307	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3308	"unset a property for a system publisher. The "
3158 58c9c2c21e67 20177033 change string formatting for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3065 diff changeset	3309	"property was:{0}").format(name))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3310	del self.__properties[name]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3311
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3312	def __prop_iter(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3313	return self.__properties.__iter__()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3314
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3315	def __prop_iteritems(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3316	"""Support iteritems on properties"""
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3317	return six.iteritems(self.__properties)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3318
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3319	def __prop_keys(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3320	"""Support keys() on properties"""
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3321	return list(self.__properties.keys())
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3322
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3323	def __prop_values(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3324	"""Support values() on properties"""
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3325	return list(self.__properties.values())
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3326
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3327	def __prop_getdefault(self, name, value):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3328	"""Support getdefault() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3329	return self.__properties.get(name, value)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3330
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3331	def __prop_setdefault(self, name, value):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3332	"""Support setdefault() on properties"""
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3333	# Must set it this way so that the logic in __set_prop is used.
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3334	try:
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3335	return self.__properties[name]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3336	except KeyError:
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3337	self.properties[name] = value
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3338	return value
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3339
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3340	def __prop_update(self, d):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3341	"""Support update() on properties"""
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3342
3234 3a90dc0b66c9 21188662 use six library for python 3 migration Yiteng Zhang <yiteng.zhang@oracle.com> parents: 3185 diff changeset	3343	for k, v in six.iteritems(d):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3344	# Must iterate through each value and
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3345	# set it this way so that the logic
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3346	# in __set_prop is used.
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3347	self.properties[k] = v
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3348
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3349	def __prop_pop(self, d, default):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3350	"""Support pop() on properties"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3351	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3352	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	3353	"unset a property for a system publisher."))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3354	return self.__properties.pop(d, default)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3355
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3356	properties = DictProperty(__get_prop, __set_prop, __del_prop,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3357	__prop_iteritems, __prop_keys, __prop_values, __prop_iter,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3358	doc="A dict holding the properties for an image.",
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3359	fgetdefault=__prop_getdefault, fsetdefault=__prop_setdefault,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3360	update=__prop_update, pop=__prop_pop)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3361
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3362	@property
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3363	def signature_policy(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3364	"""Return the signature policy for the publisher."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3365
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3366	if self.__sig_policy is not None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3367	return self.__sig_policy
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3368	txt = self.properties.get(SIGNATURE_POLICY,
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	3369	sigpolicy.DEFAULT_POLICY)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3370	names = self.properties.get("signature-required-names", [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3371	self.__sig_policy = sigpolicy.Policy.policy_factory(txt, names)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	3372	return self.__sig_policy

author	Yiteng Zhang <yiteng.zhang@oracle.com>
	Wed, 09 Mar 2016 11:27:23 -0800
changeset 3321	52e8eec3014c
parent 3318	864be9e4db61
child 3325	18a3d7b0d618
permissions	-rw-r--r--