upstream/oracle/pkg-gate: src/modules/client/publisher.py@ce704b29a50c (annotated)

1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	1	#!/usr/bin/python
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	3	# CDDL HEADER START
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	4	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	5	# The contents of this file are subject to the terms of the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	6	# Common Development and Distribution License (the "License").
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	7	# You may not use this file except in compliance with the License.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	8	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	9	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	10	# or http://www.opensolaris.org/os/licensing.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	11	# See the License for the specific language governing permissions
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	12	# and limitations under the License.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	13	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	14	# When distributing Covered Code, include this CDDL HEADER in each
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	15	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	16	# If applicable, add the following below this CDDL HEADER, with the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	17	# fields enclosed by brackets "[]" replaced with your own identifying
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	18	# information: Portions Copyright [yyyy] [name of copyright owner]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	19	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	20	# CDDL HEADER END
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	21	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	22
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	23	#
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	24	# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	25	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	26
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	27	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	28	# NOTE: Any changes to this file are considered a change in client api
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	29	# interfaces and must be fully documented in doc/client_api_versions.txt
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	30	# if they are visible changes to the public interfaces provided.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	31	#
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	32	# This also means that changes to the interfaces here must be reflected in
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	33	# the client version number and compatible_versions specifier found in
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	34	# modules/client/api.py:__init__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	35	#
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	36
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	37	import calendar
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	38	import collections
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	39	import copy
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	40	import cStringIO
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	41	import datetime as dt
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	42	import errno
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	43	import hashlib
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	44	import os
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	45	import pycurl
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	46	import shutil
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	47	import tempfile
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	48	import time
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	49	import urllib
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	50	import urlparse
1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	51	import uuid
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	52
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	53	from pkg.client import global_settings
2272 d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	54	from pkg.client.debugvalues import DebugValues
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	55	logger = global_settings.logger
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	56
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	57	import pkg.catalog
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	58	import pkg.client.api_errors as api_errors
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	59	import pkg.client.sigpolicy as sigpolicy
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	60	import pkg.misc as misc
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	61	import pkg.portable as portable
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	62	import pkg.server.catalog as old_catalog
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	63	import M2Crypto as m2
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	64
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	65	from pkg.misc import EmptyDict, EmptyI, SIGNATURE_POLICY, DictProperty
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	66
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	67	# The "core" type indicates that a repository contains all of the dependencies
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	68	# declared by packages in the repository. It is primarily used for operating
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	69	# system repositories.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	70	REPO_CTYPE_CORE = "core"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	71
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	72	# The "supplemental" type indicates that a repository contains packages that
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	73	# rely on or are intended to be used with packages located in another
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	74	# repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	75	REPO_CTYPE_SUPPLEMENTAL = "supplemental"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	76
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	77	# Mapping of constant values to names (in the event these ever get changed to
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	78	# numeric values or it is decided they need "prettier" or different labels).
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	79	REPO_COLLECTION_TYPES = {
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	80	REPO_CTYPE_CORE: "core",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	81	REPO_CTYPE_SUPPLEMENTAL: "supplemental",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	82	}
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	83
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	84	# Supported Protocol Schemes
1895 0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	85	SUPPORTED_SCHEMES = set(("file", "http", "https"))
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	86
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	87	# SSL Protocol Schemes
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	88	SSL_SCHEMES = set(("https",))
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	89
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	90	# Supported RepositoryURI sorting policies.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	91	URI_SORT_PRIORITY = "priority"
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	92
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	93	# Sort policy mapping.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	94	URI_SORT_POLICIES = {
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	95	URI_SORT_PRIORITY: lambda obj: (obj.priority, obj.uri),
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	96	}
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	97
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	98	# This dictionary records the recognized values of extensions.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	99	SUPPORTED_EXTENSION_VALUES = {
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	100	"basicConstraints": ("CA:TRUE", "CA:FALSE", "PATHLEN:"),
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	101	"keyUsage": ("DIGITAL SIGNATURE", "CERTIFICATE SIGN", "CRL SIGN")
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	102	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	103
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	104	# These dictionaries map uses into their extensions.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	105	CODE_SIGNING_USE = {
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	106	"keyUsage": ["DIGITAL SIGNATURE"]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	107	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	108
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	109	CERT_SIGNING_USE = {
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	110	"basicConstraints": ["CA:TRUE"],
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	111	"keyUsage": ["CERTIFICATE SIGN"]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	112	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	113
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	114	CRL_SIGNING_USE = {
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	115	"keyUsage": ["CRL SIGN"]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	116	}
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	117
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	118	POSSIBLE_USES = [CODE_SIGNING_USE, CERT_SIGNING_USE, CRL_SIGNING_USE]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	119
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	120	class RepositoryURI(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	121	"""Class representing a repository URI and any transport-related
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	122	information."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	123
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	124	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	125	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	126	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	127	__priority = None
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	128	__proxy = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	129	__ssl_cert = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	130	__ssl_key = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	131	__trailing_slash = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	132	__uri = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	133
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	134	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	135	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	136	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	137
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	138	def __init__(self, uri, priority=None, ssl_cert=None, ssl_key=None,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	139	trailing_slash=True, proxy=None, system=False):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	140	# Must set first.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	141	self.__trailing_slash = trailing_slash
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	142
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	143	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	144	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	145	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	146	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	147	self.priority = priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	148	self.uri = uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	149	self.ssl_cert = ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	150	self.ssl_key = ssl_key
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	151	self.proxy = proxy
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	152	self.system = system
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	153
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	154	def __copy__(self):
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	155	uri = RepositoryURI(self.__uri, priority=self.__priority,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	156	ssl_cert=self.__ssl_cert, ssl_key=self.__ssl_key,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	157	trailing_slash=self.__trailing_slash, proxy=self.__proxy,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	158	system=self.system)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	159	uri._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	160	return uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	161
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	162	def __eq__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	163	if isinstance(other, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	164	return self.uri == other.uri and \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	165	self.proxy == other.proxy
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	166	if isinstance(other, str):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	167	return self.proxy is None and self.uri == other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	168	return False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	169
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	170	def __ne__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	171	if isinstance(other, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	172	return self.uri != other.uri or \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	173	self.proxy != other.proxy
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	174	if isinstance(other, str):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	175	return self.proxy is not None or self.uri != other
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	176	return True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	177
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	178	def __cmp__(self, other):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	179	if not other:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	180	return 1
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	181	if not isinstance(other, RepositoryURI):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	182	other = RepositoryURI(other)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	183	res = cmp(self.uri, other.uri)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	184	if res != 0:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	185	return res
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	186	return cmp(self.proxy, other.proxy)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	187
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	188	def __set_priority(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	189	if value is not None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	190	try:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	191	value = int(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	192	except (TypeError, ValueError):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	193	raise api_errors.BadRepositoryURIPriority(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	194	self.__priority = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	195
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	196	def __set_proxy(self, proxy):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	197	if not proxy:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	198	return
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	199	self.__proxy = proxy
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	200	assert not self.__ssl_cert
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	201	assert not self.__ssl_key
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	202
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	203	def __set_ssl_cert(self, filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	204	if self.scheme not in SSL_SCHEMES and filename:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	205	raise api_errors.UnsupportedRepositoryURIAttribute(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	206	"ssl_cert", scheme=self.scheme)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	207	if filename:
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	208	if not isinstance(filename, basestring):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	209	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	210	"ssl_cert", value=filename)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	211	filename = os.path.abspath(filename)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	212	if not os.path.exists(filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	213	raise api_errors.NoSuchCertificate(filename,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	214	uri=self.uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	215	if filename == "":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	216	filename = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	217	# XXX attempt certificate verification here?
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	218	self.__ssl_cert = filename
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	219
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	220	def __set_ssl_key(self, filename):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	221	if self.scheme not in SSL_SCHEMES and filename:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	222	raise api_errors.UnsupportedRepositoryURIAttribute(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	223	"ssl_key", scheme=self.scheme)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	224	if filename:
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	225	if not isinstance(filename, basestring):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	226	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	227	"ssl_key", value=filename)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	228	filename = os.path.abspath(filename)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	229	if not os.path.exists(filename):
1254 28871b08d49c 8463 missing key file error message says certificate is missing Shawn Walker <srw@sun.com> parents: 1252 diff changeset	230	raise api_errors.NoSuchKey(filename,
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	231	uri=self.uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	232	if filename == "":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	233	filename = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	234	# XXX attempt key verification here?
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	235	self.__ssl_key = filename
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	236
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	237	def __set_trailing_slash(self, value):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	238	if value not in (True, False):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	239	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	240	"trailing_slash", value=value)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	241	self.__trailing_slash = value
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	242
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	243	def __set_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	244	if uri is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	245	raise api_errors.BadRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	246
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	247	# Decompose URI to verify attributes.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	248	scheme, netloc, path, params, query = \
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	249	urlparse.urlsplit(uri, allow_fragments=0)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	250
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	251	# The set of currently supported protocol schemes.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	252	if scheme.lower() not in SUPPORTED_SCHEMES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	253	raise api_errors.UnsupportedRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	254
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	255	# XXX valid_pub_url's check isn't quite right and could prevent
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	256	# usage of IDNs (international domain names).
1895 0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	257	if (scheme.lower().startswith("http") and not netloc) or \
0a260cc2a689 15762 client support for filesystem-based repository access Shawn Walker <shawn.walker@oracle.com> parents: 1795 diff changeset	258	not misc.valid_pub_url(uri):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	259	raise api_errors.BadRepositoryURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	260
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	261	if scheme.lower() == "file" and netloc:
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	262	raise api_errors.BadRepositoryURI(uri)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	263
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	264	# Normalize URI scheme.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	265	uri = uri.replace(scheme, scheme.lower(), 1)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	266
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	267	if self.__trailing_slash:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	268	uri = misc.url_affix_trailing_slash(uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	269
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	270	if scheme.lower() not in SSL_SCHEMES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	271	self.__ssl_cert = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	272	self.__ssl_key = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	273
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	274	self.__uri = uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	275
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	276	def __str__(self):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	277	if not self.__proxy:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	278	return self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	279	return "proxy://%s" % self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	280
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	281	def change_scheme(self, new_scheme):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	282	"""Change the scheme of this uri."""
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	283
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	284	assert self.__uri
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	285	scheme, netloc, path, params, query, fragment = \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	286	urlparse.urlparse(self.__uri, allow_fragments=False)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	287	if new_scheme == scheme:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	288	return
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	289	self.uri = urlparse.urlunparse(
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	290	(new_scheme, netloc, path, params, query, fragment))
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	291
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	292	def get_host(self):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	293	"""Get the host and port of this URI if it's a http uri."""
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	294
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	295	scheme, netloc, path, params, query, fragment = \
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	296	urlparse.urlparse(self.__uri, allow_fragments=0)
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	297	if scheme != "file":
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	298	return netloc
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	299	return ""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	300
1968 c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	301	def get_pathname(self):
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	302	"""Returns the URI path as a pathname if the URI is a file
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	303	URI or '' otherwise."""
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	304
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	305	scheme, netloc, path, params, query, fragment = \
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	306	urlparse.urlparse(self.__uri, allow_fragments=0)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	307	if scheme == "file":
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	308	return urllib.url2pathname(path)
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	309	return ""
c0540b1e4f7e 8722 advanced repository metadata store needed Shawn Walker <shawn.walker@oracle.com> parents: 1937 diff changeset	310
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	311	ssl_cert = property(lambda self: self.__ssl_cert, __set_ssl_cert, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	312	"The absolute pathname of a PEM-encoded SSL certificate file.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	313
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	314	ssl_key = property(lambda self: self.__ssl_key, __set_ssl_key, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	315	"The absolute pathname of a PEM-encoded SSL key file.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	316
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	317	uri = property(lambda self: self.__uri, __set_uri, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	318	"The URI used to access a repository.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	319
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	320	priority = property(lambda self: self.__priority, __set_priority, None,
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	321	"An integer value representing the importance of this repository "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	322	"URI relative to others.")
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	323
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	324	proxy = property(lambda self: self.__proxy, __set_proxy, None, "The "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	325	"proxy to use to access this repository.")
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	326
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	327	@property
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	328	def scheme(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	329	"""The URI scheme."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	330	if not self.__uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	331	return ""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	332	return urlparse.urlsplit(self.__uri, allow_fragments=0)[0]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	333
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	334	trailing_slash = property(lambda self: self.__trailing_slash,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	335	__set_trailing_slash, None,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	336	"A boolean value indicating whether any URI provided for this "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	337	"object should have a trailing slash appended when setting the "
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	338	"URI property.")
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	339
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	340
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	341	class Repository(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	342	"""Class representing a repository object.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	343
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	344	A repository object represents a location where clients can publish
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	345	and retrieve package content and/or metadata. It has the following
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	346	characteristics:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	347
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	348	- may have one or more origins (URIs) for publication and
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	349	retrieval of package metadata and content.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	350
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	351	- may have zero or more mirrors (URIs) for retrieval of package
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	352	content."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	353
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	354	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	355	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	356	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	357	__collection_type = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	358	__legal_uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	359	__mirrors = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	360	__origins = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	361	__refresh_seconds = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	362	__registration_uri = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	363	__related_uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	364	__sort_policy = URI_SORT_PRIORITY
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	365
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	366	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	367	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	368	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	369
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	370	name = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	371	description = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	372	registered = False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	373
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	374	def __init__(self, collection_type=REPO_CTYPE_CORE, description=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	375	legal_uris=None, mirrors=None, name=None, origins=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	376	refresh_seconds=None, registered=False, registration_uri=None,
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	377	related_uris=None, sort_policy=URI_SORT_PRIORITY):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	378	"""Initializes a repository object.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	379
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	380	'collection_type' is an optional constant value indicating the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	381	type of packages in the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	382
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	383	'description' is an optional string value containing a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	384	descriptive paragraph for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	385
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	386	'legal_uris' should be a list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	387	strings indicating where licensing, legal, and terms of service
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	388	information for the repository can be found.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	389
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	390	'mirrors' is an optional list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	391	strings indicating where package content can be retrieved.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	392
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	393	'name' is an optional, short, descriptive name for the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	394	repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	395
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	396	'origins' should be a list of RepositoryURI objects or URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	397	strings indicating where package metadata can be retrieved.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	398
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	399	'refresh_seconds' is an optional integer value indicating the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	400	number of seconds clients should wait before refreshing cached
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	401	repository catalog or repository metadata information.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	402
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	403	'registered' is an optional boolean value indicating whether
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	404	a client has registered with the repository's publisher.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	405
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	406	'registration_uri' is an optional RepositoryURI object or a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	407	string indicating a location clients can use to register or
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	408	obtain credentials needed to access the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	409
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	410	'related_uris' is an optional list of RepositoryURI objects or a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	411	list of URI strings indicating the location of related
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	412	repositories that a client may be interested in.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	413
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	414	'sort_policy' is an optional constant value indicating how
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	415	legal_uris, mirrors, origins, and related_uris should be
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	416	sorted."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	417
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	418	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	419	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	420	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	421	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	422
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	423	# Must be set first so that it will apply to attributes set
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	424	# afterwards.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	425	self.sort_policy = sort_policy
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	426
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	427	self.collection_type = collection_type
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	428	self.description = description
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	429	self.legal_uris = legal_uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	430	self.mirrors = mirrors
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	431	self.name = name
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	432	self.origins = origins
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	433	self.refresh_seconds = refresh_seconds
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	434	self.registered = registered
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	435	self.registration_uri = registration_uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	436	self.related_uris = related_uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	437
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	438	def __add_uri(self, attr, uri, dup_check=None, priority=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	439	ssl_cert=None, ssl_key=None, trailing_slash=True):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	440	if not isinstance(uri, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	441	uri = RepositoryURI(uri, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	442	ssl_cert=ssl_cert, ssl_key=ssl_key,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	443	trailing_slash=trailing_slash)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	444
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	445	if dup_check:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	446	dup_check(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	447
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	448	ulist = getattr(self, attr)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	449	ulist.append(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	450	ulist.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	451
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	452	def __copy__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	453	cluris = [copy.copy(u) for u in self.legal_uris]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	454	cmirrors = [copy.copy(u) for u in self.mirrors]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	455	cruris = [copy.copy(u) for u in self.related_uris]
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	456	corigins = [copy.copy(u) for u in self.origins]
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	457
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	458	repo = Repository(collection_type=self.collection_type,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	459	description=self.description,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	460	legal_uris=cluris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	461	mirrors=cmirrors, name=self.name,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	462	origins=corigins,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	463	refresh_seconds=self.refresh_seconds,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	464	registered=self.registered,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	465	registration_uri=copy.copy(self.registration_uri),
2100 6a366b063036 17144 Unix socket support is defunct johansen <johansen@opensolaris.org> parents: 2097 diff changeset	466	related_uris=cruris)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	467	repo._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	468	return repo
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	469
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	470	def __replace_uris(self, attr, value, trailing_slash=True):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	471	if value is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	472	value = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	473	if not isinstance(value, list):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	474	raise api_errors.BadRepositoryAttributeValue(attr,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	475	value=value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	476	uris = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	477	for u in value:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	478	if not isinstance(u, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	479	u = RepositoryURI(u,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	480	trailing_slash=trailing_slash)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	481	elif trailing_slash:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	482	u.uri = misc.url_affix_trailing_slash(u.uri)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	483	uris.append(u)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	484	uris.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	485	return uris
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	486
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	487	def __set_collection_type(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	488	if value not in REPO_COLLECTION_TYPES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	489	raise api_errors.BadRepositoryCollectionType(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	490	self.__collection_type = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	491
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	492	def __set_legal_uris(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	493	self.__legal_uris = self.__replace_uris("legal_uris", value,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	494	trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	495
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	496	def __set_mirrors(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	497	self.__mirrors = self.__replace_uris("mirrors", value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	498
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	499	def __set_origins(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	500	self.__origins = self.__replace_uris("origins", value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	501
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	502	def __set_registration_uri(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	503	if value and not isinstance(value, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	504	value = RepositoryURI(value, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	505	self.__registration_uri = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	506
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	507	def __set_related_uris(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	508	self.__related_uris = self.__replace_uris("related_uris",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	509	value, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	510
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	511	def __set_refresh_seconds(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	512	if value is not None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	513	try:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	514	value = int(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	515	except (TypeError, ValueError):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	516	raise api_errors.BadRepositoryAttributeValue(
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	517	"refresh_seconds", value=value)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	518	if value < 0:
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	519	raise api_errors.BadRepositoryAttributeValue(
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	520	"refresh_seconds", value=value)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	521	self.__refresh_seconds = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	522
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	523	def __set_sort_policy(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	524	if value not in URI_SORT_POLICIES:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	525	raise api_errors.BadRepositoryURISortPolicy(value)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	526	self.__sort_policy = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	527
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	528	def add_legal_uri(self, uri, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	529	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	530	"""Adds the specified legal URI to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	531
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	532	'uri' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	533	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	534	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	535
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	536	self.__add_uri("legal_uris", uri, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	537	ssl_cert=ssl_cert, ssl_key=ssl_key, trailing_slash=False)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	538
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	539	def add_mirror(self, mirror, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	540	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	541	"""Adds the specified mirror to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	542
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	543	'mirror' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	544	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	545	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	546
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	547	def dup_check(mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	548	if self.has_mirror(mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	549	raise api_errors.DuplicateRepositoryMirror(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	550	mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	551
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	552	self.__add_uri("mirrors", mirror, dup_check=dup_check,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	553	priority=priority, ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	554
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	555	def add_origin(self, origin, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	556	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	557	"""Adds the specified origin to the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	558
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	559	'origin' can be a RepositoryURI object or a URI string. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	560	it is a RepositoryURI object, all other parameters will be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	561	ignored."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	562
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	563	def dup_check(origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	564	if self.has_origin(origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	565	raise api_errors.DuplicateRepositoryOrigin(
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	566	origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	567
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	568	self.__add_uri("origins", origin, dup_check=dup_check,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	569	priority=priority, ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	570
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	571	def add_related_uri(self, uri, priority=None, ssl_cert=None,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	572	ssl_key=None):
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	573	"""Adds the specified related URI to the repository.
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	574
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	575	'uri' can be a RepositoryURI object or a URI string. If
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	576	it is a RepositoryURI object, all other parameters will be
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	577	ignored."""
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	578
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	579	self.__add_uri("related_uris", uri, priority=priority,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	580	ssl_cert=ssl_cert, ssl_key=ssl_key, trailing_slash=False)
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	581
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	582	def get_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	583	"""Returns a RepositoryURI object representing the mirror
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	584	that matches 'mirror'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	585
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	586	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	587
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	588	if not isinstance(mirror, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	589	mirror = misc.url_affix_trailing_slash(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	590	for m in self.mirrors:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	591	if mirror == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	592	return m
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	593	raise api_errors.UnknownRepositoryMirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	594
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	595	def get_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	596	"""Returns a RepositoryURI object representing the origin
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	597	that matches 'origin'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	598
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	599	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	600
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	601	if not isinstance(origin, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	602	origin = misc.url_affix_trailing_slash(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	603	for o in self.origins:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	604	if origin == o.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	605	return o
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	606	raise api_errors.UnknownRepositoryOrigin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	607
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	608	def has_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	609	"""Returns a boolean value indicating whether a matching
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	610	'mirror' exists for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	611
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	612	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	613
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	614	if not isinstance(mirror, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	615	mirror = RepositoryURI(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	616	return mirror in self.mirrors
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	617
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	618	def has_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	619	"""Returns a boolean value indicating whether a matching
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	620	'origin' exists for the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	621
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	622	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	623
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	624	if not isinstance(origin, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	625	origin = RepositoryURI(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	626	return origin in self.origins
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	627
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	628	def remove_legal_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	629	"""Removes the legal URI matching 'uri' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	630
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	631	'uri' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	632
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	633	for i, m in enumerate(self.legal_uris):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	634	if uri == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	635	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	636	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	637	del self.legal_uris[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	638	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	639	raise api_errors.UnknownLegalURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	640
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	641	def remove_mirror(self, mirror):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	642	"""Removes the mirror matching 'mirror' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	643
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	644	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	645
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	646	if not isinstance(mirror, RepositoryURI):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	647	mirror = misc.url_affix_trailing_slash(mirror)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	648	for i, m in enumerate(self.mirrors):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	649	if mirror == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	650	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	651	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	652	del self.mirrors[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	653	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	654	raise api_errors.UnknownRepositoryMirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	655
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	656	def remove_origin(self, origin):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	657	"""Removes the origin matching 'origin' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	658
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	659	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	660
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	661	if not isinstance(origin, RepositoryURI):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	662	origin = RepositoryURI(origin)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	663	for i, o in enumerate(self.origins):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	664	if origin == o.uri and origin.proxy == o.proxy:
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	665	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	666	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	667	del self.origins[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	668	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	669	raise api_errors.UnknownRepositoryOrigin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	670
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	671	def remove_related_uri(self, uri):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	672	"""Removes the related URI matching 'uri' from the repository.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	673
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	674	'uri' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	675
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	676	for i, m in enumerate(self.related_uris):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	677	if uri == m.uri:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	678	# Immediate return as the index into the array
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	679	# changes with each removal.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	680	del self.related_uris[i]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	681	return
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	682	raise api_errors.UnknownRelatedURI(uri)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	683
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	684	def update_mirror(self, mirror, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	685	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	686	"""Updates an existing mirror object matching 'mirror'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	687
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	688	'mirror' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	689
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	690	if not isinstance(mirror, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	691	mirror = RepositoryURI(mirror, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	692	ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	693
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	694	target = self.get_mirror(mirror)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	695	target.priority = mirror.priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	696	target.ssl_cert = mirror.ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	697	target.ssl_key = mirror.ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	698	self.mirrors.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	699
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	700	def update_origin(self, origin, priority=None, ssl_cert=None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	701	ssl_key=None):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	702	"""Updates an existing origin object matching 'origin'.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	703
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	704	'origin' can be a RepositoryURI object or a URI string."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	705
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	706	if not isinstance(origin, RepositoryURI):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	707	origin = RepositoryURI(origin, priority=priority,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	708	ssl_cert=ssl_cert, ssl_key=ssl_key)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	709
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	710	target = self.get_origin(origin)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	711	target.priority = origin.priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	712	target.ssl_cert = origin.ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	713	target.ssl_key = origin.ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	714	self.origins.sort(key=URI_SORT_POLICIES[self.__sort_policy])
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	715
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	716	def reset_mirrors(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	717	"""Discards the current list of repository mirrors."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	718
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	719	self.mirrors = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	720
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	721	def reset_origins(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	722	"""Discards the current list of repository origins."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	723
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	724	self.origins = []
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	725
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	726	collection_type = property(lambda self: self.__collection_type,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	727	__set_collection_type, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	728	"""A constant value indicating the type of packages in the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	729	repository. The following collection types are recognized:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	730
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	731	REPO_CTYPE_CORE
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	732	The "core" type indicates that the repository contains
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	733	all of the dependencies declared by packages in the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	734	repository. It is primarily used for operating system
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	735	repositories.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	736
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	737	REPO_CTYPE_SUPPLEMENTAL
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	738	The "supplemental" type indicates that the repository
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	739	contains packages that rely on or are intended to be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	740	used with packages located in another repository.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	741
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	742	legal_uris = property(lambda self: self.__legal_uris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	743	__set_legal_uris, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	744	"""A list of RepositoryURI objects indicating where licensing,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	745	legal, and terms of service information for the repository can be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	746	found.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	747
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	748	mirrors = property(lambda self: self.__mirrors, __set_mirrors, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	749	"""A list of RepositoryURI objects indicating where package content
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	750	can be retrieved. If any value in the list provided is a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	751	string, it will be replaced with a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	752
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	753	origins = property(lambda self: self.__origins, __set_origins, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	754	"""A list of RepositoryURI objects indicating where package content
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	755	can be retrieved. If any value in the list provided is a URI
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	756	string, it will be replaced with a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	757
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	758	registration_uri = property(lambda self: self.__registration_uri,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	759	__set_registration_uri, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	760	"""A RepositoryURI object indicating a location clients can use to
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	761	register or obtain credentials needed to access the repository. If
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	762	the value provided is a URI string, it will be replaced with a
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	763	RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	764
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	765	related_uris = property(lambda self: self.__related_uris,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	766	__set_related_uris, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	767	"""A list of RepositoryURI objects indicating the location of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	768	related repositories that a client may be interested in. If any
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	769	value in the list provided is a URI string, it will be replaced with
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	770	a RepositoryURI object.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	771
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	772	refresh_seconds = property(lambda self: self.__refresh_seconds,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	773	__set_refresh_seconds, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	774	"""An integer value indicating the number of seconds clients should
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	775	wait before refreshing cached repository metadata information. A
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	776	value of None indicates that refreshes should be performed at the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	777	client's discretion.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	778
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	779	sort_policy = property(lambda self: self.__sort_policy,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	780	__set_sort_policy, None,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	781	"""A constant value indicating how legal_uris, mirrors, origins, and
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	782	related_uris should be sorted. The following policies are
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	783	recognized:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	784
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	785	URI_SORT_PRIORITY
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	786	The "priority" policy indicate that URIs should be
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	787	sorted according to the value of their priority
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	788	attribute.""")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	789
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	790
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	791	class Publisher(object):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	792	"""Class representing a publisher object and a set of interfaces to set
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	793	and retrieve its information.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	794
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	795	A publisher is a forward or reverse domain name identifying a source
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	796	(e.g. "publisher") of packages."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	797
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	798	# These properties are declared here so that they show up in the pydoc
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	799	# documentation as private, and for clarity in the property declarations
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	800	# found near the end of the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	801	__alias = None
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	802	__catalog = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	803	__client_uuid = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	804	__disabled = False
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	805	__meta_root = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	806	__origin_root = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	807	__prefix = None
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	808	__repository = None
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	809	__sticky = True
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	810	transport = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	811
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	812	# Used to store the id of the original object this one was copied
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	813	# from during __copy__.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	814	_source_object_id = None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	815
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	816	# Used to record those CRLs which are unreachable during the current
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	817	# operation.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	818	__bad_crls = set()
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	819
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	820	def __init__(self, prefix, alias=None, catalog=None, client_uuid=None,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	821	disabled=False, meta_root=None, repository=None,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	822	transport=None, sticky=True, props=None, revoked_ca_certs=EmptyI,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	823	approved_ca_certs=EmptyI, sys_pub=False):
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	824	"""Initialize a new publisher object.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	825
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	826	'catalog' is an optional Catalog object to use in place of
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	827	retrieving one from the publisher's meta_root. This option
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	828	may only be used when meta_root is not provided.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	829	"""
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	830
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	831	assert not (catalog and meta_root)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	832
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	833	if client_uuid is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	834	self.reset_client_uuid()
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	835	else:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	836	self.__client_uuid = client_uuid
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	837
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	838	self.sys_pub = False
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	839
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	840	# Note that the properties set here are intentionally lacking
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	841	# the '__' prefix which means assignment will occur using the
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	842	# get/set methods declared for the property near the end of
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	843	# the class definition.
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	844	self.alias = alias
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	845	self.disabled = disabled
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	846	self.prefix = prefix
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	847	self.transport = transport
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	848	self.meta_root = meta_root
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	849	self.sticky = sticky
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	850
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	851
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	852	self.__sig_policy = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	853	self.__delay_validation = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	854
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	855	self.__properties = {}
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	856
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	857	# Writing out an EmptyI to a config file and reading it back
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	858	# in doesn't work correctly at the moment, but reading and
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	859	# writing an empty list does. So if intermediate_certs is empty,
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	860	# make sure it's stored as an empty list.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	861	#
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	862	# The relevant implementation is probably the line which
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	863	# strips ][ from the input in imageconfig.read_list.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	864	if revoked_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	865	self.revoked_ca_certs = revoked_ca_certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	866	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	867	self.revoked_ca_certs = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	868
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	869	if approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	870	self.approved_ca_certs = approved_ca_certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	871	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	872	self.approved_ca_certs = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	873
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	874	if props:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	875	self.properties.update(props)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	876
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	877	self.ca_dict = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	878
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	879	if repository:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	880	self.repository = repository
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	881	self.sys_pub = sys_pub
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	882
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	883	# Must be done last.
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	884	self.__catalog = catalog
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	885
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	886	def __cmp__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	887	if other is None:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	888	return 1
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	889	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	890	return cmp(self.prefix, other.prefix)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	891	return cmp(self.prefix, other)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	892
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	893	@staticmethod
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	894	def __contains__(key):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	895	"""Supports deprecated compatibility interface."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	896
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	897	return key in ("client_uuid", "disabled", "mirrors", "origin",
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	898	"prefix", "ssl_cert", "ssl_key")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	899
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	900	def __copy__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	901	selected = None
1252 3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	902	pub = Publisher(self.__prefix, alias=self.__alias,
3b1b69011fcf 8709 ImageInterface.has_publisher has incorrect docstring Shawn Walker <srw@sun.com> parents: 1210 diff changeset	903	client_uuid=self.__client_uuid, disabled=self.__disabled,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	904	meta_root=self.meta_root,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	905	repository=copy.copy(self.repository),
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	906	transport=self.transport, sticky=self.__sticky,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	907	props=self.properties,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	908	revoked_ca_certs=self.revoked_ca_certs,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	909	approved_ca_certs=self.approved_ca_certs,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	910	sys_pub=self.sys_pub)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	911	pub._source_object_id = id(self)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	912	return pub
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	913
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	914	def __eq__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	915	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	916	return self.prefix == other.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	917	if isinstance(other, str):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	918	return self.prefix == other
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	919	return False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	920
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	921	def __getitem__(self, key):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	922	"""Deprecated compatibility interface allowing publisher
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	923	attributes to be read as pub["attribute"]."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	924
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	925	if key == "client_uuid":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	926	return self.__client_uuid
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	927	if key == "disabled":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	928	return self.__disabled
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	929	if key == "prefix":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	930	return self.__prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	931
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	932	repo = self.repository
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	933	if key == "mirrors":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	934	return [str(m) for m in repo.mirrors]
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	935	if key == "origin":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	936	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	937	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	938	return repo.origins[0].uri
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	939	if key == "ssl_cert":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	940	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	941	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	942	return repo.origins[0].ssl_cert
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	943	if key == "ssl_key":
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	944	if not repo.origins[0]:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	945	return None
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	946	return repo.origins[0].ssl_key
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	947
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	948	def __get_last_refreshed(self):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	949	if not self.meta_root:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	950	return None
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	951
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	952	lcfile = os.path.join(self.meta_root, "last_refreshed")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	953	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	954	mod_time = os.stat(lcfile).st_mtime
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	955	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	956	if e.errno == errno.ENOENT:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	957	return None
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	958	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	959	return dt.datetime.utcfromtimestamp(mod_time)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	960
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	961	def __ne__(self, other):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	962	if isinstance(other, Publisher):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	963	return self.prefix != other.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	964	if isinstance(other, str):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	965	return self.prefix != other
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	966	return True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	967
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	968	def __set_alias(self, value):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	969	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	970	raise api_errors.ModifyingSyspubException(
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	971	"Cannot set the alias of a system publisher")
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	972	# Aliases must comply with the same restrictions that prefixes
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	973	# have as they are intended to be useable in any case where
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	974	# a prefix may be used.
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	975	if value is not None and value != "" and \
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	976	not misc.valid_pub_prefix(value):
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	977	raise api_errors.BadPublisherAlias(value)
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	978	self.__alias = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	979
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	980	def __set_disabled(self, disabled):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	981	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	982	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	983	"enable or disable a system publisher"))
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	984
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	985	if disabled:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	986	self.__disabled = True
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	987	else:
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	988	self.__disabled = False
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	989
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	990	def __set_last_refreshed(self, value):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	991	if not self.meta_root:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	992	return
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	993
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	994	if value is not None and not isinstance(value, dt.datetime):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	995	raise api_errors.BadRepositoryAttributeValue(
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	996	"last_refreshed", value=value)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	997
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	998	lcfile = os.path.join(self.meta_root, "last_refreshed")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	999	if not value:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1000	# If no value was provided, attempt to remove the
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1001	# tracking file.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1002	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1003	portable.remove(lcfile)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1004	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1005	# If the file can't be removed due to
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1006	# permissions, a read-only filesystem, or
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1007	# because it doesn't exist, continue on.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1008	if e.errno not in (errno.ENOENT, errno.EACCES,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1009	errno.EROFS):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1010	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1011	return
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1012
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1013	def create_tracker():
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1014	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1015	f = open(lcfile, "wb")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1016	f.write("%s\n" % misc.time_to_timestamp(
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1017	calendar.timegm(value.utctimetuple())))
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1018	f.close()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1019	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1020	# If the file can't be written due to
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1021	# permissions or because the filesystem is
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1022	# read-only, continue on.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1023	if e.errno not in (errno.EACCES, errno.EROFS):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1024	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1025
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1026	try:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1027	# If a time was provided, write out a special file that
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1028	# can be used to track the information with the actual
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1029	# time (in UTC) contained within.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1030	create_tracker()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1031	except EnvironmentError, e:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1032	if e.errno != errno.ENOENT:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1033	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1034
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1035	# Assume meta_root doesn't exist and create it.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1036	try:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1037	self.create_meta_root()
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1038	except api_errors.PermissionsException:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1039	# If the directory can't be created due to
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1040	# permissions, move on.
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1041	pass
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1042	except EnvironmentError, e:
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1043	# If the directory can't be created due to a
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1044	# read-only filesystem, move on.
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1045	if e.errno != errno.EROFS:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1046	raise
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1047	else:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1048	# Try one last time.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1049	create_tracker()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1050
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1051	def __set_meta_root(self, pathname):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1052	if pathname:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1053	pathname = os.path.abspath(pathname)
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1054	self.__meta_root = pathname
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1055	if self.__catalog:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1056	self.__catalog.meta_root = self.catalog_root
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1057	if self.__meta_root:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1058	self.__origin_root = os.path.join(self.__meta_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1059	"origins")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1060	self.cert_root = os.path.join(self.__meta_root, "certs")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1061	self.__subj_root = os.path.join(self.cert_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1062	"subject_hashes")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1063	self.__crl_root = os.path.join(self.cert_root, "crls")
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1064
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1065	def __set_prefix(self, prefix):
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1066	if not misc.valid_pub_prefix(prefix):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1067	raise api_errors.BadPublisherPrefix(prefix)
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1068	self.__prefix = prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1069
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1070	def __set_repository(self, value):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1071	if not isinstance(value, Repository):
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1072	raise api_errors.UnknownRepository(value)
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1073	self.__repository = value
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1074	self.__catalog = None
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1075
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1076	def __set_client_uuid(self, value):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1077	self.__client_uuid = value
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1078
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1079	def __set_stickiness(self, value):
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1080	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1081	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1082	"change the stickiness of a system publisher"))
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1083	self.__sticky = bool(value)
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	1084
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1085	def __str__(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1086	return self.prefix
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1087
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1088	def __validate_metadata(self, croot, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1089	"""Private helper function to check the publisher's metadata
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1090	for configuration or other issues and log appropriate warnings
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1091	or errors. Currently only checks catalog metadata."""
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1092
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1093	c = pkg.catalog.Catalog(meta_root=croot, read_only=True)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1094	if not c.exists:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1095	# Nothing to validate.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1096	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1097	if not c.version > 0:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1098	# Validation doesn't apply.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1099	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1100	if not c.package_count:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1101	# Nothing to do.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1102	return
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1103
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1104	# XXX For now, perform this check using the catalog data.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1105	# In the future, it should be done using the output of the
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1106	# publisher/0 operation.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1107	pubs = c.publishers()
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1108
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1109	if self.prefix not in pubs:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1110	origins = repo.origins
1604 a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1111	origin = origins[0]
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1112	logger.error(_("""
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1113	Unable to retrieve package data for publisher '%(prefix)s' from one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1114	of the following origin(s):
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1115
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1116	%(origins)s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1117
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1118	The catalog retrieved from one of the origin(s) listed above only
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1119	contains package data for: %(pubs)s.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1120	""") % { "origins": "\n".join(str(o) for o in origins), "prefix": self.prefix,
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1121	"pubs": ", ".join(pubs) })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1122
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1123	if global_settings.client_name != "pkg":
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1124	logger.error(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1125	This is either a result of invalid origin information being provided
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1126	for publisher '%s', or because the wrong publisher name was
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1127	provided when this publisher was added.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1128	""") % self.prefix)
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1129	# Remaining messages are for pkg client only.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1130	return
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1131
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1132	logger.error(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1133	To resolve this issue, correct the origin information provided for
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1134	publisher '%(prefix)s' using the pkg set-publisher subcommand, or re-add
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1135	the publisher using the correct name and remove the '%(prefix)s'
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1136	publisher.
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1137	""") % { "prefix": self.prefix })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1138
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1139	if len(pubs) == 1:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1140	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1141	To re-add this publisher with the correct name, execute the following
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1142	commands as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1143
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1144	pkg set-publisher -P -g %(origin)s %(pub)s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1145	pkg unset-publisher %(prefix)s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1146	""") % { "origin": origin, "prefix": self.prefix, "pub": list(pubs)[0] })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1147	return
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1148
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1149	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1150	The origin(s) listed above contain package data for more than one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1151	publisher, but this issue can likely be resolved by executing one
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1152	of the following commands as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1153	"""))
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1154
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1155	for pfx in pubs:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1156	logger.warning(_("pkg set-publisher -P -g "
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1157	"%(origin)s %(pub)s\n") % {
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1158	"origin": origin, "pub": pfx })
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1159
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1160	logger.warning(_("""\
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1161	Afterwards, the old publisher should be removed by executing the
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1162	following command as a privileged user:
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1163
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1164	pkg unset-publisher %s
a150e634e8c2 13404 publisher prefix failure message needs update / improvement Shawn Walker <srw@sun.com> parents: 1549 diff changeset	1165	""") % self.prefix)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1166
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1167	@property
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1168	def catalog(self):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1169	"""A reference to the Catalog object for the publisher's
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1170	selected repository, or None if available."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1171
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1172	if not self.meta_root:
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1173	if self.__catalog:
60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1174	return self.__catalog
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1175	return None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1176
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1177	if not self.__catalog:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1178	croot = self.catalog_root
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1179	if not os.path.isdir(croot):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1180	# Current meta_root structure is likely in
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1181	# a state of transition, so don't provide a
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1182	# meta_root. Assume that an empty catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1183	# is desired instead. (This can happen during
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1184	# an image format upgrade.)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1185	croot = None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1186	self.__catalog = pkg.catalog.Catalog(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1187	meta_root=croot)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1188	return self.__catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1189
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1190	@property
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1191	def catalog_root(self):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1192	"""The absolute pathname of the directory containing the
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1193	Catalog data for the publisher, or None if meta_root is
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1194	not defined."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1195
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1196	if self.meta_root:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1197	return os.path.join(self.meta_root, "catalog")
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1198
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1199	def create_meta_root(self):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1200	"""Create the publisher's meta_root."""
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1201
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1202	if not self.meta_root:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1203	raise api_errors.BadPublisherMetaRoot(self.meta_root,
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1204	operation="create_meta_root")
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1205
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1206	for path in (self.meta_root, self.catalog_root):
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1207	try:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1208	os.makedirs(path)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1209	except EnvironmentError, e:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1210	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1211	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1212	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1213	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1214	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1215	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1216	elif e.errno != errno.EEXIST:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1217	# If the path already exists, move on.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1218	# Otherwise, raise the exception.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1219	raise
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1220	# Optional roots not needed for all operations.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1221	for path in (self.cert_root, self.__origin_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1222	self.__subj_root, self.__crl_root):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1223	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1224	os.makedirs(path)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1225	except EnvironmentError, e:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1226	if e.errno in (errno.EACCES, errno.EROFS):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1227	pass
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1228	elif e.errno != errno.EEXIST:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1229	# If the path already exists, move on.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1230	# Otherwise, raise the exception.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1231	raise
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1232
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1233	def get_origin_sets(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1234	"""Returns a list of Repository objects representing the unique
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1235	groups of origins available. Each group is based on the origins
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1236	that share identical package catalog data."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1237
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1238	if not self.repository or not self.repository.origins:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1239	# Guard against failure for publishers with no
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1240	# transport information.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1241	return []
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1242
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1243	if not self.meta_root or not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1244	# No way to identify unique sets.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1245	return [self.repository]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1246
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1247	# Index origins by tuple of (catalog creation, catalog modified)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1248	osets = collections.defaultdict(list)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1249
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1250	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1251	cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1252	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1253	if not cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1254	key = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1255	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1256	key = (str(cat.created), str(cat.last_modified))
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1257	osets[key].append(origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1258
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1259	# Now return a list of Repository objects (copies of the
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1260	# currently selected one) assigning each set of origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1261	# Sort by index to ensure consistent ordering.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1262	rval = []
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1263	for k in sorted(osets):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1264	nrepo = copy.copy(self.repository)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1265	nrepo.origins = osets[k]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1266	rval.append(nrepo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1267
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1268	return rval
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1269
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1270	def has_configuration(self):
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1271	"""Returns whether this publisher has any configuration which
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1272	should prevent its removal."""
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1273
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1274	return bool(self.__repository.origins or
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1275	self.__repository.mirrors or self.__sig_policy or
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1276	self.approved_ca_certs or self.revoked_ca_certs)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1277
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1278	@property
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1279	def needs_refresh(self):
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1280	"""A boolean value indicating whether the publisher's
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1281	metadata for the currently selected repository needs to be
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1282	refreshed."""
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1283
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1284	if not self.repository or not self.meta_root:
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1285	# Nowhere to obtain metadata from; this should rarely
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1286	# occur except during publisher initialization.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1287	return False
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1288
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1289	lc = self.last_refreshed
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1290	if not lc:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1291	# There is no record of when the publisher metadata was
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1292	# last refreshed, so assume it should be refreshed now.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1293	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1294
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1295	ts_now = time.time()
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1296	ts_last = calendar.timegm(lc.utctimetuple())
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1297
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1298	rs = self.repository.refresh_seconds
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1299	if not rs:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1300	# There is no indicator of how often often publisher
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1301	# metadata should be refreshed, so assume it should be
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1302	# now.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1303	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1304
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1305	if (ts_now - ts_last) >= rs:
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1306	# The number of seconds that has elapsed since the
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1307	# publisher metadata was last refreshed exceeds or
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1308	# equals the specified interval.
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1309	return True
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1310	return False
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	1311
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1312	def __get_origin_path(self, origin):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1313	if not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1314	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1315	# A digest of the URI string is used here to attempt to avoid
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1316	# path length problems.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1317	return os.path.join(self.__origin_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1318	hashlib.sha1(origin.uri).hexdigest())
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1319
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1320	def __gen_origin_paths(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1321	if not os.path.exists(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1322	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1323	for origin in self.repository.origins:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1324	yield origin, self.__get_origin_path(origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1325
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1326	def __rebuild_catalog(self):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1327	"""Private helper function that builds publisher catalog based
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1328	on catalog from each origin."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1329
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1330	# First, remove catalogs for any origins that no longer exist.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1331	ohashes = [
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1332	hashlib.sha1(o.uri).hexdigest()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1333	for o in self.repository.origins
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1334	]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1335
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1336	for entry in os.listdir(self.__origin_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1337	opath = os.path.join(self.__origin_root, entry)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1338	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1339	if entry in ohashes:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1340	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1341	except Exception:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1342	# Discard anything that isn't an origin.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1343	pass
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1344
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1345	# Not an origin or origin no longer exists; either way,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1346	# it shouldn't exist here.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1347	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1348	if os.path.isdir(opath):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1349	shutil.rmtree(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1350	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1351	portable.remove(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1352	except EnvironmentError, e:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1353	raise api_errors._convert_error(e)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1354
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1355	# Discard existing catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1356	self.catalog.destroy()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1357	self.__catalog = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1358
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1359	# Ensure all old catalog files are removed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1360	for entry in os.listdir(self.catalog_root):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1361	if entry == "attrs" or entry == "catalog" or \
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1362	entry.startswith("catalog."):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1363	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1364	portable.remove(os.path.join(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1365	self.catalog_root, entry))
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1366	except EnvironmentError, e:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1367	raise apx._convert_error(e)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1368
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1369	# If there's only one origin, then just symlink its catalog
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1370	# files into place.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1371	opaths = [entry for entry in self.__gen_origin_paths()]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1372	if len(opaths) == 1:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1373	opath = opaths[0][1]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1374	for fname in os.listdir(opath):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1375	if fname.startswith("catalog."):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1376	src = os.path.join(opath, fname)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1377	dest = os.path.join(self.catalog_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1378	fname)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1379	os.symlink(misc.relpath(src,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1380	self.catalog_root), dest)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1381	return
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1382
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1383	# If there's more than one origin, then create a new catalog
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1384	# based on a composite of the catalogs for all origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1385	ncat = pkg.catalog.Catalog(batch_mode=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1386	meta_root=self.catalog_root, sign=False)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1387
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1388	# Mark all operations as occurring at this time.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1389	op_time = dt.datetime.utcnow()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1390
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1391	# Copied from pkg.client.image.Image to avoid circular
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1392	# dependency.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1393	PKG_STATE_V0 = 6
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1394
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1395	for origin, opath in opaths:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1396	src_cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1397	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1398	for name in src_cat.parts:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1399	spart = src_cat.get_part(name, must_exist=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1400	if spart is None:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1401	# Client hasn't retrieved this part.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1402	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1403
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1404	npart = ncat.get_part(name)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1405	base = name.startswith("catalog.base.")
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	1406
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1407	# Avoid accessor overhead since these will be
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1408	# used for every entry.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1409	cat_ver = src_cat.version
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1410
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1411	for t, sentry in spart.tuple_entries(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1412	pubs=[self.prefix]):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1413	pub, stem, ver = t
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1414
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1415	entry = dict(sentry.iteritems())
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1416	try:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1417	npart.add(metadata=entry,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1418	op_time=op_time, pub=pub,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1419	stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1420	except api_errors.DuplicateCatalogEntry:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1421	if not base:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1422	# Don't care.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1423	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1424
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1425	# Destination entry is in
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1426	# catalog already.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1427	entry = npart.get_entry(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1428	pub=pub, stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1429
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1430	src_sigs = set(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1431	s
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1432	for s in sentry
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1433	if s.startswith("signature-")
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1434	)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1435	dest_sigs = set(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1436	s
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1437	for s in entry
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1438	if s.startswith("signature-")
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1439	)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1440
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1441	if src_sigs != dest_sigs:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1442	# Ignore any packages
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1443	# that are different
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1444	# from the first
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1445	# encountered for this
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1446	# package version.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1447	# The client expects
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1448	# these to always be
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1449	# the same. This seems
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1450	# saner than failing.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1451	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1452	else:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1453	if not base:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1454	# Nothing to do.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1455	continue
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1456
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1457	# Destination entry is one just
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1458	# added.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1459	entry["metadata"] = {
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1460	"sources": [],
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1461	"states": [],
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1462	}
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1463
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1464	entry["metadata"]["sources"].append(
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1465	origin.uri)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1466
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1467	states = entry["metadata"]["states"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1468	if src_cat.version == 0:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1469	states.append(PKG_STATE_V0)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1470
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1471	# Now go back and trim each entry to minimize footprint. This
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1472	# ensures each package entry only has state and source info
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1473	# recorded when needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1474	for t, entry in ncat.tuple_entries():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1475	pub, stem, ver = t
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1476	mdata = entry["metadata"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1477	if len(mdata["sources"]) == len(opaths):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1478	# Package is available from all origins, so
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1479	# there's no need to require which ones
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1480	# have it.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1481	del mdata["sources"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1482
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1483	if len(mdata["states"]) < len(opaths):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1484	# At least one source is not V0, so the lazy-
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1485	# load fallback for the package metadata isn't
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1486	# needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1487	del mdata["states"]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1488	elif len(mdata["states"]) > 1:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1489	# Ensure only one instance of state value.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1490	mdata["states"] = [PKG_STATE_V0]
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1491	if not mdata:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1492	mdata = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1493	ncat.update_entry(mdata, pub=pub, stem=stem, ver=ver)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1494
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1495	# Finally, write out publisher catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1496	ncat.batch_mode = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1497	ncat.finalize()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1498	ncat.save()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1499
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1500	def __convert_v0_catalog(self, v0_cat, v1_root):
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1501	"""Transforms the contents of the provided version 0 Catalog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1502	into a version 1 Catalog, replacing the current Catalog."""
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1503
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1504	v0_lm = v0_cat.last_modified()
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1505	if v0_lm:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1506	# last_modified can be none if the catalog is empty.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1507	v0_lm = pkg.catalog.ts_to_datetime(v0_lm)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1508
1358 6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1509	# There's no point in signing this catalog since it's simply
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1510	# a transformation of a v0 catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1511	v1_cat = pkg.catalog.Catalog(batch_mode=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1512	meta_root=v1_root, sign=False)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1513
1358 6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1514	# A check for a previous non-zero package count is made to
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1515	# determine whether the last_modified date alone can be
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1516	# relied on. This works around some oddities with empty
6fec8fbc15a6 11324 package state written to parent boot environment during image-update Shawn Walker <srw@sun.com> parents: 1352 diff changeset	1517	# v0 catalogs.
1606 7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1518	try:
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1519	# Could be 'None'
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1520	n0_pkgs = int(v0_cat.npkgs())
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1521	except (TypeError, ValueError):
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1522	n0_pkgs = 0
7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1523
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1524	if v1_cat.exists and n0_pkgs != v1_cat.package_version_count:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1525	if v0_lm == v1_cat.last_modified:
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1526	# Already converted.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1527	return
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1528	# Simply rebuild the entire v1 catalog every time, this
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1529	# avoids many of the problems that could happen due to
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1530	# deficiencies in the v0 implementation.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1531	v1_cat.destroy()
1606 7966bbfe38b7 13457 pkg refresh can fail for v0 repository with duplicate entry error Shawn Walker <srw@sun.com> parents: 1604 diff changeset	1532	self.__catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1533	v1_cat = pkg.catalog.Catalog(meta_root=v1_root,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1534	sign=False)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1535
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1536	# Now populate the v1 Catalog with the v0 Catalog's data.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1537	for f in v0_cat.fmris():
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1538	v1_cat.add_package(f)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1539
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1540	# Normally, the Catalog's attributes are automatically
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1541	# populated as a result of catalog operations. But in
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1542	# this case, we want the v1 Catalog's attributes to
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1543	# match those of the v0 catalog.
1369 e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1544	v1_cat.last_modified = v0_lm
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1545
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1546	# While this is a v1 catalog format-wise, v0 data is stored.
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1547	# This allows consumers to be aware that certain data won't be
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1548	# available in this catalog (such as dependencies, etc.).
e86145680c34 11359 catalog should offer lazy-load mechanism for action metadata Shawn Walker <srw@sun.com> parents: 1358 diff changeset	1549	v1_cat.version = 0
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1550
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1551	# Finally, save the new Catalog, and replace the old in-memory
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1552	# catalog.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1553	v1_cat.batch_mode = False
1549 cc81f5023603 13110 image catalog rebuild could be faster Shawn Walker <srw@sun.com> parents: 1516 diff changeset	1554	v1_cat.finalize()
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1555	v1_cat.save()
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1556
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1557	def __refresh_v0(self, croot, full_refresh, immediate, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1558	"""The method to refresh the publisher's metadata against
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1559	a catalog/0 source. If the more recent catalog/1 version
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1560	isn't supported, this routine gets invoked as a fallback.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1561	Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1562	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1563	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1564	if there were any updates."""
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1565
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1566	if full_refresh:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1567	immediate = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1568
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1569	# Catalog needs v0 -> v1 transformation if repository only
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1570	# offers v0 catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1571	v0_cat = old_catalog.ServerCatalog(croot, read_only=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1572	publisher=self.prefix)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1573
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1574	new_cat = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1575	v0_lm = None
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1576	if v0_cat.exists:
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1577	repo = self.repository
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1578	if full_refresh or v0_cat.origin() not in repo.origins:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1579	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1580	v0_cat.destroy(root=croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1581	except EnvironmentError, e:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1582	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1583	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1584	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1585	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1586	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1587	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1588	raise
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1589	immediate = True
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1590	else:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1591	new_cat = False
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1592	v0_lm = v0_cat.last_modified()
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1593
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1594	if not immediate and not self.needs_refresh:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1595	# No refresh needed.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1596	return False, False
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1597
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1598	import pkg.updatelog as old_ulog
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1599	try:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1600	# Note that this currently retrieves a v0 catalog that
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1601	# has to be converted to v1 format.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1602	self.transport.get_catalog(self, v0_lm, path=croot,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1603	alt_repo=repo)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1604	except old_ulog.UpdateLogException:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1605	# If an incremental update fails, attempt a full
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1606	# catalog retrieval instead.
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1607	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1608	v0_cat.destroy(root=croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1609	except EnvironmentError, e:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1610	if e.errno == errno.EACCES:
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1611	raise api_errors.PermissionsException(
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1612	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1613	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1614	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1615	e.filename)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1616	raise
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1617	self.transport.get_catalog(self, path=croot,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1618	alt_repo=repo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1619
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1620	v0_cat = pkg.server.catalog.ServerCatalog(croot, read_only=True,
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1621	publisher=self.prefix)
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1622
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1623	self.__convert_v0_catalog(v0_cat, croot)
1352 5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1624	if new_cat or v0_lm != v0_cat.last_modified():
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1625	# If the catalog was rebuilt, or the timestamp of the
5c92c9d342ef 11065 client v1 catalog support for v0 catalogs Shawn Walker <srw@sun.com> parents: 1254 diff changeset	1626	# catalog changed, then an update has occurred.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1627	return True, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1628	return False, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1629
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1630	def __refresh_v1(self, croot, tempdir, full_refresh, immediate,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1631	mismatched, repo):
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1632	"""The method to refresh the publisher's metadata against
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1633	a catalog/1 source. If the more recent catalog/1 version
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1634	isn't supported, __refresh_v0 is invoked as a fallback.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1635	Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1636	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1637	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1638	if there were any updates."""
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1639
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1640	# If full_refresh is True, then redownload should be True to
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1641	# ensure a non-cached version of the catalog is retrieved.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1642	# If full_refresh is False, but mismatched is True, then
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1643	# the retrieval requests should indicate that content should
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1644	# be revalidated before being returned. Note that this
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1645	# only applies to the catalog v1 case.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1646	redownload = full_refresh
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1647	revalidate = not redownload and mismatched
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1648
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1649	v1_cat = pkg.catalog.Catalog(meta_root=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1650	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1651	self.transport.get_catalog1(self, ["catalog.attrs"],
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1652	path=tempdir, redownload=redownload,
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1653	revalidate=revalidate, alt_repo=repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1654	except api_errors.UnsupportedRepositoryOperation:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1655	# No v1 catalogs available.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1656	if v1_cat.exists:
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1657	# Ensure v1 -> v0 transition works right.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1658	v1_cat.destroy()
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1659	self.__catalog = None
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1660	return self.__refresh_v0(croot, full_refresh, immediate,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1661	repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1662
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1663	# If a v0 catalog is present, remove it before proceeding to
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1664	# ensure transitions between catalog versions work correctly.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1665	v0_cat = old_catalog.ServerCatalog(croot, read_only=True,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1666	publisher=self.prefix)
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1667	if v0_cat.exists:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1668	v0_cat.destroy(root=croot)
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1669
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1670	# If above succeeded, we now have a catalog.attrs file. Parse
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1671	# this to determine what other constituent parts need to be
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1672	# downloaded.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1673	flist = []
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1674	if not full_refresh and v1_cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1675	flist = v1_cat.get_updates_needed(tempdir)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1676	if flist == None:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1677	return False, True
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1678	else:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1679	attrs = pkg.catalog.CatalogAttrs(meta_root=tempdir)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1680	for name in attrs.parts:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1681	locale = name.split(".", 2)[2]
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1682	# XXX Skip parts that aren't in the C locale for
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1683	# now.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1684	if locale != "C":
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1685	continue
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1686	flist.append(name)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1687
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1688	if flist:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1689	# More catalog files to retrieve.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1690	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1691	self.transport.get_catalog1(self, flist,
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1692	path=tempdir, redownload=redownload,
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1693	revalidate=revalidate, alt_repo=repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1694	except api_errors.UnsupportedRepositoryOperation:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1695	# Couldn't find a v1 catalog after getting one
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1696	# before. This would be a bizzare error, but we
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1697	# can try for a v0 catalog anyway.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1698	return self.__refresh_v0(croot, full_refresh,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1699	immediate, repo)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1700
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1701	# Clear __catalog, so we'll read in the new catalog.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1702	self.__catalog = None
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1703	v1_cat = pkg.catalog.Catalog(meta_root=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1704
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1705	# At this point the client should have a set of the constituent
1449 a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1706	# pieces that are necessary to construct a catalog. If a
a721d9b0aad2 12273 client catalog can mis-merge state information / lazy-load can fail Shawn Walker <srw@sun.com> parents: 1431 diff changeset	1707	# catalog already exists, call apply_updates. Otherwise,
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1708	# move the files to the appropriate location.
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1709	validate = False
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1710	if not full_refresh and v1_cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1711	v1_cat.apply_updates(tempdir)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1712	else:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1713	if v1_cat.exists:
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1714	# This is a full refresh. Destroy
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1715	# the existing catalog.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1716	v1_cat.destroy()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1717
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1718	for fn in os.listdir(tempdir):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1719	srcpath = os.path.join(tempdir, fn)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1720	dstpath = os.path.join(croot, fn)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1721	pkg.portable.rename(srcpath, dstpath)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1722
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1723	# Apply_updates validates the newly constructed catalog.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1724	# If refresh didn't call apply_updates, arrange to
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1725	# have the new catalog validated.
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1726	validate = True
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1727
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1728	if validate:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1729	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1730	v1_cat = pkg.catalog.Catalog(meta_root=croot)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1731	v1_cat.validate()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1732	except api_errors.BadCatalogSignatures:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1733	# If signature validation fails here, that means
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1734	# that the attributes and individual parts were
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1735	# self-consistent and not corrupt, but that the
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1736	# attributes and parts didn't match. This could
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1737	# be the result of a broken source providing
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1738	# an attributes file that is much older or newer
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1739	# than the catalog parts being provided.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1740	v1_cat.destroy()
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1741	raise api_errors.MismatchedCatalog(self.prefix)
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1742	return True, True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1743
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1744	def __refresh_origin(self, croot, full_refresh, immediate, mismatched,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1745	origin):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1746	"""Private helper method used to refresh catalog data for each
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1747	origin. Returns a tuple of (changed, refreshed) where 'changed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1748	indicates whether new catalog data was found and 'refreshed'
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1749	indicates that catalog data was actually retrieved to determine
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1750	if there were any updates."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1751
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1752	# Create a copy of the current repository object that only
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1753	# contains the origin specified.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1754	repo = copy.copy(self.repository)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1755	repo.origins = [origin]
2219 60ad60f7592c 2152 standalone package support needed (on-disk format) Shawn Walker <shawn.walker@oracle.com> parents: 2215 diff changeset	1756
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1757	# Create temporary directory for assembly of catalog pieces.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1758	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1759	misc.makedirs(croot)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1760	tempdir = tempfile.mkdtemp(dir=croot)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1761	except EnvironmentError, e:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1762	if e.errno == errno.EACCES:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1763	raise api_errors.PermissionsException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1764	e.filename)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1765	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1766	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1767	e.filename)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1768	raise
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1769
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1770	# Ensure that the temporary directory gets removed regardless
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1771	# of success or failure.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1772	try:
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1773	rval = self.__refresh_v1(croot, tempdir,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1774	full_refresh, immediate, mismatched, repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1775
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1776	# Perform publisher metadata sanity checks.
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1777	self.__validate_metadata(croot, repo)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1778
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1779	return rval
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1780	finally:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1781	# Cleanup tempdir.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1782	shutil.rmtree(tempdir, True)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1783
2352 3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1784	def __refresh(self, full_refresh, immediate, mismatched=False):
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1785	"""The method to handle the overall refresh process. It
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1786	determines if a refresh is actually needed, and then calls
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1787	the first version-specific refresh method in the chain."""
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1788
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1789	assert self.transport
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1790
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1791	if full_refresh:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1792	immediate = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1793
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1794	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1795	misc.makedirs(opath)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1796	cat = pkg.catalog.Catalog(meta_root=opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1797	read_only=True)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1798	if not cat.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1799	# If a catalog hasn't been retrieved for
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1800	# any of the origins, then a refresh is
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1801	# needed now.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1802	immediate = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1803	break
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1804
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1805	# Ensure consistent directory structure.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1806	self.create_meta_root()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1807
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1808	# Check if we already have a v1 catalog on disk.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1809	if not full_refresh and self.catalog.exists:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1810	# If catalog is on disk, check if refresh is necessary.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1811	if not immediate and not self.needs_refresh:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1812	# No refresh needed.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1813	return False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1814
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1815	any_changed = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1816	any_refreshed = False
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1817	for origin, opath in self.__gen_origin_paths():
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1818	changed, refreshed = self.__refresh_origin(opath,
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1819	full_refresh, immediate, mismatched, origin)
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1820	if changed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1821	any_changed = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1822	if refreshed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1823	any_refreshed = True
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1824
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1825	if any_refreshed:
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1826	# Update refresh time.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1827	self.last_refreshed = dt.datetime.utcnow()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1828
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1829	# Finally, build a new catalog for this publisher based on a
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1830	# composite of the catalogs from all origins.
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1831	self.__rebuild_catalog()
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1832
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1833	return any_changed
3c17f86cd994 18105 api should support multiple repositories (origins) with different package data Shawn Walker <shawn.walker@oracle.com> parents: 2310 diff changeset	1834
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1835	def refresh(self, full_refresh=False, immediate=False):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1836	"""Refreshes the publisher's metadata, returning a boolean
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1837	value indicating whether any updates to the publisher's
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1838	metadata occurred.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1839
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1840	'full_refresh' is an optional boolean value indicating whether
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1841	a full retrieval of publisher metadata (e.g. catalogs) or only
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1842	an update to the existing metadata should be performed. When
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1843	True, 'immediate' is also set to True.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1844
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1845	'immediate' is an optional boolean value indicating whether
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1846	a refresh should occur now. If False, a publisher's selected
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1847	repository will be checked for updates only if needs_refresh
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1848	is True."""
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1849
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1850	try:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1851	return self.__refresh(full_refresh, immediate)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1852	except (api_errors.BadCatalogUpdateIdentity,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1853	api_errors.DuplicateCatalogEntry,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1854	api_errors.ObsoleteCatalogUpdate,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1855	api_errors.UnknownUpdateType):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1856	if full_refresh:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1857	# Completely unexpected failure.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1858	# These exceptions should never
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1859	# be raised for a full refresh
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1860	# case anyway, so the error should
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1861	# definitely be raised.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1862	raise
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1863
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1864	# The incremental update likely failed for one or
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1865	# more of the following reasons:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1866	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1867	# * The origin for the publisher has changed.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1868	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1869	# * The catalog that the publisher is offering
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1870	# is now completely different (due to a restore
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1871	# from backup or --rebuild possibly).
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1872	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1873	# * The catalog that the publisher is offering
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1874	# has been restored to an older version, and
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1875	# packages that already exist in this client's
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1876	# copy of the catalog have been re-addded.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1877	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1878	# * The type of incremental update operation that
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1879	# that was performed on the catalog isn't supported
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1880	# by this version of the client, so a full retrieval
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1881	# is required.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1882	#
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1883	return self.__refresh(True, True)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1884	except api_errors.MismatchedCatalog:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1885	if full_refresh:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1886	# If this was a full refresh, don't bother
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1887	# retrying as it implies that the content
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1888	# retrieved wasn't cached.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1889	raise
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1890
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1891	# Retrieval of the catalog attributes and/or parts was
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1892	# successful, but the identity (digest or other
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1893	# information) didn't match the catalog attributes.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1894	# This could be the result of a misbehaving or stale
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1895	# cache.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1896	return self.__refresh(False, True, mismatched=True)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1897	except (api_errors.BadCatalogSignatures,
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1898	api_errors.InvalidCatalogFile):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1899	# Assembly of the catalog failed, but this could be due
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1900	# to a transient error. So, retry at least once more.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1901	return self.__refresh(True, True)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1902	except (api_errors.BadCatalogSignatures,
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1903	api_errors.InvalidCatalogFile):
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1904	# Assembly of the catalog failed, but this could be due
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1905	# to a transient error. So, retry at least once more.
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1906	return self.__refresh(True, True)
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1907
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1908	def remove_meta_root(self):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1909	"""Removes the publisher's meta_root."""
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1910
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1911	if not self.meta_root:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1912	raise api_errors.BadPublisherMetaRoot(self.meta_root,
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1913	operation="remove_meta_root")
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1914
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1915	try:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1916	shutil.rmtree(self.meta_root)
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1917	except EnvironmentError, e:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1918	if e.errno == errno.EACCES:
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1919	raise api_errors.PermissionsException(
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1920	e.filename)
1431 62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1921	if e.errno == errno.EROFS:
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1922	raise api_errors.ReadOnlyFileSystemException(
62b6033670e4 10416 server catalog v1 support desired Shawn Walker <srw@sun.com> parents: 1369 diff changeset	1923	e.filename)
1087 293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1924	if e.errno not in (errno.ENOENT, errno.ESRCH):
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1925	raise
293c0aa5f32e 8214 load_catalogs should only load catalog data when needed Shawn Walker <srw@sun.com> parents: 996 diff changeset	1926
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1927	def reset_client_uuid(self):
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1928	"""Replaces the current client_uuid with a new UUID."""
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1929
1516 8c950a3b4171 10485 move pkg(5) to Python 2.6 Rich Burridge <rich.burridge@sun.com> parents: 1505 diff changeset	1930	self.__client_uuid = str(uuid.uuid1())
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	1931
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1932	def validate_config(self, repo_uri=None):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1933	"""Verify that the publisher's configuration (such as prefix)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1934	matches that provided by the repository. If the configuration
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1935	does not match as expected, an UnknownRepositoryPublishers
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1936	exception will be raised.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1937
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1938	'repo_uri' is an optional RepositoryURI object or URI string
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1939	containing the location of the repository. If not provided,
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1940	the publisher's repository will be used instead."""
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1941
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1942	if repo_uri and not isinstance(repo_uri, RepositoryURI):
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1943	repo = RepositoryURI(repo_uri)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1944	elif not repo_uri:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1945	# Transport actually allows both type of objects.
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1946	repo = self
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1947	else:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1948	repo = repo_uri
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1949
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1950	pubs = None
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1951	try:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1952	pubs = self.transport.get_publisherdata(repo)
2028 b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1953	except (api_errors.TransportError,
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1954	api_errors.UnsupportedRepositoryOperation):
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1955	# Nothing more can be done (because the target origin
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1956	# can't be contacted, or beacuse it doesn't support
b2c674e6ee28 16744 repository multi-publisher on-disk format should be formalized and implemented Shawn Walker <shawn.walker@oracle.com> parents: 2026 diff changeset	1957	# retrievel of publisher configuration data).
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1958	return
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1959
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1960	if not pubs:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1961	raise api_errors.RepoPubConfigUnavailable(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1962	location=repo_uri, pub=self)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1963
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1964	if self.prefix not in pubs:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1965	known = [p.prefix for p in pubs]
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1966	if repo_uri:
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1967	raise api_errors.UnknownRepositoryPublishers(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1968	known=known, unknown=[self.prefix],
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1969	location=repo_uri)
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1970	raise api_errors.UnknownRepositoryPublishers(
40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1971	known=known, unknown=[self.prefix],
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1972	origins=self.repository.origins)
2022 40fbda1e14b7 16715 publisher refresh should validate retrieved catalog parts using catalog attributes Shawn Walker <shawn.walker@oracle.com> parents: 1968 diff changeset	1973
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1974	def approve_ca_cert(self, cert):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1975	"""Add the cert as a CA for manifest signing for this publisher.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1976
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1977	The 'cert' parameter is a string of the certificate to add.
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	1978	"""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1979
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	1980	hsh = self.__add_cert(cert)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	1981	# If the user had previously revoked this certificate, remove
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1982	# the certificate from that list.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	1983	if hsh in self.revoked_ca_certs:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1984	t = set(self.revoked_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1985	t.remove(hsh)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1986	self.revoked_ca_certs = list(t)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	1987	self.approved_ca_certs.append(hsh)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1988
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1989	def revoke_ca_cert(self, s):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1990	"""Record that the cert with hash 's' is no longer trusted
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1991	as a CA. This method currently assumes it's only invoked as
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1992	a result of user action."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1993
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1994	self.revoked_ca_certs.append(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1995	self.revoked_ca_certs = list(set(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1996	self.revoked_ca_certs))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1997	if s in self.approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1998	t = set(self.approved_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	1999	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2000	self.approved_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2001
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2002	def unset_ca_cert(self, s):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2003	"""If the cert with hash 's' has been added or removed by the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2004	user, undo the add or removal."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2005
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2006	if s in self.approved_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2007	t = set(self.approved_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2008	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2009	self.approved_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2010	if s in self.revoked_ca_certs:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2011	t = set(self.revoked_ca_certs)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2012	t.remove(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2013	self.revoked_ca_certs = list(t)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2014
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2015	@staticmethod
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2016	def __hash_cert(c):
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2017	return hashlib.sha1(c.as_pem()).hexdigest()
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2018
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2019	def __add_cert(self, s):
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2020	"""Add the pem representation of the certificate stored as a
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2021	string in 's' to the certificates this publisher knows about."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2022
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2023	self.create_meta_root()
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2024	try:
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2025	cert = m2.X509.load_cert_string(s)
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2026	except m2.X509.X509Error, e:
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2027	raise api_errors.BadFileFormat(_("The file with hash "
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2028	"%s was expected to be a PEM certificate but it "
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2029	"could not be read.") % pkg_hash)
ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2030	pkg_hash = self.__hash_cert(cert)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2031	pkg_hash_pth = os.path.join(self.cert_root, pkg_hash)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2032	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2033	with open(pkg_hash_pth, "wb") as fh:
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2034	fh.write(cert.as_pem())
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2035	except EnvironmentError, e:
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2036	raise api_errors._convert_error(e)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2037
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2038	# Note that while we store certs by their subject hashes,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2039	# M2Crypto's subject hashes differ from what openssl reports
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2040	# the subject hash to be.
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2041	subj_hsh = cert.get_subject().as_hash()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2042	c = 0
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2043	made_link = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2044	while not made_link:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2045	fn = os.path.join(self.__subj_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2046	"%s.%s" % (subj_hsh, c))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2047	if os.path.exists(fn):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2048	c += 1
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2049	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2050	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2051	portable.link(pkg_hash_pth, fn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2052	except EnvironmentError, e:
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2053	raise api_errors._convert_error(e)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2054	made_link = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2055	return pkg_hash
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2056
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2057	def get_cert_by_hash(self, pkg_hash, verify_hash=False,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2058	only_retrieve=False):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2059	"""Given a pkg5 hash, retrieve the cert that's associated with
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2060	it.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2061
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2062	The 'pkg_hash' parameter contains the file hash of the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2063	certificate to retrieve.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2064
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2065	The 'verify_hash' parameter determines the file that's read
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2066	from disk matches the expected hash.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2067
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2068	The 'only_retrieve' parameter determines whether a X509 object
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2069	is built from the certificate retrieved or if the certificate
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2070	is only stored on disk. """
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2071
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2072	assert not (verify_hash and only_retrieve)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2073	pth = os.path.join(self.cert_root, pkg_hash)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2074	if not os.path.exists(pth):
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2075	self.__add_cert(self.transport.get_content(self,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2076	pkg_hash))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2077	if only_retrieve:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2078	return None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2079	with open(pth, "rb") as fh:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2080	s = fh.read()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2081	c = m2.X509.load_cert_string(s)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2082
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2083	if verify_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2084	h = misc.get_data_digest(cStringIO.StringIO(s),
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2085	length=len(s))[0]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2086	if h != pkg_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2087	raise api_errors.ModifiedCertificateException(c,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2088	pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2089	return c
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2090
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2091	def __get_certs_by_name(self, name):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2092	"""Given 'name', a M2Crypto X509_Name, return the certs with
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2093	that name as a subject."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2094
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2095	res = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2096	c = 0
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2097	name_hsh = name.as_hash()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2098	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2099	while True:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2100	pth = os.path.join(self.__subj_root,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2101	"%s.%s" % (name_hsh, c))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2102	cert = m2.X509.load_cert(pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2103	res.append(cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2104	c += 1
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2105	except EnvironmentError, e:
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2106	t = api_errors._convert_error(e,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2107	[errno.ENOENT])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2108	if t:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2109	raise t
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2110	return res
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2111
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2112	def get_ca_certs(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2113	"""Return a dictionary of the CA certificates for this
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2114	publisher."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2115
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2116	if self.ca_dict is not None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2117	return self.ca_dict
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2118	self.ca_dict = {}
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2119	# CA certs approved for this publisher are stored by hash to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2120	# prevent the later substitution or confusion over what certs
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2121	# have or have not been approved.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2122	for h in set(self.approved_ca_certs):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2123	c = self.get_cert_by_hash(h, verify_hash=True)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2124	s = c.get_subject().as_hash()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2125	self.ca_dict.setdefault(s, [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2126	self.ca_dict[s].append(c)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2127	return self.ca_dict
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2128
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2129	def update_props(self, set_props=EmptyI, add_prop_values=EmptyDict,
9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2130	remove_prop_values=EmptyDict, unset_props=EmptyI):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2131	"""Update the properties set for this publisher with the ones
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2132	provided as arguments. The order of application is that any
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2133	existing properties are unset, then properties are set to their
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2134	new values, then values are added to properties, and finally
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2135	values are removed from properties."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2136
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2137	# Delay validation so that any intermittent inconsistent state
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2138	# doesn't cause problems.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2139	self.__delay_validation = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2140	# Remove existing properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2141	for n in unset_props:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2142	self.properties.pop(n, None)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2143	# Add or reset new properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2144	self.properties.update(set_props)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2145	# Add new values to properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2146	for n in add_prop_values.keys():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2147	self.properties.setdefault(n, [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2148	self.properties[n].extend(add_prop_values[n])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2149	# Remove values from properties.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2150	for n in remove_prop_values.keys():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2151	if n not in self.properties:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2152	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2153	"Cannot remove a value from the property "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2154	"%(name)s because the property does not "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2155	"exist.") % {"name":n})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2156	if not isinstance(self.properties[n], list):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2157	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2158	"Cannot remove a value from a single "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2159	"valued property, unset must be used. The "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2160	"property name is '%(name)s' and the "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2161	"current value is '%(value)s'") %
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2162	{"name":n, "value":self.properties[n]})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2163	for v in remove_prop_values[n]:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2164	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2165	self.properties[n].remove(v)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2166	except ValueError:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2167	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2168	"Cannot remove the value %(value)s "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2169	"from the property %(name)s "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2170	"because the value is not in the "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2171	"property's list.") %
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2172	{"value":v, "name":n})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2173	self.__delay_validation = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2174	self.__validate_properties()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2175
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2176	def __validate_properties(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2177	"""Check that the properties set for this publisher are
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2178	consistent with each other."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2179
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2180	if self.__properties.get(SIGNATURE_POLICY, "") == \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2181	"require-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2182	if not self.__properties.get("signature-required-names",
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2183	None):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2184	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2185	"At least one name must be provided for "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2186	"the signature-required-names policy."))
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2187
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2188	def __format_safe_read_crl(self, pth):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2189	"""CRLs seem to frequently come in DER format, so try reading
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2190	the CRL using both of the formats before giving up."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2191
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2192	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2193	return m2.X509.load_crl(pth)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2194	except m2.X509.X509Error:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2195	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2196	return m2.X509.load_crl(pth,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2197	format=m2.X509.FORMAT_DER)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2198	except m2.X509.X509Error:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2199	raise api_errors.BadFileFormat(_("The CRL file "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2200	"%s is not in a recognized format.") %
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2201	pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2202
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2203	def __get_crl(self, uri):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2204	"""Given a URI (for now only http URIs are supported), return
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2205	the CRL object created from the file stored at that uri."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2206
2263 42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2207	uri = uri.strip()
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2208	if uri.startswith("Full Name:"):
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2209	uri = uri[len("Full Name:"):]
42b8af0a12a1 17776 Need to update m2crypto to version 0.21.1 Brock Pytlik <brock.pytlik@oracle.com> parents: 2219 diff changeset	2210	uri = uri.strip()
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2211	if uri.startswith("URI:"):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2212	uri = uri[4:]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2213	if not uri.startswith("http://") and \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2214	not uri.startswith("file://"):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2215	raise api_errors.InvalidResourceLocation(uri.strip())
2272 d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2216	crl_host = DebugValues.get_value("crl_host")
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2217	if crl_host:
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2218	orig = urlparse.urlparse(uri)
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2219	crl = urlparse.urlparse(crl_host)
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2220	uri = urlparse.urlunparse(urlparse.ParseResult(
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2221	scheme=crl.scheme, netloc=crl.netloc,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2222	path=orig.path,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2223	params=orig.params, query=orig.params,
d81ea073d050 3617 Testsuite should allow choice for base port to use Brock Pytlik <brock.pytlik@oracle.com> parents: 2263 diff changeset	2224	fragment=orig.fragment))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2225	fn = urllib.quote(uri, "")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2226	assert os.path.isdir(self.__crl_root)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2227	fpath = os.path.join(self.__crl_root, fn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2228	crl = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2229	# Check if we already have a CRL for this URI.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2230	if os.path.exists(fpath):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2231	# If we already have a CRL, check whether it's time
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2232	# to retrieve a new one from the location.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2233	crl = self.__format_safe_read_crl(fpath)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2234	nu = crl.get_next_update().get_datetime()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2235	# get_datetime is supposed to return a UTC time, so
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2236	# assert that's the case.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2237	assert nu.tzinfo.utcoffset(nu) == dt.timedelta(0)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2238	# Add timezone info to cur_time so that cur_time and
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2239	# nu can be compared.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2240	cur_time = dt.datetime.now(nu.tzinfo)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2241	if cur_time < nu:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2242	return crl
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2243	# If the CRL is already known to be unavailable, don't try
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2244	# connecting to it again.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2245	if uri in Publisher.__bad_crls:
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2246	return crl
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2247	# If no CRL already exists or it's time to try to get a new one,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2248	# try to retrieve it from the server.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2249	tmp_pth = fpath + ".tmp"
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2250	with open(tmp_pth, "wb") as fh:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2251	hdl = pycurl.Curl()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2252	hdl.setopt(pycurl.URL, uri)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2253	hdl.setopt(pycurl.WRITEDATA, fh)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2254	hdl.setopt(pycurl.FAILONERROR, 1)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2255	hdl.setopt(pycurl.CONNECTTIMEOUT,
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2256	global_settings.PKG_CLIENT_CONNECT_TIMEOUT)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2257	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2258	hdl.perform()
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2259	except pycurl.error:
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2260	# If the CRL is unavailable, add it to the list
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2261	# of bad crls.
6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2262	Publisher.__bad_crls.add(uri)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2263	# If we should treat failure to get a new CRL
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2264	# as a failure, raise an exception here. If not,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2265	# if we should use an old CRL if it exists,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2266	# return that here. If none is available and
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2267	# that means the cert should not be treated as
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2268	# revoked, return None here.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2269	return crl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2270	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2271	ncrl = self.__format_safe_read_crl(tmp_pth)
2073 9fcacc9e5eaa 16998 transport should support publisher-specific write and read caches Shawn Walker <shawn.walker@oracle.com> parents: 2028 diff changeset	2272	except api_errors.BadFileFormat:
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2273	portable.remove(tmp_pth)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2274	return crl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2275	portable.rename(tmp_pth, fpath)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2276	return ncrl
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2277
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2278	def __check_crls(self, cert, ca_dict):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2279	"""Determines whether the certificate has been revoked by its
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2280	CRL.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2281
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2282	The 'cert' parameter is the certificate to check for revocation.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2283
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2284	The 'ca_dict' is a dictionary which maps subject hashes to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2285	certs treated as trust anchors."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2286
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2287	# If the certificate doesn't have a CRL location listed, treat
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2288	# it as valid.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2289	try:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2290	ext = cert.get_ext("crlDistributionPoints")
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2291	except LookupError, e:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2292	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2293	uri = ext.get_value()
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2294	crl = self.__get_crl(uri)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2295	# If we couldn't retrieve a CRL from the distribution point
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2296	# and no CRL is cached on disk, assume the cert has not been
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2297	# revoked. It's possible that this should be an image or
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2298	# publisher setting in the future.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2299	if not crl:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2300	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2301
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2302	# A CRL has been found, now it needs to be validated like
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2303	# a certificate is.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2304	verified_crl = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2305	crl_issuer = crl.get_issuer()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2306	tas = ca_dict.get(crl_issuer.as_hash(), [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2307	for t in tas:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2308	try:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2309	if crl.verify(t.get_pubkey()):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2310	# If t isn't approved for signing crls,
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2311	# the exception __check_extensions
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2312	# raises will take the code to the
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2313	# except below.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2314	self.__check_extensions(t,
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2315	CRL_SIGNING_USE, 0)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2316	verified_crl = True
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2317	except api_errors.SigningException:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2318	pass
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2319	if not verified_crl:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2320	crl_cas = self.__get_certs_by_name(crl_issuer)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2321	for c in crl_cas:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2322	if crl.verify(c.get_pubkey()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2323	try:
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2324	self.verify_chain(c, ca_dict, 0,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2325	usages=CRL_SIGNING_USE,)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2326	except api_errors.SigningException:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2327	pass
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2328	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2329	verified_crl = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2330	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2331	if not verified_crl:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2332	return True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2333	# For a certificate to be revoked, its CRL must be validated
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2334	# and revoked the certificate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2335	rev = crl.is_revoked(cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2336	if rev:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2337	raise api_errors.RevokedCertificate(cert, rev[1])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2338
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2339	def __check_revocation(self, cert, ca_dict):
2414 ce704b29a50c 18464 revoka-ca-cert needs a rethink Brock Pytlik <brock.pytlik@oracle.com> parents: 2408 diff changeset	2340	hsh = self.__hash_cert(cert)
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2341	if hsh in self.revoked_ca_certs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2342	raise api_errors.RevokedCertificate(cert,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2343	"User manually revoked certificate.")
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2344	self.__check_crls(cert, ca_dict)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2345
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2346	def __check_extensions(self, cert, usages, cur_pathlen):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2347	"""Check whether the critical extensions in this certificate
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2348	are supported and allow the provided use(s)."""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2349
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2350	def check_values(vs):
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2351	for v in vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2352	if v in supported_vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2353	continue
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2354	if v.startswith("PATHLEN:") and \
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2355	"PATHLEN:" in supported_vs:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2356	try:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2357	cert_pathlen = int(v[len("PATHLEN:"):])
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2358	except ValueError, e:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2359	raise api_errors.UnsupportedExtensionValue(cert, ext, v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2360	if cur_pathlen > cert_pathlen:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2361	raise api_errors.PathlenTooShort(cert, cur_pathlen, cert_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2362	continue
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2363	if len(vs) < 2:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2364	raise api_errors.UnsupportedExtensionValue(cert, ext)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2365	else:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2366	raise api_errors.UnsupportedExtensionValue(cert, ext, v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2367
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2368
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2369	for i in range(0, cert.get_ext_count()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2370	ext = cert.get_ext_at(i)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2371	name = ext.get_name()
2378 b8e3f6867b6c 18324 pkg needs to not traceback if m2crypto can't understand an x509 extension Brock Pytlik <brock.pytlik@oracle.com> parents: 2352 diff changeset	2372	if name == "UNDEF":
b8e3f6867b6c 18324 pkg needs to not traceback if m2crypto can't understand an x509 extension Brock Pytlik <brock.pytlik@oracle.com> parents: 2352 diff changeset	2373	continue
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2374	v = ext.get_value().upper()
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2375	# Check whether the extension name is recognized.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2376	if name in SUPPORTED_EXTENSION_VALUES:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2377	supported_vs = \
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2378	SUPPORTED_EXTENSION_VALUES[name]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2379	vs = [s.strip() for s in v.split(",")]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2380	# Check whether the values for the extension are
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2381	# recognized.
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2382	check_values(vs)
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2383	uses = usages.get(name, [])
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2384	if isinstance(uses, basestring):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2385	uses = [uses]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2386	# For each use, check to see whether it's
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2387	# permitted by the certificate's extension
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2388	# values.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2389	for u in uses:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2390	if u not in vs:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2391	raise api_errors.InappropriateCertificateUse(cert, ext, u)
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2392	# If the extension name is unrecognized and critical,
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2393	# then the chain cannot be verified.
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2394	elif ext.get_critical():
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2395	raise api_errors.UnsupportedCriticalExtension(
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2396	cert, ext)
2408 6424614c2ed1 18463 bad crl urls shouldn't bring pkg to a halt Brock Pytlik <brock.pytlik@oracle.com> parents: 2378 diff changeset	2397
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2398	def verify_chain(self, cert, ca_dict, cur_pathlen, required_names=None,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2399	usages=None):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2400	"""Validates the certificate against the given trust anchors.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2401
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2402	The 'cert' parameter is the certificate to validate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2403
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2404	The 'ca_dict' parameter is a dictionary which maps subject
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2405	hashes to certs treated as trust anchors.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2406
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2407	The 'cur_pathlen' parameter is an integer indicating how many
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2408	certificates have been found between cert and the leaf cert.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2409
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2410	The 'required_names' parameter is a set of strings that must
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2411	be seen as a CN in the chain of trust for the certificate."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2412
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2413	if required_names is None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2414	required_names = set()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2415	verified = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2416	continue_loop = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2417	certs_with_problems = []
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2418
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2419	ca_dict = copy.copy(ca_dict)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2420	for k, v in self.get_ca_certs().iteritems():
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2421	if k in ca_dict:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2422	ca_dict[k].extend(v)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2423	else:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2424	ca_dict[k] = v
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2425
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2426	def merge_dicts(d1, d2):
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2427	"""Function for merging usage dictionaries."""
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2428	res = copy.deepcopy(d1)
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2429	for k in d2:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2430	if k in res:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2431	res[k].extend(d2[k])
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2432	else:
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2433	res[k] = d2[k]
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2434	return res
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2435
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2436	def discard_names(cert, required_names):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2437	for cert_cn in [
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2438	str(c.get_data())
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2439	for c
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2440	in cert.get_subject().get_entries_by_nid(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2441	m2.X509.X509_Name.nid["CN"])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2442	]:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2443	required_names.discard(cert_cn)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2444
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2445	if not usages:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2446	usages = {}
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2447	for u in POSSIBLE_USES:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2448	usages = merge_dicts(usages, u)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2449
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2450	# Check whether we can validate this certificate.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2451	self.__check_extensions(cert, usages, cur_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2452
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2453	# Check whether this certificate has been revoked.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2454	self.__check_revocation(cert, ca_dict)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2455
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2456	while continue_loop:
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2457	# If this certificate's CN is in the set of required
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2458	# names, remove it.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2459	discard_names(cert, required_names)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2460
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2461	# Find the certificate that issued this certificate.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2462	issuer = cert.get_issuer()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2463	issuer_hash = issuer.as_hash()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2464
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2465	# See whether this certificate was issued by any of the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2466	# given trust anchors.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2467	for c in ca_dict.get(issuer_hash, []):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2468	if cert.verify(c.get_pubkey()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2469	verified = True
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2470	# Remove any required names found in the
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2471	# trust anchor.
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2472	discard_names(c, required_names)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2473	# If there are more names to check for
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2474	# continue up the chain of trust to look
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2475	# for them.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2476	if not required_names:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2477	continue_loop = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2478	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2479
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2480	# If the subject and issuer for this certificate are
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2481	# identical and the certificate hasn't been verified
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2482	# then this is an untrusted self-signed cert and should
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2483	# be rejected.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2484	if cert.get_subject().as_hash() == issuer_hash:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2485	if not verified:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2486	raise \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2487	api_errors.UntrustedSelfSignedCert(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2488	cert)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2489	# This break should break the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2490	# while continue_loop loop.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2491	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2492
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2493	# If the certificate hasn't been issued by a trust
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2494	# anchor or more names need to be found, continue
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2495	# looking up the chain of trust.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2496	if continue_loop:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2497	up_chain = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2498	# Keep track of certs that would have verified
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2499	# this certificate but had critical extensions
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2500	# we can't handle yet for error reporting.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2501	certs_with_problems = []
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2502	for c in self.__get_certs_by_name(issuer):
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2503	# If the certificate is approved to
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2504	# sign another certificate, verifies
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2505	# the current certificate, and hasn't
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2506	# been revoked, consider it as the
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2507	# next link in the chain. check_ca
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2508	# checks both the basicConstraints
b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2509	# extension and the keyUsage extension.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2510	if c.check_ca() and \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2511	cert.verify(c.get_pubkey()):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2512	problem = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2513	# Check whether this certificate
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2514	# has a critical extension we
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2515	# don't understand.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2516	try:
2215 b4355e8c5097 16856 need to check keyUsage for leaf certs Brock Pytlik <brock.pytlik@oracle.com> parents: 2100 diff changeset	2517	self.__check_extensions(
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2518	c, CERT_SIGNING_USE,
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2519	cur_pathlen)
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2520	self.__check_revocation(c,
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2521	ca_dict)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2522	except (api_errors.UnsupportedCriticalExtension, api_errors.RevokedCertificate), e:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2523	certs_with_problems.append(e)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2524	problem = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2525	# If this certificate has no
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2526	# problems with it, it's the
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2527	# next link in the chain so make
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2528	# it the current certificate and
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2529	# add one to cur_pathlen since
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2530	# there's one more chain cert
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2531	# between the code signing cert
938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2532	# and the root of the chain.
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2533	if not problem:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2534	up_chain = True
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2535	cert = c
2286 938fbb350ad2 16867 pkgsign should handle existing signatures better Brock Pytlik <brock.pytlik@oracle.com> parents: 2272 diff changeset	2536	cur_pathlen += 1
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2537	break
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2538	# If there's not another link in the chain to be
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2539	# found, stop the iteration.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2540	if not up_chain:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2541	continue_loop = False
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2542	# If the certificate wasn't verified against a trust anchor,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2543	# raise an exception.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2544	if not verified:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2545	raise api_errors.BrokenChain(cert,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2546	certs_with_problems)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2547
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2548	alias = property(lambda self: self.__alias, __set_alias,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2549	doc="An alternative name for a publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2550
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2551	client_uuid = property(lambda self: self.__client_uuid,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2552	__set_client_uuid,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2553	doc="A Universally Unique Identifier (UUID) used to identify a "
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2554	"client image to a publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2555
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2556	disabled = property(lambda self: self.__disabled, __set_disabled,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2557	doc="A boolean value indicating whether the publisher should be "
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2558	"used for packaging operations.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2559
996 31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2560	last_refreshed = property(__get_last_refreshed, __set_last_refreshed,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2561	doc="A datetime object representing the time (in UTC) the "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2562	"publisher's selected repository was last refreshed for new "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2563	"metadata (such as catalog updates). 'None' if the publisher "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2564	"hasn't been refreshed yet or the time is not available.")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2565
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2566	meta_root = property(lambda self: self.__meta_root, __set_meta_root,
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2567	doc="The absolute pathname of the directory where the publisher's "
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2568	"metadata should be written to and read from.")
31d152a5212b 7582 pkg set-publisher --no-refresh will delete catalogs Shawn Walker <Shawn.Walker@Sun.COM> parents: 926 diff changeset	2569
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2570	prefix = property(lambda self: self.__prefix, __set_prefix,
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2571	doc="The name of the publisher.")
6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2572
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2573	repository = property(lambda self: self.__repository,
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2574	__set_repository,
926 6ee411c9026a 5871 publisher apis desired Shawn Walker <Shawn.Walker@Sun.COM> parents: diff changeset	2575	doc="A reference to the selected repository object.")
1505 cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2576
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2577	sticky = property(lambda self: self.__sticky, __set_stickiness,
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2578	doc="Whether or not installed packages from this publisher are"
cc598d70bbbe 4425 pkg install should deal w/ complex dependency changes in one install Bart Smaalders <Bart.Smaalders@Sun.COM> parents: 1449 diff changeset	2579	" always preferred to other publishers.")
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2580
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2581	def __get_prop(self, name):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2582	"""Accessor method for properties dictionary"""
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2583	return self.__properties[name]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2584
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2585	@staticmethod
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2586	def __read_list(list_str):
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2587	"""Take a list in string representation and convert it back
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2588	to a Python list."""
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2589
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2590	list_str = list_str.encode("utf-8")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2591	# Strip brackets and any whitespace
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2592	list_str = list_str.strip("][ ")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2593	# Strip comma and any whitespeace
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2594	lst = list_str.split(", ")
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2595	# Strip empty whitespace, single, and double quotation marks
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2596	lst = [ s.strip("' \"") for s in lst ]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2597	# Eliminate any empty strings
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2598	lst = [ s for s in lst if s != '' ]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2599
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2600	return lst
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2601
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2602	def __set_prop(self, name, values):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2603	"""Accessor method to add a property"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2604	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2605	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2606	"set a property for a system publisher. The "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2607	"property was:%s") % name)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2608
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2609	if name == SIGNATURE_POLICY:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2610	self.__sig_policy = None
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2611	if isinstance(values, basestring):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2612	values = [values]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2613	policy_name = values[0]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2614	if policy_name not in sigpolicy.Policy.policies():
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2615	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2616	"%(val)s is not a valid value for this "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2617	"property:%(prop)s") % {"val": policy_name,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2618	"prop": SIGNATURE_POLICY})
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2619	if policy_name == "require-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2620	if self.__delay_validation:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2621	# If __delay_validation is set, then
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2622	# it's possible that
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2623	# signature-required-names was
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2624	# set by a previous call to set_prop
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2625	# file. If so, don't overwrite the
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2626	# values that have already been read.
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2627	self.__properties.setdefault(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2628	"signature-required-names", [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2629	self.__properties[
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2630	"signature-required-names"].extend(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2631	values[1:])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2632	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2633	self.__properties[
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2634	"signature-required-names"] = \
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2635	values[1:]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2636	self.__validate_properties()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2637	else:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2638	if len(values) > 1:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2639	raise api_errors.InvalidPropertyValue(_(
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2640	"The %s signature-policy takes no "
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2641	"argument.") % policy_name)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2642	self.__properties[SIGNATURE_POLICY] = policy_name
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2643	return
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2644	if name == "signature-required-names":
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2645	if isinstance(values, basestring):
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2646	values = self.__read_list(values)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2647	self.__properties[name] = values
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2648
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2649	def __del_prop(self, name):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2650	"""Accessor method for properties"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2651	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2652	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2653	"unset a property for a system publisher. The "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2654	"property was:%s") % name)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2655	del self.__properties[name]
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2656
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2657	def __prop_iter(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2658	return self.__properties.__iter__()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2659
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2660	def __prop_iteritems(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2661	"""Support iteritems on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2662	return self.__properties.iteritems()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2663
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2664	def __prop_keys(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2665	"""Support keys() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2666	return self.__properties.keys()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2667
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2668	def __prop_values(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2669	"""Support values() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2670	return self.__properties.values()
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2671
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2672	def __prop_getdefault(self, name, value):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2673	"""Support getdefault() on properties"""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2674	return self.__properties.get(name, value)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2675
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2676	def __prop_setdefault(self, name, value):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2677	"""Support setdefault() on properties"""
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2678	# Must set it this way so that the logic in __set_prop is used.
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2679	try:
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2680	return self.__properties[name]
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2681	except KeyError:
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2682	self.properties[name] = value
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2683	return value
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2684
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2685	def __prop_update(self, d):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2686	"""Support update() on properties"""
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2687
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2688	for k, v in d.iteritems():
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2689	# Must iterate through each value and
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2690	# set it this way so that the logic
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2691	# in __set_prop is used.
068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2692	self.properties[k] = v
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2693
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2694	def __prop_pop(self, d, default):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2695	"""Support pop() on properties"""
2310 ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2696	if self.sys_pub:
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2697	raise api_errors.ModifyingSyspubException(_("Cannot "
ce10607d5332 11684 desire option to not propagate certs to non-global zones Brock Pytlik <brock.pytlik@oracle.com> parents: 2286 diff changeset	2698	"unset a property for a system publisher."))
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2699	return self.__properties.pop(d, default)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2700
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2701	properties = DictProperty(__get_prop, __set_prop, __del_prop,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2702	__prop_iteritems, __prop_keys, __prop_values, __prop_iter,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2703	doc="A dict holding the properties for an image.",
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2704	fgetdefault=__prop_getdefault, fsetdefault=__prop_setdefault,
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2705	update=__prop_update, pop=__prop_pop)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2706
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2707	@property
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2708	def signature_policy(self):
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2709	"""Return the signature policy for the publisher."""
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2710
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2711	if self.__sig_policy is not None:
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2712	return self.__sig_policy
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2713	txt = self.properties.get(SIGNATURE_POLICY,
2097 068cc63b4d6e 17055 image configuration should use pkg.config classes Shawn Walker <shawn.walker@oracle.com> parents: 2073 diff changeset	2714	sigpolicy.DEFAULT_POLICY)
2026 d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2715	names = self.properties.get("signature-required-names", [])
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2716	self.__sig_policy = sigpolicy.Policy.policy_factory(txt, names)
d1b30615bc99 9196 pkg(5) should have support for cryptographic manifest signatures Brock Pytlik <bpytlik@sun.com> parents: 2022 diff changeset	2717	return self.__sig_policy

author	Brock Pytlik <brock.pytlik@oracle.com>
	Wed, 15 Jun 2011 20:06:10 -0700
changeset 2414	ce704b29a50c
parent 2408	6424614c2ed1
child 2433	7af4ccfa1c06
permissions	-rw-r--r--