From 2f26be49e0fc37f12945ee372ec7dbaba8de74bd Mon Sep 17 00:00:00 2001 From: Fabio Erculiani Date: Thu, 17 Dec 2009 18:48:03 +0100 Subject: [PATCH] [entropy.security] draft implementation of entropy.security.Repository (aimed for GPG support) --- libraries/entropy/const.py | 1 + libraries/entropy/security.py | 100 ++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/libraries/entropy/const.py b/libraries/entropy/const.py index 32e42bf80..501501408 100644 --- a/libraries/entropy/const.py +++ b/libraries/entropy/const.py @@ -434,6 +434,7 @@ def const_default_settings(rootdir): 'syslogdir': default_etp_syslogdir, # Entropy system tools log directory 'entropylogfile': default_etp_syslogdir+"entropy.log", + 'securitylogfile': default_etp_syslogdir+"security.log", 'equologfile': default_etp_syslogdir+"equo.log", 'spmlogfile': default_etp_syslogdir+"spm.log", 'socketlogfile': default_etp_syslogdir+"socket.log", diff --git a/libraries/entropy/security.py b/libraries/entropy/security.py index bf908ee45..14cc1c7ec 100644 --- a/libraries/entropy/security.py +++ b/libraries/entropy/security.py @@ -14,7 +14,9 @@ """ import os import shutil +import subprocess from entropy.exceptions import IncorrectParameter, InvalidData +from entropy.misc import LogFile from entropy.const import etpConst, etpCache, etpUi, const_setup_perms from entropy.i18n import _ from entropy.output import blue, bold, red, darkgreen, darkred @@ -930,3 +932,101 @@ class System: # remove temp stuff self.__cleanup_garbage() return 0 + + +class Repository: + + """ + This class provides a very simple Entropy repositories authenticity + mechanism based on public-key authentication. Using this class you can + sign or verify repository files. + This is the core class for public-key based repository security support. + Encryption is based on the RSA 2048bit algorithm. + + NOTE: this class requires gnupg installed. + """ + + GPG_EXEC = "/usr/bin/gpg" + + def __init__(self, repository_identifier): + """ + Instance constructor. + + @param repository_identifier: Entropy unique repository identifier + @type repository_identifier: string + """ + self.__repoid = repository_identifier + self.__encbits = 2048 + + # setup repositories keys dir + self.__keystore = os.path.join(etpConst['confrepokeysdir'], + repository_identifier) + self.__priv_key_name = repository_identifier + ".priv" + self.__pub_key_name = repository_identifier + ".pub" + + if not os.path.isdir(self.__keystore) and not \ + os.path.lexists(self.__keystore): + os.makedirs(self.__keystore, 0o755) + const_setup_perms(self.__keystore, etpConst['entropygid']) + + self.__logfile = LogFile(filename = etpConst['securitylogfile']) + + def check_functionality(self): + """ + Check interface library availability. True if library works fine. + + @return: interface library availability + @rtype: bool + """ + xec = Repository.GPG_EXEC + + args = (xec, "--version",) + proc = subprocess.Popen(args, stdout = self.__logfile.fileno(), + stderr = self.__logfile.fileno()) + exit_st = proc.wait() + + return exit_st == 0 + + def create_keypair(self): + """ + Create Entropy repository RSA keypair and store it. + + """ + raise NotImplementedError() + + def delete_keypair(self): + """ + + """ + raise NotImplementedError() + + def get_pubkey(self): + """ + + """ + raise NotImplementedError() + + def install_pubkey(self, pubkey_path): + """ + + """ + raise NotImplementedError() + + def remove_pubkey(self): + """ + + """ + raise NotImplementedError() + + def sign_files(self, file_paths, signature_path): + """ + + """ + raise NotImplementedError() + + def verify_files(self, file_paths, signature_path): + """ + + """ + raise NotImplementedError() +