This commit is contained in:
emdee 2024-01-09 14:16:55 +00:00
parent 7e491f4b8c
commit 2c8998aeb4
80 changed files with 8999 additions and 109 deletions

448
etc/hosts.yml Normal file
View File

@ -0,0 +1,448 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*-
# use double quotes exclusively around strings and
# use single quotes exclusively with lists - for bash post-processing
all:
children:
vbox_winrm_group:
hosts:
y_UEFI_MediCat_VHD_DW:
# /var/lib/libvirt/qemu/channel/target/domain-37-y_UEFI_MediCat_VHD_D/org.qemu.guest_agent.0
# doesnt work: ansible_connection: "libvirt_qemu"
BOX_SERVICE_MGR: "win11"
BOX_HOST_NAME: "y_UEFI_MediCat_VHD_DW"
UPD_WINRM_CRT_PASSWORD: ""
UPD_WINRM_CRT_NAME: "WINRM_WIN11VBOX cert for "
UPD_WINRM_FILE_BASE: "winrm-win11vbox"
UPD_WINRM_KEY_BITS: 4096
UPD_WINRM_HOST_NAME: "y_UEFI_MediCat_VHD_D"
UPD_WINRM_HOST_DEV: "vboxnet0"
UPD_WINRM_ADMIN_NAME: "administrator"
UPD_WINRM_ADMIN_PASS: "<get from vault>"
# NOT remote_addr:
ansible_winrm_host: "192.168.56.1"
# remote_user
ansible_winrm_user: "administrator"
BOX_DEFAULT_OUTPUT_IF: fixme
UPD_WINRM_WINRM_ADMIN_NAME: "winrmadmin"
UPD_WINRM_WINRM_ADMIN_PASS: "winrmadmin"
# List of winrm transports to attempt to to use (ssl, plaintext, kerberos, etc)
# python2 -c 'import winrm;print winrm.FEATURE_SUPPORTED_AUTHTYPES'
# ['basic', 'certificate', 'ntlm', 'kerberos', 'plaintext', 'ssl', 'credssp']
# FixMe: which one works?
UPD_WINRM_WINRM_TRANSPORT: "basic"
# Lati sda Disk identifier: 0A00A495-684B-425E-823F-60257EBD6D3B
vars:
#maybe ansible_connection: "winrm"
BOX_ANSIBLE_CONNECTIONS: ["libvirt_qemu"]
ansible_winrm_port: 5985
ansible_winrm_scheme: http
ansible_winrm_transport: ['basic', 'plaintext', 'certificate', 'ssl']
# NOT remote_user
# ansible_user
ansible_winrm_user: "Administrator"
#? ansible_password: ""
ansible_winrm_server_cert_validation: ignore
validate_certs: false
# NO proxy from environment - or ensure no_proxy
no_proxy: "localhost,127.0.0.1,192.168.56.1"
linux_unix_group:
children:
linux_local_group:
hosts:
pentoo:
ansible_remote_addr: "/mnt/linuxPen19"
BOX_HOST_NAME: "pentoo"
BOX_SERVICE_MGR: "openrc"
BOX_USER_NAME: "vagrant"
BOX_USER_GROUP: "users"
BOX_USER_HOME: "/home/vagrant"
BOX_OS_FAMILY: Gentoo
BOX_OS_NAME: gentoo
BOX_OS_FLAVOR: "Pentoo"
BOX_USR_LIB: lib
BOX_DEFAULT_OUTPUT_IF: wlan4
BOX_PROXY_MODE: selektor
BOX_WHONIX_PROXY_HOST: ""
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
# /usr/lib/jvm/openjdk-bin-*/conf/net.properties
BOX_ALSO_USERS:
- pentoo
BOX_PORTAGE_PYTHON_MINOR: "3.11"
BOX_PYTHON2_MINOR: "2.7"
BOX_PYTHON3_MINOR: "3.11"
BOX_GENTOO_FROM_MP: "/"
devuan:
ansible_remote_addr: "/mnt/linuxDev4" #ignored for local
BOX_HOST_NAME: "devuan"
BOX_SERVICE_MGR: "sysvinit"
BOX_USER_NAME: "devuan"
BOX_USER_GROUP: "adm"
BOX_USER_HOME: "/home/devuan"
BOX_OS_FAMILY: Debian
BOX_OS_NAME: Devuan
BOX_OS_FLAVOR: "Devuan"
BOX_USR_LIB: lib
BOX_DEFAULT_OUTPUT_IF: wlan6
BOX_DEVUAN5_VAR_APT_ARCHIVES: "/mnt/o/Cache/Devuan/5/var/cache/apt/archives"
BOX_ALSO_USERS: []
BOX_PORTAGE_PYTHON_MINOR: "3.11"
BOX_PYTHON2_MINOR: "2.7"
BOX_PYTHON3_MINOR: "3.11"
BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties
BOX_WHONIX_PROXY_HOST: ""
BOX_PROXY_MODE: tor
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
vars:
BOX_ANSIBLE_CONNECTIONS: ["local"]
BOX_REMOTE_MOUNTS: ['/mnt/h', '/mnt/j','/mnt/i', '/mnt/o', '/mnt/mnt/linuxPen19']
BOX_BASE_FEATURES: ['insecure_sudo']
BOX_PROXY_FEATURES: ['run_dnsmasq', 'run_privoxy']
BOX_TOXCORE_FEATURES: []
# libvirt_group could also be ssh_group
linux_libvirt_group:
hosts:
gentoo1:
ansible_remote_addr: "gentoo1"
ansible_host: "gentoo1"
ansible_ssh_user: "gentoo"
BOX_SERVICE_MGR: "openrc"
BOX_HOST_NAME: "gentoo1"
BOX_USER_NAME: "gentoo"
BOX_USER_GROUP: "adm"
BOX_ALSO_GROUP: "adm"
BOX_USER_HOME: "/home/gentoo"
BOX_OS_NAME: Gentoo
BOX_OS_FAMILY: Gentoo
BOX_OS_FLAVOR: "Gentoo"
BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: eth0
BOX_PYTHON2_MINOR: ""
BOX_PYTHON3_MINOR: "3.11"
BASE_PORTAGE_PYTHON_MINOR: 3.11
BOX_HOST_CONTAINER_MOUNTS: []
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_ALSO_USERS:
- gentoo
BOX_BASE_FEATURES: []
BOX_PROXY_FEATURES: []
BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
ubuntu18.04:
# /mnt
ansible_remote_addr: "ubuntu18.04"
# this is what the libvirt-qemu connector uses
ansible_host: "ubuntu18.04"
ansible_ssh_user: "vagrant"
BOX_SERVICE_MGR: systemd
BOX_HOST_NAME: "Ubuntu18.04"
BOX_USER_NAME: "vagrant"
BOX_USER_GROUP: "users"
BOX_USER_HOME: "/home/vagrant"
BOX_OS_FAMILY: Debian
BOX_OS_NAME: Ubuntu
BOX_OS_FLAVOR: "Ubuntu18"
BOX_USR_LIB: lib
BOX_UBUNTU16_VAR_APT_ARCHIVES: "/o/Cache/Apt/Ubuntu/18/var/cache/apt/archives"
ansible_python_interpreter: "/usr/bin/python3.6"
BOX_PYTHON2_MINOR: ""
BOX_PYTHON3_MINOR: "3.6"
BOX_REMOTE_MOUNTS: ['/mnt/o']
# BOX_WHONIX_PROXY_HOST: "Whonix-Gateway"
# BOX_PROXY_MODE: ws
# FixMe
base_system_users: ['vagrant']
BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
vars:
BOX_ANSIBLE_CONNECTIONS: ["ssh", "libvirt_qemu"]
# proxy from environment
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
# ansible_ssh_host: "127.0.0.1"
BOX_PROXY_FEATURES: []
BOX_ROOT_GROUP: root
BOX_PROXY_MODE: nat
BOX_DEFAULT_OUTPUT_IF: eth0
http_proxy: "http://127.0.0.1:3128"
https_proxy: "http://127.0.0.1:9128"
socks_proxy: "socks5://127.0.0.1:9050"
no_proxy: "localhost,127.0.0.1,127.0.0.1"
linux_chroot_group :
hosts:
linuxGentoo:
ansible_remote_addr: "/mnt/gentoo"
# required
ansible_host: "/mnt/gentoo"
BOX_SERVICE_MGR: "openrc"
BOX_HOST_NAME: "gentoo"
BOX_USER_NAME: "gentoo"
BOX_USER_GROUP: "adm"
BOX_USER_HOME: "/home/gentoo"
BOX_OS_FAMILY: Gentoo
BOX_OS_NAME: gentoo
BOX_OS_FLAVOR: "Gentoo"
BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: wlan6
BASE_PORTAGE_PYTHON_MINOR: 3.11
ansible_python_interpreter: "/usr/bin/python3.11"
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_ALSO_USERS:
- gentoo
BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}"
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
linuxPen19:
ansible_remote_addr: "/mnt/linuxPen19"
# required
ansible_host: "/mnt/linuxPen19"
BOX_SERVICE_MGR: "openrc"
BOX_HOST_NAME: "linuxPen19"
BOX_USER_NAME: "vagrant"
BOX_USER_GROUP: "adm"
BOX_USER_HOME: "/home/vagrant"
BOX_OS_FAMILY: Gentoo
BOX_OS_NAME: gentoo
BOX_OS_FLAVOR: "Pentoo"
BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: wlan6
BASE_PORTAGE_PYTHON_MINOR: 3.11
ansible_python_interpreter: "/usr/bin/python3.11"
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/i/net/Http/distfiles.gentoo.org/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_ALSO_USERS:
- gentoo
BOX_BASE_FEATURES: []
BOX_TOXCORE_FEATURES: ['nbd', 'libvirt', 'docker']
BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}"
# linux_chroot_group vars
vars:
BOX_ANSIBLE_CONNECTIONS: ["local", "chroot"]
# ignored? chroot_connection/exe in ansible.cfg?
ansible_chroot_exe: "/usr/local/sbin/base_chroot.bash"
#? ansible_ssh_common_args: "/usr/bin/env -i CHROOT=1"
# -i "PATH"
# -i "http_proxy https_proxy socks_proxy no_proxy"
#? -l
# for a non-root login: ansible_ssh_extra_args: "--userspec=foo:adm"
vars: # linux_unix_group
# toxcore
BOX_NBD_DEV: nbd1
BOX_NBD_MP: /mnt/gentoo
BOX_NBD_OVERLAY_NAME: "gentoo1"
BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr"
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
BOX_NBD_KERNEL_DIR: /usr/src/linux
BOX_NBD_BASE_PROFILE: openrc
BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr"
BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2"
BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2"
BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub"
# libvirt overlay
BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm"
BOX_NBD_LOGLEVEL: 10
BOX_NBD_OVERLAY_GB: "20"
BOX_NBD_OVERLAY_CPUS: 1
BOX_NBD_OVERLAY_RAM: 2048
BOX_NBD_OVERLAY_BR: virbr1
# unused?
BOX_NBD_OVERLAY_NETWORK: default
# plaintext
BOX_NBD_OVERLAY_PASS: "gentoo"
BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
vars:
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml
http_proxy: ""
https_proxy: ""
socks_proxy: ""
ftp_proxy: ""
no_proxy: "localhost,127.0.0.1"
SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem"
RSYNC_PROXY: ""
BOX_OS_FAMILY: ""
BOX_OS_NAME: ""
BOX_OS_FLAVOR: ""
BOX_DEFAULT_OUTPUT_IF: ""
BOX_ALSO_GROUP: "adm"
# only common to local and vagrant because /mnt/j is remote mounted - need a linux_group
BOX_ROOT_PIP_CACHE: "/mnt/o/Cache/Pip"
BOX_BOXUSER_PIP_CACHE: "/mnt/o/Cache/Pip"
HOST_MOUNT_SYMLINKS: []
HOST_MOUNT_SYMLINK_CONTENTS: {}
LXD_TRUST_PASSWORD: sekret
BOX_HOST_CONTAINER_MOUNTS:
- /mnt/l
- /mnt/e
- /mnt/h
- /mnt/i
- /mnt/j
- /mnt/q
- /mnt/w
- /mnt/o
BOX_DOS_SCAN_DIRS:
- /mnt/h
- /mnt/i
- /mnt/j
- /mnt/e
- /mnt/q
- /mnt/w
- /mnt/c
# These will fluctuate with what's been started - it's safe to open them all
# FixMe: should these go on no_proxy systematically
PRIV_TOR_LOCAL_NETS:
- "192.168.56.0/24"
BOX_ALSO_USERS: []
BOX_PYTHON2_MINOR: ""
BOX_PYTHON3_MINOR: "3.11"
BOX_BASH_SHELL: /bin/bash
BOX_IPV6_DISABLE: 1
BOX_EMACS_VERSION: 27
BOX_ROOT_USER: root
BOX_ROOT_GROUP: root
BOX_BYPASS_PROXY_GROUP: tor
BOX_FIREWALL_ALLOW_TRANS: false
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_BASE_FEATURES: []
BOX_LOGG_FEATURES: []
BOX_KEYS_FEATURES: ['tpm2'] # truecrypt
BOX_HARDEN_FEATURES: ['bubblewrap', 'sysctl', 'jabber'] # 'clamscan', firejail
# libvirt means 'qemu'
BOX_HOSTVMS_FEATURES: []
BOX_MISP_FEATURES: [] # 'kitchen'
BOX_W3AF_FEATURES: [] # 'kitchen'
BOX_MISP_GPG_PASS: gpg_pass_to_change_fast
BOX_timezone: UTC
BOX_hwclock_local: false
BOX_hwclock_systohc: true
BOX_hwclock_hctosys: false
BOX_PROXY_MODE: ""
BOX_DNS_PROXY: dnsmasq
BOX_TIME_DAEMON: ntpd
BOX_NTP_GROUP: ntp
BOX_NET_MANAGER: "networkmanager"
BOX_HTTP_PROXY: privoxy
# toxcore
BOX_NBD_DEV: ""
BOX_NBD_MP: ""
BOX_NBD_FILES: ""
BOX_NBD_LOGLEVEL: 20
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
BOX_NBD_KERNEL_DIR: /usr/src/linux
BOX_NBD_BASE_PROFILE: openrc
BOX_NBD_BASE_DIR: ""
BOX_NBD_BASE_QCOW: ""
BOX_NBD_BASE_PUBKEY: ""
# libvirt overlay
BOX_NBD_OVERLAY_QCOW: ""
BOX_NBD_OVERLAY_DIR: ""
BOX_NBD_OVERLAY_BR: ""
BOX_NBD_OVERLAY_GB: "20"
BOX_NBD_OVERLAY_NAME: ""
BOX_NBD_OVERLAY_CPUS: 1
BOX_NBD_OVERLAY_RAM: 2048
# plaintext
BOX_NBD_OVERLAY_PASS: ""
BOX_GENTOOIMGR_CONFIGFILE: ""
# Controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory variable.
#
ansible_module_compression: "ZIP_STORED"
ansible_python_interpreter: "/usr/local/bin/python3.sh"
BOX_ANSIBLE_VERSION: "2.9.22"
# Cannot communicate securely with peer: no common encryption algorithm(s).
# git.kernel.org/ sslversion = tlsv1.3
BOX_TLS_VERSION: "1.3"
BOX_SSL_GIT_SSLVERSION: "1.3"
# unused so far - needed by src/ansible_gentooimgr/gentooimgr/
BOX_ARCHITECTURE: amd64
BOX_SUBTYPE: -hardened
# https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened-openrc.txt
GENTOO_BASE_STAGE_OPENRC_TXT_URL: "https://distfiles.gentoo.org/releases/{{BOX_ARCHITECTURE}}/autobuilds/latest-stage3-{{BOX_ARCHITECTURE}}{{BOX_SUBTYPE}}-openrc.txt"
# plus .gpgsig and .md5sum
GENTOO_BASE_PORTAGE_URL: "https://distfiles.gentoo.org/snapshots/portage-latest.tar.xz"
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
#? Gentoo specific?
# unused so far
# missing HOSTVMS_LXD_TRUST_PASSWORD base_passwords_database
# /mnt/o/data/TestForge/src/ansible/roles/hostvms/tasks/vms.yml
box_passwords_database: "{{ lookup('env', 'USER')}}/Passwords.kdbx"
BOX_WHONIX_PROXY_HOST: ""
BOX_PROXY_FEATURES: []
BOX_GPG_SERVER: "keys.gnupg.net"
BOX_USR_LIB: lib
# if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else ''
BOX_GENTOO_FROM_MP: ''
# bc
MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}"
# # These are inventory overridden for connection = chroot in base_proxy.yml
# http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}"
# https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}"
# socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}"
# no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}"

View File

@ -220,12 +220,12 @@ all:
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
# ansible_ssh_host: "127.0.0.1"
BOX_NBD_OVERLAY_EXTERNAL: "0.0.0.0"
HTTP_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128"
HTTPS_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128"
SOCKS_PROXY: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050"
FTP_PROXY: ""
RSYNC_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128"
NO_PROXY: "localhost,127.0.0.1"
http_proxy: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128"
https_proxy: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128"
socks_proxy: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050"
ftp_proxy: ""
RSYNC_PROXY : "{{BOX_NBD_OVERLAY_EXTERNAL}}:3128"
no_proxy: "localhost,127.0.0.1"
linux_chroot_group :
@ -319,12 +319,12 @@ all:
vars:
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml
HTTP_PROXY: ""
HTTPS_PROXY: ""
SOCKS_PROXY: ""
FTP_PROXY: ""
http_proxy: ""
https_proxy: ""
socks_proxy: ""
ftp_proxy: ""
RSYNC_PROXY: ""
NO_PROXY: "localhost,127.0.0.1"
no_proxy: "localhost,127.0.0.1"
SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem"
BOX_OS_FAMILY: ""
@ -462,6 +462,7 @@ all:
BOX_WHONIX_PROXY_HOST: ""
BOX_PROXY_FEATURES: []
# get this from grep '^keyserver ' /root/.gnupg/dirmngr.conf instead
BOX_GPG_SERVER: "keys.gnupg.net"
BOX_USR_LIB: lib
# if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else ''

View File

@ -47,7 +47,6 @@ DOCUMENTATION = """
- name: ANSIBLE_LIBVIRT_TIMEOUT
vars:
- name: timeout
type: int
default: 5
required: false
"""

25
roles/toxcore/README.md Normal file
View File

@ -0,0 +1,25 @@
This role builds on, and requires, ../proxy_role which
basics for cntlm and socks and http and https proxies.
Look at the variables in defaults/main.yml to customize the role, and
double-check the settings in vars/*.yml.
It is multi-target and should run on Gentoo2, Debian4, Devuan5, Ubuntu18
athough only tested on Gentoo. To bring it up to date, just copy the
existing files in vars and maybe tasks to the new name and edit to suit,
but be advised that this code is systemd-challenged, like its author.
This role assumes a proxy is working, and has tests to check SSL
security, and expects you want to require TLS1.3, as anything less
is broken. We are seeing wide-spread MITM ssl attacks on anything less.
There is support for testing SSL across proxies, including tor.
It has basic testing scripts in place like pylint to test itself and
anything else.
It then puts the software in place to use the Tox internet-messager,
including ctypes wrapping of the library into Python, and an
integration testsuite.
It has 2 test scripts toxcore_daily.bash and toxcore_daily.bash than
run quick status checks and indepth testing respectively.

View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

View File

@ -0,0 +1,91 @@
Python module and tools for communicating in the Assuan_ protocol.
There are a number of GnuPG_ wrappers for python `out there`__, but
they mostly work via the ``gpg`` executable. This is an attempt to
cut to the chase and speak directly to ``gpgme-tool`` (source__) over
a well-defined socket protocol.
__ wrappers_
__ gpgme-tool_
Installation
============
Packages
--------
Gentoo
~~~~~~
I've packaged ``pyassuan`` for Gentoo_. You need layman_ and
my `wtk overlay`_. Install with::
# emerge -av app-portage/layman
# layman --add wtk
# emerge -av dev-python/pyassuan
Dependencies
------------
``pyassuan`` is a simple package with no external dependencies outside
the Python 3.3+ standard library.
Installing by hand
------------------
``pyassuan`` is available as a Git_ repository::
$ git clone git://tremily.us/pyassuan.git
See the homepage_ for details. To install the checkout, run the
standard::
$ python setup.py install
Usage
=====
Checkout the docstrings and the examples in ``bin``.
Testing
=======
Run the internal unit tests with `Python 3.2+'s unittest discovery`__::
$ python -m unittest discover
To test running servers by hand, you can use `gpg-connect-agent`_.
Despite the name, this program can connect to any Assuan server::
$ gpg-connect-agent --raw-socket name
__ unittest-discovery_
Licence
=======
This project is distributed under the `GNU General Public License
Version 3`_ or greater.
Author
======
W. Trevor King
wking@tremily.us
.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/
.. _GnuPG: http://www.gnupg.org/
.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard
.. _gpgme-tool:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
.. _Gentoo: http://www.gentoo.org/
.. _layman: http://layman.sourceforge.net/
.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/
.. _Git: http://git-scm.com/
.. _homepage: http://blog.tremily.us/posts/pyassuan/
.. _gpg-connect-agent:
http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html
.. _unittest-discovery:
https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery
.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html

View File

@ -0,0 +1,67 @@
#!/usr/bin/env python3
#
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Simple pinentry program for getting server info.
"""
from pyassuan import __version__
from pyassuan import client as _client
from pyassuan import common as _common
from pyassuan import error as _error
if __name__ == '__main__':
import argparse
import logging
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
'-v', '--version', action='version',
version='%(prog)s {}'.format(__version__))
parser.add_argument(
'-V', '--verbose', action='count', default=0,
help='increase verbosity')
parser.add_argument(
'filename',
help="path to server's unix socket")
args = parser.parse_args()
client = _client.AssuanClient(name='get-info', close_on_disconnect=True)
if args.verbose:
client.logger.setLevel(max(
logging.DEBUG, client.logger.level - 10*args.verbose))
client.connect(socket_path=args.filename)
try:
response = client.read_response()
assert response.type == 'OK', response
client.make_request(_common.Request('HELP'))
client.make_request(_common.Request('HELP GETINFO'))
for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']:
try:
client.make_request(_common.Request('GETINFO', attribute))
except _error.AssuanError as e:
if e.message.startswith('No data'):
pass
else:
raise
finally:
client.make_request(_common.Request('BYE'))
client.disconnect()

View File

@ -0,0 +1,393 @@
#!/usr/bin/env python3
#
# Copyright (C) 2012-2017 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Simple pinentry program for getting pins from a terminal.
"""
import copy as _copy
import os as _os
import os.path as _os_path
import pprint as _pprint
import re as _re
import signal as _signal
import sys as _sys
import termios as _termios
from pyassuan import __version__
from pyassuan import server as _server
from pyassuan import common as _common
from pyassuan import error as _error
class PinEntry (_server.AssuanServer):
"""pinentry protocol server
See ``pinentry-0.8.0/doc/pinentry.texi`` at::
ftp://ftp.gnupg.org/gcrypt/pinentry/
http://www.gnupg.org/aegypten/
for details on the pinentry interface.
Alternatively, you can just watch the logs and guess ;). Here's a
trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3)::
S: OK Your orders please
C: OPTION grab
S: OK
C: OPTION ttyname=/dev/pts/6
S: OK
C: OPTION ttytype=xterm
S: OK
C: OPTION lc-ctype=en_US.UTF-8
S: OK
C: OPTION lc-messages=en_US.UTF-8
S: OK
C: OPTION allow-external-password-cache
S: OK
C: OPTION default-ok=_OK
S: OK
C: OPTION default-cancel=_Cancel
S: OK
C: OPTION default-yes=_Yes
S: OK
C: OPTION default-no=_No
S: OK
C: OPTION default-prompt=PIN:
S: OK
C: OPTION default-pwmngr=_Save in password manager
S: OK
C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
S: OK
C: OPTION default-tt-visi=Make passphrase visible
S: OK
C: OPTION default-tt-hide=Hide passphrase
S: OK
C: GETINFO pid
S: D 14309
S: OK
C: SETKEYINFO u/S9464F2C2825D2FE3
S: OK
C: SETDESC Enter passphrase%0A
S: OK
C: SETPROMPT Passphrase
S: OK
C: GETPIN
S: D testing!
S: OK
C: BYE
S: OK closing connection
"""
_digit_regexp = _re.compile(r'\d+')
# from proc(5): pid comm state ppid pgrp session tty_nr tpgid
_tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)')
def __init__(self, name='pinentry', strict_options=False,
single_request=True, **kwargs):
self.strings = {}
self.connection = {}
super(PinEntry, self).__init__(
name=name, strict_options=strict_options,
single_request=single_request, **kwargs)
self.valid_options.append('ttyname')
def reset(self):
super(PinEntry, self).reset()
self.strings.clear()
self.connection.clear()
# user interface
def _connect(self):
self.logger.info('connecting to user')
self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options)))
tty_name = self.options.get('ttyname', None)
if tty_name:
self.connection['tpgrp'] = self._get_pgrp(tty_name)
self.logger.info(
'open to-user output stream for {}'.format(tty_name))
self.connection['to_user'] = open(tty_name, 'w')
self.logger.info(
'open from-user input stream for {}'.format(tty_name))
self.connection['from_user'] = open(tty_name, 'r')
self.logger.info('get current termios line discipline')
self.connection['original termios'] = _termios.tcgetattr(
self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...]
new_termios = _copy.deepcopy(self.connection['original termios'])
# translate carriage return to newline on input
new_termios[0] |= _termios.ICRNL
# do not ignore carriage return on input
new_termios[0] &= ~_termios.IGNCR
# do not echo input characters
new_termios[3] &= ~_termios.ECHO
# echo input characters
#new_termios[3] |= _termios.ECHO
# echo the NL character even if ECHO is not set
new_termios[3] |= _termios.ECHONL
# enable canonical mode
new_termios[3] |= _termios.ICANON
self.logger.info('adjust termios line discipline')
_termios.tcsetattr(
self.connection['to_user'], _termios.TCSANOW, new_termios)
self.logger.info('send SIGSTOP to pgrp {}'.format(
self.connection['tpgrp']))
#_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP)
_os.kill(-self.connection['tpgrp'], _signal.SIGSTOP)
self.connection['tpgrp stopped'] = True
else:
self.logger.info('no TTY name given; use stdin/stdout for I/O')
self.connection['to_user'] = _sys.stdout
self.connection['from_user'] = _sys.stdin
self.logger.info('connected to user')
self.connection['to_user'].write('\n') # give a clean line to work on
self.connection['active'] = True
def _disconnect(self):
self.logger.info('disconnecting from user')
try:
if self.connection.get('original termios', None):
self.logger.info('restore original termios line discipline')
_termios.tcsetattr(
self.connection['to_user'], _termios.TCSANOW,
self.connection['original termios'])
if self.connection.get('tpgrp stopped', None) is True:
self.logger.info(
'send SIGCONT to pgrp {}'.format(self.connection['tpgrp']))
#_os.killpg(self.connection['tpgrp'], _signal.SIGCONT)
_os.kill(-self.connection['tpgrp'], _signal.SIGCONT)
if self.connection.get('to_user', None) not in [None, _sys.stdout]:
self.logger.info('close to-user output stream')
self.connection['to_user'].close()
if self.connection.get('from_user',None) not in [None,_sys.stdout]:
self.logger.info('close from-user input stream')
self.connection['from_user'].close()
finally:
self.connection = {'active': False}
self.logger.info('disconnected from user')
def _get_pgrp(self, tty_name):
self.logger.info('find process group contolling {}'.format(tty_name))
proc = '/proc'
for name in _os.listdir(proc):
path = _os_path.join(proc, name)
if not (self._digit_regexp.match(name) and _os_path.isdir(path)):
continue # not a process directory
self.logger.debug('checking process {}'.format(name))
fd_path = _os_path.join(path, 'fd', '0')
try:
link = _os.readlink(fd_path)
except OSError as e:
self.logger.debug('not our process: {}'.format(e))
continue # permission denied (not one of our processes)
if link != tty_name:
self.logger.debug('wrong tty: {}'.format(link))
continue # not attached to our target tty
stat_path = _os_path.join(path, 'stat')
stat = open(stat_path, 'r').read()
self.logger.debug('check stat for pgrp: {}'.format(stat))
match = self._tpgrp_regexp.match(stat)
assert match != None, stat
pgrp = int(match.group(1))
self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name))
return pgrp
raise ValueError(tty_name)
def _write(self, string):
"Write text to the user's terminal."
self.connection['to_user'].write(string + '\n')
self.connection['to_user'].flush()
def _read(self):
"Read and return a line from the user's terminal."
# drop trailing newline
return self.connection['from_user'].readline()[:-1]
def _prompt(self, prompt='?', error=None, add_colon=True):
if add_colon:
prompt += ':'
if error:
self.connection['to_user'].write(error)
self.connection['to_user'].write('\n')
self.connection['to_user'].write(prompt)
self.connection['to_user'].write(' ')
self.connection['to_user'].flush()
return self._read()
# assuan handlers
def _handle_GETINFO(self, arg):
if arg == 'pid':
yield _common.Response('D', str(_os.getpid()).encode('ascii'))
elif arg == 'version':
yield _common.Response('D', __version__.encode('ascii'))
else:
raise _error.AssuanError(message='Invalid parameter')
yield _common.Response('OK')
def _handle_SETKEYINFO(self, arg):
self.strings['key info'] = arg
yield _common.Response('OK')
def _handle_CLEARPASSPHRASE(self, arg):
yield _common.Response('OK')
def _handle_SETDESC(self, arg):
self.strings['description'] = arg
yield _common.Response('OK')
def _handle_SETPROMPT(self, arg):
self.strings['prompt'] = arg
yield _common.Response('OK')
def _handle_SETERROR(self, arg):
self.strings['error'] = arg
yield _common.Response('OK')
def _handle_SETTITLE(self, arg):
self.strings['title'] = arg
yield _common.Response('OK')
def _handle_SETOK(self, arg):
self.strings['ok'] = arg
yield _common.Response('OK')
def _handle_SETCANCEL(self, arg):
self.strings['cancel'] = arg
yield _common.Response('OK')
def _handle_SETNOTOK(self, arg):
self.strings['not ok'] = arg
yield _common.Response('OK')
def _handle_SETQUALITYBAR(self, arg):
"""Adds a quality indicator to the GETPIN window.
This indicator is updated as the passphrase is typed. The
clients needs to implement an inquiry named "QUALITY" which
gets passed the current passphrase (percent-plus escaped) and
should send back a string with a single numerical vauelue
between -100 and 100. Negative values will be displayed in
red.
If a custom label for the quality bar is required, just add
that label as an argument as percent escaped string. You will
need this feature to translate the label because pinentry has
no internal gettext except for stock strings from the toolkit
library.
If you want to show a tooltip for the quality bar, you may use
C: SETQUALITYBAR_TT string
S: OK
With STRING being a percent escaped string shown as the tooltip.
Here is a real world example of these commands in use:
C: SETQUALITYBAR Quality%3a
S: OK
C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria.
S: OK
"""
self.strings['qualitybar'] = arg
yield _common.Response('OK')
def _handle_SETQUALITYBAR_TT(self, arg):
self.strings['qualitybar_tooltip'] = arg
yield _common.Response('OK')
def _handle_GETPIN(self, arg):
try:
self._connect()
self._write(self.strings['description'])
if 'key info' in self.strings:
self._write('key: {}'.format(self.strings['key info']))
if 'qualitybar' in self.strings:
self._write(self.strings['qualitybar'])
pin = self._prompt(
prompt=self.strings['prompt'],
error=self.strings.get('error'),
add_colon=False)
finally:
self._disconnect()
yield _common.Response('D', pin.encode('ascii'))
yield _common.Response('OK')
def _handle_CONFIRM(self, arg):
try:
self._connect()
self._write(self.strings['description'])
self._write('1) '+self.strings['ok'])
self._write('2) '+self.strings['not ok'])
value = self._prompt('?')
finally:
self._disconnect()
if value == '1':
yield _common.Response('OK')
else:
raise _error.AssuanError(message='Not confirmed')
def _handle_MESSAGE(self, arg):
self._write(self.strings['description'])
yield _common.Response('OK')
def _handle_CONFIRM(self, args):
assert args == '--one-button', args
try:
self._connect()
self._write(self.strings['description'])
self._write('1) '+self.strings['ok'])
value = self._prompt('?')
finally:
self._disconnect()
assert value == '1', value
yield _common.Response('OK')
if __name__ == '__main__':
import argparse
import logging
import traceback
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
'-v', '--version', action='version',
version='%(prog)s {}'.format(__version__))
parser.add_argument(
'-V', '--verbose', action='count', default=0,
help='increase verbosity')
parser.add_argument(
'--display',
help='set X display (ignored by this implementation)')
args = parser.parse_args()
p = PinEntry()
if args.verbose:
p.logger.setLevel(max(
logging.DEBUG, p.logger.level - 10*args.verbose))
try:
p.run()
except:
p.logger.error(
'exiting due to exception:\n{}'.format(
traceback.format_exc().rstrip()))
raise

View File

@ -0,0 +1,34 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""A Python implementation of the `Assuan protocol`_.
.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/
"""
import logging as _logging
import logging.handlers as _logging_handlers
__version__ = '0.2'
LOG = _logging.getLogger('pyassuan')
LOG.setLevel(_logging.ERROR)
LOG.addHandler(_logging.StreamHandler())
#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log'))
#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log'))
LOG.handlers[0].setFormatter(
_logging.Formatter('%(name)s: %(levelname)s: %(message)s'))

View File

@ -0,0 +1,190 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import logging as _logging
import socket as _socket
import sys as _sys
from . import LOG as _LOG
from . import common as _common
from . import error as _error
class AssuanClient (object):
"""A single-threaded Assuan client based on the `development suggestions`_
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html
"""
def __init__(self, name, logger=_LOG, use_sublogger=True,
close_on_disconnect=False):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
self.close_on_disconnect = close_on_disconnect
self.input = self.output = self.socket = None
def connect(self, socket_path=None):
if socket_path:
self.logger.info(
'connect to Unix socket at {}'.format(socket_path))
self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM)
self.socket.connect(socket_path)
self.input = self.socket.makefile('rb')
self.output = self.socket.makefile('wb')
else:
if not self.input:
self.logger.info('read from stdin')
self.input = _sys.stdin.buffer
if not self.output:
self.logger.info('write to stdout')
self.output = _sys.stdout.buffer
def disconnect(self):
if self.close_on_disconnect:
self.logger.info('disconnecting')
if self.input is not None:
self.input.close()
self.input = None
if self.output is not None:
self.output.close()
self.output = None
if self.socket is not None:
self.socket.shutdown(_socket.SHUT_RDWR)
self.socket.close()
self.socket = None
def raise_error(self, error):
self.logger.error(str(error))
raise(error)
def read_response(self):
line = self.input.readline()
if not line:
self.raise_error(
_error.AssuanError(message='IPC accept call failed'))
if len(line) > _common.LINE_LENGTH:
self.raise_error(
_error.AssuanError(message='Line too long'))
if not line.endswith(b'\n'):
self.logger.info('S: {}'.format(line))
self.raise_error(
_error.AssuanError(message='Invalid response'))
line = line[:-1] # remove trailing newline
response = _common.Response()
try:
response.from_bytes(line)
except _error.AssuanError as e:
self.logger.error(str(e))
raise
self.logger.info('S: {}'.format(response))
return response
def _write_request(self, request):
self.logger.info('C: {}'.format(request))
self.output.write(bytes(request))
self.output.write(b'\n')
try:
self.output.flush()
except IOError:
raise
def make_request(self, request, response=True, expect=['OK']):
self._write_request(request=request)
if response:
return self.get_responses(requests=[request], expect=expect)
def get_responses(self, requests=None, expect=['OK']):
responses = list(self.responses())
if responses[-1].type == 'ERR':
eresponse = responses[-1]
fields = eresponse.parameters.split(' ', 1)
code = int(fields[0])
if len(fields) > 1:
message = fields[1].strip()
else:
message = None
error = _error.AssuanError(code=code, message=message)
if requests is not None:
error.requests = requests
error.responses = responses
raise error
if expect:
assert responses[-1].type in expect, [str(r) for r in responses]
data = []
for response in responses:
if response.type == 'D':
data.append(response.parameters)
if data:
data = b''.join(data)
else:
data = None
return (responses, data)
def responses(self):
while True:
response = self.read_response()
yield response
if response.type not in ['S', '#', 'D']:
break
def send_data(self, data=None, response=True, expect=['OK']):
"""Iterate through requests necessary to send ``data`` to a server.
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
"""
requests = []
if data:
encoded_data = _common.encode(data)
start = 0
stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL
self.logger.debug('sending {} bytes of encoded data'.format(
len(encoded_data)))
while stop > start:
d = encoded_data[start:stop]
request = _common.Request(
command='D', parameters=encoded_data[start:stop],
encoded=True)
requests.append(request)
self.logger.debug('send {} byte chunk'.format(stop-start))
self._write_request(request=request)
start = stop
stop = start + min(_common.LINE_LENGTH-4,
len(encoded_data) - start)
request = _common.Request('END')
requests.append(request)
self._write_request(request=request)
if response:
return self.get_responses(requests=requests, expect=expect)
def send_fds(self, fds):
"""Send a file descriptor over a Unix socket.
"""
msg = '# descriptors in flight: {}\n'.format(fds)
self.logger.info('C: {}'.format(msg.rstrip('\n')))
msg = msg.encode('ascii')
return _common.send_fds(
socket=self.socket, msg=msg, fds=fds, logger=None)
def receive_fds(self, msglen=200, maxfds=10):
"""Receive file descriptors over a Unix socket.
"""
msg,fds = _common.receive_fds(
socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None)
msg = str(msg, 'utf-8')
self.logger.info('S: {}'.format(msg.rstrip('\n')))
return fds

View File

@ -0,0 +1,314 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Items common to both the client and server
"""
import array as _array
import re as _re
import socket as _socket
from . import LOG as _LOG
from . import error as _error
LINE_LENGTH = 1002 # 1000 + [CR,]LF
_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')'
_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN)
_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii'))
_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})')
_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})')
_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z')
def encode(data):
r"""
>>> encode('It grew by 5%!\n')
'It grew by 5%25!%0A'
>>> encode(b'It grew by 5%!\n')
b'It grew by 5%25!%0A'
"""
if isinstance(data, bytes):
regexp = _ENCODE_BYTE_REGEXP
else:
regexp = _ENCODE_STR_REGEXP
return regexp.sub(
lambda x : to_hex(x.group()), data)
def decode(data):
r"""
>>> decode('%22Look out!%22%0AWhere%3F')
'"Look out!"\nWhere?'
>>> decode(b'%22Look out!%22%0AWhere%3F')
b'"Look out!"\nWhere?'
"""
if isinstance(data, bytes):
regexp = _DECODE_BYTE_REGEXP
else:
regexp = _DECODE_STR_REGEXP
return regexp.sub(
lambda x : from_hex(x.group()), data)
def from_hex(code):
r"""
>>> from_hex('%22')
'"'
>>> from_hex('%0A')
'\n'
>>> from_hex(b'%0A')
b'\n'
"""
c = chr(int(code[1:], 16))
if isinstance(code, bytes):
c =c.encode('ascii')
return c
def to_hex(char):
r"""
>>> to_hex('"')
'%22'
>>> to_hex('\n')
'%0A'
>>> to_hex(b'\n')
b'%0A'
"""
hx = '%{:02X}'.format(ord(char))
if isinstance(char, bytes):
hx = hx.encode('ascii')
return hx
class Request (object):
"""A client request
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
>>> r = Request(command='BYE')
>>> str(r)
'BYE'
>>> r = Request(command='OPTION', parameters='testing at 5%')
>>> str(r)
'OPTION testing at 5%25'
>>> bytes(r)
b'OPTION testing at 5%25'
>>> r.from_bytes(b'BYE')
>>> r.command
'BYE'
>>> print(r.parameters)
None
>>> r.from_bytes(b'OPTION testing at 5%25')
>>> r.command
'OPTION'
>>> print(r.parameters)
testing at 5%
>>> r.from_bytes(b' invalid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 170 Invalid request
>>> r.from_bytes(b'in-valid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 170 Invalid request
"""
def __init__(self, command=None, parameters=None, encoded=False):
self.command = command
self.parameters = parameters
self.encoded = encoded
def __str__(self):
if self.parameters:
if self.encoded:
encoded_parameters = self.parameters
else:
encoded_parameters = encode(self.parameters)
return '{} {}'.format(self.command, encoded_parameters)
return self.command
def __bytes__(self):
if self.parameters:
if self.encoded:
encoded_parameters = self.parameters
else:
encoded_parameters = encode(self.parameters)
return '{} {}'.format(
self.command, encoded_parameters).encode('utf-8')
return self.command.encode('utf-8')
def from_bytes(self, line):
if len(line) > 1000: # TODO: byte-vs-str and newlines?
raise _error.AssuanError(message='Line too long')
line = str(line, encoding='utf-8')
match = _REQUEST_REGEXP.match(line)
if not match:
raise _error.AssuanError(message='Invalid request')
self.command = match.group(1)
if match.group(3):
if match.group(2):
self.parameters = decode(match.group(3))
else:
raise _error.AssuanError(message='Invalid request')
else:
self.parameters = None
class Response (object):
"""A server response
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
>>> r = Response(type='OK')
>>> str(r)
'OK'
>>> r = Response(type='ERR', parameters='1 General error')
>>> str(r)
'ERR 1 General error'
>>> bytes(r)
b'ERR 1 General error'
>>> r.from_bytes(b'OK')
>>> r.type
'OK'
>>> print(r.parameters)
None
>>> r.from_bytes(b'ERR 1 General error')
>>> r.type
'ERR'
>>> print(r.parameters)
1 General error
>>> r.from_bytes(b' invalid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 76 Invalid response
>>> r.from_bytes(b'in-valid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 76 Invalid response
"""
types = {
'O': 'OK',
'E': 'ERR',
'S': 'S',
'#': '#',
'D': 'D',
'I': 'INQUIRE',
}
def __init__(self, type=None, parameters=None):
self.type = type
self.parameters = parameters
def __str__(self):
if self.parameters:
return '{} {}'.format(self.type, encode(self.parameters))
return self.type
def __bytes__(self):
if self.parameters:
if self.type == 'D':
return b' '.join((b'D', self.parameters))
else:
return '{} {}'.format(
self.type, encode(self.parameters)).encode('utf-8')
return self.type.encode('utf-8')
def from_bytes(self, line):
if len(line) > 1000: # TODO: byte-vs-str and newlines?
raise _error.AssuanError(message='Line too long')
if line.startswith(b'D'):
self.command = t = 'D'
else:
line = str(line, encoding='utf-8')
t = line[0]
try:
type = self.types[t]
except KeyError:
raise _error.AssuanError(message='Invalid response')
self.type = type
if type == 'D': # data
self.parameters = decode(line[2:])
elif type == '#': # comment
self.parameters = decode(line[2:])
else:
match = _REQUEST_REGEXP.match(line)
if not match:
raise _error.AssuanError(message='Invalid request')
if match.group(3):
if match.group(2):
self.parameters = decode(match.group(3))
else:
raise _error.AssuanError(message='Invalid request')
else:
self.parameters = None
def error_response(error):
"""
>>> from pyassuan.error import AssuanError
>>> error = AssuanError(1)
>>> response = error_response(error)
>>> print(response)
ERR 1 General error
"""
return Response(type='ERR', parameters=str(error))
def send_fds(socket, msg=None, fds=None, logger=_LOG):
"""Send a file descriptor over a Unix socket using ``sendmsg``.
``sendmsg`` suport requires Python >= 3.3.
Code from
http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg
Assuan equivalent is
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd
"""
if msg is None:
msg = b''.join(
[b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n'])
if logger is not None:
logger.debug('sending file descriptors {} down {}'.format(fds, socket))
return socket.sendmsg(
[msg],
[(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))])
def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG):
"""Recieve file descriptors using ``recvmsg``.
``recvmsg`` suport requires Python >= 3.3.
Code from http://docs.python.org/dev/library/socket.html
Assuan equivalent is
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd
"""
fds = _array.array('i') # Array of ints
msg,ancdata,flags,addr = socket.recvmsg(
msglen, _socket.CMSG_LEN(maxfds * fds.itemsize))
for cmsg_level,cmsg_type,cmsg_data in ancdata:
if (cmsg_level == _socket.SOL_SOCKET and
cmsg_type == _socket.SCM_RIGHTS):
# Append data, ignoring any truncated integers at the end.
fds.fromstring(
cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)])
if logger is not None:
logger.debug('receiving file descriptors {} from {} ({})'.format(
fds, socket, msg))
return (msg, list(fds))

View File

@ -0,0 +1,302 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Assuan errors as defined in `libgpg-error`_.
The Assuan_ docs_ suggest these error codes.
.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/
.. _Assuan:
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html
"""
MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h
0: 'Success',
1: 'General error',
2: 'Unknown packet',
3: 'Unknown version in packet',
4: 'Invalid public key algorithm',
5: 'Invalid digest algorithm',
6: 'Bad public key',
7: 'Bad secret key',
8: 'Bad signature',
9: 'No public key',
10: 'Checksum error',
11: 'Bad passphrase',
12: 'Invalid cipher algorithm',
13: 'Keyring open',
14: 'Invalid packet',
15: 'Invalid armor',
16: 'No user ID',
17: 'No secret key',
18: 'Wrong secret key used',
19: 'Bad session key',
20: 'Unknown compression algorithm',
21: 'Number is not prime',
22: 'Invalid encoding method',
23: 'Invalid encryption scheme',
24: 'Invalid signature scheme',
25: 'Invalid attribute',
26: 'No value',
27: 'Not found',
28: 'Value not found',
29: 'Syntax error',
30: 'Bad MPI value',
31: 'Invalid passphrase',
32: 'Invalid signature class',
33: 'Resources exhausted',
34: 'Invalid keyring',
35: 'Trust DB error',
36: 'Bad certificate',
37: 'Invalid user ID',
38: 'Unexpected error',
39: 'Time conflict',
40: 'Keyserver error',
41: 'Wrong public key algorithm',
42: 'Tribute to D. A.',
43: 'Weak encryption key',
44: 'Invalid key length',
45: 'Invalid argument',
46: 'Syntax error in URI',
47: 'Invalid URI',
48: 'Network error',
49: 'Unknown host',
50: 'Selftest failed',
51: 'Data not encrypted',
52: 'Data not processed',
53: 'Unusable public key',
54: 'Unusable secret key',
55: 'Invalid value',
56: 'Bad certificate chain',
57: 'Missing certificate',
58: 'No data',
59: 'Bug',
60: 'Not supported',
61: 'Invalid operation code',
62: 'Timeout',
63: 'Internal error',
64: 'EOF (gcrypt)',
65: 'Invalid object',
66: 'Provided object is too short',
67: 'Provided object is too large',
68: 'Missing item in object',
69: 'Not implemented',
70: 'Conflicting use',
71: 'Invalid cipher mode',
72: 'Invalid flag',
73: 'Invalid handle',
74: 'Result truncated',
75: 'Incomplete line',
76: 'Invalid response',
77: 'No agent running',
78: 'agent error',
79: 'Invalid data',
80: 'Unspecific Assuan server fault',
81: 'General Assuan error',
82: 'Invalid session key',
83: 'Invalid S-expression',
84: 'Unsupported algorithm',
85: 'No pinentry',
86: 'pinentry error',
87: 'Bad PIN',
88: 'Invalid name',
89: 'Bad data',
90: 'Invalid parameter',
91: 'Wrong card',
92: 'No dirmngr',
93: 'dirmngr error',
94: 'Certificate revoked',
95: 'No CRL known',
96: 'CRL too old',
97: 'Line too long',
98: 'Not trusted',
99: 'Operation cancelled',
100: 'Bad CA certificate',
101: 'Certificate expired',
102: 'Certificate too young',
103: 'Unsupported certificate',
104: 'Unknown S-expression',
105: 'Unsupported protection',
106: 'Corrupted protection',
107: 'Ambiguous name',
108: 'Card error',
109: 'Card reset required',
110: 'Card removed',
111: 'Invalid card',
112: 'Card not present',
113: 'No PKCS15 application',
114: 'Not confirmed',
115: 'Configuration error',
116: 'No policy match',
117: 'Invalid index',
118: 'Invalid ID',
119: 'No SmartCard daemon',
120: 'SmartCard daemon error',
121: 'Unsupported protocol',
122: 'Bad PIN method',
123: 'Card not initialized',
124: 'Unsupported operation',
125: 'Wrong key usage',
126: 'Nothing found',
127: 'Wrong blob type',
128: 'Missing value',
129: 'Hardware problem',
130: 'PIN blocked',
131: 'Conditions of use not satisfied',
132: 'PINs are not synced',
133: 'Invalid CRL',
134: 'BER error',
135: 'Invalid BER',
136: 'Element not found',
137: 'Identifier not found',
138: 'Invalid tag',
139: 'Invalid length',
140: 'Invalid key info',
141: 'Unexpected tag',
142: 'Not DER encoded',
143: 'No CMS object',
144: 'Invalid CMS object',
145: 'Unknown CMS object',
146: 'Unsupported CMS object',
147: 'Unsupported encoding',
148: 'Unsupported CMS version',
149: 'Unknown algorithm',
150: 'Invalid crypto engine',
151: 'Public key not trusted',
152: 'Decryption failed',
153: 'Key expired',
154: 'Signature expired',
155: 'Encoding problem',
156: 'Invalid state',
157: 'Duplicated value',
158: 'Missing action',
159: 'ASN.1 module not found',
160: 'Invalid OID string',
161: 'Invalid time',
162: 'Invalid CRL object',
163: 'Unsupported CRL version',
164: 'Invalid certificate object',
165: 'Unknown name',
166: 'A locale function failed',
167: 'Not locked',
168: 'Protocol violation',
169: 'Invalid MAC',
170: 'Invalid request',
171: 'Unknown extension',
172: 'Unknown critical extension',
173: 'Locked',
174: 'Unknown option',
175: 'Unknown command',
176: 'Not operational',
177: 'No passphrase given',
178: 'No PIN given',
179: 'Not enabled',
180: 'No crypto engine',
181: 'Missing key',
182: 'Too many objects',
183: 'Limit reached',
184: 'Not initialized',
185: 'Missing issuer certificate',
198: 'Operation fully cancelled',
199: 'Operation not yet finished',
200: 'Buffer too short',
201: 'Invalid length specifier in S-expression',
202: 'String too long in S-expression',
203: 'Unmatched parentheses in S-expression',
204: 'S-expression not canonical',
205: 'Bad character in S-expression',
206: 'Bad quotation in S-expression',
207: 'Zero prefix in S-expression',
208: 'Nested display hints in S-expression',
209: 'Unmatched display hints',
210: 'Unexpected reserved punctuation in S-expression',
211: 'Bad hexadecimal character in S-expression',
212: 'Odd hexadecimal numbers in S-expression',
213: 'Bad octal character in S-expression',
257: 'General IPC error',
258: 'IPC accept call failed',
259: 'IPC connect call failed',
260: 'Invalid IPC response',
261: 'Invalid value passed to IPC',
262: 'Incomplete line passed to IPC',
263: 'Line passed to IPC too long',
264: 'Nested IPC commands',
265: 'No data callback in IPC',
266: 'No inquire callback in IPC',
267: 'Not an IPC server',
268: 'Not an IPC client',
269: 'Problem starting IPC server',
270: 'IPC read error',
271: 'IPC write error',
273: 'Too much data for IPC layer',
274: 'Unexpected IPC command',
275: 'Unknown IPC command',
276: 'IPC syntax error',
277: 'IPC call has been cancelled',
278: 'No input source for IPC',
279: 'No output source for IPC',
280: 'IPC parameter error',
281: 'Unknown IPC inquire',
1024: 'User defined error code 1',
1025: 'User defined error code 2',
1026: 'User defined error code 3',
1027: 'User defined error code 4',
1028: 'User defined error code 5',
1029: 'User defined error code 6',
1030: 'User defined error code 7',
1031: 'User defined error code 8',
1032: 'User defined error code 9',
1033: 'User defined error code 10',
1034: 'User defined error code 11',
1035: 'User defined error code 12',
1036: 'User defined error code 13',
1037: 'User defined error code 14',
1038: 'User defined error code 15',
1039: 'User defined error code 16',
16381: 'System error w/o errno',
16382: 'Unknown system error',
16383: 'End of file',
}
UNKNOWN = 'Unknown error code'
CODE = dict((message,code) for code,message in MESSAGE.items())
# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.)
class AssuanError (Exception):
r"""
>>> e = AssuanError(1)
>>> print(e)
1 General error
>>> e = AssuanError(1024, 'testing!')
>>> print(e)
1024 testing!
>>> e = AssuanError(message='Unknown packet')
>>> print(e)
2 Unknown packet
"""
def __init__(self, code=None, message=None):
if code is None and message is None:
raise ValueError('missing both `code` and `message`')
if message is None:
message = MESSAGE[code]
if code is None:
code = CODE.get(message, UNKNOWN)
self.code = code
self.message = message
super(AssuanError, self).__init__('{} {}'.format(code, message))

View File

@ -0,0 +1,299 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import logging as _logging
import re as _re
import socket as _socket
import sys as _sys
import threading as _threading
import traceback as _traceback
from . import LOG as _LOG
from . import common as _common
from . import error as _error
_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z')
class AssuanServer (object):
"""A single-threaded Assuan server based on the `devolpment suggestions`_
Extend by subclassing and adding ``_handle_XXX`` methods for each
command you want to handle.
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
"""
def __init__(self, name, logger=_LOG, use_sublogger=True,
valid_options=None, strict_options=True,
single_request=False, listen_to_quit=False,
close_on_disconnect=False):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
if valid_options is None:
valid_options = []
self.valid_options = valid_options
self.strict_options = strict_options
self.single_request = single_request
self.listen_to_quit = listen_to_quit
self.close_on_disconnect = close_on_disconnect
self.input = self.output = None
self.options = {}
self.reset()
def reset(self):
self.stop = False
self.options.clear()
def run(self):
self.reset()
self.logger.info('running')
self.connect()
try:
self.handle_requests()
finally:
self.disconnect()
self.logger.info('stopping')
def connect(self):
if not self.input:
self.logger.info('read from stdin')
self.input = _sys.stdin.buffer
if not self.output:
self.logger.info('write to stdout')
self.output = _sys.stdout.buffer
def disconnect(self):
if self.close_on_disconnect:
self.logger.info('disconnecting')
self.input = None
self.output = None
def handle_requests(self):
self.send_response(_common.Response('OK', 'Your orders please'))
self.output.flush()
while not self.stop:
line = self.input.readline()
if not line:
break # EOF
if len(line) > _common.LINE_LENGTH:
self.raise_error(
_error.AssuanError(message='Line too long'))
if not line.endswith(b'\n'):
self.logger.info('C: {}'.format(line))
self.send_error_response(
_error.AssuanError(message='Invalid request'))
continue
line = line[:-1] # remove the trailing newline
self.logger.info('C: {}'.format(line))
request = _common.Request()
try:
request.from_bytes(line)
except _error.AssuanError as e:
self.send_error_response(e)
continue
self.handle_request(request)
def handle_request(self, request):
try:
handle = getattr(
self, '_handle_{}'.format(request.command))
except AttributeError:
self.logger.warn('unknown command: {}'.format(request.command))
self.send_error_response(
_error.AssuanError(message='Unknown command'))
return
try:
responses = handle(request.parameters)
for response in responses:
self.send_response(response)
except _error.AssuanError as error:
self.send_error_response(error)
return
except Exception as e:
self.logger.error(
'exception while executing {}:\n{}'.format(
handle, _traceback.format_exc().rstrip()))
self.send_error_response(
_error.AssuanError(message='Unspecific Assuan server fault'))
return
def send_response(self, response):
"""For internal use by ``.handle_requests()``
"""
rstring = str(response)
self.logger.info('S: {}'.format(response))
self.output.write(bytes(response))
self.output.write(b'\n')
try:
self.output.flush()
except IOError:
if not self.stop:
raise
def send_error_response(self, error):
"""For internal use by ``.handle_requests()``
"""
self.send_response(_common.error_response(error))
# common commands defined at
# http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
def _handle_BYE(self, arg):
if self.single_request:
self.stop = True
yield _common.Response('OK', 'closing connection')
def _handle_RESET(self, arg):
self.reset()
def _handle_END(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_HELP(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_QUIT(self, arg):
if self.listen_to_quit:
self.stop = True
yield _common.Response('OK', 'stopping the server')
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_OPTION(self, arg):
"""
>>> s = AssuanServer(name='test', valid_options=['my-op'])
>>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '1'}
>>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '2'}
>>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '3'}
>>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': None}
>>> list(s._handle_OPTION('inv'))
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 174 Unknown option
>>> list(s._handle_OPTION('in|valid'))
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 90 Invalid parameter
"""
match = _OPTION_REGEXP.match(arg)
if not match:
raise _error.AssuanError(message='Invalid parameter')
name,space,equal,value = match.groups()
if value and not space and not equal:
# need either space or equal to separate value
raise _error.AssuanError(message='Invalid parameter')
if name not in self.valid_options:
if self.strict_options:
raise _error.AssuanError(message='Unknown option')
else:
self.logger.info('skipping invalid option: {}'.format(name))
else:
if not value:
value = None
self.options[name] = value
yield _common.Response('OK')
def _handle_CANCEL(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_AUTH(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
class AssuanSocketServer (object):
"""A threaded server spawning ``AssuanServer``\s for each connection
"""
def __init__(self, name, socket, server, kwargs={}, max_threads=10,
logger=_LOG, use_sublogger=True):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
self.socket = socket
self.server = server
assert 'name' not in kwargs, kwargs['name']
assert 'logger' not in kwargs, kwargs['logger']
kwargs['logger'] = self.logger
assert 'use_sublogger' not in kwargs, kwargs['use_sublogger']
kwargs['use_sublogger'] = True
if 'close_on_disconnect' in kwargs:
assert kwargs['close_on_disconnect'] == True, (
kwargs['close_on_disconnect'])
else:
kwargs['close_on_disconnect'] = True
self.kwargs = kwargs
self.max_threads = max_threads
self.threads = []
def run(self):
self.logger.info('listen on socket')
self.socket.listen()
thread_index = 0
while True:
socket,address = self.socket.accept()
self.logger.info('connection from {}'.format(address))
self.cleanup_threads()
if len(threads) > self.max_threads:
self.drop_connection(socket, address)
self.spawn_thread(
'server-thread-{}'.format(thread_index), socket, address)
thread_index = (thread_index + 1) % self.max_threads
def cleanup_threads(self):
i = 0
while i < len(self.threads):
thread = self.threads[i]
thread.join(0)
if thread.is_alive():
self.logger.info('joined thread {}'.format(thread.name))
self.threads.pop(i)
thread.socket.shutdown()
thread.socket.close()
else:
i += 1
def drop_connection(self, socket, address):
self.logger.info('drop connection from {}'.format(address))
# TODO: proper error to send to the client?
def spawn_thread(self, name, socket, address):
server = self.server(name=name, **self.kwargs)
server.input = socket.makefile('rb')
server.output = socket.makefile('wb')
thread = _threading.Thread(target=server.run, name=name)
thread.start()
self.threads.append(thread)

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import common
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(common))
return tests

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import error
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(error))
return tests

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import server
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(server))
return tests

View File

@ -0,0 +1,54 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"Python module and tools for communicating in the Assuan protocol."
from distutils.core import setup as _setup
import os.path as _os_path
from pyassuan import __version__
_this_dir = _os_path.dirname(__file__)
_setup(
name='pyassuan',
version=__version__,
maintainer='W. Trevor King',
maintainer_email='wking@tremily.us',
url='http://blog.tremily.us/posts/pyassuan/',
download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__),
license = 'GNU General Public License (GPL)',
platforms = ['all'],
description = __doc__,
long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(),
classifiers = [
'Development Status :: 3 - Alpha',
'Intended Audience :: Developers',
'Operating System :: OS Independent',
'License :: OSI Approved :: GNU General Public License (GPL)',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.3',
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
'Topic :: Security :: Cryptography',
'Topic :: Software Development'
],
scripts = ['bin/get-info.py', 'bin/pinentry.py'],
packages = ['pyassuan'],
provides = ['pyassuan'],
)

View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

View File

@ -0,0 +1,91 @@
Python module and tools for communicating in the Assuan_ protocol.
There are a number of GnuPG_ wrappers for python `out there`__, but
they mostly work via the ``gpg`` executable. This is an attempt to
cut to the chase and speak directly to ``gpgme-tool`` (source__) over
a well-defined socket protocol.
__ wrappers_
__ gpgme-tool_
Installation
============
Packages
--------
Gentoo
~~~~~~
I've packaged ``pyassuan`` for Gentoo_. You need layman_ and
my `wtk overlay`_. Install with::
# emerge -av app-portage/layman
# layman --add wtk
# emerge -av dev-python/pyassuan
Dependencies
------------
``pyassuan`` is a simple package with no external dependencies outside
the Python 3.3+ standard library.
Installing by hand
------------------
``pyassuan`` is available as a Git_ repository::
$ git clone git://tremily.us/pyassuan.git
See the homepage_ for details. To install the checkout, run the
standard::
$ python setup.py install
Usage
=====
Checkout the docstrings and the examples in ``bin``.
Testing
=======
Run the internal unit tests with `Python 3.2+'s unittest discovery`__::
$ python -m unittest discover
To test running servers by hand, you can use `gpg-connect-agent`_.
Despite the name, this program can connect to any Assuan server::
$ gpg-connect-agent --raw-socket name
__ unittest-discovery_
Licence
=======
This project is distributed under the `GNU General Public License
Version 3`_ or greater.
Author
======
W. Trevor King
wking@tremily.us
.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/
.. _GnuPG: http://www.gnupg.org/
.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard
.. _gpgme-tool:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
.. _Gentoo: http://www.gentoo.org/
.. _layman: http://layman.sourceforge.net/
.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/
.. _Git: http://git-scm.com/
.. _homepage: http://blog.tremily.us/posts/pyassuan/
.. _gpg-connect-agent:
http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html
.. _unittest-discovery:
https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery
.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html

View File

@ -0,0 +1,67 @@
#!/usr/bin/env python3
#
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Simple pinentry program for getting server info.
"""
from pyassuan import __version__
from pyassuan import client as _client
from pyassuan import common as _common
from pyassuan import error as _error
if __name__ == '__main__':
import argparse
import logging
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
'-v', '--version', action='version',
version='%(prog)s {}'.format(__version__))
parser.add_argument(
'-V', '--verbose', action='count', default=0,
help='increase verbosity')
parser.add_argument(
'filename',
help="path to server's unix socket")
args = parser.parse_args()
client = _client.AssuanClient(name='get-info', close_on_disconnect=True)
if args.verbose:
client.logger.setLevel(max(
logging.DEBUG, client.logger.level - 10*args.verbose))
client.connect(socket_path=args.filename)
try:
response = client.read_response()
assert response.type == 'OK', response
client.make_request(_common.Request('HELP'))
client.make_request(_common.Request('HELP GETINFO'))
for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']:
try:
client.make_request(_common.Request('GETINFO', attribute))
except _error.AssuanError as e:
if e.message.startswith('No data'):
pass
else:
raise
finally:
client.make_request(_common.Request('BYE'))
client.disconnect()

View File

@ -0,0 +1,393 @@
#!/usr/bin/env python3
#
# Copyright (C) 2012-2017 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Simple pinentry program for getting pins from a terminal.
"""
import copy as _copy
import os as _os
import os.path as _os_path
import pprint as _pprint
import re as _re
import signal as _signal
import sys as _sys
import termios as _termios
from pyassuan import __version__
from pyassuan import server as _server
from pyassuan import common as _common
from pyassuan import error as _error
class PinEntry (_server.AssuanServer):
"""pinentry protocol server
See ``pinentry-0.8.0/doc/pinentry.texi`` at::
ftp://ftp.gnupg.org/gcrypt/pinentry/
http://www.gnupg.org/aegypten/
for details on the pinentry interface.
Alternatively, you can just watch the logs and guess ;). Here's a
trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3)::
S: OK Your orders please
C: OPTION grab
S: OK
C: OPTION ttyname=/dev/pts/6
S: OK
C: OPTION ttytype=xterm
S: OK
C: OPTION lc-ctype=en_US.UTF-8
S: OK
C: OPTION lc-messages=en_US.UTF-8
S: OK
C: OPTION allow-external-password-cache
S: OK
C: OPTION default-ok=_OK
S: OK
C: OPTION default-cancel=_Cancel
S: OK
C: OPTION default-yes=_Yes
S: OK
C: OPTION default-no=_No
S: OK
C: OPTION default-prompt=PIN:
S: OK
C: OPTION default-pwmngr=_Save in password manager
S: OK
C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
S: OK
C: OPTION default-tt-visi=Make passphrase visible
S: OK
C: OPTION default-tt-hide=Hide passphrase
S: OK
C: GETINFO pid
S: D 14309
S: OK
C: SETKEYINFO u/S9464F2C2825D2FE3
S: OK
C: SETDESC Enter passphrase%0A
S: OK
C: SETPROMPT Passphrase
S: OK
C: GETPIN
S: D testing!
S: OK
C: BYE
S: OK closing connection
"""
_digit_regexp = _re.compile(r'\d+')
# from proc(5): pid comm state ppid pgrp session tty_nr tpgid
_tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)')
def __init__(self, name='pinentry', strict_options=False,
single_request=True, **kwargs):
self.strings = {}
self.connection = {}
super(PinEntry, self).__init__(
name=name, strict_options=strict_options,
single_request=single_request, **kwargs)
self.valid_options.append('ttyname')
def reset(self):
super(PinEntry, self).reset()
self.strings.clear()
self.connection.clear()
# user interface
def _connect(self):
self.logger.info('connecting to user')
self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options)))
tty_name = self.options.get('ttyname', None)
if tty_name:
self.connection['tpgrp'] = self._get_pgrp(tty_name)
self.logger.info(
'open to-user output stream for {}'.format(tty_name))
self.connection['to_user'] = open(tty_name, 'w')
self.logger.info(
'open from-user input stream for {}'.format(tty_name))
self.connection['from_user'] = open(tty_name, 'r')
self.logger.info('get current termios line discipline')
self.connection['original termios'] = _termios.tcgetattr(
self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...]
new_termios = _copy.deepcopy(self.connection['original termios'])
# translate carriage return to newline on input
new_termios[0] |= _termios.ICRNL
# do not ignore carriage return on input
new_termios[0] &= ~_termios.IGNCR
# do not echo input characters
new_termios[3] &= ~_termios.ECHO
# echo input characters
#new_termios[3] |= _termios.ECHO
# echo the NL character even if ECHO is not set
new_termios[3] |= _termios.ECHONL
# enable canonical mode
new_termios[3] |= _termios.ICANON
self.logger.info('adjust termios line discipline')
_termios.tcsetattr(
self.connection['to_user'], _termios.TCSANOW, new_termios)
self.logger.info('send SIGSTOP to pgrp {}'.format(
self.connection['tpgrp']))
#_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP)
_os.kill(-self.connection['tpgrp'], _signal.SIGSTOP)
self.connection['tpgrp stopped'] = True
else:
self.logger.info('no TTY name given; use stdin/stdout for I/O')
self.connection['to_user'] = _sys.stdout
self.connection['from_user'] = _sys.stdin
self.logger.info('connected to user')
self.connection['to_user'].write('\n') # give a clean line to work on
self.connection['active'] = True
def _disconnect(self):
self.logger.info('disconnecting from user')
try:
if self.connection.get('original termios', None):
self.logger.info('restore original termios line discipline')
_termios.tcsetattr(
self.connection['to_user'], _termios.TCSANOW,
self.connection['original termios'])
if self.connection.get('tpgrp stopped', None) is True:
self.logger.info(
'send SIGCONT to pgrp {}'.format(self.connection['tpgrp']))
#_os.killpg(self.connection['tpgrp'], _signal.SIGCONT)
_os.kill(-self.connection['tpgrp'], _signal.SIGCONT)
if self.connection.get('to_user', None) not in [None, _sys.stdout]:
self.logger.info('close to-user output stream')
self.connection['to_user'].close()
if self.connection.get('from_user',None) not in [None,_sys.stdout]:
self.logger.info('close from-user input stream')
self.connection['from_user'].close()
finally:
self.connection = {'active': False}
self.logger.info('disconnected from user')
def _get_pgrp(self, tty_name):
self.logger.info('find process group contolling {}'.format(tty_name))
proc = '/proc'
for name in _os.listdir(proc):
path = _os_path.join(proc, name)
if not (self._digit_regexp.match(name) and _os_path.isdir(path)):
continue # not a process directory
self.logger.debug('checking process {}'.format(name))
fd_path = _os_path.join(path, 'fd', '0')
try:
link = _os.readlink(fd_path)
except OSError as e:
self.logger.debug('not our process: {}'.format(e))
continue # permission denied (not one of our processes)
if link != tty_name:
self.logger.debug('wrong tty: {}'.format(link))
continue # not attached to our target tty
stat_path = _os_path.join(path, 'stat')
stat = open(stat_path, 'r').read()
self.logger.debug('check stat for pgrp: {}'.format(stat))
match = self._tpgrp_regexp.match(stat)
assert match != None, stat
pgrp = int(match.group(1))
self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name))
return pgrp
raise ValueError(tty_name)
def _write(self, string):
"Write text to the user's terminal."
self.connection['to_user'].write(string + '\n')
self.connection['to_user'].flush()
def _read(self):
"Read and return a line from the user's terminal."
# drop trailing newline
return self.connection['from_user'].readline()[:-1]
def _prompt(self, prompt='?', error=None, add_colon=True):
if add_colon:
prompt += ':'
if error:
self.connection['to_user'].write(error)
self.connection['to_user'].write('\n')
self.connection['to_user'].write(prompt)
self.connection['to_user'].write(' ')
self.connection['to_user'].flush()
return self._read()
# assuan handlers
def _handle_GETINFO(self, arg):
if arg == 'pid':
yield _common.Response('D', str(_os.getpid()).encode('ascii'))
elif arg == 'version':
yield _common.Response('D', __version__.encode('ascii'))
else:
raise _error.AssuanError(message='Invalid parameter')
yield _common.Response('OK')
def _handle_SETKEYINFO(self, arg):
self.strings['key info'] = arg
yield _common.Response('OK')
def _handle_CLEARPASSPHRASE(self, arg):
yield _common.Response('OK')
def _handle_SETDESC(self, arg):
self.strings['description'] = arg
yield _common.Response('OK')
def _handle_SETPROMPT(self, arg):
self.strings['prompt'] = arg
yield _common.Response('OK')
def _handle_SETERROR(self, arg):
self.strings['error'] = arg
yield _common.Response('OK')
def _handle_SETTITLE(self, arg):
self.strings['title'] = arg
yield _common.Response('OK')
def _handle_SETOK(self, arg):
self.strings['ok'] = arg
yield _common.Response('OK')
def _handle_SETCANCEL(self, arg):
self.strings['cancel'] = arg
yield _common.Response('OK')
def _handle_SETNOTOK(self, arg):
self.strings['not ok'] = arg
yield _common.Response('OK')
def _handle_SETQUALITYBAR(self, arg):
"""Adds a quality indicator to the GETPIN window.
This indicator is updated as the passphrase is typed. The
clients needs to implement an inquiry named "QUALITY" which
gets passed the current passphrase (percent-plus escaped) and
should send back a string with a single numerical vauelue
between -100 and 100. Negative values will be displayed in
red.
If a custom label for the quality bar is required, just add
that label as an argument as percent escaped string. You will
need this feature to translate the label because pinentry has
no internal gettext except for stock strings from the toolkit
library.
If you want to show a tooltip for the quality bar, you may use
C: SETQUALITYBAR_TT string
S: OK
With STRING being a percent escaped string shown as the tooltip.
Here is a real world example of these commands in use:
C: SETQUALITYBAR Quality%3a
S: OK
C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria.
S: OK
"""
self.strings['qualitybar'] = arg
yield _common.Response('OK')
def _handle_SETQUALITYBAR_TT(self, arg):
self.strings['qualitybar_tooltip'] = arg
yield _common.Response('OK')
def _handle_GETPIN(self, arg):
try:
self._connect()
self._write(self.strings['description'])
if 'key info' in self.strings:
self._write('key: {}'.format(self.strings['key info']))
if 'qualitybar' in self.strings:
self._write(self.strings['qualitybar'])
pin = self._prompt(
prompt=self.strings['prompt'],
error=self.strings.get('error'),
add_colon=False)
finally:
self._disconnect()
yield _common.Response('D', pin.encode('ascii'))
yield _common.Response('OK')
def _handle_CONFIRM(self, arg):
try:
self._connect()
self._write(self.strings['description'])
self._write('1) '+self.strings['ok'])
self._write('2) '+self.strings['not ok'])
value = self._prompt('?')
finally:
self._disconnect()
if value == '1':
yield _common.Response('OK')
else:
raise _error.AssuanError(message='Not confirmed')
def _handle_MESSAGE(self, arg):
self._write(self.strings['description'])
yield _common.Response('OK')
def _handle_CONFIRM(self, args):
assert args == '--one-button', args
try:
self._connect()
self._write(self.strings['description'])
self._write('1) '+self.strings['ok'])
value = self._prompt('?')
finally:
self._disconnect()
assert value == '1', value
yield _common.Response('OK')
if __name__ == '__main__':
import argparse
import logging
import traceback
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
'-v', '--version', action='version',
version='%(prog)s {}'.format(__version__))
parser.add_argument(
'-V', '--verbose', action='count', default=0,
help='increase verbosity')
parser.add_argument(
'--display',
help='set X display (ignored by this implementation)')
args = parser.parse_args()
p = PinEntry()
if args.verbose:
p.logger.setLevel(max(
logging.DEBUG, p.logger.level - 10*args.verbose))
try:
p.run()
except:
p.logger.error(
'exiting due to exception:\n{}'.format(
traceback.format_exc().rstrip()))
raise

View File

@ -0,0 +1,34 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""A Python implementation of the `Assuan protocol`_.
.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/
"""
import logging as _logging
import logging.handlers as _logging_handlers
__version__ = '0.2'
LOG = _logging.getLogger('pyassuan')
LOG.setLevel(_logging.ERROR)
LOG.addHandler(_logging.StreamHandler())
#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log'))
#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log'))
LOG.handlers[0].setFormatter(
_logging.Formatter('%(name)s: %(levelname)s: %(message)s'))

View File

@ -0,0 +1,190 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import logging as _logging
import socket as _socket
import sys as _sys
from . import LOG as _LOG
from . import common as _common
from . import error as _error
class AssuanClient (object):
"""A single-threaded Assuan client based on the `development suggestions`_
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html
"""
def __init__(self, name, logger=_LOG, use_sublogger=True,
close_on_disconnect=False):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
self.close_on_disconnect = close_on_disconnect
self.input = self.output = self.socket = None
def connect(self, socket_path=None):
if socket_path:
self.logger.info(
'connect to Unix socket at {}'.format(socket_path))
self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM)
self.socket.connect(socket_path)
self.input = self.socket.makefile('rb')
self.output = self.socket.makefile('wb')
else:
if not self.input:
self.logger.info('read from stdin')
self.input = _sys.stdin.buffer
if not self.output:
self.logger.info('write to stdout')
self.output = _sys.stdout.buffer
def disconnect(self):
if self.close_on_disconnect:
self.logger.info('disconnecting')
if self.input is not None:
self.input.close()
self.input = None
if self.output is not None:
self.output.close()
self.output = None
if self.socket is not None:
self.socket.shutdown(_socket.SHUT_RDWR)
self.socket.close()
self.socket = None
def raise_error(self, error):
self.logger.error(str(error))
raise(error)
def read_response(self):
line = self.input.readline()
if not line:
self.raise_error(
_error.AssuanError(message='IPC accept call failed'))
if len(line) > _common.LINE_LENGTH:
self.raise_error(
_error.AssuanError(message='Line too long'))
if not line.endswith(b'\n'):
self.logger.info('S: {}'.format(line))
self.raise_error(
_error.AssuanError(message='Invalid response'))
line = line[:-1] # remove trailing newline
response = _common.Response()
try:
response.from_bytes(line)
except _error.AssuanError as e:
self.logger.error(str(e))
raise
self.logger.info('S: {}'.format(response))
return response
def _write_request(self, request):
self.logger.info('C: {}'.format(request))
self.output.write(bytes(request))
self.output.write(b'\n')
try:
self.output.flush()
except IOError:
raise
def make_request(self, request, response=True, expect=['OK']):
self._write_request(request=request)
if response:
return self.get_responses(requests=[request], expect=expect)
def get_responses(self, requests=None, expect=['OK']):
responses = list(self.responses())
if responses[-1].type == 'ERR':
eresponse = responses[-1]
fields = eresponse.parameters.split(' ', 1)
code = int(fields[0])
if len(fields) > 1:
message = fields[1].strip()
else:
message = None
error = _error.AssuanError(code=code, message=message)
if requests is not None:
error.requests = requests
error.responses = responses
raise error
if expect:
assert responses[-1].type in expect, [str(r) for r in responses]
data = []
for response in responses:
if response.type == 'D':
data.append(response.parameters)
if data:
data = b''.join(data)
else:
data = None
return (responses, data)
def responses(self):
while True:
response = self.read_response()
yield response
if response.type not in ['S', '#', 'D']:
break
def send_data(self, data=None, response=True, expect=['OK']):
"""Iterate through requests necessary to send ``data`` to a server.
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
"""
requests = []
if data:
encoded_data = _common.encode(data)
start = 0
stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL
self.logger.debug('sending {} bytes of encoded data'.format(
len(encoded_data)))
while stop > start:
d = encoded_data[start:stop]
request = _common.Request(
command='D', parameters=encoded_data[start:stop],
encoded=True)
requests.append(request)
self.logger.debug('send {} byte chunk'.format(stop-start))
self._write_request(request=request)
start = stop
stop = start + min(_common.LINE_LENGTH-4,
len(encoded_data) - start)
request = _common.Request('END')
requests.append(request)
self._write_request(request=request)
if response:
return self.get_responses(requests=requests, expect=expect)
def send_fds(self, fds):
"""Send a file descriptor over a Unix socket.
"""
msg = '# descriptors in flight: {}\n'.format(fds)
self.logger.info('C: {}'.format(msg.rstrip('\n')))
msg = msg.encode('ascii')
return _common.send_fds(
socket=self.socket, msg=msg, fds=fds, logger=None)
def receive_fds(self, msglen=200, maxfds=10):
"""Receive file descriptors over a Unix socket.
"""
msg,fds = _common.receive_fds(
socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None)
msg = str(msg, 'utf-8')
self.logger.info('S: {}'.format(msg.rstrip('\n')))
return fds

View File

@ -0,0 +1,314 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Items common to both the client and server
"""
import array as _array
import re as _re
import socket as _socket
from . import LOG as _LOG
from . import error as _error
LINE_LENGTH = 1002 # 1000 + [CR,]LF
_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')'
_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN)
_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii'))
_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})')
_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})')
_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z')
def encode(data):
r"""
>>> encode('It grew by 5%!\n')
'It grew by 5%25!%0A'
>>> encode(b'It grew by 5%!\n')
b'It grew by 5%25!%0A'
"""
if isinstance(data, bytes):
regexp = _ENCODE_BYTE_REGEXP
else:
regexp = _ENCODE_STR_REGEXP
return regexp.sub(
lambda x : to_hex(x.group()), data)
def decode(data):
r"""
>>> decode('%22Look out!%22%0AWhere%3F')
'"Look out!"\nWhere?'
>>> decode(b'%22Look out!%22%0AWhere%3F')
b'"Look out!"\nWhere?'
"""
if isinstance(data, bytes):
regexp = _DECODE_BYTE_REGEXP
else:
regexp = _DECODE_STR_REGEXP
return regexp.sub(
lambda x : from_hex(x.group()), data)
def from_hex(code):
r"""
>>> from_hex('%22')
'"'
>>> from_hex('%0A')
'\n'
>>> from_hex(b'%0A')
b'\n'
"""
c = chr(int(code[1:], 16))
if isinstance(code, bytes):
c =c.encode('ascii')
return c
def to_hex(char):
r"""
>>> to_hex('"')
'%22'
>>> to_hex('\n')
'%0A'
>>> to_hex(b'\n')
b'%0A'
"""
hx = '%{:02X}'.format(ord(char))
if isinstance(char, bytes):
hx = hx.encode('ascii')
return hx
class Request (object):
"""A client request
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
>>> r = Request(command='BYE')
>>> str(r)
'BYE'
>>> r = Request(command='OPTION', parameters='testing at 5%')
>>> str(r)
'OPTION testing at 5%25'
>>> bytes(r)
b'OPTION testing at 5%25'
>>> r.from_bytes(b'BYE')
>>> r.command
'BYE'
>>> print(r.parameters)
None
>>> r.from_bytes(b'OPTION testing at 5%25')
>>> r.command
'OPTION'
>>> print(r.parameters)
testing at 5%
>>> r.from_bytes(b' invalid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 170 Invalid request
>>> r.from_bytes(b'in-valid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 170 Invalid request
"""
def __init__(self, command=None, parameters=None, encoded=False):
self.command = command
self.parameters = parameters
self.encoded = encoded
def __str__(self):
if self.parameters:
if self.encoded:
encoded_parameters = self.parameters
else:
encoded_parameters = encode(self.parameters)
return '{} {}'.format(self.command, encoded_parameters)
return self.command
def __bytes__(self):
if self.parameters:
if self.encoded:
encoded_parameters = self.parameters
else:
encoded_parameters = encode(self.parameters)
return '{} {}'.format(
self.command, encoded_parameters).encode('utf-8')
return self.command.encode('utf-8')
def from_bytes(self, line):
if len(line) > 1000: # TODO: byte-vs-str and newlines?
raise _error.AssuanError(message='Line too long')
line = str(line, encoding='utf-8')
match = _REQUEST_REGEXP.match(line)
if not match:
raise _error.AssuanError(message='Invalid request')
self.command = match.group(1)
if match.group(3):
if match.group(2):
self.parameters = decode(match.group(3))
else:
raise _error.AssuanError(message='Invalid request')
else:
self.parameters = None
class Response (object):
"""A server response
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
>>> r = Response(type='OK')
>>> str(r)
'OK'
>>> r = Response(type='ERR', parameters='1 General error')
>>> str(r)
'ERR 1 General error'
>>> bytes(r)
b'ERR 1 General error'
>>> r.from_bytes(b'OK')
>>> r.type
'OK'
>>> print(r.parameters)
None
>>> r.from_bytes(b'ERR 1 General error')
>>> r.type
'ERR'
>>> print(r.parameters)
1 General error
>>> r.from_bytes(b' invalid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 76 Invalid response
>>> r.from_bytes(b'in-valid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 76 Invalid response
"""
types = {
'O': 'OK',
'E': 'ERR',
'S': 'S',
'#': '#',
'D': 'D',
'I': 'INQUIRE',
}
def __init__(self, type=None, parameters=None):
self.type = type
self.parameters = parameters
def __str__(self):
if self.parameters:
return '{} {}'.format(self.type, encode(self.parameters))
return self.type
def __bytes__(self):
if self.parameters:
if self.type == 'D':
return b' '.join((b'D', self.parameters))
else:
return '{} {}'.format(
self.type, encode(self.parameters)).encode('utf-8')
return self.type.encode('utf-8')
def from_bytes(self, line):
if len(line) > 1000: # TODO: byte-vs-str and newlines?
raise _error.AssuanError(message='Line too long')
if line.startswith(b'D'):
self.command = t = 'D'
else:
line = str(line, encoding='utf-8')
t = line[0]
try:
type = self.types[t]
except KeyError:
raise _error.AssuanError(message='Invalid response')
self.type = type
if type == 'D': # data
self.parameters = decode(line[2:])
elif type == '#': # comment
self.parameters = decode(line[2:])
else:
match = _REQUEST_REGEXP.match(line)
if not match:
raise _error.AssuanError(message='Invalid request')
if match.group(3):
if match.group(2):
self.parameters = decode(match.group(3))
else:
raise _error.AssuanError(message='Invalid request')
else:
self.parameters = None
def error_response(error):
"""
>>> from pyassuan.error import AssuanError
>>> error = AssuanError(1)
>>> response = error_response(error)
>>> print(response)
ERR 1 General error
"""
return Response(type='ERR', parameters=str(error))
def send_fds(socket, msg=None, fds=None, logger=_LOG):
"""Send a file descriptor over a Unix socket using ``sendmsg``.
``sendmsg`` suport requires Python >= 3.3.
Code from
http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg
Assuan equivalent is
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd
"""
if msg is None:
msg = b''.join(
[b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n'])
if logger is not None:
logger.debug('sending file descriptors {} down {}'.format(fds, socket))
return socket.sendmsg(
[msg],
[(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))])
def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG):
"""Recieve file descriptors using ``recvmsg``.
``recvmsg`` suport requires Python >= 3.3.
Code from http://docs.python.org/dev/library/socket.html
Assuan equivalent is
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd
"""
fds = _array.array('i') # Array of ints
msg,ancdata,flags,addr = socket.recvmsg(
msglen, _socket.CMSG_LEN(maxfds * fds.itemsize))
for cmsg_level,cmsg_type,cmsg_data in ancdata:
if (cmsg_level == _socket.SOL_SOCKET and
cmsg_type == _socket.SCM_RIGHTS):
# Append data, ignoring any truncated integers at the end.
fds.fromstring(
cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)])
if logger is not None:
logger.debug('receiving file descriptors {} from {} ({})'.format(
fds, socket, msg))
return (msg, list(fds))

View File

@ -0,0 +1,302 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Assuan errors as defined in `libgpg-error`_.
The Assuan_ docs_ suggest these error codes.
.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/
.. _Assuan:
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html
"""
MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h
0: 'Success',
1: 'General error',
2: 'Unknown packet',
3: 'Unknown version in packet',
4: 'Invalid public key algorithm',
5: 'Invalid digest algorithm',
6: 'Bad public key',
7: 'Bad secret key',
8: 'Bad signature',
9: 'No public key',
10: 'Checksum error',
11: 'Bad passphrase',
12: 'Invalid cipher algorithm',
13: 'Keyring open',
14: 'Invalid packet',
15: 'Invalid armor',
16: 'No user ID',
17: 'No secret key',
18: 'Wrong secret key used',
19: 'Bad session key',
20: 'Unknown compression algorithm',
21: 'Number is not prime',
22: 'Invalid encoding method',
23: 'Invalid encryption scheme',
24: 'Invalid signature scheme',
25: 'Invalid attribute',
26: 'No value',
27: 'Not found',
28: 'Value not found',
29: 'Syntax error',
30: 'Bad MPI value',
31: 'Invalid passphrase',
32: 'Invalid signature class',
33: 'Resources exhausted',
34: 'Invalid keyring',
35: 'Trust DB error',
36: 'Bad certificate',
37: 'Invalid user ID',
38: 'Unexpected error',
39: 'Time conflict',
40: 'Keyserver error',
41: 'Wrong public key algorithm',
42: 'Tribute to D. A.',
43: 'Weak encryption key',
44: 'Invalid key length',
45: 'Invalid argument',
46: 'Syntax error in URI',
47: 'Invalid URI',
48: 'Network error',
49: 'Unknown host',
50: 'Selftest failed',
51: 'Data not encrypted',
52: 'Data not processed',
53: 'Unusable public key',
54: 'Unusable secret key',
55: 'Invalid value',
56: 'Bad certificate chain',
57: 'Missing certificate',
58: 'No data',
59: 'Bug',
60: 'Not supported',
61: 'Invalid operation code',
62: 'Timeout',
63: 'Internal error',
64: 'EOF (gcrypt)',
65: 'Invalid object',
66: 'Provided object is too short',
67: 'Provided object is too large',
68: 'Missing item in object',
69: 'Not implemented',
70: 'Conflicting use',
71: 'Invalid cipher mode',
72: 'Invalid flag',
73: 'Invalid handle',
74: 'Result truncated',
75: 'Incomplete line',
76: 'Invalid response',
77: 'No agent running',
78: 'agent error',
79: 'Invalid data',
80: 'Unspecific Assuan server fault',
81: 'General Assuan error',
82: 'Invalid session key',
83: 'Invalid S-expression',
84: 'Unsupported algorithm',
85: 'No pinentry',
86: 'pinentry error',
87: 'Bad PIN',
88: 'Invalid name',
89: 'Bad data',
90: 'Invalid parameter',
91: 'Wrong card',
92: 'No dirmngr',
93: 'dirmngr error',
94: 'Certificate revoked',
95: 'No CRL known',
96: 'CRL too old',
97: 'Line too long',
98: 'Not trusted',
99: 'Operation cancelled',
100: 'Bad CA certificate',
101: 'Certificate expired',
102: 'Certificate too young',
103: 'Unsupported certificate',
104: 'Unknown S-expression',
105: 'Unsupported protection',
106: 'Corrupted protection',
107: 'Ambiguous name',
108: 'Card error',
109: 'Card reset required',
110: 'Card removed',
111: 'Invalid card',
112: 'Card not present',
113: 'No PKCS15 application',
114: 'Not confirmed',
115: 'Configuration error',
116: 'No policy match',
117: 'Invalid index',
118: 'Invalid ID',
119: 'No SmartCard daemon',
120: 'SmartCard daemon error',
121: 'Unsupported protocol',
122: 'Bad PIN method',
123: 'Card not initialized',
124: 'Unsupported operation',
125: 'Wrong key usage',
126: 'Nothing found',
127: 'Wrong blob type',
128: 'Missing value',
129: 'Hardware problem',
130: 'PIN blocked',
131: 'Conditions of use not satisfied',
132: 'PINs are not synced',
133: 'Invalid CRL',
134: 'BER error',
135: 'Invalid BER',
136: 'Element not found',
137: 'Identifier not found',
138: 'Invalid tag',
139: 'Invalid length',
140: 'Invalid key info',
141: 'Unexpected tag',
142: 'Not DER encoded',
143: 'No CMS object',
144: 'Invalid CMS object',
145: 'Unknown CMS object',
146: 'Unsupported CMS object',
147: 'Unsupported encoding',
148: 'Unsupported CMS version',
149: 'Unknown algorithm',
150: 'Invalid crypto engine',
151: 'Public key not trusted',
152: 'Decryption failed',
153: 'Key expired',
154: 'Signature expired',
155: 'Encoding problem',
156: 'Invalid state',
157: 'Duplicated value',
158: 'Missing action',
159: 'ASN.1 module not found',
160: 'Invalid OID string',
161: 'Invalid time',
162: 'Invalid CRL object',
163: 'Unsupported CRL version',
164: 'Invalid certificate object',
165: 'Unknown name',
166: 'A locale function failed',
167: 'Not locked',
168: 'Protocol violation',
169: 'Invalid MAC',
170: 'Invalid request',
171: 'Unknown extension',
172: 'Unknown critical extension',
173: 'Locked',
174: 'Unknown option',
175: 'Unknown command',
176: 'Not operational',
177: 'No passphrase given',
178: 'No PIN given',
179: 'Not enabled',
180: 'No crypto engine',
181: 'Missing key',
182: 'Too many objects',
183: 'Limit reached',
184: 'Not initialized',
185: 'Missing issuer certificate',
198: 'Operation fully cancelled',
199: 'Operation not yet finished',
200: 'Buffer too short',
201: 'Invalid length specifier in S-expression',
202: 'String too long in S-expression',
203: 'Unmatched parentheses in S-expression',
204: 'S-expression not canonical',
205: 'Bad character in S-expression',
206: 'Bad quotation in S-expression',
207: 'Zero prefix in S-expression',
208: 'Nested display hints in S-expression',
209: 'Unmatched display hints',
210: 'Unexpected reserved punctuation in S-expression',
211: 'Bad hexadecimal character in S-expression',
212: 'Odd hexadecimal numbers in S-expression',
213: 'Bad octal character in S-expression',
257: 'General IPC error',
258: 'IPC accept call failed',
259: 'IPC connect call failed',
260: 'Invalid IPC response',
261: 'Invalid value passed to IPC',
262: 'Incomplete line passed to IPC',
263: 'Line passed to IPC too long',
264: 'Nested IPC commands',
265: 'No data callback in IPC',
266: 'No inquire callback in IPC',
267: 'Not an IPC server',
268: 'Not an IPC client',
269: 'Problem starting IPC server',
270: 'IPC read error',
271: 'IPC write error',
273: 'Too much data for IPC layer',
274: 'Unexpected IPC command',
275: 'Unknown IPC command',
276: 'IPC syntax error',
277: 'IPC call has been cancelled',
278: 'No input source for IPC',
279: 'No output source for IPC',
280: 'IPC parameter error',
281: 'Unknown IPC inquire',
1024: 'User defined error code 1',
1025: 'User defined error code 2',
1026: 'User defined error code 3',
1027: 'User defined error code 4',
1028: 'User defined error code 5',
1029: 'User defined error code 6',
1030: 'User defined error code 7',
1031: 'User defined error code 8',
1032: 'User defined error code 9',
1033: 'User defined error code 10',
1034: 'User defined error code 11',
1035: 'User defined error code 12',
1036: 'User defined error code 13',
1037: 'User defined error code 14',
1038: 'User defined error code 15',
1039: 'User defined error code 16',
16381: 'System error w/o errno',
16382: 'Unknown system error',
16383: 'End of file',
}
UNKNOWN = 'Unknown error code'
CODE = dict((message,code) for code,message in MESSAGE.items())
# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.)
class AssuanError (Exception):
r"""
>>> e = AssuanError(1)
>>> print(e)
1 General error
>>> e = AssuanError(1024, 'testing!')
>>> print(e)
1024 testing!
>>> e = AssuanError(message='Unknown packet')
>>> print(e)
2 Unknown packet
"""
def __init__(self, code=None, message=None):
if code is None and message is None:
raise ValueError('missing both `code` and `message`')
if message is None:
message = MESSAGE[code]
if code is None:
code = CODE.get(message, UNKNOWN)
self.code = code
self.message = message
super(AssuanError, self).__init__('{} {}'.format(code, message))

View File

@ -0,0 +1,299 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import logging as _logging
import re as _re
import socket as _socket
import sys as _sys
import threading as _threading
import traceback as _traceback
from . import LOG as _LOG
from . import common as _common
from . import error as _error
_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z')
class AssuanServer (object):
"""A single-threaded Assuan server based on the `devolpment suggestions`_
Extend by subclassing and adding ``_handle_XXX`` methods for each
command you want to handle.
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
"""
def __init__(self, name, logger=_LOG, use_sublogger=True,
valid_options=None, strict_options=True,
single_request=False, listen_to_quit=False,
close_on_disconnect=False):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
if valid_options is None:
valid_options = []
self.valid_options = valid_options
self.strict_options = strict_options
self.single_request = single_request
self.listen_to_quit = listen_to_quit
self.close_on_disconnect = close_on_disconnect
self.input = self.output = None
self.options = {}
self.reset()
def reset(self):
self.stop = False
self.options.clear()
def run(self):
self.reset()
self.logger.info('running')
self.connect()
try:
self.handle_requests()
finally:
self.disconnect()
self.logger.info('stopping')
def connect(self):
if not self.input:
self.logger.info('read from stdin')
self.input = _sys.stdin.buffer
if not self.output:
self.logger.info('write to stdout')
self.output = _sys.stdout.buffer
def disconnect(self):
if self.close_on_disconnect:
self.logger.info('disconnecting')
self.input = None
self.output = None
def handle_requests(self):
self.send_response(_common.Response('OK', 'Your orders please'))
self.output.flush()
while not self.stop:
line = self.input.readline()
if not line:
break # EOF
if len(line) > _common.LINE_LENGTH:
self.raise_error(
_error.AssuanError(message='Line too long'))
if not line.endswith(b'\n'):
self.logger.info('C: {}'.format(line))
self.send_error_response(
_error.AssuanError(message='Invalid request'))
continue
line = line[:-1] # remove the trailing newline
self.logger.info('C: {}'.format(line))
request = _common.Request()
try:
request.from_bytes(line)
except _error.AssuanError as e:
self.send_error_response(e)
continue
self.handle_request(request)
def handle_request(self, request):
try:
handle = getattr(
self, '_handle_{}'.format(request.command))
except AttributeError:
self.logger.warn('unknown command: {}'.format(request.command))
self.send_error_response(
_error.AssuanError(message='Unknown command'))
return
try:
responses = handle(request.parameters)
for response in responses:
self.send_response(response)
except _error.AssuanError as error:
self.send_error_response(error)
return
except Exception as e:
self.logger.error(
'exception while executing {}:\n{}'.format(
handle, _traceback.format_exc().rstrip()))
self.send_error_response(
_error.AssuanError(message='Unspecific Assuan server fault'))
return
def send_response(self, response):
"""For internal use by ``.handle_requests()``
"""
rstring = str(response)
self.logger.info('S: {}'.format(response))
self.output.write(bytes(response))
self.output.write(b'\n')
try:
self.output.flush()
except IOError:
if not self.stop:
raise
def send_error_response(self, error):
"""For internal use by ``.handle_requests()``
"""
self.send_response(_common.error_response(error))
# common commands defined at
# http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
def _handle_BYE(self, arg):
if self.single_request:
self.stop = True
yield _common.Response('OK', 'closing connection')
def _handle_RESET(self, arg):
self.reset()
def _handle_END(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_HELP(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_QUIT(self, arg):
if self.listen_to_quit:
self.stop = True
yield _common.Response('OK', 'stopping the server')
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_OPTION(self, arg):
"""
>>> s = AssuanServer(name='test', valid_options=['my-op'])
>>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '1'}
>>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '2'}
>>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '3'}
>>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': None}
>>> list(s._handle_OPTION('inv'))
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 174 Unknown option
>>> list(s._handle_OPTION('in|valid'))
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 90 Invalid parameter
"""
match = _OPTION_REGEXP.match(arg)
if not match:
raise _error.AssuanError(message='Invalid parameter')
name,space,equal,value = match.groups()
if value and not space and not equal:
# need either space or equal to separate value
raise _error.AssuanError(message='Invalid parameter')
if name not in self.valid_options:
if self.strict_options:
raise _error.AssuanError(message='Unknown option')
else:
self.logger.info('skipping invalid option: {}'.format(name))
else:
if not value:
value = None
self.options[name] = value
yield _common.Response('OK')
def _handle_CANCEL(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_AUTH(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
class AssuanSocketServer (object):
"""A threaded server spawning ``AssuanServer``\s for each connection
"""
def __init__(self, name, socket, server, kwargs={}, max_threads=10,
logger=_LOG, use_sublogger=True):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
self.socket = socket
self.server = server
assert 'name' not in kwargs, kwargs['name']
assert 'logger' not in kwargs, kwargs['logger']
kwargs['logger'] = self.logger
assert 'use_sublogger' not in kwargs, kwargs['use_sublogger']
kwargs['use_sublogger'] = True
if 'close_on_disconnect' in kwargs:
assert kwargs['close_on_disconnect'] == True, (
kwargs['close_on_disconnect'])
else:
kwargs['close_on_disconnect'] = True
self.kwargs = kwargs
self.max_threads = max_threads
self.threads = []
def run(self):
self.logger.info('listen on socket')
self.socket.listen()
thread_index = 0
while True:
socket,address = self.socket.accept()
self.logger.info('connection from {}'.format(address))
self.cleanup_threads()
if len(threads) > self.max_threads:
self.drop_connection(socket, address)
self.spawn_thread(
'server-thread-{}'.format(thread_index), socket, address)
thread_index = (thread_index + 1) % self.max_threads
def cleanup_threads(self):
i = 0
while i < len(self.threads):
thread = self.threads[i]
thread.join(0)
if thread.is_alive():
self.logger.info('joined thread {}'.format(thread.name))
self.threads.pop(i)
thread.socket.shutdown()
thread.socket.close()
else:
i += 1
def drop_connection(self, socket, address):
self.logger.info('drop connection from {}'.format(address))
# TODO: proper error to send to the client?
def spawn_thread(self, name, socket, address):
server = self.server(name=name, **self.kwargs)
server.input = socket.makefile('rb')
server.output = socket.makefile('wb')
thread = _threading.Thread(target=server.run, name=name)
thread.start()
self.threads.append(thread)

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import common
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(common))
return tests

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import error
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(error))
return tests

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import server
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(server))
return tests

View File

@ -0,0 +1,54 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"Python module and tools for communicating in the Assuan protocol."
from distutils.core import setup as _setup
import os.path as _os_path
from pyassuan import __version__
_this_dir = _os_path.dirname(__file__)
_setup(
name='pyassuan',
version=__version__,
maintainer='W. Trevor King',
maintainer_email='wking@tremily.us',
url='http://blog.tremily.us/posts/pyassuan/',
download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__),
license = 'GNU General Public License (GPL)',
platforms = ['all'],
description = __doc__,
long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(),
classifiers = [
'Development Status :: 3 - Alpha',
'Intended Audience :: Developers',
'Operating System :: OS Independent',
'License :: OSI Approved :: GNU General Public License (GPL)',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.3',
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
'Topic :: Security :: Cryptography',
'Topic :: Software Development'
],
scripts = ['bin/get-info.py', 'bin/pinentry.py'],
packages = ['pyassuan'],
provides = ['pyassuan'],
)

View File

@ -0,0 +1,50 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PKG=analyze-ssl.pl
GIT_HUB=github.com
GIT_USER=noxxi
GIT_DIR=p5-ssl-tools
URL=raw.githubusercontent.com//master/$PKG.sh
URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG
. $PREFIX/src/var_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -f $PKG ] ; then
[ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB
if [ -e $PREFIX/net/Http/$URL ] ; then
ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; }
wget -xc -P $PREFIX/net/Http https://$URL
fi
fi
[ -f $PKG ] || cp -p $PREFIX/net/Http/$URL .
if [ ! -e $PREFIX/bin/$PKG.bash ] ; then
cat > $PREFIX/bin/$PKG.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=text
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
cd $PREFIX/src/ || exit 1
exec perl $PKG "\$@"
EOF
chmod 755 $PREFIX/bin/$PKG.bash
fi
exit 0
elif [ "$1" = 'test' ] ; then # 3*
$PREFIX/bin/$PKG.bash --help || exit 30
fi

View File

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# https://github.com/noxxi/p5-ssl-tools/
ROLE=toxcore
cd /usr/local/src/ || exit 1
exec perl analyze-ssl.pl "$@"

View File

@ -0,0 +1,28 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL
TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible
. /var/local/src/var_local_src.bash || exit 2
PKG=ansible-keepass
GIT_HUB=github.com
GIT_USER=Nekmo
GIT_DIR=ansible-keepass
[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \
mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars
[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \
wget $BASE_WGET_ARGS \
-O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \
https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \
exit 0

View File

@ -0,0 +1,89 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
#? broken in ansible
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -z "$PYTHON_MINOR" ] || PYTHON_MINOR=3.9
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
PKG="ansible"
MOD="$PKG"
VER="2.9.22"
AVER="2.9.22"
DIR="${PKG}-$VER"
EXT="tar.gz"
URL="files.pythonhosted.org/packages/03/4f/cccab1ec2e0ecb05120184088e00404b38854809cf35aa76889406fbcbad/ansible-2.9.10.tar.gz"
TODIR=/o/data/TestForge/src/ansible
if [ -f /var/local/src/var_local_src.bash ] ; then
. /var/local/src/var_local_src.bash
else
ols_are_we_connected () { route | grep -q ^default ; return $? ; }
fi
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -f "$HTTP_DIR/$URL" ] ; then
ols_are_we_connected || { DEBUG not connected ; exit 0 ; }
wget -xc -P "$HTTP_DIR" "https://$URL" || exit 2
fi
if [ "$EXT" = "zip" ] ; then
unzip "$HTTP_DIR/$URL" || exit 3
else
tar xfvz "$HTTP_DIR/$URL" || exit 3
fi
fi
cd "$DIR" || exit 4
[ -f lib/ansible/parsing/utils/yaml.py.dst ] || \
bash /usr/local/sbin/base_patch_from_diff.bash $ROLE \
$TODIR/roles/$ROLE/overlay/Linux/$PREFIX/patches/$ROLE/$PWD || exit 6$?
[ -d $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/$DIR-py$PYTHON_MINOR.egg ] || \
pip3.sh install . >> install.log 2>&1\
|| { echo "ERROR: code $?" ; tail install.log ; exit 5 ; }
"$PYTHON_EXE" -c "import $MOD" || exit 10
grep -l '_tput\|_src' *sh ../bin*sh | \
xargs grep -l 'echo \(INFO\|DEBUG\|ERROR\|DEBUG\):' | \
xargs sed -e 's@echo \(INFO\|DEBUG\|ERROR\|DEBUG\):@\1 @'
if [ -d $PREFIX/src/ansible-$AVER/docs/docsite ] ; then
cd $PREFIX/src/ansible-$AVER/docs/docsite
[ -f htmldocs.log ] || make -n -f Makefile htmldocs > htmldocs.log 2>&1 || exit 2$?
[ -f info.log ] || make -n -f Makefile.sphinx info > info.log 2>&1 || exit 3$?
exit 0
elif [ "$1" = 'check' ] ; then
"$PYTHON_EXE" -c "import $MOD" || exit 10
# msys_run_checks_requirements
elif [ $1 = 'test' ] ; then
cd $PREFIX/src/$DIR || exit 50
$PYTHON_EXE_MSYS -m tox >> test.log 2>&1 || \
{ echo "ERROR: $MOD code $?" ; cat test.log ; exit 51 ; }
elif [ "$1" = 'refresh' ] ; then
cd $PREFIX/src/$DIR || exit 60
env PWD=$PREFIX/src/$DIR \
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
fi
exit 0

View File

@ -0,0 +1,121 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
DESC=""
. $PREFIX/bin/usr_local_tput.bash || exit 1
PKG=toxcore
DIR=c-$PKG
GIT_HUB=github.com
GIT_USER=TokTok
GIT_DIR=$DIR
GIT_BRAN=master
VERS=2.18.0
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
WD=$PWD
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
ols_are_we_connected || { DEBUG not connected ; exit 0 ; }
cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
git clone -b $GIT_BRAN --depth=1 https://$GIT_HUB/$GIT_USER/$GIT_DIR || exit 4
git clone --depth=1 https://$GIT_HUB/$GIT_USER/dockerfiles
cd $WD
# wget -xcP ../net/Http/ https://github.com/TokTok/c-toxcore/releases/download/v0.2.18/c-toxcore-0.2.18.tar.gz
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"/$GIT_DIR $DIR
fi
cd "$DIR" || exit 5
[ -f third_party/cmp/Makefile ] || git submodule update --init || exit 6
# ols_apply_testforge_patches
# # [ -f CMakeLists.txt.dst ] || patch -b -z.dst < toxcore.diff || exit 7
[ -f cmake.sh ] || cat > cmake.sh << EOF
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=$PREFIX
ROLE=$ROLE
CORE=$PREFIX/src/c-toxcore
DIR=_build
LIB=\$CORE/\$DIR
cd \$CORE | exit 3
mkdir _build
cd _build
cmake \
-DCMAKE_BUILD_TYPE="Debug" \
-DCMAKE_UNITY_BUILD=ON \
-DMIN_LOGGER_LEVEL=TRACE \
-DMUST_BUILD_TOXAV=ON \
-DNON_HERMETIC_TESTS=ON \
-DSTRICT_ABI=ON \
-DTEST_TIMEOUT_SECONDS=120 \
-DUSE_IPV6=OFF \
-DAUTOTEST=ON \
-DBUILD_MISC_TESTS=ON \
-DBUILD_FUN_UTILS=ON \
-DBOOTSTRAP_DAEMON=ON \
.. > cmake.log 2>&1
#sed -e 's/-DNDEBUG/-g/' -i CMakeCache.txt
make .. > make.log 2>&1
ls \$LIB/*so* || { echo ERROR \$LIB ; exit 2 ; }
EOF
bash cmake.sh || {
retval=$?
ERROR cmake $retval
exit 3$retval
}
cd _build
make >> make.log 2>&1 || {
retval=$?
ERROR cmake $retval
exit 3$retval
}
cp -p other/bootstrap_daemon/tox-bootstrapd $PREFIX/bin
cp -p other/bootstrap_daemon/tox-bootstrapd.sh $PREFIX/etc/init.d/tox-bootstrapd
# ln -s $PREFIX/etc/init.d/tox-bootstrapd /etc/init.d
exit 0
elif [ $1 = 'check' ] ; then # 1*
# ols_test_bins && exit 0 || exit $?
[ ! -d $DIR/_build ] && WARN not built yet $DIR && exit 11
[ -f $DIR/_build/libtoxcore.so.${VERS} ] && WARN not compiled yet $DIR && exit 12
ldd $DIR/_build/libtoxcore.so.${VERS} | grep found && ERROR ldd fails $DIR && exit 13
exit 0
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/_build || exit 30
ctest || exit 31
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
fi

View File

@ -0,0 +1,5 @@
#!/bin/sh
ROLE=toxcore
#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.sign
#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.gz

View File

@ -0,0 +1,80 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
MOD=gridfire
DIR=$MOD
GIT_HUB=github.com
GIT_USER=reid-k
GIT_DIR=gridfire
DESC=""
[ -f /usr/local/src/usr_local_src.bash ] && \
. /usr/local/src/usr_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
cd $DIR || exit 3
if [ ! -e $MOD.py ] ; then
route|grep -q ^default || exit 0
wget -c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py
fi
#[ -f $MOD.sh ] || \
# cp -p $PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR/$MOD.sh .
for VER in 2 3 ; do
PYVER=$VER
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
if [ ! -e $PREFIX/bin/$MOD$VER.bash ] ; then
cat > $PREFIX/bin/$MOD$VER.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=$ROLE
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@"
EOF
chmod 755 $PREFIX/bin/$MOD$VER.bash
fi
done
# default to python2
BINS=$MOD
msys_install_python_scripts $BINS
cd bin || exit 4
for file in *.bash *.py ; do
[ $file = gridfire_ansible-vault.bash ] && continue
[ -x $PREFIX/bin/$file ] && diff -q $file $PREFIX/bin/$file && continue
cp -p $file $PREFIX/bin
[ -x $PREFIX/bin/$file ] || chmod 775 $PREFIX/bin/$file
done
cd ..
#[ -d /usr/lib64/misc/ ] && [ ! -e /usr/lib64/misc/ssh-askpass ] \
# && sudo ln -s $PREFIX/bin/$MOD.bash /usr/lib64/misc/ssh-askpass
retval=0
[ -z "$BOX_OS_FLAVOR" ] && BOX_OS_FLAVOR="Linux"
make all-$BOX_OS_FLAVOR
OPREFIX=$PREFIX/share/genkernel/overlay
dist=dist-$BOX_OS_FLAVOR
[ -d $OPREFIX/bin ] || { sudo mkdir -p $OPREFIX/bin ; sudo chmod 1777 $OPREFIX/bin ; }
[ ! -x $dist/$MOD ] || \
[ -x $OPREFIX/bin/$MOD -a $OPREFIX/bin/$MOD -nt $dist/$MOD ] || \
cp -p $dist/$MOD $OPREFIX/bin/ || exit 9
# libc.so.1 libz.so.1 libdl.so.1
exit 0
elif [ "$1" = 'test' ] ; then
$PREFIX/bin/$MOD.bash --help >/dev/null || exit 10
make test >/dev/null || exit 11
fi

View File

@ -0,0 +1,131 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/src/usr_local_src.bash || exit 2
# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2
export LOG_DIR=$PREFIX/var/log/$ROLE
DESC=""
cd /usr/local/src || exit 4
if [ "$#" -eq 0 ] ; then
# /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh
[ -f /usr/local/bin/ssl-cipher-check.pl ] || \
wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl
if [ $USER = root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
command -v keepassxc.bash
EXE=`command -v keepassxc.bash`
[ -z "$EXE" ] && EXE=`command -v keepassxc`
if [ -z "$EXE" ] ; then
export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring
ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'`
[ -n "$ELTS" ] && kill $ELTS
if [ -d /etc/pam.d ] ; then
cd /etc/pam.d
grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do
[ -f .$file.dst ] || cp -p $file .$file.dst
sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file
done
fi
file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service
if [ ! -f $file ] || ! grep -q $EXE $file ; then
cat > $file <<EOF
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=$EXE
EOF
fi
fi
fi
if [ $USER != root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
[ -d ~/.config/autostart ] || mkdir ~/.config/autostart
cd /etc/xdg/autostart/
for file in * ; do
[ -f ~/.config/autostart/$file ] || {
cat > ~/.config/autostart/$file <<EOF
[Desktop Entry]
Hidden=true
EOF
INFO created ~/.config/autostart/$file - cp /dev/null to reenable
}
done
# https://pypi.org/project/keyring/
A=`python3.bash -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"` || exit 1$?
[ -f "$A" ] || touch "$A"
# $HOME/.config/python_keyring
[ -s "$A" ] || cat > "$A" <<EOF
[backend]
default-keyring=keyring.backends.SecretService.Keyring
EOF
A=`python3 -c "import keyring.util.platform_; print(keyring.util.platform_.data_root())"`
[ -d "$A" ] || mkdir "$A"
if `which keepassxc` && ps ax | grep -v grep | grep -q keepassxc ; then
python3 -m keyring --list-backends | \
grep -q keyring.backends.SecretService.Keyring || \
WARN NO keyring.backends.SecretService.Keyring
# string "org.freedesktop.secrets"
dbus-send --session --dest=org.freedesktop.DBus \
--type=method_call --print-reply \
/org/freedesktop/DBus org.freedesktop.DBus.ListNames | \
grep -q 'org.freedesktop.secrets' || \
WARN NO org.freedesktop.DBus.ListNames
else
python3 -m keyring --list-backends || \
WARN NO keyring.backends
fi
if `which gajim` || [ -f $PREFIX/bin/gajim ] ; then
[ -f $HOME/.config/gajim/config ] || cat > $HOME/.config/gajim/config <<EOF
proxies.Tor.bosh_wait_for_restart_response = False
proxies.Tor.useauth = False
proxies.Tor.bosh_useproxy = True
proxies.Tor.bosh_http_pipelining = False
proxies.Tor.bosh_content = text/xml; charset=utf-8
proxies.Tor.bosh_uri =
proxies.Tor.bosh_wait = 30
proxies.Tor.host = 127.0.0.1
proxies.Tor.user =
proxies.Tor.pass =
proxies.Tor.bosh_hold = 2
proxies.Tor.type = socks5
proxies.Tor.port = 9050
EOF
fi
fi
exit 0
elif [ "$1" = check ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash || exit 10
msys_var_local_src_prog_key $1 || exit 10$?
elif [ "$1" = 'lint' ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash
msys_var_local_src_prog_key $1 || exit 20$?
ols_run_tests_shellcheck $ROLE || exit 21$?
ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then
msys_var_local_src_prog_key $1 || exit 51$?
fi

View File

@ -0,0 +1,86 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
DESC=""
. $PREFIX/bin/usr_local_tput.bash || exit 1
PKG=negotiator
DIR=negatiator
declare -a FILES
FILES=(
1a/dd/3fcb75aebaa0a28f4f4e4a5773833d5cc7fecd47f2b535fc7e445f289539/negotiator-common-0.12.2.tar.gz
65/e5/bddc148f12aa8e81cfb0fbe504541436d0d38c6cb1546fa4fb5fbefcb5ce/negotiator-host-0.12.2.tar.gz
fe/a1/3d77020b8c5034f7ef65434d0510d1262840550155ce5f433c8189499326/negotiator-guest-0.12.2.tar.gz
)
declare -a GUESTS
GUESTS=(
coloredlogs-15.0.1-py2.py3-none-any.whl
executor-23.2-py2.py3-none-any.whl
fasteners-0.19-py3-none-any.whl
humanfriendly-10.0-py2.py3-none-any.whl
negotiator_common-0.12.2-py3-none-any.whl
negotiator_guest-0.12.2-py3-none-any.whl
property_manager-3.0-py2.py3-none-any.whl
setuptools-69.0.2-py3-none-any.whl
six-1.16.0-py2.py3-none-any.whl
supervisor-4.2.5-py2.py3-none-any.whl
verboselogs-1.7-py2.py3-none-any.whl
)
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
WD=$PWD
if [ ! -d "$DIR" ] ; then
route | grep -q ^def || { DBUG not connected ; exit 0 ; }
wget -xcP $PREFIX/net/Http/ https://pypi.org/project/negotiator-common/
for f in "${FILES[@]}" ; do
wget -xcP $PREFIX/net/Http/ https://files.pythonhosted.org/packages/$f
done
if [ ! -d "$WD/$DIR" ] ; then
[ -d $WD/$DIR ] || mkdir $WD/$DIR
pip3.sh download -d $WD/$DIR \
negotiator-guest supervisor humanfriendly
cd $WD
fi
for f in "${FILES[@]}" ; do
tar xvfkz $PREFIX/net/Http/$f 2>/dev/null
done
fi
for f in "${FILES[@]}" ; do
base=`basename $f .tar.gz`
[ -d base ] && continue
tar xvfkz $PREFIX/net/Http/$f 2>/dev/null
cd $base
pip3.sh install --prefix=/usr/local . >> install.log 2>&1 || \
WARN problems installing $base retval=$retval
cd ..
done
exit 0
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/_build || exit 30
ctest || exit 31
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
fi

View File

@ -0,0 +1,6 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# --not-zip-safe --no-index linux_x86_64-cp-27-cp27mu
ROLE=toxcore
exec /usr/local/bin/python2.sh -m pex --python $PREFIX/bin/python2.sh --python-shebang $PREFIX/bin/python2.sh "$@"

View File

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
# -f /usr/lib/python3/dist-packages/
exec /usr/local/bin/pex \
--python /usr/local/bin/python3.sh \
--python-shebang /usr/local/bin/python3.sh "$@"

View File

@ -0,0 +1,67 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
#See /var/local/src/ZeroNet.bash
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
MOD="pyassuan"
DIR="${MOD}"
BINS="get-info pinentry"
GIT_HUB=http-git.tremily.us
GIT_DIR=pyassuan
#ols_funtoo_requires
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB"
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
exit 2
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cd "$DIR" || exit 4
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
#? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; }
# msys_python_bins $BINS
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
exit 0
elif [ $1 = 'check' ] ; then # 1*
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20
# ols_test_bins
exit $?
elif [ "$1" = 'test' ] ; then # 3*
cd $WD/$DIR
$PYTHON_EXE_MSYS -m unittest discover >>test.log || exit 31$?
fi

View File

@ -0,0 +1,96 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# 19 Nov 00:48:20 ntpdate[24018]: step time server 132.163.97.3 offset +4125.279643 sec
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash || exit 1
# python3.6 problems on gentoo with gevent not installing
# python3.7 -c 'import gevent'
PYVER=3
PYTHON_MINOR=3.11
PYTHON_EXE_MSYS=python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PKG=sdwdate
URL=github.com/Whonix/sdwdate
DIR=$PKG
cd $PREFIX/src || exit 2
WD=$PWD
cd $DIR || exit 3
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
if ! [ -d $site_packages/$DIR/ ] ; then
rsync -vax usr/lib/python3/dist-packages/$DIR/ $site_packages/$DIR/
sed -e 's@/usr/lib@/usr/local/lib@' -i $site_packages/$DIR/*py
fi
[ -d $site_packages/$DIR/ ] || exit 4
[ -d $PREFIX/etc/sdwdate.d ] || mkdir $PREFIX/etc/sdwdate.d
[ -f $PREFIX/etc/sdwdate.d/30_default.conf ] || \
cp -p etc/sdwdate.d/30_default.conf $PREFIX/etc/sdwdate.d/30_default.conf
if [ ! -f $PREFIX/bin/${PKG}_.py ] ; then
cp -p usr/bin/${PKG} $PREFIX/bin/${PKG}_.py || exit 5
patch -b -z .dst $PREFIX/bin/${PKG}_.py < $PREFIX/src/${PKG}_.py,diff
fi
if ! [ -d /usr/local/lib/helper-scripts ] ; then
rsync -vax ../helper-scripts/ $PREFIX/lib/helper-scripts/
fi
# share/sdwdate/onion_tester
if ! [ -d /usr/local/share/sdwdate ] ; then
rsync -vax usr/share/$DIR/ $PREFIX/share/$DIR/
fi
if ! [ -d /usr/local/lib/sdwdate ] ; then
rsync -vax usr/lib/$DIR/ $PREFIX/lib/$DIR/
## Compatibility with anon-ws-disable-stacked-tor.
# addgroup debian-tor 2>/dev/null || true
# adduser --home /run/sdwdate --no-create-home --quiet --system --group sdwdate || true
## Add sdwdate to group debian-tor so it can read
## /run/tor/control.authcookie which is required to check if Tor has
## already successfully established a circuit before fetching time.
# addgroup sdwdate debian-tor
cd /usr/local/lib/$DIR
[ -x sclockadj ] || \
gcc sclockadj.c -o sclockadj -ldl -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now || exit 7
cd $WD
fi
if grep -q /usr/lib /usr/local/lib/sdwdate/* ; then
sed -e 's@/usr/lib@/usr/local/lib@' -i /usr/local/lib/sdwdate/*
fi
cd $WD
if [ ! -e $PREFIX/bin/${ROLE}_${PKG}.bash ] ; then
cat > $PREFIX/bin/${ROLE}_${PKG}.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
if [ -x /usr/local/bin/proxy_ping_test.bash ] ; then
sh /usr/local/bin/proxy_ping_test.bash wifi || exit 1
sh /usr/local/bin/proxy_ping_test.bash 30 || exit 2
fi
export PYTHONPATH=$site_packages
exec $PYTHON_EXE_MSYS $PREFIX/bin/${PKG}_.py "\$@"
EOF
chmod 755 $PREFIX/bin/${ROLE}_${PKG}.bash
fi
exit 0

View File

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=testforge
export http_proxy=localhost:9999
export https_proxy=localhost:9999
exec alsa-info.sh --stdout --no-load $*

View File

@ -0,0 +1,149 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# https://lukas.dzunko.sk/index.php/Linux:_incremental_backup_using_rsync_on_btrfs_with_snapshots
PREFIX=/var/local
ROLE=testforge
MONIKER=4TA
DEST=/mnt/backup
snapshot=""
opt=""
usage() {
echo "Usage: $0 [OPTIONS] dirs"
echo
echo " -s | --snapshot - snapshot"
echo " -c | --checksum - checksum"
echo " -p | --dedupe - dedupe"
echo " -d | --dest - destination (default - $DEST )"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
[ "$#" -eq 0 ] && usage && exit 1
SHORTOPTS="hVcspm:d:"
LONGOPTS="help,version,checksum,snapshot,dedupe,moniker:,dest:"
dedupe=
DIRS=
. /usr/local/bin/usr_local_base.bash || exit 2
error () { retval=$1 ; shift; echo "ERROR: $prog" $* ; exit $retval ; }
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && error 2 "Aborting."
eval set -- "$ARGS"
while true; do
# echo $*
case "$1" in
-p|--dedupe)
dedupe="true"
;;
-s|--snapshot)
snapshot="true"
;;
-c|--checksum)
opt="--checksum"
;;
-m|--moniker)
shift
MONIKER="$1"
;;
-d|--dest)
shift
DEST="$1"
;;
-v|--verbosity)
shift
verbosity="$1"
;;
-V|--version)
usage
exit 0
;;
-h|--help)
usage
exit 0
;;
'--')
shift
DIRS="$@"
break
;;
*)
error 3 "unrecognized arguments $*"
break
;;
esac
shift
done
[ -z "$DIRS" ] && error 4 "no directories given"
df | grep ${DEST} || mount -v ${DEST} || exit 3
echo "INFO: Copying data ..."
# output of following commands is saved along with backup
( echo; echo "lsusb:" ; lsusb;
echo; echo "lspci:"; lspci;
echo; echo "lshw:" ; lshw -short;
echo; echo "date:" ; date;
echo; echo "# EOF" ;
) > /.lastbackup_$MONIKER
echo
shopt -s nullglob
[ -d /var/local/etc/testforge/backup ] || mkdir /var/local/etc/testforge/backup
file=/var/local/etc/testforge/backup/$MONIKER.exclude
if ! [ -f $file ] ; then
cat > $file << EOF
/cdrom
/dev
/media
/mnt
/proc
/run
/sys
/tmp
EOF
for elt in /root/.cache /home/*/.cache ; do
grep -q ^$elt $file || echo $eelt >> $file
done
fi
LARGS="${opt} -vaxHAX --delete --delete-excluded --human-readable --stats --exclude-from=$file"
for dir in $DIRS ; do
[ -d $dir ] || continue
# copy data to backup location
dest=$( echo $dir | sed -e 's@/mnt/@@' )
rsync $LARGS\
${DEST}/${MONIKER}/$dest || { retval=$? ; ERROR backing up $dir ; sync; exit $retval ; }
done
echo "Flushing file system buffers ..."
time sync
btrfs filesystem sync ${DEST}
time sync
echo
if [ $dedupe = "true" ] ; then
echo "INFO: deduping backup ..."
time $PREFIX/bin/testforge_ln_dups.perl ${DEST}/${MONIKER}
fi
if [ $snapshot = "true" ] ; then
echo "INFO: Creating snapshot of backup ..."
btrfs sub snap -r ${DEST}/${MONIKER} "${DEST}/${MONIKER}_$(LANG=C date +%Y-%m-%d_%s)" || exit 4
fi
echo "INFO: Umounting backup filesystem ..."
umount -v ${DEST} || exit 6
echo
exit 0

View File

@ -0,0 +1,113 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=$PREFIX
ROLE=testforge
# too early
[ -f /usr/local/etc/testforge/testforge.bash ] || exit 0
. /usr/local/etc/testforge/testforge.bash || exit 1
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
if uname -a | grep entoo ; then
GENTOO=0
else
GENTOO=1
fi
UBUNTU=$( [ -d /etc/apt ] )
for PYTHON_MINOR in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -z "$PYTHON_MINOR" ] && continue
# [ "$PYTHON_MINOR" = "$BASE_PYTHON2_MINOR" ] && PYMAJOR=2 || PYMAJOR=3
PYVER="${PYTHON_MINOR:0:1}"
cd $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ || exit $PYVER
[ -f __init__.py ] || touch __init__.py
INFO $PYVER GENTOO=$GENTOO $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/
ls -1d * | \
grep -v '__init__.py\|~$\|egg-info\|__pycache__\|egg-link\|dist-info\|pyc$\|pyo$\|pth$\|.sh$$\|.so$\|.egg$\|.tar$\|.log$\|.lis$\|.err$' | \
sed -e 's/\.py$//' | \
while read elt ; do
[ -z "$elt" ] && continue
[ $elt = cachecontrol ] && mod=CacheControl || mod=$elt
#exceptions
[ $elt = pip ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
[ $elt = ansible ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
#?FixMe: - we are now allowing site.py
[ $elt = site ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# broken for MarkupSafe-1.1.1-py2.7.egg-info
[ $elt = markupsafe ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# broken for PyYAML-5.3.1-py2.7.egg-info
[ $elt = yaml ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# Pygments-2.5.2-py2.7.egg-info
[ $elt = pygments ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# FixMe: what about the selenium patches
[ $elt = selenium ] && continue
# FixMe:
if [ $GENTOO -eq 0 ] && eix -r ^dev-python/${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then
DBUG $PYVER $elt is Installed
elif [ $GENTOO -eq 0 ] && eix ^dev-python/py${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then
DBUG $PYVER py$elt is Installed
elif [ -e /usr/$LIB/python$PYTHON_MINOR/$elt ] ; then
[ $elt = sitecustomize ] && echo WHY?: in /usr/$LIB/python$PYTHON_MINOR/$elt && continue
echo "DEBUG: $PYVER $elt is in /usr/$LIB/python$PYTHON_MINOR/$elt"
# The python$PYVER -s is crucial - otherwise
# /root/.local/lib64/python2.7/site-packages precedes
# /usr/lib64/python2.7/site-packageson sys.path
elif python$PYVER -s -c "import $mod,os; print os.path.realpath($mod.__path__[0])" 2>/dev/null | grep /usr/$LIB/ ; then
echo "DEBUG: $PYVER $elt is in /usr/$LIB/"
else
echo "INFO: $PYTHON_MINOR Checked OK - $elt"
continue
fi
WARN "$PYTHON_MINOR deleting - $elt"
if [ -d $elt ] ; then
INFO rm -rf *${elt}* .*${elt}*
rm -rf *${elt}* .*${elt}*
elif file $elt | grep 'empty' ; then
INFO rm -rf ${elt}
rm -rf ${elt}
elif [ -f "$elt.py" ] ; then
INFO rm ${elt}.py*
rm ${elt}.py*
elif [ -f "$elt.pyo" ] || [ -f "$elt.pyc" ] ; then
INFO rm -f ${elt}.pyc ${elt}.pyo
rm -f ${elt}.pyc ${elt}.pyo
else
echo "ERROR: oddball not a dir or file $( file $elt ) - \"$elt\""
fi
done
# FixMe: these are missed and crucial
[ -f /usr/local/lib64/python$PYTHON_MINOR7/site-packages/pkg_resources/__init__.py -a \
-f /usr/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/__init__.py ] &&
rm -rf /usr/local/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/
/usr/local/bin/python$PYVER.sh -c 'from pkg_resources import ensure_directory, ContextualZipFile' || \
WARN "from pkg_resources import ensure_directory, ContextualZipFile "
done
cd /usr/local/bin
for file in * ; do
[ -x $file ] || continue
[ -e /usr/bin/$file -o -e /usr/sbin/$file -o -e /usr/bin/$file.py ] || continue
# ls -l /usr/bin/$file $file
root=$( basename $file .py )
[[ $file =~ .*2.py$ ]] && DBUG $file && continue
[[ $file =~ .*2$ ]] && DBUG $file && continue
if file $file | grep -q 'Python script' && head -2 $file | grep -q '/python2' ; then
[[ $file =~ .*.py$ ]] && INFO mv $file ${root}2.py && mv $file ${root}2.py && continue
[ -e /usr/bin/$file.py ] && INFO mv $file ${file}2 && mv $file ${file}2 &&z \
INFO ln -s /usr/bin/$file.py $file && ln -s /usr/bin/$file.py $file && continue
WARN $file not python ; continue
fi
INFO mv $file ${file}2; mv $file ${file}2
done
exit 0

View File

@ -0,0 +1,8 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=testforge
ps axwe | grep -v grep | grep DBUS_SESSION_BUS_ADDRESS | \
sed -e 's/[A-Z][A-Z].*DBUS_SESSION_BUS_ADDRESS/DBUS_SESSION_BUS_ADDRESS/' \
-e 's/ [A-CE-Z][A-Z].*//'

View File

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
ROLE=toxcore
prog=$(basename $0 .bash)
KEY=0x066DAFCB81E42C40
TIMEO=15
WARGS="-v -S --dns-timeout $TIMEO --connect-timeout $TIMEO --read-timeout $TIMEO"
. /usr/local/bin/proxy_export.bash
if [ is = dead ] ; then
# URL="http://hkps.pool.sks-keyservers.net:80/pks/lookup?op=get&options=mr&search=$KEY"
URL="http://pgp.mit.edu:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/2$$.log -O /tmp/2$$.html $URL || {
ERROR retval=$? ; cat /tmp/2$$.log; exit 2 ;
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/2$$.html || exit 210
grep -q 'HTTP/1.1 200 OK' /tmp/2$$.log || exit 220
fi
URL="http://keyserver.ubuntu.com:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/3$$.log -O /tmp/3$$.html $URL || {
ERROR retval=$? /tmp/3$$.log
exit 3
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html || {
ERROR '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html
exit 310
}
grep -q 'HTTP/1.1 200 OK' /tmp/3$$.log || {
ERROR NO 'HTTP/1.1 200 OK' /tmp/3$$.log
exit 320
}
exit 0

View File

@ -0,0 +1,36 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# on stdout - messages on stderr
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
base=AnsI
# quiet
[ "$#" -eq 0 ] && exit 1
VARIABLE=$1
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
name=`hostname`
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then
base=$name
ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$TESTFORGE_ANSIBLE_SRC \
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then
#!? export
VALUE=`jq .$VARIABLE </tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
# [ -n "$DEBUG" ] && echo >&2 "DEBUG: $prog base=$base VALUE=$VALUE"
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
fi
rm -f /tmp/${AnsI}$$.json
fi
exit 0

View File

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
. /usr/local/bin/usr_local_base.bash || exit 2
umask 0022
[ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge
[ -f $inidir ] || mkdir -p $inidir
if [ -f $inidir ] ; then
inifile=$inidir
else
inifile=$inidir/testforge.ini
fi
# echo -n "DEBUG: $prog "; ls -l $inifile
[ -e $inifile ] || { ERROR no file $inifile ; exit 1 ; }
[ -s $inifile ] || { ERROR empty file $inifile ; exit 2 ; }
bashfile=$( echo $inifile | sed -e 's/.ini$/.bash/' )
if [ ! -s $bashfile ] || [ $inifile -nt $bashfile ] ; then
INFO "$inifile > $bashfile"
/usr/local/bin/fact_to_bash.bash < $inifile > $bashfile || exit 3
echo 'export PATH=$PATH:/sbin:/usr/local/bin:/var/local/bin' >> $bashfile
echo -n "DEBUG: $prog bashfile"; ls -l $bashfile
fi
ymlfile=$( echo $inifile | sed -e 's/.ini$/.yml/' )
if [ ! -s $ymlfile ] || [ $inifile -nt $ymlfile ] ; then
INFO "$inifile > $ymlfile"
/usr/local/bin/fact_to_yaml.bash < $inifile > $ymlfile || exit 4
echo -n "DEBUG: $prog ymlfile "; ls -l $ymlfile
fi
. $bashfile || exit $?
exec bash /usr/local/bin/base_sheebang_after_pip.bash

View File

@ -0,0 +1,33 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# very dangerous
[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/
[ -n "$ROOT" ] || exit 1
[ -d "$ROOT" ] || exit 2
ROLE=testforge
cd $ROOT || exit 2
GROUP=adm
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP
if [ -d ${ROOT}$PREFIX ] ; then
# allow
chgrp -R $GROUP ${ROOT}$PREFIX/{bin,data,lib64,src,net}
chmod -R g+rw,o-w ${ROOT}$PREFIX/{bin,data,lib64,src,net}
chmod a+x ${ROOT}$PREFIX/{bin,src,share/bash}/*sh
# if [ -d ${ROOT}$PREFIX/src/lynis ] ; then
chgrp -R $GROUP ${ROOT}$PREFIX/{bin,data,lib64,src,net}
# forbid /var
chgrp -R root ${ROOT}$PREFIX/{etc,var,share}
chmod -R g-w,o-w ${ROOT}$PREFIX/{etc,var,share}
fi
if [ -d ${ROOT}/usr/local ] ; then
# forbid /usr but lib/python* will be created and allowed on install
chgrp -R root ${ROOT}/usr/local/
chmod -R g-w,o-rw ${ROOT}/usr/local/
fi
exit 0

View File

@ -0,0 +1,93 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=testforge
BASE=/usr/share/ca-certificates/mozilla
TO=/usr/local/share/ca-certificates/mozilla
VER=20190110
DIR=ca-certificates-$VER
URL=deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_$VER.tar.xz
URL_CERTDATA=hg.mozilla.org/releases/mozilla-beta/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
LOG_DIR=/var/local/var/log
[ -d $LOG_DIR ] || mkdir $LOG_DIR
LOG_FILE=$LOG_DIR/ca-certificates_$$.log
rm -f $LOG_FILE
# on Gentoo it may be up to date
if false && which equery 2>/dev/null >/dev/null ; then
# 20190110.3.43
equery f app-misc/ca-certificates|grep /usr/share/doc/ca-certificates-$VER
fi
[ -d $TO ] || mkdir -p $TO
cd /usr/local/src || exit 1
if [ ! -d $DIR ] ; then
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { echo INFO: not connected ; exit 0 ; }
[ -f /usr/local/net/Http/$URL ] || \
wget -xcP /usr/local/net/Http/ http://$URL || exit 1
tar xvfJ /usr/local/net/Http/$URL
fi
cd $DIR/mozilla || exit 2
# will regenerate these if they exist
rm -f *crt
# leave the original OS /usr/share certs renamed to .old
ls $BASE/*.crt >/dev/null 2>/dev/null && \
for file in $BASE/*.crt ; do
[ -f "$file.old" ] && sudo rm "$file.old"
sudo mv "$file" "$file.old" || \
{ echo ERROR: moving $file $file.old ; exit 3 ; }
done
[ -f blacklist.txt ] || { echo ERROR: missing blacklist.txt ; exit 4 ; }
if [ ! -f certdata.txt.mozilla ] && grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
[ -f /usr/local/net/Http/$URL_CERTDATA ] || \
wget -xcP /usr/local/net/Http/ http://$URL_CERTDATA
fi
if [ ! -f certdata.txt.mozilla ] && [ -f /usr/local/net/Http/$URL ] ; then
cp -p /usr/local/net/Http/$URL_CERTDATA certdata.txt.mozilla
fi
if [ -f certdata.txt.mozilla -a certdata.txt.mozilla -nt certdata.txt ] ; then
[ -f certdata.txt.debian ] || mv certdata.txt certdata.txt.debian
cp -p certdata.txt.mozilla certdata.txt
fi
python2 ./certdata2pem.py >> $LOG_FILE 2>&1 || exit 5
ls *.crt >/dev/null 2>/dev/null && \
for file in *crt ; do
sudo mv $file $TO/$file || \
{ echo ERROR: moving $file $TO/$file ; exit 6 ; }
done
[ -f $TO/blacklist.txt ] || \
sudo cp -p blacklist.txt $TO
#[ -f /etc/ca-certificates.conf ] && [ ! -f /etc/ca-certificates.conf.old ] && \
# sudo mv /etc/ca-certificates.conf /etc/ca-certificates.conf.old
# morons: this return rc=0 even when there is an exception - with java7 -
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
sudo bash /usr/sbin/update-ca-certificates --verbose > $LOG_FILE 2>&1
[ $? -ne 0 ] && exit 7$?
grep Exception: $LOG_FILE && exit 8
cd /usr/local/share/ca-certificates/mozilla || exit 9
for file in *crt; do diff $file /usr/share/ca-certificates/mozilla/$file.old ; done \
>> $LOG_FILE 2>&1
cd /usr/share/ca-certificates/mozilla || exit 10
echo INFO: /usr/share/ca-certificates/mozilla >> $LOG_FILE 2>&1
for file in *.old; do diff $file /usr/local/share/ca-certificates/mozilla$( basename $file .old );done \
>> $LOG_FILE 2>&1
exit 0
# alternate
# wget -xcP /usr/local/net/Http/ http://ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb;alien -t -c /usr/local/net/Http/ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb ; tar xvfz ca-certificates-20190110.tgz -C /usr/local/share/ca-certificates/mozilla

View File

@ -0,0 +1,25 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=$PREFIX
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=2
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
#? -S causes problems - why was it there?
for file in "$@" ; do
$PREFIX/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \
$LOPTS --box '' --file "$file"
done

View File

@ -0,0 +1,26 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=$PREFIX
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
#? -S causes problems - why was it there?
for file in "$@" ; do
[ ! -f "$file" ] && WARN file not found $file && continue
/usr/local/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \
$LOPTS --box '' --file "$file"
done

View File

@ -0,0 +1,60 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_base.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

View File

@ -0,0 +1,519 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/proxy_curl_lib.bash
[ -z "$TIMEOUT" ] && TIMEOUT=30
TIMEOUT3=`expr 3 \* $TIMEOUT`
SSLSCAN_ARGS="-4 --show-certificate --bugs --timeout $TIMEOUT"
[ $SSL_VER = 3 ] && SSLSCAN_ARGS="$SSLSCAN_ARGS --tls13" || \
SSLSCAN_ARGS="$SSLSCAN_ARGS --tls12"
# -cipher 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' -debug
# no timeout -no_tls1_1 -no_tls1_2
OPENSSL_ARGS="-4 -showcerts -bugs -status -state -no_ign_eof"
[ $SSL_VER = 3 ] && OPENSSL_ARGS="$OPENSSL_ARGS -tls1_3" || \
OPENSSL_ARGS="$OPENSSL_ARGS -tls1_2"
# --no-colour ?--show-certificate ?--show-client-cas ?--show-ciphers ?--tlsall
TESTSSL_ARGS="-4 --server-defaults --protocols --grease --server-preference --heartbleed --ccs-injection --renegotiation --breach --tls-fallback --drown --assume-http --connect-timeout $TIMEOUT3 --openssl-timeout $TIMEOUT3 --standard --vulnerable --ssl-native --phone-out --nodns none"
ANALYZE_ARGS="--timeout $TIMEOUT --all-ciphers --verbose"
NMAP_ARGS="--script ssl-enum-ciphers -v --script-trace"
# no --cert-status -> ocsp
CURL_ARGS="--silent -vvv --head --connect-timeout $TIMEOUT"
CURL_HTTP_ARGS="$CURL_ARGS --fail --location --http2 --proto-redir https --proto-default https --proto =https"
# [ -d /usr/local/share/ca-certificates/mozilla ] && \
# CURL_ARGS="$CURL_ARGS --capath usr/local/share/ca-certificates/mozilla"
[ $SSL_VER = 3 ] && CURL_ARGS="$CURL_ARGS --tlsv1.3" || \
CURL_ARGS="$CURL_ARGS --tlsv1.2"
NOW=`date +%s`
DATE () {
local elt=$1
shift
# DEBUG=1
$elt $( expr `date +%s` - $NOW )s $*
return 0
}
ssltest_proxies () {
PROXY_SCHEME=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 1 -d ' '`
PROXY_HOST=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 2 -d ' '`
PROXY_PORT=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 3 -d ' '`
# SocksPolicy Accept in /etc/tor/torrc - required and works with sslscan
TESTSSL_ENVS="env MAX_OSSL_FAIL=10 DNS_VIA_PROXY=true PROXY_WAIT=$TIMEOUT"
if [ -n "$SSLTEST_HTTP_PROXY" ] ; then
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
elif [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
# WTF HTTP CONNECT failed: 502 Bad Gateway (tor protocol violation)
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
fi
# Make sure a firewall is not between you and your scanning target!
# `sed -e 's@.*/@@' <<< $SSLTEST_HTTPS_PROXY`
# timesout 3x
# TESTSSL_ARGS="$TESTSSL_ARGS --proxy=auto"
# use torsocks instead of
# ANALYZE_ARGS="ANALYZE_ARGS --starttls http_proxy:${PROXY_HOST}:$PROXY_PORT"
CURL_ARGS="$CURL_ARGS -x socks5h://${SOCKS_HOST}:$SOCKS_PORT"
#? NMAP_ARGS="$NMAP_ARGS -x socks4://${SOCKS_HOST}:$SOCKS_PORT"
# no proxy args and no _proxy strings
SSLSCAN_ENVS="$TORSOCKS "
ANALYZE_ENVS="$TORSOCKS "
# proxy timesout
TESTSSL_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP $TESTSSL_ENVS"
NMAP_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP "
CURL_ENVS=" "
return 0
}
ssltest_nmap () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=nmap
DATE DBUG $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" $eltfile
INFO $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" >> $eltfile
$NMAP_ENVS $exe $NMAP_ELTS $site >> $eltfile 2>&1
retval=$?
if grep -q '(1 host up)' $eltfile ; then
if grep -q TLS_AKE_WITH_AES_256_GCM_SHA384 $eltfile ; then
INFO "$elt TLS_AKE_WITH_AES_256_GCM_SHA384 = $eltfile" | tee -a $eltfile
else
INFO "$elt CA=$cacert = $eltfile" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
ERROR "$elt retval=$retval timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
else
WARN $elt "NO '(1 host up)' in" $eltfile
fi
return 0
}
## ssltest_nmap
## no good for 1.3
ssltest_sslscan () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=sslscan
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" $eltfile
INFO "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" >> $eltfile
$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# ECDHE-RSA-AES256-SHA pop.zoho.eu tls1.2
if [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ERROR $eltfile ; then
ERROR "$elt ERROR CA=$cacert = $eltfile" | tee -a $eltfile
retval=-1
elif grep EROR: $eltfile ; then
ERROR "$elt EROR: CA=$cacert = $eltfile" | tee -a $eltfile
retval=-2
elif grep "Certificate information cannot be retrieved." $eltfile ; then
WARN "$elt 'Certificate information cannot be retrieved' = $eltfile" | tee -a $eltfile
elif grep "TLSv1.$SSL_VER.*disabled" $eltfile ; then
ERROR "$elt TLSv1.$SSL_VER disabled = $eltfile" | tee -a $eltfile
retval=-3
elif ! grep '^\(Subject\|Altnames\).*'"$site" $eltfile ; then
# *.zoho.eu
WARN "$elt not 'Subject\|Altnames' = $eltfile" | tee -a $eltfile
elif ! grep -q Accepted $eltfile ; then
WARN "$elt not Accepted CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $SSL_VER = 3 ] && ! grep -q TLS_AES_256_GCM_SHA384 $eltfile ; then
WARN "$elt not TLS_AES_256_GCM_SHA384 CA=$cacert = $eltfile" | tee -a $eltfile
else
DATE INFO "$elt Accepted CA=$cacert = $eltfile " | tee -a $eltfile
fi
return $retval
}
## ssltest_openssl
ssltest_openssl () {
local elt=$1
local site=$2
local exe=openssl
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
# -msg -msgfile $TMPDIR/$$.$site.s_client.msg
DATE DBUG "$elt s_client $OPENSSL_ELTS" $site $eltfile
INFO "$exe s_client $OPENSSL_ELTS timeout=$total_s" $site >> $eltfile
timeout $total_s $exe s_client $OPENSSL_ELTS $site < /dev/null >> $eltfile 2>&1
retval=$?
if [ $retval -eq 124 ] ; then
WARN "$elt failed timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -eq 1 ] ; then
num=`grep ':SSL alert number' $eltfile | sed -e 's/.*:SSL alert number //'`
if [ $? -eq 0 ] && [ -n "$num" ] ; then
ERROR "$elt failed retval=$retval SSL alert #$num ${SSL_ALERT_CODES[$num]} CA=$cacert = $eltfile" | tee -a $eltfile
else
ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile
cat $eltfile
fi
elif grep ':error:' $eltfile ; then
a=`grep ':error:' $eltfile | sed -e 's/^[0-9]*:[^:]*:[^:]*:[^:]*:[^:]*://' -e 's/:.*//' |head -1 `
ERROR "$elt :error: $a CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'Cipher is (NONE)\|SSL handshake has read 0 bytes' $eltfile ; then
ERROR "$elt s_client Cipher is (NONE) CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'HTTP CONNECT failed:' $eltfile ; then
WARN "$elt failed HTTP CONNECT failed CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'unable to get local issuer certificate' $eltfile ; then
WARN "$elt s_client unable to get local issuer certificate CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'Verification error: certificate has expired' $eltfile ; then
WARN "$elt s_client Verification error: certificate has expired = $eltfile | tee -a $eltfile" | tee -a $eltfile
elif ! grep -q '^depth=0 CN.*'$site $eltfile ; then
WARN "$elt s_client CN NOT $site = $eltfile" | tee -a $eltfile
elif grep 'OSCP response: no response' $eltfile ; then
WARN "$elt s_client OSCP response: no response = $eltfile | tee -a $eltfile" | tee -a $eltfile
elif grep 'New, TLSv1.$SSL_VER, Cipher is TLS' $eltfile ; then
DATE INFO "$elt TLSv1.$SSL_VER, Cipher is TLS CA=$cacert = $eltfile " | tee -a $eltfile
else
DATE INFO "$elt client CA=$cacert = $eltfile " | tee -a $eltfile
fi
return $retval
}
## ssltest_testssl
ssltest_testssl () {
local elt=$1
local site=$2
local exe=/usr/local/bin/$elt.sh
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT3`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" $eltfile
INFO DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" >> $eltfile 2>&1
# TLS 1.2 offered (OK)
# TLS 1.3 offered (OK)
# You should not proceed as no protocol was detected. If you still really really want to, say "YES" -->
echo YES | timeout $total_s env $TESTSSL_ENVS $exe $TESTSSL_ELTS $site:$SSL_PORT >>$eltfile 2>&1
retval=$?
subdir=`grep 'DEBUG (level 1): see files in' $eltfile | sed -e 's/.* //' -e "s/[$'].*//"`
if [ -n "$subdir" ] ; then
subdir="${subdir::19}"
if [ -d "$subdir" ] ; then
DBUG found \"$subdir\"
cat "$subdir"/*parse*txt >> $eltfile
fi
fi
if grep "Protocol.*TLSv1.$SSL_VER" $eltfile ; then
# timesout after success
DATE INFO "$elt $site Protocol : TLSv1.$SSL_VER CA=$cacert =$eltfile" | tee -a $eltfile
retval=0
elif grep 'TLS 1.$SSL_VER *.*offered.*(OK)' $eltfile ; then
DATE INFO "$elt $site TLS 1.$SSL_VER offered CA=$cacert =$eltfile" | tee -a $eltfile
retval=0
elif [ $retval -eq 124 ] ; then
WARN $elt $site "timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'TLS 1.$SSL_VER.*not offered and downgraded to a weaker protocol' $eltfile ; then
DATE ERROR "$elt $site TLS 1.$SSL_VER NOT offered CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 1`
elif grep -q 't seem to be a TLS/SSL enabled server' $eltfile ; then
DATE ERROR "$elt $site doesnt seem to be a TLS/SSL enabled server: CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 2`
elif grep -q 'Client problem, No server cerificate could be retrieved' $eltfile ; then
WARN "$elt $site Client problem: CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'Fixme: something weird happened' $eltfile ; then
WARN "$elt $site Fixme: something weird happened CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 4`
elif grep 'Oops: TCP connect problem' $eltfile ; then
WARN "$elt $site Oops: TCP connect problem CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 5`
elif [ $retval -gt 5 ] ; then
# returns 5
WARN "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ': unable to\| error:' $eltfile ; then
ERROR "$elt.bash unable to / error: CA=$cacert = $eltfile" | tee -a $eltfile
retval=`expr 256 - 6`
elif grep 'unexpected error' $eltfile ; then
ERROR "$elt.bash unexpected error CA=$cacert = $eltfile" | tee -a $eltfile
retval=`expr 256 - 7`
elif [ "$retval" -eq 1 ] ; then
DATE ERROR "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
elif grep -q "Negotiated protocol.*TLSv1.$SSL_VER" $eltfile ; then
# TLS_AES_256_GCM_SHA384
DATE INFO "$elt.bash TLSv1.$SSL_VER retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
elif [ "$retval" -ne 0 ] ; then
# 5 is success
DATE WARN "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
else
DATE INFO "$elt.bash no error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
fi
if grep ' VULNERABLE ' $eltfile ; then
WARN "$elt.bash VULNERABLE: CA=$cacert = $eltfile " | tee -a $eltfile
fi
grep 'Overall Grade' $eltfile
return $retval
}
## ssltest_analyze_ssl $elt $site
ssltest_analyze_ssl () {
local elt=$1
local site=$2
local exe=/usr/local/bin/analyze-ssl.pl.bash
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG $elt "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" $eltfile
INFO "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" >> $eltfile
timeout $total_s $ANALYZE_ENVS $exe $ANALYZE_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
if [ ! -s $eltfile ] ; then
ERROR "$elt failed empty $eltfile" | tee -a $eltfile
retval=`expr 256 - 1`
elif grep "successful connect with TLSv1_$SSL_VER" $eltfile && \
grep 'all certificates verified' $eltfile ; then
# succeeds but timesout
DATE INFO "$elt successful connect with TLSv1_$SSL_VER retval=$retval error = $eltfile" | tee -a $eltfile
elif [ $retval -eq 124 ] ; then
WARN "$elt timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval = $eltfile" | tee -a $eltfile
elif grep ERROR: $eltfile ; then
ERROR "$elt failed ERROR: = $eltfile" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'certificate verify - name does not match' $eltfile ; then
ERROR "$elt failed name does not match = $eltfile" | tee -a $eltfile
retval=`expr 256 - 4`
elif ! grep 'certificate verified : ok' $eltfile ; then
ERROR "$elt failed NO certificate verified = $eltfile" | tee -a $eltfile
retval=`expr 256 - 5`
elif grep 'certificate verified : FAIL' $eltfile ; then
ERROR "$elt certificate verified : FAIL = $eltfile" | tee -a $eltfile
retval=`expr 256 - 6`
elif grep 'handshake failed with HIGH' $eltfile ; then
WARN "$elt failed handshake failed with HIGH = $eltfile" | tee -a $eltfile
retval=`expr 256 - 7`
elif grep '^ \! ' $eltfile ; then
ERROR "$elt failed \! = $eltfile" | tee -a $eltfile
retval=`expr 256 - 8`
else
DATE INFO "$elt no error = $eltfile" | tee -a $eltfile
fi
return $retval
}
## ssltest_curl
ssltest_curl () {
local elt=$1
local site=$2
local exe="/usr/local/bin/s$elt.bash -- "
local outfile=$3
[ -f "$outfile" ] || { WARN no outfile ; return 1 ; }
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
local prot
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
[ -n "$SSL_PORT" ] || { WARN no SSL_PORT ; return 3 ; }
exe=curl
if [ "$SSL_PORT" = 443 ] ; then
prot=https
elif [ "$SSL_PORT" = 995 ] ; then
prot=pop3s
exe=curl
CURL_ELTS="$CURL_ELTS -l"
elif [ "$SSL_PORT" = 587 ] ; then
prot=smtps
exe=curl
# CURL_ELTS="$CURL_ELTS"
else
ERROR $elt unrecognized port protocol $SSL_PORT
return 3
fi
DATE DBUG $elt $CURL_ENVS "`basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" $eltfile
INFO $elt "$CURL_ENVS `basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS ${prot}://$site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# grep '= /tmp/scurl'
ERRF=$eltfile
if [ $SSL_VER -eq 3 ] && ! grep "SSL connection using TLSv1.$SSL_VER" $ERRF ; then
ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 1`
cat $eltfile
elif ! grep -q "SSL connection using TLSv1.[3$SSL_VER]" $ERRF ; then
ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 1`
cat $eltfile
elif [ $retval -eq 77 ] || grep -q 'CURLE_SSL_CACERT_BADFILE' $ERRF ; then
ERROR "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 28 ] || grep -q 'CURLE_OPERATION_TIMEDOUT' $ERRF ; then
WARN "$elt retval=$retval CURLE_OPERATION_TIMEDOUT ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 91 ] || grep -q 'CURLE_SSL_INVALIDCERTSTATUS' $ERRF ; then
WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 28 ] || grep 'Connection timed out' $ERRF ; then
WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 22 ] || grep -q 'curl: (22) The requested URL returned error:' $ERRF; then
# on 22 - change to HTTP code
code=`grep 'curl: (22) The requested URL returned error:' $ERRF | sed -s 's/.*returned error: //'`
if [ "$code" = 416 ] ; then
INFO "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
retval=$code
elif [ -n "$code" ] && [ "$code" -ge 400 ] ; then
# 403 Cloudflare
ERROR "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
retval=$code
else
WARN "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
# curl: (3) URL using bad/illegal format or missing URL - worked
WARN "$elt retval=$retval ${CURLE[$retval]} CA=$cacert = $ERRF" | tee -a $eltfile
elif ! grep "subject: CN=$site" $ERRF ; then
ERROR "$elt NO subject: CN=$site CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 2`
elif grep "503 - Forwarding failure" $ERRF ; then
WARN "$elt 503 - Forwarding failure CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'we are not connected' $eltfile ; then
WARN "$elt CA=$cacert = $ERRF" | tee -a $eltfile
retval=0
else
INFO "$elt CA=$cacert = $ERRF" | tee -a $eltfile
retval=0
fi
# TLSv1.3 (IN), TLS handshake, Finished
return $retval
}
## ssllabs_analyze
ssltest_analyze () {
local elt=$1
local site=$2
local exe="/usr/local/bin/scurl.bash -- "
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
local url="https://www.ssllabs.com/ssltest/analyze.html?d=$site"
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
DATE DBUG "$elt $CURL_ELTS SSL_PORT=$SSL_PORT $url" $eltfile
INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1
retval=$?
if [ $retval -ne 0 ] ; then
DATE WARN "$elt retval=$retval $url" $eltfile >> $outfile
else
DATE INFO "$elt retval=$retval $url" $eltfile >> $outfile
fi
return $retval
}
## ssltest_ssllabs
ssltest_ssllabs() {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local site_ip=$4
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local host=www.ssllabs.com
local url="ssltest/analyze.html?d=$site&s=$site_ip"
local exe="/usr/local/bin/scurl.bash -- "
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
DATE DBUG "$elt $CURL_ELTS $url" $eltfile
INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1
retval=$?
if [ $retval -ne 0 ] ; then
DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile
elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'No' ; then
DATE ERROR "$elt retval=$retval $url" $eltfile | tee -a $eltfile
retval=`expr 256 - 1`
elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'Yes' ; then
DATE INFO "$elt retval=$retval $url" $eltfile | tee -a $eltfile
retval=0
else
DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile
fi
return $retval
}
## ssltest_http2_alt_svc
ssltest_http2_alt_svc() {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local exe="/usr/local/bin/scurl.bash -- "
local host=www.integralblue.com
local url=1.1.1.1/fun-stuff/dns-over-tor/
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
if [ -n "$socks_proxy" ] ; then
export socks_proxy=`sed -e 's/socks[a-z0-9]*:/socks5h:/' <<< $socks_proxy`
$exe --head --http2 -x $socks_proxy https://$host/$url > $eltfile 2>&1
else
$exe --head --http2 https://$host/$url > $eltfile 2>&1
fi
#? grep '^HTTP/2 301' $eltfile || exit 1
grep '^HTTP/2 ' $eltfile || return 11
grep 'alt-svc:' $eltfile || return 12
onion=`grep 'alt-svc:' $eltfile | sed -e 's/.*h2=.//' -e 's/";.*//'` # || exit 3
if [ -n "$socks_proxy" ] ; then
$exe --head -x $socks_proxy https://$onion/$url >> $eltfile 2>&1
retval=$?
else
$exe --head https://$onion/$url >> $eltfile 2>&1
retval=$?
fi
if [ $retval -eq 0 ] ; then
DATE INFO $elt https://$host/$url | tee -a $eltfile
else
DATE WARN $elt https://$host/$url | tee -a $eltfile
fi
return $?
}

View File

@ -0,0 +1,344 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
export PATH=/sbin:$PATH
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
#[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
. $PREFIX/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/proxy_ping_lib.bash >/dev/null || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 3; }
#? . $PREFIX/src/usr_local_src.bash || exit 2
DNS_TRIES=3
LOGP=TestSSL_`date -u +%y-%m-%d_%H_$$`
rm -f $TMPDIR/${LOGP}*
# analyze-ssl passed files.pythonhosted.org
# INFO: 226s analyze-ssl no error = /tmp/_files.pythonhosted.org_analyze-ssl.out
[ -z "$SSLTEST_TESTS" ] && SSLTEST_TESTS="curl openssl testssl nmap" # sslscan
[ -z "$SSLTEST_CERTS" ] && SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt /usr/local/etc/ssl/cacert-testforge.pem"
[ -z "$SSLTEST_TIMEOUT" ] && SSLTEST_TIMEOUT=30
[ -z "$SSLTEST_SOCKS_PROXY" -a -n "$socks_proxy" ] && SSLTEST_SOCKS_PROXY=$socks_proxy \
&& DBUG SSLTEST_SOCKS_PROXY=$socks_proxy
if [ -z "$SSLTEST_HTTPS_PROXY" -a -n "$https_proxy" ] ; then
SSLTEST_HTTPS_PROXY=$https_proxy
DBUG SSLTEST_HTTPS_PROXY=$SSLTEST_HTTPS_PROXY
fi
[ -z "$SSLTEST_HTTP_PROXY" -a -n "$http_proxy" ] && SSLTEST_HTTP_PROXY=$http_proxy \
&& DBUG SSLTEST_HTTP_PROXY=$http_proxy
[ -z "$BOX_BYPASS_PROXY_GROUP" ] && BOX_BYPASS_PROXY_GROUP=bin
SSL_LIB=openssl
# [ "$MODE" ] && proxy_ping_test.bash $MODE
declare -a BADSSL_SITES
BADSSL_SITES=(
self-signed.badssl.com
expired.badssl.com
mixed.badssl.com
rc4.badssl.com
hsts.badssl.com
)
declare -a GOODSSL_SITES
GOODSSL_SITES=(
files.pythonhosted.org
mirrors.dotsrc.org
deb.devuan.org
# dfw.source.kernel.org
# cdn.kernel.org
)
badssl=0
goodssl=0
[ "$#" -eq 0 ] && goodssl=1
tests="$SSLTEST_TESTS"
verbosity=2
outdir=/tmp
timeout=$SSLTEST_TIMEOUT
onion=0
CAFILE=/usr/local/etc/ssl/cacert-testforge.pem
TMPDIR=/tmp
SSL_PORT=443
SSL_VER=3
usage() {
echo "Usage: $0 [OPTIONS] dirs-or-files"
echo
echo " -B | --badssl - test badssl.org sites"
echo " -G | --goodssl - test good sites"
echo " -S | --ssl - tls version v1.x - 2 or 3"
echo " -O | --onion - onion"
echo " -o | --outdir=$TMPDIR - output directory"
echo " -v | --verbosity=$verbosity - verbosity 0 least 5 most"
echo " -T | --timeout=$timeout - timeout in sec."
echo " -E | --tests=`sed -e 's/ /,/g' <<< $tests` - tests, comma separated"
echo " -C | --certs=`sed -e 's/ /,/g' <<< $SSLTEST_CERTS` - tests, comma separated"
echo " -Y | --ciphers - comma sep list of ciphers"
echo " -P | --port - port default $SSL_PORT"
echo " -N | --connect - connect"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
SHORTOPTS="hVGBv:T:C:P:S:E:Y:ON:"
LONGOPTS="help,version:,goodssl,badssl,verbosity:,timeout,certs:,port:,ssl:,tests:,ciphers:,onion,connect:"
declare -a SITES
SITES=()
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && { ERROR "error parsing getopt" ; exit 4 ; }
eval set -- "$ARGS"
while true; do
case "$1" in
-o|--outdir)
shift
TMPDIR="$1"
;;
-v|--verbosity)
shift
verbosity="$1"
;;
-T|--timeout)
shift
timeout="$1"
;;
-S|--ssl)
shift
SSL_VER="$1"
;;
-P|--port)
shift
SSL_PORT="$1"
;;
-N|--connect)
shift
SSL_CONNECT="$1"
;;
-C|--certs)
shift
SSLTEST_CERTS="`sed -e 's/,/ /g' <<< $1`"
;;
-Y|--ciphers)
shift
SSLTEST_CIPHERS="`sed -e 's/,/ /g' <<< $1`"
;;
-t|--tests)
shift
tests="`sed -e 's/,/ /g' <<< $1`"
;;
-O|--onion)
onion=1
;;
-G|--goodssl)
goodssl=1
badssl=0
;;
-B|--badssl)
badssl=1
goodssl=0
;;
-V|--version)
usage
exit 0
;;
-h|--help)
usage
exit 0
;;
'--')
shift
SITES=("$@")
break
;;
*)
{ ERROR "unrecognized arguments $*" ; exit 5 ; }
break
;;
esac
shift
done
[ "${#SITES[*]}" -eq 0 -a $badssl -gt 0 ] && SITES=("${BADSSL_SITES[@]}")
[ "${#SITES[*]}" -eq 0 -a $goodssl -gt 0 ] && SITES=("${GOODSSL_SITES[@]}")
[ "${#SITES[@]}" -eq 0 ] && { ERROR "no arguments $*" ; exit 7 ; }
[ "$SSL_VER" -ge 2 -a "$SSL_VER" -le 3 ] || { ERROR "SSL_VER $SSL_VER" ; exit 6 ; }
[ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" || { ERROR "mkdir $TMPDIR" ; exit 8 ; }
[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; exit 9 ; }
[ $onion -eq 0 ] && TIMEOUT=$timeout || TIMEOUT=`expr $timeout \* 2`
SSLTEST_TESTS="$tests"
declare -a tests_ran
tests_ran=()
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; }
IF=`route | grep ^def |sed -e 's/.* //'`
[ -n "$IF" ] || { ERROR "no IF" ; exit 10 ; }
IP=`ifconfig $IF|grep -A 2 ^wlan |grep inet | sed -e 's/.*inet //' -e 's/ .*//'`
[ -n "$IP" ] || { ERROR "no IP" ; exit 11 ; }
[ -z "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash
netstat -nle4 | grep -v grep | grep -q 0.1:53 || \
{ WARN "DNS not running - netstat " ; }
# iptables-legacy-save | grep "OUTPUT -o wlan4 -m owner --gid-owner 2 -j ACCEPT"
# uses TIMEOUT=30
. $PREFIX/bin/testforge_ssl_lib.bash
if [ "$USER" = bin ] ; then
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
else
DEBUG=0 proxy_ping_get_socks >/dev/null
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
fi
if [ "$USER" = bin ] ; then
TORSOCKS=""
elif [ $SOCKS_HOST != 127.0.0.1 ] ; then
TORSOCKS="torsocks --address $SOCKS_HOST --port $SOCKS_PORT "
elif [ $SOCKS_PORT != 9050 ] ; then
TORSOCKS="torsocks --port $SOCKS_PORT "
else
TORSOCKS="torsocks "
fi
if [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
grep -q "SocksPolicy *accept *$IP" /etc/tor/torrc || \
{ WARN "need SocksPolicy accept $IP in /etc/tor/torrc" ; }
fi
# This works off the $https_proxy environment variable in the form http://127.0.0.1:9128
# so you can test trans routing by call this with that unset.
ssltest_proxies $onion
rm -f $TMPDIR/${LOGP}.*.*
OUTF=$TMPDIR/${LOGP}.out
for CAFILE in $SSLTEST_CERTS ; do
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || {
WARN $prog we are not connected >&2
exit `expr 256 - 1`
}
[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; continue ; }
DATE DBUG CAFILE=$CAFILE --address $SOCKS_HOST --port $SOCKS_PORT
cacert=`basename $CAFILE`
for site in "${SITES[@]##*/}" ; do
warns=0
IF=`route | grep ^def |sed -e 's/.* //'`
[ -n "$IF" ] || { WARN "$site no route" ; continue ; }
SITE_OUTF=$TMPDIR/${LOGP}_${site}.out
DEBUG=1 DATE DBUG $site CAFILE=$CAFILE $SITE_OUTF | tee -a $SITE_OUTF
# ERROR: Could not resolve hostname www.devuan.org.
i=0
while [ $i -le $DNS_TRIES ] ; do
if [ $onion -eq 0 ] ; then
site_ip=`dig $site +retry=5 +tries=2 +noall +answer +short | awk '{ print $1 }'` && break
else
site_ip=`tor-resolve -4 $site` && break
fi
i=`expr $i + 1`
sleep 5
done
[ $i -ge $DNS_TRIES ] && ERROR failed resolve $site | tee -a $SITE_OUTF
[ $i -ge $DNS_TRIES ] && site_ip=$site
elt=sslscan
SSLSCAN_ELTS="$SSLSCAN_ARGS --certs $CAFILE --sni-name $site"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_sslscan $elt $site $SITE_OUTF $site_ip
elt=openssl
OPENSSL_ELTS="$OPENSSL_ARGS -CAfile $CAFILE -servername $site"
[ -n "$SSL_CONNECT" ] && OPENSSL_ELTS="$OPENSSL_ARGS -connect ${SSL_CONNECT}:$SSL_PORT"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $onion -eq 0 ] && \
tests_ran+=($elt) && \
ssltest_openssl $elt $site $SITE_OUTF $site_ip
elt=testssl
rm -f $TMPDIR/${LOGP}.$site.$elt.json # --jsonfile-pretty $TMPDIR/${LOGP}.$site.$elt.json
TESTSSL_ELTS="$TESTSSL_ARGS --add-ca $CAFILE --append --ip $site_ip"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $onion -eq 0 ] && \
tests_ran+=($elt) && \
ssltest_testssl $elt $site $SITE_OUTF $site_ip
elt=analyze-ssl
ANALYZE_ELTS="$ANALYZE_ARGS --CApath $CAFILE --name $site"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $SSL_PORT = 443 ] && \
tests_ran+=($elt) && \
ssltest_analyze_ssl $elt $site $SITE_OUTF $site_ip
elt=curl
CURL_ELTS="$CURL_ARGS --cacert $CAFILE --output /dev/null"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_curl $elt $site $SITE_OUTF $site_ip
elt=nmap
NMAP_ELTS="$NMAP_ARGS --host-timeout $TIMEOUT -p $SSL_PORT"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_nmap $elt $site $SITE_OUTF $site_ip
elt=ssllabs
[ $SSL_PORT = 443 ] && \
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_ssllabs $elt $site $SITE_OUTF $site_ip
done
done
# bonus
elt=alt_svc
[ $SSL_PORT = 443 ] && \
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_http2_alt_svc $elt - $SITE_OUTF -
cat $TMPDIR/${LOGP}_*.out > $OUTF
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
a=`openssl ciphers -v 'ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM' | wc -l | sed -e 's/ .*//'`
[ $? -eq 0 ] && [ "$a" -eq 0 ] && \
WARN "no openssl ciphers" | tee -a $OUTF
DEBUG=1 DBUG "${#tests_ran[@]}" TESTS="${tests_ran[@]}"
warns=`grep -c WARN: $OUTF`
[ $? -eq 0 ] && [ "$warns" -gt 0 ] && DATE WARN "$warns warns for $site in $OUTF"
errs=`grep -c 'ERROR:\|EROR:' $OUTF`
[ $? -eq 0 ] && [ "$errs" -gt 0 ] && DATE ERROR "$errs errs for $site in $OUTF"
[ $? -eq 0 ] && [ "$warns" -eq 0 -a "$errs" -eq 0 ] && \
DATE INFO "NO warns/errs for $site in $OUTF"
exit $errs
# pysslscan scan --scan=protocol.http --scan=vuln.heartbleed --scan=server.renegotiation \
# --scan=server.preferred_ciphers --scan=server.ciphers \
# --report=term:rating=ssllabs.2009e --ssl2 --ssl3 --tls10 --tls11 --tls12
# /usr/local/bin/ssl-cipher-check.pl

View File

@ -0,0 +1,68 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher
# https://code.google.com/p/chromium/issues/detail?id=58831
DIR=testssl.sh
GITHUB_USER=drwetter
GITHUB_DIR=$DIR
. $PREFIX/src/var_local_src.bash
BINS=testssl
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
[ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR
for elt in $BINS ; do
file=$PREFIX/bin/$elt.bash
if [ ! -f $file ] ; then
cat > $file << EOF
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
cd $PREFIX/src/$DIR
exec bash testssl.sh "\$@"
EOF
chmod +x $PREFIX/bin/testssl.bash
fi
done
exit 0
elif [ $1 = 'check' ] ; then # 1*
ols_test_bins && exit 0 || exit 1$?
elif [ $1 = 'lint' ] ; then # 2*
/var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
for bin in $BINS ; do
$PREFIX/bin/$bin.bash --help >/dev/null || exit 3$?
done
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
#error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream
#error: 1970 bytes of body are still expected
#fetch-pack: unexpected disconnect while reading sideband packet
#fatal: early EOF
#fatal: fetch-pack: invalid index-pack output
fi
# wget -P https://testssl.sh/testssl.sh
exit 0

View File

@ -0,0 +1,6 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=toxcore
cd $PREFIX/src/testssl.sh || exit 1
exec bash testssl.sh "$@"

View File

@ -0,0 +1,50 @@
#/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -n "$PYDEV_VAR_LOCAL" ] && PREFIX=$PYDEV_VAR_LOCAL
DESC=""
. /usr/local/src/usr_local_src.bash || exit 1
HTTP_DIR=$PREFIX/net/Http
DIR=tinfoilhat.shmoo.com
URL=web.archive.org/web/20121116091222/http:/
cd $PREFIX/src || exit 2
WD=$PWD
if [ $# -eq 0 ] ; then
if [ ! -d $DIR ] ; then
route|grep -q ^default || exit 0
mkdir $DIR $DIR/source
wget -cP $DIR/source http://$URL/$DIR/source/bb-random.c \
http://$URL/$DIR/source/gpggrid-version-on-floppy.c \
http://$URL/$DIR/source/gpggrid.c || exit 3
fi
cd $PREFIX/src/$DIR/source || exit 4
[ -x gpggrid ] || \
cc -o gpggrid --static gpggrid.c || exit 5
[ -f staticgpggrid.c ] || \
sed -e 's/"gpg"/"staticgpg"/' gpggrid.c > staticgpggrid.c
[ -x staticgpggrid ] || \
cc -o staticgpggrid --static staticgpggrid.c || exit 6
[ -x $PREFIX/bin/gpggrid -a $PREFIX/bin/gpggrid -nt gpggrid ] || \
cp -p gpggrid $PREFIX/bin/ || exit 7
[ -x $PREFIX/bin/staticgpggrid -a $PREFIX/bin/staticgpggrid -nt gpggrid ] || \
cp -p staticgpggrid $PREFIX/bin/ || exit 8
OPREFIX=$PREFIX/share/genkernel/overlay
[ -d $OPREFIX/bin ] || mkdir $OPREFIX/bin
[ -x $OPREFIX/bin/staticgpggrid ] || \
ln $OPREFIX/bin/staticgpggrid $OPREFIX/bin/ || exit 9
fi
exit 0

View File

@ -0,0 +1,6 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
exec python3.sh /usr/local/lib/helper-scripts/tor_bootstrap_check.py "$@"

View File

@ -0,0 +1,75 @@
#/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
. /usr/local/src/usr_local_src.bash || exit 1
SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
HTTP_DIR=$PREFIX/net/Http
DIR=tox_profile
MOD=$DIR
GIT_HUB=git.plastiras.org
GIT_USER=emdee
GIT_DIR=$DIR
# tox_profile
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
msys_are_we_connected || exit 0
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
git clone "https://$GIT_HUB/$GIT_USER/$GIT_DIR" ) ||\
exit 2
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
git config user emdee && \
git config email emdee@ )
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3
fi
python$PYVER.sh -c 'import namedlist' || \
pip$PYVER.sh install namedlist
cd $DIR || exit 4
[ -f __init__.py ] || touch __init__.py
# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
exit 0
elif [ $1 = 'check' ] ; then # 1*
# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
:
elif [ "$1" = 'lint' ] ; then # 2*
[ -n "$PYVER" ] || return 20
pylint -E --recursive y || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/$DIR || exit 32
$PYTHON_EXE_MSYS tox_savefile_test.bash \
>> $WD/$DIR/test.log 2>&1 || \
{ ERROR "$MOD code $?" ; cat $WD/$DIR/test.log ; exit 35 ; }
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
fi

View File

@ -10,9 +10,19 @@
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/locaal/etc/testforge/testforge.bash
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
TOXCORE_LOG_DIR=$PREFIX/var/log
[ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR
. /usr/local/src/usr_local_src.bash
TOHOST=files.pythonhosted.org
# mirrors.dotsrc.org
. /usr/local/bin/proxy_export.bash
PL=/usr/local/bin/proxy_ping_lib.bash
. $PL
PL=
MYID=`id -u`
[ $MYID -eq 0 ] || WARN $prog should be run as root $MYID
@ -28,50 +38,96 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete
[ -d /usr/local/share/doc ] || mkdir -p /usr/local/share/doc
[ -d /var/local/share/doc/txt ] && [ ! -d /usr/local/share/doc/txt ] && \
mv /var/local/share/doc/txt /usr/local/share/doc/txt && \
ln -s /usr/local/share/doc/txt /var/local/share/doc/txt
find "$TOXCORE_LOG_DIR"/$ly/ -type f \
-name W${prog}*.log -o -name E${prog}\*.log -mtime +8 -delete >/dev/null
if virsh list | grep -q Whonix-Gateway ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
[ -z "$MODE" ] || MODE=`proxy_ping_mode`
if [ -d /etc/libvirt/qemu ] ; then
elt=qemu
DBUG elt=$elt
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null >/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | \
grep -v 'Failed to open SPICE sockets\|Spice: Connection reset by peer' | \
tee -a $WLOG
fi
# FixMe missing
[ -x $PREFIX/bin/toxcore_libvirt_test_xml.bash ] && \
$PREFIX/bin/toxcore_libvirt_test_xml.bash 2>&1 | \
grep WARN: |tee -a $WLOG
if which virt-host-validate 2>/dev/null ; then
[ -f $TOXCORE_LOG_DIR/daily/virt-host-validate.log ] || \
sudo virt-host-validate > $TOXCORE_LOG_DIR/daily/virt-host-validate.log 2>&1
b=`grep FAIL $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ]
b=`grep WARN $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ] && \
WARN $b WARN in $TOXCORE_LOG_DIR/$ly/virt-host-validate.log $warns | tee -a $WLOG
fi
if /etc/init.d/libvirtd status ; then
if [ "$MODE" = whonix ] ; then
elt=toxcore_libvirt_test_ga
DBUG $elt
if virsh net-list | grep -q External ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
fi
fi
virsh list | grep '^ [0-9]' | while read id elt rest ; do
[ $rest = running ] || continue
virsh dumpxml $elt | grep -q org.qemu.guest_agent.0.*connected || \
WARN org.qemu.guest_agent not connected for $elt |tee -a $WLOG
# <target type='virtio' name='com.redhat.spice.0' state='connected'/>
# <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
done
fi
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
export SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt"
export SSLTEST_TESTS="testssl nmap"
if route | grep -q def ; then
elt=testforge_ssl_test
DBUG $elt
$PREFIX/bin/testforge_ssl_test.bash -v 3 $TOHOST
retval=$?
if [ $retval -ne 0 ] ; then
ERROR retval=$retval testforge_ssl_test.bash -v 3 $TOHOST|tee -a $ELOG
else
INFO testforge_ssl_test.bash -v 3 $TOHOST
fi
fi
# FixMe missing
[ -x $PREFIX/bin/toxcore_libvirt_test_xml.bash ] && \
$PREFIX/bin/toxcore_libvirt_test_xml.bash 2>&1 | grep WARN: >> $WLOG
if which virt-host-validate 2>/dev/null ; then
[ -f $TOXCORE_LOG_DIR/daily/virt-host-validate.log ] || \
sudo virt-host-validate > $TOXCORE_LOG_DIR/daily/virt-host-validate.log 2>&1
b=`grep FAIL $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ]
b=`grep WARN $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ] && \
WARN $b WARN in $TOXCORE_LOG_DIR/$ly/virt-host-validate.log $warns | tee -a $WLOG
elt=testforge_dirmngr_test
if route | grep -q default ; then
DBUG $elt
$PREFIX/bin/testforge_dirmngr_test.bash
retval=$?
if [ $retval -ne 0 ] ; then
ERROR retval=$retval testforge_dirmngr_test.bash | tee -a $ELOG
else
INFO testforge_dirmngr_test.bash
fi
fi
if /etc/init.d/libvirtd status ; then
virsh list | grep '^ [0-9]' | while read id elt rest ; do
[ $rest = running ] || continue
virsh dumpxml $elt | grep org.qemu.guest_agent.0.*connected || \
WARN org.qemu.guest_agent not connected for $elt |tee -a $WLOG
# <target type='virtio' name='com.redhat.spice.0' state='connected'/>
# <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
done
fi
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
if [ -s $ELOG ] ; then
errs=`grep -c ERROR: "$ELOG"`
[ $errs -ne 0 ] && \
ERROR "$prog $ly $errs errors in $ELOG" && \
exit -$errs
fi
if [ -s $WLOG ] ; then
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
fi
[ $warns -eq 0 -a $errs -eq 0 ] && \
ols_clean_testforge_logs $TOXCORE_LOG_DIR && \

View File

@ -10,7 +10,8 @@
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/locaal/etc/testforge/testforge.bash
[ -f /usr/local/etc/testforge/testforge.bash ] || \
. /usr/local/etc/testforge/testforge.bash
TOXCORE_LOG_DIR=$PREFIX/var/log
[ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR
@ -28,31 +29,39 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete
[ -d /var/lib/libvirt/dnsmasq/ ] && \
sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log \
-o -name E${prog}*.log -mtime +1 -delete
if [ -d /etc/libvirt/qemu ] ; then
elt=qemu
DBUG elt=$elt
[ -d /var/lib/libvirt/dnsmasq/ ] && \
sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete
if virsh net-list | grep -q External ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
fi
if virsh list | grep -q Whonix-Gateway ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
if [ -s $ELOG ] ; then
errs=`grep -c ERROR: "$ELOG"`
[ $errs -ne 0 ] && \
ERROR "$prog $ly $errs errors in $ELOG" && \
exit -$errs
fi
if [ -s $WLOG ] ; then
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
fi
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
errs=`grep -c ERROR: "$ELOG"`
[ $errs -ne 0 ] && \
ERROR "$prog $ly $errs errors in $ELOG" && \
exit -$errs
[ $warns -eq 0 -a $errs -eq 0 ] && \
ols_clean_testforge_logs $TOXCORE_LOG_DIR && \
INFO "No $ly errors in $TOXCORE_LOG_DIR"
exit 0

View File

@ -0,0 +1,33 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=3
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
[ -f . /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -z "$PYVER" ] && PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
[ -z "$PYTHON_MINOR" -a PYVER = 2 ] && BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$PYTHON_MINOR" -a PYVER = 3 ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
declare -a LARGS
LARGS=( --recursive y --verbose --py-version "$PYTHON_MINOR" --output-format colorized )
[ -f $RCFILE ] || exit 2
LARGS+=( --rcfile $RCFILE )
export PYTHONPATH=$PWD
#INFO python3.bash `which pylint` "${LARGS[@]}" "$@"
#/usr/local/bin/python3.sh `which pylint` "${LARGS[@]}" "$@"
exec $PYTHON_EXE_MSYS `which pylint` "${LARGS[@]}" "$@"

View File

@ -0,0 +1,16 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=2
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
export PYVER
export PREFIX
export PYTHON_EXE_MSYS
exec toxcore_pylint.bash "$@"

View File

@ -0,0 +1,16 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=2
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
export PYVER
export PREFIX
export PYTHON_EXE_MSYS
exec toxcore_pylint.bash "$@"

View File

@ -2,14 +2,19 @@
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/var/local
. /usr/local/etc/testforge/testforge.bash
ROLE=testforge
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
@ -18,5 +23,6 @@ PYTHON_EXE=$PYTHON_EXE_MSYS
LOPTS="-o ELLIPSIS --fail-fast"
for file in "$@" ; do
/var/local/bin/python$PYVER.bash -m doctest $LOPTS "$file"
[ -f "$file" ] || continue
$PREFIX/bin/python$PYVER.sh -m doctest $LOPTS "$file"
done

View File

@ -0,0 +1,56 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
ROLE=toxcore
PREFIX=/usr/local
. /usr/local/bin/usr_local_tput.bash
# we install into /usr/local/bin and it takes precedence
# export PATH=$PREFIX/bin:$PATH
. $PREFIX/src/usr_local_src.bash || exit 2
[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3
if [ "$#" -eq 0 ] ; then
cd $PREFIX/src || exit 2
WD=$PWD
bash c-toxcore.bash # || exit 3$?
bash tox_profile.bash # || 4$?
# sh mitogen.bash
# sh toxcore_docker.bash || exit 4$?
# which sdwdate >/dev/null 2>/dev/null || \
# [ -f $PREFIX/bin/sdwdate.bash ] || \
# sh sdwdate.bash
sh gridfire.bash # || exit 6$?
sh pyassuan.bash #|| exit 7$?
sh tinfoilhat.shmoo.com.bash
# sh negotiator.bash
[ -d testssl.sh ] || \
sh testssl.bash || exit 9$?
exit 0
elif [ "$1" = 'check' ] ; then
exit 0
msys_run_checks_pip3
msys_var_local_src_prog_key check || exit 10$?
exit $?
elif [ "$1" = 'lint' ] ; then
# ols_run_tests_shellcheck $ROLE || exit 2$?
msys_var_local_src_prog_key $1 || exit 21$?
# ols_run_tests_pylint || exit 22$?
exit 0
elif [ "$1" = 'test' ] ; then
exit 0
msys_var_local_src_prog_key $1 || exit 30$?
msys_check_pips_inst
msys_gentoo_test_imports || exit 32$?
#hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$?
fi

View File

@ -0,0 +1,375 @@
# is file was generated by edx-lint: https://github.com/edx/edx-lint
#
# If you want to change this file, you have two choices, depending on whether
# you want to make a local change that applies only to this repo, or whether
# you want to make a central change that applies to all repos using edx-lint.
#
# Note: If your pylintrc file is simply out-of-date relative to the latest
# pylintrc in edx-lint, ensure you have the latest edx-lint installed
# and then follow the steps for a "LOCAL CHANGE".
#
# LOCAL CHANGE:
#
# 1. Edit the local pylintrc_tweaks file to add changes just to this
# repo's file.
#
# 2. Run:
#
# $ edx_lint write pylintrc
#
# 3. This will modify the local file. Submit a pull request to get it
# checked in so that others will benefit.
#
#
# CENTRAL CHANGE:
#
# 1. Edit the pylintrc file in the edx-lint repo at
# https://github.com/edx/edx-lint/blob/master/edx_lint/files/pylintrc
#
# 2. install the updated version of edx-lint (in edx-lint):
#
# $ pip install .
#
# 3. Run (in edx-lint):
#
# $ edx_lint write pylintrc
#
# 4. Make a new version of edx_lint, submit and review a pull request with the
# pylintrc update, and after merging, update the edx-lint version and
# publish the new version.
#
# 5. In your local repo, install the newer version of edx-lint.
#
# 6. Run:
#
# $ edx_lint write pylintrc
#
# 7. This will modify the local file. Submit a pull request to get it
# checked in so that others will benefit.
#
#
#
#
#
# STAY AWAY FROM THIS FILE!
#
#
#
#
#
# SERIOUSLY.
#
# ------------------------------
# Generated by edx-lint version: 5.2.3
# ------------------------------
[MASTER]
ignore = ,input
persistent = yes
[MESSAGES CONTROL]
enable =
blacklisted-name,
# line-too-long,
abstract-class-instantiated,
abstract-method,
access-member-before-definition,
anomalous-backslash-in-string,
anomalous-unicode-escape-in-string,
arguments-differ,
assert-on-tuple,
assigning-non-slot,
assignment-from-no-return,
assignment-from-none,
attribute-defined-outside-init,
bad-except-order,
bad-format-character,
bad-format-string-key,
bad-format-string,
bad-open-mode,
bad-reversed-sequence,
bad-staticmethod-argument,
bad-str-strip-call,
bad-super-call,
binary-op-exception,
boolean-datetime,
catching-non-exception,
cell-var-from-loop,
confusing-with-statement,
continue-in-finally,
dangerous-default-value,
duplicate-argument-name,
duplicate-bases,
duplicate-except,
duplicate-key,
expression-not-assigned,
format-combined-specification,
format-needs-mapping,
function-redefined,
global-variable-undefined,
import-error,
import-self,
inconsistent-mro,
inherit-non-class,
init-is-generator,
invalid-all-object,
invalid-format-index,
invalid-length-returned,
invalid-sequence-index,
invalid-slice-index,
invalid-slots-object,
invalid-slots,
invalid-unary-operand-type,
logging-too-few-args,
logging-too-many-args,
logging-unsupported-format,
lost-exception,
method-hidden,
misplaced-bare-raise,
misplaced-future,
missing-format-argument-key,
missing-format-attribute,
missing-format-string-key,
no-member,
no-method-argument,
no-name-in-module,
no-self-argument,
no-value-for-parameter,
non-iterator-returned,
nonexistent-operator,
not-a-mapping,
not-an-iterable,
not-callable,
not-context-manager,
not-in-loop,
pointless-statement,
pointless-string-statement,
raising-bad-type,
raising-non-exception,
redefined-builtin,
redefined-outer-name,
redundant-keyword-arg,
repeated-keyword,
return-arg-in-generator,
return-in-init,
return-outside-function,
signature-differs,
super-init-not-called,
syntax-error,
too-few-format-args,
too-many-format-args,
too-many-function-args,
truncated-format-string,
undefined-all-variable,
undefined-loop-variable,
undefined-variable,
unexpected-keyword-arg,
unexpected-special-method-signature,
unpacking-non-sequence,
unreachable,
unsubscriptable-object,
unsupported-binary-operation,
unsupported-membership-test,
unused-format-string-argument,
unused-format-string-key,
used-before-assignment,
using-constant-test,
yield-outside-function,
astroid-error,
fatal,
method-check-failed,
parse-error,
raw-checker-failed,
empty-docstring,
invalid-characters-in-docstring,
# missing-docstring,
# wrong-spelling-in-comment,
# wrong-spelling-in-docstring,
unused-argument,
unused-import,
unused-variable,
eval-used,
exec-used,
bad-classmethod-argument,
bad-mcs-classmethod-argument,
bad-mcs-method-argument,
bare-except,
broad-except,
consider-iterating-dictionary,
consider-using-enumerate,
global-at-module-level,
global-variable-not-assigned,
logging-format-interpolation,
# logging-not-lazy,
multiple-imports,
multiple-statements,
no-classmethod-decorator,
no-staticmethod-decorator,
protected-access,
redundant-unittest-assert,
reimported,
simplifiable-if-statement,
singleton-comparison,
superfluous-parens,
unidiomatic-typecheck,
unnecessary-lambda,
unnecessary-pass,
unnecessary-semicolon,
unneeded-not,
useless-else-on-loop,
deprecated-method,
deprecated-module,
too-many-boolean-expressions,
too-many-nested-blocks,
too-many-statements,
# wildcard-import,
# wrong-import-order,
# wrong-import-position,
missing-final-newline,
mixed-line-endings,
trailing-newlines,
# trailing-whitespace,
unexpected-line-ending-format,
bad-inline-option,
bad-option-value,
deprecated-pragma,
unrecognized-inline-option,
useless-suppression,
disable =
bad-indentation,
consider-using-f-string,
duplicate-code,
file-ignored,
fixme,
global-statement,
invalid-name,
locally-disabled,
no-else-return,
## no-self-use,
suppressed-message,
too-few-public-methods,
too-many-ancestors,
too-many-arguments,
too-many-branches,
too-many-instance-attributes,
too-many-lines,
too-many-locals,
too-many-public-methods,
too-many-return-statements,
ungrouped-imports,
unspecified-encoding,
unused-wildcard-import,
use-maxsplit-arg,
logging-fstring-interpolation,
# new
missing-module-docstring,
missing-class-docstring,
[REPORTS]
output-format = text
##files-output = no
reports = no
score = no
[BASIC]
##bad-functions = map,filter,apply,input
module-rgx = (([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
const-rgx = (([A-Z_][A-Z0-9_]*)|(__.*__)|log|urlpatterns)$
class-rgx = [A-Z_][a-zA-Z0-9]+$
function-rgx = ([a-z_][a-z0-9_]{2,40}|test_[a-z0-9_]+)$
method-rgx = ([a-z_][a-z0-9_]{2,40}|setUp|set[Uu]pClass|tearDown|tear[Dd]ownClass|assert[A-Z]\w*|maxDiff|test_[a-z0-9_]+)$
attr-rgx = [a-z_][a-z0-9_]{2,30}$
argument-rgx = [a-z_][a-z0-9_]{2,30}$
variable-rgx = [a-z_][a-z0-9_]{2,30}$
class-attribute-rgx = ([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
inlinevar-rgx = [A-Za-z_][A-Za-z0-9_]*$
good-names = f,i,j,k,db,ex,Run,_,__
bad-names = foo,bar,baz,toto,tutu,tata
no-docstring-rgx = __.*__$|test_.+|setUp$|setUpClass$|tearDown$|tearDownClass$|Meta$
docstring-min-length = 5
[FORMAT]
max-line-length = 120
ignore-long-lines = ^\s*(# )?((<?https?://\S+>?)|(\.\. \w+: .*))$
single-line-if-stmt = no
##no-space-check = trailing-comma,dict-separator
max-module-lines = 1000
indent-string = ' '
[MISCELLANEOUS]
notes = FIXME,XXX,TODO
[SIMILARITIES]
min-similarity-lines = 4
ignore-comments = yes
ignore-docstrings = yes
ignore-imports = no
[TYPECHECK]
ignore-mixin-members = yes
ignored-classes = SQLObject
unsafe-load-any-extension = yes
generated-members =
REQUEST,
acl_users,
aq_parent,
objects,
DoesNotExist,
can_read,
can_write,
get_url,
size,
content,
status_code,
create,
build,
fields,
tag,
org,
course,
category,
name,
revision,
_meta,
[VARIABLES]
init-import = no
dummy-variables-rgx = _|dummy|unused|.*_unused
additional-builtins =
[CLASSES]
defining-attr-methods = __init__,__new__,setUp
valid-classmethod-first-arg = cls
valid-metaclass-classmethod-first-arg = mcs
[DESIGN]
max-args = 5
ignored-argument-names = _.*
max-locals = 15
max-returns = 6
max-branches = 12
max-statements = 50
max-parents = 7
max-attributes = 7
min-public-methods = 2
max-public-methods = 20
[IMPORTS]
deprecated-modules = regsub,TERMIOS,Bastion,rexec
import-graph =
ext-import-graph =
int-import-graph =
[EXCEPTIONS]
overgeneral-exceptions = BaseException

View File

@ -0,0 +1,50 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PKG=analyze-ssl.pl
GIT_HUB=github.com
GIT_USER=noxxi
GIT_DIR=p5-ssl-tools
URL=raw.githubusercontent.com//master/$PKG.sh
URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG
. $PREFIX/src/var_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -f $PKG ] ; then
[ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB
if [ -e $PREFIX/net/Http/$URL ] ; then
ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; }
wget -xc -P $PREFIX/net/Http https://$URL
fi
fi
[ -f $PKG ] || cp -p $PREFIX/net/Http/$URL .
if [ ! -e $PREFIX/bin/$PKG.bash ] ; then
cat > $PREFIX/bin/$PKG.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=text
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
cd $PREFIX/src/ || exit 1
exec perl $PKG "\$@"
EOF
chmod 755 $PREFIX/bin/$PKG.bash
fi
exit 0
elif [ "$1" = 'test' ] ; then # 3*
$PREFIX/bin/$PKG.bash --help || exit 30
fi

View File

@ -0,0 +1,28 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL
TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible
. /var/local/src/var_local_src.bash || exit 2
PKG=ansible-keepass
GIT_HUB=github.com
GIT_USER=Nekmo
GIT_DIR=ansible-keepass
[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \
mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars
[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \
wget $BASE_WGET_ARGS \
-O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \
https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \
exit 0

View File

@ -10,8 +10,9 @@ ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.bash
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
MOD="pyassuan"
DIR="${MOD}"
@ -27,30 +28,29 @@ WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB"
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
exit 2
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cd "$DIR" || exit 4
cd "$DIR" || exit 4
if [ "$#" -eq 0 ] ; then
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
#? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; }
# ols_install_python_scripts $BINS
# msys_python_bins $BINS
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
@ -58,7 +58,7 @@ if [ "$#" -eq 0 ] ; then
elif [ $1 = 'check' ] ; then # 1*
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20
# ols_test_bins
# ols_test_bins
exit $?
elif [ "$1" = 'test' ] ; then # 3*

View File

@ -0,0 +1,222 @@
#!/usr/bin/env python
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
"""
Runs doctests locallly
doctest files are in the tests/ directory.
Note that when writing new test files, it will be convenient to use the command-line flags to avoid time-consuming reprovisioning or to target particular boxes or tests.
"""
from __future__ import print_function
from sys import stderr
import argparse
import doctest
import glob
import re
import subprocess
import sys
import os
OPTIONS = doctest.ELLIPSIS | doctest.NORMALIZE_WHITESPACE
# Convenience items for testing.
# We'll pass these as globals to the doctests.
if os.path.exists('/dev/null'):
DEV_NULL = open('/dev/null', 'w')
EXE='vagrant'
else:
DEV_NULL = open('NUL:', 'w')
EXE='sh /i/bin/vagrant.msys'
# find all our available boxes
#with open('Vagrantfile', 'r') as f:
# avail_boxes = re.findall(r'^\s+config.vm.define "(.+?)"', f.read(), re.MULTILINE)
# unused because it could be a Ruby variable
parser = argparse.ArgumentParser(description='Run playbook tests.')
parser.add_argument(
'-f', '--force',
action='store_true',
help="Force tests to proceed if box already exists. Do not destroy box at end of tests."
)
parser.add_argument(
'-n', '--no-provision',
action='store_true',
help="Skip provisioning."
)
parser.add_argument(
'-F', '--fail-fast',
action='store_true',
help="REPORT_ONLY_FIRST_FAILURE."
)
parser.add_argument(
'-o', '--options',
help=""
)
parser.add_argument(
'--haltonfail',
action='store_true',
help="Stop multibox tests after a fail; leave box running."
)
parser.add_argument(
'--file',
help="Specify a single doctest file (default tests/*.txt).",
)
parser.add_argument(
'--box',
help="Specify a particular target box",
action="append",
)
args = parser.parse_args()
if args.box:
lBoxes = args.box
else:
# find all our available running boxes
# sed -e 's/ .*//'
try:
s = os.system("vagrant global-status 2>&1| grep running | cut -f 1 -d ' ' ")
except StandardError as e:
print("ERROR: Unable to find any running boxes. Rerun with the --box argument.", file=sys.stderr)
raise
assert s, "ERROR: Unable to find a running box. Rerun with the --box argument."
lBoxes = s.split(' ')
# mplatform = None
# def get_mplatform():
# global mplatform
# # Linux-4.14.80-gentoo-x86_64-Intel-R-_Pentium-R-_CPU_N3700_@_1.60GHz-with-gentoo-2.2.1
# if mplatform is None:
# mplatform = subprocess.check_output(
# """vagrant ssh %s -c 'python -mplatform'""" % box,
# shell=True,
# stderr=DEV_NULL
# )
# return mplatform
print (repr(args))
def ssh_run(cmd):
"""
Run a command line in a vagrant box via vagrant ssh.
Return the output.
"""
return subprocess.check_output(
"""%s ssh %s -c '%s'""" % (EXE, box, cmd),
shell=True,
stderr=DEV_NULL
).replace('^@', '')
def run(cmd):
"""
Run a command in the host.
Stop the tests with a useful message if it fails.
"""
if sys.platform.startswith('win'):
p = subprocess.Popen(
cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
else:
p = subprocess.Popen(
cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True
)
stdout, stderr = p.communicate()
if p.returncode != 0:
print(stdout, file=sys.stderr)
# Stop the doctest
raise KeyboardInterrupt(stderr)
return stdout
def cut(y, column_nums, sort=False):
"""
returns a list of lines reduced to the chosen column_nums
"""
assert y and len(y) > 0, "Empty string passed to cut"
#
if hasattr(y,'encode'):
s = y.encode('utf-8')
else:
s = y
lines = s.splitlines()
line_lists = [l.split() for l in lines if l]
rez = ["\t".join([col[col_num]
for col_num in column_nums if col_num < len(col)])
for col in line_lists]
if sort:
return sorted(rez)
else:
return rez
def joined_cut(s, column_nums, sort=False):
return "\n".join(cut(s, column_nums, sort))
for box in lBoxes:
globs = {
'ssh_run': ssh_run,
'run': run,
'cut': cut,
'joined_cut': joined_cut,
'skip_provisioning': args.no_provision,
'no_provisioning': args.no_provision,
'forcing': args.force,
'box': box,
}
if args.fail_fast:
OPTIONS = doctest.REPORT_ONLY_FIRST_FAILURE | OPTIONS
if box and not args.force:
output = subprocess.check_output("%s status %s" % (EXE, box,), shell=True)
if re.search(r"%s\s+not created" % box, output) is None:
print( "Vagrant box already exists. Destroy it or use '-f' to skip this test.", file=sys.stderr)
print ("Use '-f' in combination with '-n' to skip provisioning.", file=sys.stderr)
exit(1)
if args.file is None:
files = glob.glob('tests/*.txt')
else:
files = [args.file]
for fn in files:
print ( "%s / %s" % (box, fn) , file=sys.stderr)
print( '*' * 50 )
print (box)
print( '*' * 50 )
print (fn)
print( '*' * 50 )
try:
failure_count, test_count = doctest.testfile(fn,
module_relative=False,
optionflags=OPTIONS,
globs=globs)
except Exception as e:
sys.stderr.write('\n'.join(sys.path) +'\n')
raise
if args.haltonfail and failure_count > 0:
print ("Test failures occurred. Stopping tests and leaving vagrant box %s running." % box , file=sys.stderr)
exit(1)
# Clean up our vagrant box.
if box and not args.force:
print ( "Destroying %s" % box , file=sys.stderr)
run("%s destroy %s -f" % (EXE, box,))
elif box:
print ( "Vagrant box %s left running." % box, file=sys.stderr)

View File

@ -0,0 +1,22 @@
DBUG pip.sh --disable-pip-version-check --timeout=30 --cache-dir /usr/local/net/
Cache/Pip --cert /usr/local/etc/ssl/cacert-testforge.pem install --only-binary :
none: --prefix=/usr/local --progress-bar=off namedlist
Collecting namedlist
WARNING: Certificate did not match expected hostname: files.pythonhosted.org.
Certificate: {'subject': ((('commonName', 'default.ssl.fastly.net'),), (('organiza
tionName', 'Fastly, Inc.'),), (('localityName', 'San Francisco'),), (('stateOrPr
ovinceName', 'California'),), (('countryName', 'US'),)), 'issuer': ((('countryNa
me', 'BE'),), (('organizationName', 'GlobalSign nv-sa'),), (('commonName', 'Glob
alSign RSA OV SSL CA 2018'),)), 'version': 3, 'serialNumber': '1FE7655920B1BB8AB
A126434', 'notBefore': 'Aug 28 16:54:01 2023 GMT', 'notAfter': 'Sep 28 16:41:01
2024 GMT', 'subjectAltName': (('DNS', 'default.ssl.fastly.net'), ('DNS', '*.host
s.fastly.net'), ('DNS', '*.fastly.com')), 'OCSP': ('http://ocsp.globalsign.com/g
srsaovsslca2018',), 'caIssuers': ('http://secure.globalsign.com/cacert/gsrsaovss
lca2018.crt',), 'crlDistributionPoints': ('http://crl.globalsign.com/gsrsaovsslc
a2018.crl',)}
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None))
after connection broken by
'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'default.ssl.fastly.net', '*.hosts.fastly.net', '*.fastly.com'\"))': /packages/5a/fe/2bc087aed738aa3ace8fa1e50e4619eaf33b833e5d060fe214a7ed63c1f6/namedlist-1.8-py2.py3-none-any.whl\

View File

@ -0,0 +1,68 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher
# https://code.google.com/p/chromium/issues/detail?id=58831
DIR=testssl.sh
GITHUB_USER=drwetter
GITHUB_DIR=$DIR
. $PREFIX/src/var_local_src.bash
BINS=testssl
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
[ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR
for elt in $BINS ; do
file=$PREFIX/bin/$elt.bash
if [ ! -f $file ] ; then
cat > $file << EOF
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
cd $PREFIX/src/$DIR
exec bash testssl.sh "\$@"
EOF
chmod +x $PREFIX/bin/testssl.bash
fi
done
exit 0
elif [ $1 = 'check' ] ; then # 1*
ols_test_bins && exit 0 || exit 1$?
elif [ $1 = 'lint' ] ; then # 2*
/var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
for bin in $BINS ; do
$PREFIX/bin/$bin.bash --help >/dev/null || exit 3$?
done
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
#error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream
#error: 1970 bytes of body are still expected
#fetch-pack: unexpected disconnect while reading sideband packet
#fatal: early EOF
#fatal: fetch-pack: invalid index-pack output
fi
# wget -P https://testssl.sh/testssl.sh
exit 0

View File

@ -12,7 +12,7 @@ P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
. /var/local/src/var_local_src.bash || exit 1
. /usr/local/src/usr_local_src.bash || exit 1
SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
HTTP_DIR=$PREFIX/net/Http
@ -30,7 +30,7 @@ if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
ols_are_we_connected || exit 0
msys_are_we_connected || exit 0
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
@ -44,8 +44,8 @@ if [ "$#" -eq 0 ] ; then
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3
fi
python$PYVER.bash -c 'import namedlist' || \
pip$PYVER.bash install namedlist
python$PYVER.sh -c 'import namedlist' || \
pip$PYVER.sh install namedlist
cd $DIR || exit 4
[ -f __init__.py ] || touch __init__.py

View File

@ -6,9 +6,10 @@ ROLE=toxcore
PREFIX=/usr/local
. /usr/local/bin/usr_local_tput.bash
# we install into /var/local/bin and it takes precedence
# we install into /usr/local/bin and it takes precedence
# export PATH=$PREFIX/bin:$PATH
#. /var/local/src/var_local_src.bash || exit 2
. $PREFIX/src/usr_local_src.bash || exit 2
[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3
if [ "$#" -eq 0 ] ; then
@ -27,6 +28,9 @@ if [ "$#" -eq 0 ] ; then
sh pyassuan.bash #|| exit 7$?
sh tinfoilhat.shmoo.com.bash
# sh negotiator.bash
[ -d testssl.sh ] || \
sh testssl.bash || exit 9$?
exit 0
@ -37,10 +41,10 @@ elif [ "$1" = 'check' ] ; then
exit $?
elif [ "$1" = 'lint' ] ; then
exit 0
ols_run_tests_shellcheck $ROLE || exit 2$?
# ols_run_tests_shellcheck $ROLE || exit 2$?
msys_var_local_src_prog_key $1 || exit 21$?
# ols_run_tests_pylint || exit 22$?
exit 0
elif [ "$1" = 'test' ] ; then
exit 0

View File

@ -167,21 +167,6 @@
# $1 %h $2 %p
#? exec connect -4 -S {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}} $(tor-resolve $1 {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}}) $2
# this should not run as root
# delegate_to: localhost? - no - per test
- name: "usr_local_toxcore.bash"
environment: "{{ shell_proxy_env }}"
shell: |
umask 0002
sudo -u "{{ BOX_USER_NAME }}" \
bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \
{{ 'check' if ansible_check_mode }}
exit 0
args:
chdir: "{{TOXCORE_USR_LOCAL}}/src"
ignore_errors: true
check_mode: false
- name: "include_tasks toxcore vms as root"
include_tasks:
file: "{{LOOP_ITEM}}.yml"
@ -272,6 +257,21 @@
- false
with_items: "{{ toxcore_services_stopped }}"
# this should not run as root
- name: "usr_local_toxcore.bash"
become_user: "{{ LOOP_USER_F[0] }}"
environment: "{{ shell_proxy_env }}"
shell: |
umask 0002
sudo -u "{{ BOX_USER_NAME }}" \
bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \
{{ 'check' if ansible_check_mode }}
exit 0
args:
chdir: "{{TOXCORE_USR_LOCAL}}/src"
ignore_errors: true
check_mode: false
- name: run ansible-gentoo_install
include_role:
name: ansible-gentoo_install

View File

@ -36,6 +36,7 @@ toxcore_pkgs_inst:
- gpg
- python3-yaml
- xmlstarlet
- dev-python/pylint
# - app-portage/gentoolkit
- sys-apps/gptfdisk
- app-admin/testdisk
@ -116,7 +117,7 @@ toxcore_pips2_inst: []
# AGI_bootstrap_pips3
toxcore_pips3_inst_guest:
- negotiator-guest
- negotiator_guest
toxcore_pips3_inst_host:
- pycrypto