diff --git a/etc/hosts.yml b/etc/hosts.yml new file mode 100644 index 0000000..16ee53e --- /dev/null +++ b/etc/hosts.yml @@ -0,0 +1,448 @@ +# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*- +# use double quotes exclusively around strings and +# use single quotes exclusively with lists - for bash post-processing + +all: + + children: + + vbox_winrm_group: + + hosts: + + y_UEFI_MediCat_VHD_DW: + # /var/lib/libvirt/qemu/channel/target/domain-37-y_UEFI_MediCat_VHD_D/org.qemu.guest_agent.0 + # doesnt work: ansible_connection: "libvirt_qemu" + + BOX_SERVICE_MGR: "win11" + BOX_HOST_NAME: "y_UEFI_MediCat_VHD_DW" + + UPD_WINRM_CRT_PASSWORD: "" + UPD_WINRM_CRT_NAME: "WINRM_WIN11VBOX cert for " + UPD_WINRM_FILE_BASE: "winrm-win11vbox" + UPD_WINRM_KEY_BITS: 4096 + + UPD_WINRM_HOST_NAME: "y_UEFI_MediCat_VHD_D" + UPD_WINRM_HOST_DEV: "vboxnet0" + UPD_WINRM_ADMIN_NAME: "administrator" + UPD_WINRM_ADMIN_PASS: "" + + # NOT remote_addr: + ansible_winrm_host: "192.168.56.1" + # remote_user + ansible_winrm_user: "administrator" + BOX_DEFAULT_OUTPUT_IF: fixme + + UPD_WINRM_WINRM_ADMIN_NAME: "winrmadmin" + UPD_WINRM_WINRM_ADMIN_PASS: "winrmadmin" + + # List of winrm transports to attempt to to use (ssl, plaintext, kerberos, etc) + # python2 -c 'import winrm;print winrm.FEATURE_SUPPORTED_AUTHTYPES' + # ['basic', 'certificate', 'ntlm', 'kerberos', 'plaintext', 'ssl', 'credssp'] + # FixMe: which one works? + UPD_WINRM_WINRM_TRANSPORT: "basic" + # Lati sda Disk identifier: 0A00A495-684B-425E-823F-60257EBD6D3B + + vars: + #maybe ansible_connection: "winrm" + BOX_ANSIBLE_CONNECTIONS: ["libvirt_qemu"] + ansible_winrm_port: 5985 + ansible_winrm_scheme: http + ansible_winrm_transport: ['basic', 'plaintext', 'certificate', 'ssl'] + # NOT remote_user + # ansible_user + ansible_winrm_user: "Administrator" + #? ansible_password: "" + ansible_winrm_server_cert_validation: ignore + validate_certs: false + # NO proxy from environment - or ensure no_proxy + no_proxy: "localhost,127.0.0.1,192.168.56.1" + + linux_unix_group: + + children: + + linux_local_group: + + hosts: + + pentoo: + ansible_remote_addr: "/mnt/linuxPen19" + BOX_HOST_NAME: "pentoo" + BOX_SERVICE_MGR: "openrc" + BOX_USER_NAME: "vagrant" + BOX_USER_GROUP: "users" + BOX_USER_HOME: "/home/vagrant" + BOX_OS_FAMILY: Gentoo + BOX_OS_NAME: gentoo + BOX_OS_FLAVOR: "Pentoo" + BOX_USR_LIB: lib + BOX_DEFAULT_OUTPUT_IF: wlan4 + BOX_PROXY_MODE: selektor + BOX_WHONIX_PROXY_HOST: "" + BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles" + BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties + # /usr/lib/jvm/openjdk-bin-*/conf/net.properties + BOX_ALSO_USERS: + - pentoo + BOX_PORTAGE_PYTHON_MINOR: "3.11" + BOX_PYTHON2_MINOR: "2.7" + BOX_PYTHON3_MINOR: "3.11" + BOX_GENTOO_FROM_MP: "/" + + devuan: + ansible_remote_addr: "/mnt/linuxDev4" #ignored for local + BOX_HOST_NAME: "devuan" + BOX_SERVICE_MGR: "sysvinit" + BOX_USER_NAME: "devuan" + BOX_USER_GROUP: "adm" + BOX_USER_HOME: "/home/devuan" + BOX_OS_FAMILY: Debian + BOX_OS_NAME: Devuan + BOX_OS_FLAVOR: "Devuan" + BOX_USR_LIB: lib + BOX_DEFAULT_OUTPUT_IF: wlan6 + BOX_DEVUAN5_VAR_APT_ARCHIVES: "/mnt/o/Cache/Devuan/5/var/cache/apt/archives" + BOX_ALSO_USERS: [] + BOX_PORTAGE_PYTHON_MINOR: "3.11" + BOX_PYTHON2_MINOR: "2.7" + BOX_PYTHON3_MINOR: "3.11" + + BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties + + BOX_WHONIX_PROXY_HOST: "" + BOX_PROXY_MODE: tor + BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" + + vars: + BOX_ANSIBLE_CONNECTIONS: ["local"] + BOX_REMOTE_MOUNTS: ['/mnt/h', '/mnt/j','/mnt/i', '/mnt/o', '/mnt/mnt/linuxPen19'] + BOX_BASE_FEATURES: ['insecure_sudo'] + BOX_PROXY_FEATURES: ['run_dnsmasq', 'run_privoxy'] + BOX_TOXCORE_FEATURES: [] + + # libvirt_group could also be ssh_group + linux_libvirt_group: + + hosts: + + gentoo1: + + ansible_remote_addr: "gentoo1" + ansible_host: "gentoo1" + ansible_ssh_user: "gentoo" + BOX_SERVICE_MGR: "openrc" + BOX_HOST_NAME: "gentoo1" + BOX_USER_NAME: "gentoo" + BOX_USER_GROUP: "adm" + BOX_ALSO_GROUP: "adm" + BOX_USER_HOME: "/home/gentoo" + BOX_OS_NAME: Gentoo + BOX_OS_FAMILY: Gentoo + BOX_OS_FLAVOR: "Gentoo" + BOX_USR_LIB: lib64 + BOX_DEFAULT_OUTPUT_IF: eth0 + BOX_PYTHON2_MINOR: "" + BOX_PYTHON3_MINOR: "3.11" + BASE_PORTAGE_PYTHON_MINOR: 3.11 + BOX_HOST_CONTAINER_MOUNTS: [] + BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" + BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties + BOX_ALSO_USERS: + - gentoo + BOX_BASE_FEATURES: [] + BOX_PROXY_FEATURES: [] + BOX_TOXCORE_FEATURES: ['libvirt', 'docker'] + BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" + + ubuntu18.04: + # /mnt + ansible_remote_addr: "ubuntu18.04" + # this is what the libvirt-qemu connector uses + ansible_host: "ubuntu18.04" + ansible_ssh_user: "vagrant" + BOX_SERVICE_MGR: systemd + BOX_HOST_NAME: "Ubuntu18.04" + BOX_USER_NAME: "vagrant" + BOX_USER_GROUP: "users" + BOX_USER_HOME: "/home/vagrant" + BOX_OS_FAMILY: Debian + BOX_OS_NAME: Ubuntu + BOX_OS_FLAVOR: "Ubuntu18" + BOX_USR_LIB: lib + BOX_UBUNTU16_VAR_APT_ARCHIVES: "/o/Cache/Apt/Ubuntu/18/var/cache/apt/archives" + ansible_python_interpreter: "/usr/bin/python3.6" + BOX_PYTHON2_MINOR: "" + BOX_PYTHON3_MINOR: "3.6" + BOX_REMOTE_MOUNTS: ['/mnt/o'] + # BOX_WHONIX_PROXY_HOST: "Whonix-Gateway" + # BOX_PROXY_MODE: ws + # FixMe + base_system_users: ['vagrant'] + BOX_TOXCORE_FEATURES: ['libvirt', 'docker'] + + vars: + BOX_ANSIBLE_CONNECTIONS: ["ssh", "libvirt_qemu"] + # proxy from environment + # ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" + # ansible_ssh_host: "127.0.0.1" + BOX_PROXY_FEATURES: [] + BOX_ROOT_GROUP: root + BOX_PROXY_MODE: nat + BOX_DEFAULT_OUTPUT_IF: eth0 + http_proxy: "http://127.0.0.1:3128" + https_proxy: "http://127.0.0.1:9128" + socks_proxy: "socks5://127.0.0.1:9050" + no_proxy: "localhost,127.0.0.1,127.0.0.1" + + linux_chroot_group : + + hosts: + + linuxGentoo: + + ansible_remote_addr: "/mnt/gentoo" + # required + ansible_host: "/mnt/gentoo" + BOX_SERVICE_MGR: "openrc" + BOX_HOST_NAME: "gentoo" + BOX_USER_NAME: "gentoo" + BOX_USER_GROUP: "adm" + BOX_USER_HOME: "/home/gentoo" + BOX_OS_FAMILY: Gentoo + BOX_OS_NAME: gentoo + BOX_OS_FLAVOR: "Gentoo" + BOX_USR_LIB: lib64 + BOX_DEFAULT_OUTPUT_IF: wlan6 + BASE_PORTAGE_PYTHON_MINOR: 3.11 + ansible_python_interpreter: "/usr/bin/python3.11" + BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" + BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties + BOX_ALSO_USERS: + - gentoo + BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}" + BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" + + linuxPen19: + + ansible_remote_addr: "/mnt/linuxPen19" + # required + ansible_host: "/mnt/linuxPen19" + BOX_SERVICE_MGR: "openrc" + BOX_HOST_NAME: "linuxPen19" + BOX_USER_NAME: "vagrant" + BOX_USER_GROUP: "adm" + BOX_USER_HOME: "/home/vagrant" + BOX_OS_FAMILY: Gentoo + BOX_OS_NAME: gentoo + BOX_OS_FLAVOR: "Pentoo" + BOX_USR_LIB: lib64 + BOX_DEFAULT_OUTPUT_IF: wlan6 + BASE_PORTAGE_PYTHON_MINOR: 3.11 + ansible_python_interpreter: "/usr/bin/python3.11" + BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/i/net/Http/distfiles.gentoo.org/distfiles" + BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties + BOX_ALSO_USERS: + - gentoo + BOX_BASE_FEATURES: [] + BOX_TOXCORE_FEATURES: ['nbd', 'libvirt', 'docker'] + BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}" + + # linux_chroot_group vars + vars: + BOX_ANSIBLE_CONNECTIONS: ["local", "chroot"] + # ignored? chroot_connection/exe in ansible.cfg? + ansible_chroot_exe: "/usr/local/sbin/base_chroot.bash" + + #? ansible_ssh_common_args: "/usr/bin/env -i CHROOT=1" + # -i "PATH" + # -i "http_proxy https_proxy socks_proxy no_proxy" + #? -l + # for a non-root login: ansible_ssh_extra_args: "--userspec=foo:adm" + vars: # linux_unix_group + # toxcore + BOX_NBD_DEV: nbd1 + BOX_NBD_MP: /mnt/gentoo + BOX_NBD_OVERLAY_NAME: "gentoo1" + BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr" + BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz" + BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz" + BOX_NBD_KERNEL_DIR: /usr/src/linux + BOX_NBD_BASE_PROFILE: openrc + BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr" + BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2" + BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2" + BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub" + + # libvirt overlay + BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm" + BOX_NBD_LOGLEVEL: 10 + BOX_NBD_OVERLAY_GB: "20" + BOX_NBD_OVERLAY_CPUS: 1 + BOX_NBD_OVERLAY_RAM: 2048 + BOX_NBD_OVERLAY_BR: virbr1 + # unused? + BOX_NBD_OVERLAY_NETWORK: default + # plaintext + BOX_NBD_OVERLAY_PASS: "gentoo" + BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json" + + + vars: + # These come from the inventory overridden for connection = local,chroot in base_proxy.yml + http_proxy: "" + https_proxy: "" + socks_proxy: "" + ftp_proxy: "" + no_proxy: "localhost,127.0.0.1" + SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem" + RSYNC_PROXY: "" + + BOX_OS_FAMILY: "" + BOX_OS_NAME: "" + BOX_OS_FLAVOR: "" + BOX_DEFAULT_OUTPUT_IF: "" + BOX_ALSO_GROUP: "adm" + + # only common to local and vagrant because /mnt/j is remote mounted - need a linux_group + BOX_ROOT_PIP_CACHE: "/mnt/o/Cache/Pip" + BOX_BOXUSER_PIP_CACHE: "/mnt/o/Cache/Pip" + + HOST_MOUNT_SYMLINKS: [] + HOST_MOUNT_SYMLINK_CONTENTS: {} + + LXD_TRUST_PASSWORD: sekret + + BOX_HOST_CONTAINER_MOUNTS: + - /mnt/l + - /mnt/e + - /mnt/h + - /mnt/i + - /mnt/j + - /mnt/q + - /mnt/w + - /mnt/o + + BOX_DOS_SCAN_DIRS: + - /mnt/h + - /mnt/i + - /mnt/j + - /mnt/e + - /mnt/q + - /mnt/w + - /mnt/c + + # These will fluctuate with what's been started - it's safe to open them all + # FixMe: should these go on no_proxy systematically + PRIV_TOR_LOCAL_NETS: + - "192.168.56.0/24" + + BOX_ALSO_USERS: [] + BOX_PYTHON2_MINOR: "" + BOX_PYTHON3_MINOR: "3.11" + BOX_BASH_SHELL: /bin/bash + BOX_IPV6_DISABLE: 1 + BOX_EMACS_VERSION: 27 + + BOX_ROOT_USER: root + BOX_ROOT_GROUP: root + + BOX_BYPASS_PROXY_GROUP: tor + BOX_FIREWALL_ALLOW_TRANS: false + BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties + + BOX_BASE_FEATURES: [] + BOX_LOGG_FEATURES: [] + BOX_KEYS_FEATURES: ['tpm2'] # truecrypt + BOX_HARDEN_FEATURES: ['bubblewrap', 'sysctl', 'jabber'] # 'clamscan', firejail + # libvirt means 'qemu' + BOX_HOSTVMS_FEATURES: [] + + BOX_MISP_FEATURES: [] # 'kitchen' + BOX_W3AF_FEATURES: [] # 'kitchen' + BOX_MISP_GPG_PASS: gpg_pass_to_change_fast + + BOX_timezone: UTC + BOX_hwclock_local: false + BOX_hwclock_systohc: true + BOX_hwclock_hctosys: false + + BOX_PROXY_MODE: "" + BOX_DNS_PROXY: dnsmasq + BOX_TIME_DAEMON: ntpd + BOX_NTP_GROUP: ntp + BOX_NET_MANAGER: "networkmanager" + BOX_HTTP_PROXY: privoxy + + # toxcore + BOX_NBD_DEV: "" + BOX_NBD_MP: "" + BOX_NBD_FILES: "" + BOX_NBD_LOGLEVEL: 20 + BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz" + BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz" + BOX_NBD_KERNEL_DIR: /usr/src/linux + BOX_NBD_BASE_PROFILE: openrc + BOX_NBD_BASE_DIR: "" + BOX_NBD_BASE_QCOW: "" + BOX_NBD_BASE_PUBKEY: "" + + # libvirt overlay + BOX_NBD_OVERLAY_QCOW: "" + BOX_NBD_OVERLAY_DIR: "" + BOX_NBD_OVERLAY_BR: "" + BOX_NBD_OVERLAY_GB: "20" + BOX_NBD_OVERLAY_NAME: "" + BOX_NBD_OVERLAY_CPUS: 1 + BOX_NBD_OVERLAY_RAM: 2048 + # plaintext + BOX_NBD_OVERLAY_PASS: "" + BOX_GENTOOIMGR_CONFIGFILE: "" + +# Controls what compression method is used for new-style ansible modules when +# they are sent to the remote system. The compression types depend on having +# support compiled into both the controller's python and the client's python. +# The names should match with the python Zipfile compression types: +# * ZIP_STORED (no compression. available everywhere) +# * ZIP_DEFLATED (uses zlib, the default) +# These values may be set per host via the ansible_module_compression inventory variable. +# + ansible_module_compression: "ZIP_STORED" + ansible_python_interpreter: "/usr/local/bin/python3.sh" + + BOX_ANSIBLE_VERSION: "2.9.22" + # Cannot communicate securely with peer: no common encryption algorithm(s). + # git.kernel.org/ sslversion = tlsv1.3 + BOX_TLS_VERSION: "1.3" + BOX_SSL_GIT_SSLVERSION: "1.3" + + # unused so far - needed by src/ansible_gentooimgr/gentooimgr/ + BOX_ARCHITECTURE: amd64 + BOX_SUBTYPE: -hardened + # https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened-openrc.txt + GENTOO_BASE_STAGE_OPENRC_TXT_URL: "https://distfiles.gentoo.org/releases/{{BOX_ARCHITECTURE}}/autobuilds/latest-stage3-{{BOX_ARCHITECTURE}}{{BOX_SUBTYPE}}-openrc.txt" + # plus .gpgsig and .md5sum + GENTOO_BASE_PORTAGE_URL: "https://distfiles.gentoo.org/snapshots/portage-latest.tar.xz" + BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles" + #? Gentoo specific? + + # unused so far + # missing HOSTVMS_LXD_TRUST_PASSWORD base_passwords_database + # /mnt/o/data/TestForge/src/ansible/roles/hostvms/tasks/vms.yml + box_passwords_database: "{{ lookup('env', 'USER')}}/Passwords.kdbx" + + BOX_WHONIX_PROXY_HOST: "" + BOX_PROXY_FEATURES: [] + BOX_GPG_SERVER: "keys.gnupg.net" + BOX_USR_LIB: lib + # if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else '' + BOX_GENTOO_FROM_MP: '' + + # bc + MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}" + +# # These are inventory overridden for connection = chroot in base_proxy.yml +# http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}" +# https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}" +# socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}" +# no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}" diff --git a/hosts.yml b/hosts.yml index 577ae1e..eb6db12 100644 --- a/hosts.yml +++ b/hosts.yml @@ -220,12 +220,12 @@ all: # ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" # ansible_ssh_host: "127.0.0.1" BOX_NBD_OVERLAY_EXTERNAL: "0.0.0.0" - HTTP_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" - HTTPS_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128" - SOCKS_PROXY: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050" - FTP_PROXY: "" - RSYNC_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" - NO_PROXY: "localhost,127.0.0.1" + http_proxy: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" + https_proxy: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128" + socks_proxy: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050" + ftp_proxy: "" + RSYNC_PROXY : "{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" + no_proxy: "localhost,127.0.0.1" linux_chroot_group : @@ -319,12 +319,12 @@ all: vars: # These come from the inventory overridden for connection = local,chroot in base_proxy.yml - HTTP_PROXY: "" - HTTPS_PROXY: "" - SOCKS_PROXY: "" - FTP_PROXY: "" + http_proxy: "" + https_proxy: "" + socks_proxy: "" + ftp_proxy: "" RSYNC_PROXY: "" - NO_PROXY: "localhost,127.0.0.1" + no_proxy: "localhost,127.0.0.1" SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem" BOX_OS_FAMILY: "" @@ -462,6 +462,7 @@ all: BOX_WHONIX_PROXY_HOST: "" BOX_PROXY_FEATURES: [] + # get this from grep '^keyserver ' /root/.gnupg/dirmngr.conf instead BOX_GPG_SERVER: "keys.gnupg.net" BOX_USR_LIB: lib # if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else '' diff --git a/lib/plugins/libvirt_qemu.py b/lib/plugins/libvirt_qemu.py index 9512f97..621d97c 100644 --- a/lib/plugins/libvirt_qemu.py +++ b/lib/plugins/libvirt_qemu.py @@ -47,7 +47,6 @@ DOCUMENTATION = """ - name: ANSIBLE_LIBVIRT_TIMEOUT vars: - name: timeout - type: int default: 5 required: false """ diff --git a/roles/toxcore/README.md b/roles/toxcore/README.md new file mode 100644 index 0000000..c4153f7 --- /dev/null +++ b/roles/toxcore/README.md @@ -0,0 +1,25 @@ +This role builds on, and requires, ../proxy_role which +basics for cntlm and socks and http and https proxies. + +Look at the variables in defaults/main.yml to customize the role, and +double-check the settings in vars/*.yml. + +It is multi-target and should run on Gentoo2, Debian4, Devuan5, Ubuntu18 +athough only tested on Gentoo. To bring it up to date, just copy the +existing files in vars and maybe tasks to the new name and edit to suit, +but be advised that this code is systemd-challenged, like its author. + +This role assumes a proxy is working, and has tests to check SSL +security, and expects you want to require TLS1.3, as anything less +is broken. We are seeing wide-spread MITM ssl attacks on anything less. +There is support for testing SSL across proxies, including tor. + +It has basic testing scripts in place like pylint to test itself and +anything else. + +It then puts the software in place to use the Tox internet-messager, +including ctypes wrapping of the library into Python, and an +integration testsuite. + +It has 2 test scripts toxcore_daily.bash and toxcore_daily.bash than +run quick status checks and indepth testing respectively. diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/COPYING b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/COPYING new file mode 100644 index 0000000..94a9ed0 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/COPYING @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/README b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/README new file mode 100644 index 0000000..dbefa15 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/README @@ -0,0 +1,91 @@ +Python module and tools for communicating in the Assuan_ protocol. + +There are a number of GnuPG_ wrappers for python `out there`__, but +they mostly work via the ``gpg`` executable. This is an attempt to +cut to the chase and speak directly to ``gpgme-tool`` (source__) over +a well-defined socket protocol. + +__ wrappers_ +__ gpgme-tool_ + +Installation +============ + +Packages +-------- + +Gentoo +~~~~~~ + +I've packaged ``pyassuan`` for Gentoo_. You need layman_ and +my `wtk overlay`_. Install with:: + + # emerge -av app-portage/layman + # layman --add wtk + # emerge -av dev-python/pyassuan + +Dependencies +------------ + +``pyassuan`` is a simple package with no external dependencies outside +the Python 3.3+ standard library. + +Installing by hand +------------------ + +``pyassuan`` is available as a Git_ repository:: + + $ git clone git://tremily.us/pyassuan.git + +See the homepage_ for details. To install the checkout, run the +standard:: + + $ python setup.py install + +Usage +===== + +Checkout the docstrings and the examples in ``bin``. + +Testing +======= + +Run the internal unit tests with `Python 3.2+'s unittest discovery`__:: + + $ python -m unittest discover + +To test running servers by hand, you can use `gpg-connect-agent`_. +Despite the name, this program can connect to any Assuan server:: + + $ gpg-connect-agent --raw-socket name + +__ unittest-discovery_ + +Licence +======= + +This project is distributed under the `GNU General Public License +Version 3`_ or greater. + +Author +====== + +W. Trevor King +wking@tremily.us + + +.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/ +.. _GnuPG: http://www.gnupg.org/ +.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard +.. _gpgme-tool: + http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD +.. _Gentoo: http://www.gentoo.org/ +.. _layman: http://layman.sourceforge.net/ +.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/ +.. _Git: http://git-scm.com/ +.. _homepage: http://blog.tremily.us/posts/pyassuan/ +.. _gpg-connect-agent: + http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html +.. _unittest-discovery: + https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery +.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/bin/get-info.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/bin/get-info.py new file mode 100755 index 0000000..6b25578 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/bin/get-info.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Simple pinentry program for getting server info. +""" + +from pyassuan import __version__ +from pyassuan import client as _client +from pyassuan import common as _common +from pyassuan import error as _error + + +if __name__ == '__main__': + import argparse + import logging + + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument( + '-v', '--version', action='version', + version='%(prog)s {}'.format(__version__)) + parser.add_argument( + '-V', '--verbose', action='count', default=0, + help='increase verbosity') + parser.add_argument( + 'filename', + help="path to server's unix socket") + + args = parser.parse_args() + + client = _client.AssuanClient(name='get-info', close_on_disconnect=True) + + if args.verbose: + client.logger.setLevel(max( + logging.DEBUG, client.logger.level - 10*args.verbose)) + + client.connect(socket_path=args.filename) + try: + response = client.read_response() + assert response.type == 'OK', response + client.make_request(_common.Request('HELP')) + client.make_request(_common.Request('HELP GETINFO')) + for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']: + try: + client.make_request(_common.Request('GETINFO', attribute)) + except _error.AssuanError as e: + if e.message.startswith('No data'): + pass + else: + raise + finally: + client.make_request(_common.Request('BYE')) + client.disconnect() diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/bin/pinentry.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/bin/pinentry.py new file mode 100755 index 0000000..9a7380a --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/bin/pinentry.py @@ -0,0 +1,393 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2012-2017 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Simple pinentry program for getting pins from a terminal. +""" + +import copy as _copy +import os as _os +import os.path as _os_path +import pprint as _pprint +import re as _re +import signal as _signal +import sys as _sys +import termios as _termios + +from pyassuan import __version__ +from pyassuan import server as _server +from pyassuan import common as _common +from pyassuan import error as _error + + +class PinEntry (_server.AssuanServer): + """pinentry protocol server + + See ``pinentry-0.8.0/doc/pinentry.texi`` at:: + + ftp://ftp.gnupg.org/gcrypt/pinentry/ + http://www.gnupg.org/aegypten/ + + for details on the pinentry interface. + + Alternatively, you can just watch the logs and guess ;). Here's a + trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3):: + + S: OK Your orders please + C: OPTION grab + S: OK + C: OPTION ttyname=/dev/pts/6 + S: OK + C: OPTION ttytype=xterm + S: OK + C: OPTION lc-ctype=en_US.UTF-8 + S: OK + C: OPTION lc-messages=en_US.UTF-8 + S: OK + C: OPTION allow-external-password-cache + S: OK + C: OPTION default-ok=_OK + S: OK + C: OPTION default-cancel=_Cancel + S: OK + C: OPTION default-yes=_Yes + S: OK + C: OPTION default-no=_No + S: OK + C: OPTION default-prompt=PIN: + S: OK + C: OPTION default-pwmngr=_Save in password manager + S: OK + C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen? + S: OK + C: OPTION default-tt-visi=Make passphrase visible + S: OK + C: OPTION default-tt-hide=Hide passphrase + S: OK + C: GETINFO pid + S: D 14309 + S: OK + C: SETKEYINFO u/S9464F2C2825D2FE3 + S: OK + C: SETDESC Enter passphrase%0A + S: OK + C: SETPROMPT Passphrase + S: OK + C: GETPIN + S: D testing! + S: OK + C: BYE + S: OK closing connection + """ + _digit_regexp = _re.compile(r'\d+') + + # from proc(5): pid comm state ppid pgrp session tty_nr tpgid + _tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)') + + def __init__(self, name='pinentry', strict_options=False, + single_request=True, **kwargs): + self.strings = {} + self.connection = {} + super(PinEntry, self).__init__( + name=name, strict_options=strict_options, + single_request=single_request, **kwargs) + self.valid_options.append('ttyname') + + def reset(self): + super(PinEntry, self).reset() + self.strings.clear() + self.connection.clear() + + # user interface + + def _connect(self): + self.logger.info('connecting to user') + self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options))) + tty_name = self.options.get('ttyname', None) + if tty_name: + self.connection['tpgrp'] = self._get_pgrp(tty_name) + self.logger.info( + 'open to-user output stream for {}'.format(tty_name)) + self.connection['to_user'] = open(tty_name, 'w') + self.logger.info( + 'open from-user input stream for {}'.format(tty_name)) + self.connection['from_user'] = open(tty_name, 'r') + self.logger.info('get current termios line discipline') + self.connection['original termios'] = _termios.tcgetattr( + self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...] + new_termios = _copy.deepcopy(self.connection['original termios']) + # translate carriage return to newline on input + new_termios[0] |= _termios.ICRNL + # do not ignore carriage return on input + new_termios[0] &= ~_termios.IGNCR + # do not echo input characters + new_termios[3] &= ~_termios.ECHO + # echo input characters + #new_termios[3] |= _termios.ECHO + # echo the NL character even if ECHO is not set + new_termios[3] |= _termios.ECHONL + # enable canonical mode + new_termios[3] |= _termios.ICANON + self.logger.info('adjust termios line discipline') + _termios.tcsetattr( + self.connection['to_user'], _termios.TCSANOW, new_termios) + self.logger.info('send SIGSTOP to pgrp {}'.format( + self.connection['tpgrp'])) + #_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP) + _os.kill(-self.connection['tpgrp'], _signal.SIGSTOP) + self.connection['tpgrp stopped'] = True + else: + self.logger.info('no TTY name given; use stdin/stdout for I/O') + self.connection['to_user'] = _sys.stdout + self.connection['from_user'] = _sys.stdin + self.logger.info('connected to user') + self.connection['to_user'].write('\n') # give a clean line to work on + self.connection['active'] = True + + def _disconnect(self): + self.logger.info('disconnecting from user') + try: + if self.connection.get('original termios', None): + self.logger.info('restore original termios line discipline') + _termios.tcsetattr( + self.connection['to_user'], _termios.TCSANOW, + self.connection['original termios']) + if self.connection.get('tpgrp stopped', None) is True: + self.logger.info( + 'send SIGCONT to pgrp {}'.format(self.connection['tpgrp'])) + #_os.killpg(self.connection['tpgrp'], _signal.SIGCONT) + _os.kill(-self.connection['tpgrp'], _signal.SIGCONT) + if self.connection.get('to_user', None) not in [None, _sys.stdout]: + self.logger.info('close to-user output stream') + self.connection['to_user'].close() + if self.connection.get('from_user',None) not in [None,_sys.stdout]: + self.logger.info('close from-user input stream') + self.connection['from_user'].close() + finally: + self.connection = {'active': False} + self.logger.info('disconnected from user') + + def _get_pgrp(self, tty_name): + self.logger.info('find process group contolling {}'.format(tty_name)) + proc = '/proc' + for name in _os.listdir(proc): + path = _os_path.join(proc, name) + if not (self._digit_regexp.match(name) and _os_path.isdir(path)): + continue # not a process directory + self.logger.debug('checking process {}'.format(name)) + fd_path = _os_path.join(path, 'fd', '0') + try: + link = _os.readlink(fd_path) + except OSError as e: + self.logger.debug('not our process: {}'.format(e)) + continue # permission denied (not one of our processes) + if link != tty_name: + self.logger.debug('wrong tty: {}'.format(link)) + continue # not attached to our target tty + stat_path = _os_path.join(path, 'stat') + stat = open(stat_path, 'r').read() + self.logger.debug('check stat for pgrp: {}'.format(stat)) + match = self._tpgrp_regexp.match(stat) + assert match != None, stat + pgrp = int(match.group(1)) + self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name)) + return pgrp + raise ValueError(tty_name) + + def _write(self, string): + "Write text to the user's terminal." + self.connection['to_user'].write(string + '\n') + self.connection['to_user'].flush() + + def _read(self): + "Read and return a line from the user's terminal." + # drop trailing newline + return self.connection['from_user'].readline()[:-1] + + def _prompt(self, prompt='?', error=None, add_colon=True): + if add_colon: + prompt += ':' + if error: + self.connection['to_user'].write(error) + self.connection['to_user'].write('\n') + self.connection['to_user'].write(prompt) + self.connection['to_user'].write(' ') + self.connection['to_user'].flush() + return self._read() + + # assuan handlers + + def _handle_GETINFO(self, arg): + if arg == 'pid': + yield _common.Response('D', str(_os.getpid()).encode('ascii')) + elif arg == 'version': + yield _common.Response('D', __version__.encode('ascii')) + else: + raise _error.AssuanError(message='Invalid parameter') + yield _common.Response('OK') + + def _handle_SETKEYINFO(self, arg): + self.strings['key info'] = arg + yield _common.Response('OK') + + def _handle_CLEARPASSPHRASE(self, arg): + yield _common.Response('OK') + + def _handle_SETDESC(self, arg): + self.strings['description'] = arg + yield _common.Response('OK') + + def _handle_SETPROMPT(self, arg): + self.strings['prompt'] = arg + yield _common.Response('OK') + + def _handle_SETERROR(self, arg): + self.strings['error'] = arg + yield _common.Response('OK') + + def _handle_SETTITLE(self, arg): + self.strings['title'] = arg + yield _common.Response('OK') + + def _handle_SETOK(self, arg): + self.strings['ok'] = arg + yield _common.Response('OK') + + def _handle_SETCANCEL(self, arg): + self.strings['cancel'] = arg + yield _common.Response('OK') + + def _handle_SETNOTOK(self, arg): + self.strings['not ok'] = arg + yield _common.Response('OK') + + def _handle_SETQUALITYBAR(self, arg): + """Adds a quality indicator to the GETPIN window. + + This indicator is updated as the passphrase is typed. The + clients needs to implement an inquiry named "QUALITY" which + gets passed the current passphrase (percent-plus escaped) and + should send back a string with a single numerical vauelue + between -100 and 100. Negative values will be displayed in + red. + + If a custom label for the quality bar is required, just add + that label as an argument as percent escaped string. You will + need this feature to translate the label because pinentry has + no internal gettext except for stock strings from the toolkit + library. + + If you want to show a tooltip for the quality bar, you may use + + C: SETQUALITYBAR_TT string + S: OK + + With STRING being a percent escaped string shown as the tooltip. + + Here is a real world example of these commands in use: + + C: SETQUALITYBAR Quality%3a + S: OK + C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria. + S: OK + """ + self.strings['qualitybar'] = arg + yield _common.Response('OK') + + def _handle_SETQUALITYBAR_TT(self, arg): + self.strings['qualitybar_tooltip'] = arg + yield _common.Response('OK') + + def _handle_GETPIN(self, arg): + try: + self._connect() + self._write(self.strings['description']) + if 'key info' in self.strings: + self._write('key: {}'.format(self.strings['key info'])) + if 'qualitybar' in self.strings: + self._write(self.strings['qualitybar']) + pin = self._prompt( + prompt=self.strings['prompt'], + error=self.strings.get('error'), + add_colon=False) + finally: + self._disconnect() + yield _common.Response('D', pin.encode('ascii')) + yield _common.Response('OK') + + def _handle_CONFIRM(self, arg): + try: + self._connect() + self._write(self.strings['description']) + self._write('1) '+self.strings['ok']) + self._write('2) '+self.strings['not ok']) + value = self._prompt('?') + finally: + self._disconnect() + if value == '1': + yield _common.Response('OK') + else: + raise _error.AssuanError(message='Not confirmed') + + def _handle_MESSAGE(self, arg): + self._write(self.strings['description']) + yield _common.Response('OK') + + def _handle_CONFIRM(self, args): + assert args == '--one-button', args + try: + self._connect() + self._write(self.strings['description']) + self._write('1) '+self.strings['ok']) + value = self._prompt('?') + finally: + self._disconnect() + assert value == '1', value + yield _common.Response('OK') + + +if __name__ == '__main__': + import argparse + import logging + import traceback + + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument( + '-v', '--version', action='version', + version='%(prog)s {}'.format(__version__)) + parser.add_argument( + '-V', '--verbose', action='count', default=0, + help='increase verbosity') + parser.add_argument( + '--display', + help='set X display (ignored by this implementation)') + + args = parser.parse_args() + + p = PinEntry() + + if args.verbose: + p.logger.setLevel(max( + logging.DEBUG, p.logger.level - 10*args.verbose)) + + try: + p.run() + except: + p.logger.error( + 'exiting due to exception:\n{}'.format( + traceback.format_exc().rstrip())) + raise diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/__init__.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/__init__.py new file mode 100644 index 0000000..4c075c8 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/__init__.py @@ -0,0 +1,34 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""A Python implementation of the `Assuan protocol`_. + +.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/ +""" + +import logging as _logging +import logging.handlers as _logging_handlers + + +__version__ = '0.2' + +LOG = _logging.getLogger('pyassuan') +LOG.setLevel(_logging.ERROR) +LOG.addHandler(_logging.StreamHandler()) +#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log')) +#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log')) +LOG.handlers[0].setFormatter( + _logging.Formatter('%(name)s: %(levelname)s: %(message)s')) diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/client.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/client.py new file mode 100644 index 0000000..fc4bc5e --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/client.py @@ -0,0 +1,190 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import logging as _logging +import socket as _socket +import sys as _sys + +from . import LOG as _LOG +from . import common as _common +from . import error as _error + + +class AssuanClient (object): + """A single-threaded Assuan client based on the `development suggestions`_ + + .. _development suggestions: + http://www.gnupg.org/documentation/manuals/assuan/Client-code.html + """ + def __init__(self, name, logger=_LOG, use_sublogger=True, + close_on_disconnect=False): + self.name = name + if use_sublogger: + logger = _logging.getLogger('{}.{}'.format(logger.name, self.name)) + self.logger = logger + self.close_on_disconnect = close_on_disconnect + self.input = self.output = self.socket = None + + def connect(self, socket_path=None): + if socket_path: + self.logger.info( + 'connect to Unix socket at {}'.format(socket_path)) + self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM) + self.socket.connect(socket_path) + self.input = self.socket.makefile('rb') + self.output = self.socket.makefile('wb') + else: + if not self.input: + self.logger.info('read from stdin') + self.input = _sys.stdin.buffer + if not self.output: + self.logger.info('write to stdout') + self.output = _sys.stdout.buffer + + def disconnect(self): + if self.close_on_disconnect: + self.logger.info('disconnecting') + if self.input is not None: + self.input.close() + self.input = None + if self.output is not None: + self.output.close() + self.output = None + if self.socket is not None: + self.socket.shutdown(_socket.SHUT_RDWR) + self.socket.close() + self.socket = None + + def raise_error(self, error): + self.logger.error(str(error)) + raise(error) + + def read_response(self): + line = self.input.readline() + if not line: + self.raise_error( + _error.AssuanError(message='IPC accept call failed')) + if len(line) > _common.LINE_LENGTH: + self.raise_error( + _error.AssuanError(message='Line too long')) + if not line.endswith(b'\n'): + self.logger.info('S: {}'.format(line)) + self.raise_error( + _error.AssuanError(message='Invalid response')) + line = line[:-1] # remove trailing newline + response = _common.Response() + try: + response.from_bytes(line) + except _error.AssuanError as e: + self.logger.error(str(e)) + raise + self.logger.info('S: {}'.format(response)) + return response + + def _write_request(self, request): + self.logger.info('C: {}'.format(request)) + self.output.write(bytes(request)) + self.output.write(b'\n') + try: + self.output.flush() + except IOError: + raise + + def make_request(self, request, response=True, expect=['OK']): + self._write_request(request=request) + if response: + return self.get_responses(requests=[request], expect=expect) + + def get_responses(self, requests=None, expect=['OK']): + responses = list(self.responses()) + if responses[-1].type == 'ERR': + eresponse = responses[-1] + fields = eresponse.parameters.split(' ', 1) + code = int(fields[0]) + if len(fields) > 1: + message = fields[1].strip() + else: + message = None + error = _error.AssuanError(code=code, message=message) + if requests is not None: + error.requests = requests + error.responses = responses + raise error + if expect: + assert responses[-1].type in expect, [str(r) for r in responses] + data = [] + for response in responses: + if response.type == 'D': + data.append(response.parameters) + if data: + data = b''.join(data) + else: + data = None + return (responses, data) + + def responses(self): + while True: + response = self.read_response() + yield response + if response.type not in ['S', '#', 'D']: + break + + def send_data(self, data=None, response=True, expect=['OK']): + """Iterate through requests necessary to send ``data`` to a server. + + http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html + """ + requests = [] + if data: + encoded_data = _common.encode(data) + start = 0 + stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL + self.logger.debug('sending {} bytes of encoded data'.format( + len(encoded_data))) + while stop > start: + d = encoded_data[start:stop] + request = _common.Request( + command='D', parameters=encoded_data[start:stop], + encoded=True) + requests.append(request) + self.logger.debug('send {} byte chunk'.format(stop-start)) + self._write_request(request=request) + start = stop + stop = start + min(_common.LINE_LENGTH-4, + len(encoded_data) - start) + request = _common.Request('END') + requests.append(request) + self._write_request(request=request) + if response: + return self.get_responses(requests=requests, expect=expect) + + def send_fds(self, fds): + """Send a file descriptor over a Unix socket. + """ + msg = '# descriptors in flight: {}\n'.format(fds) + self.logger.info('C: {}'.format(msg.rstrip('\n'))) + msg = msg.encode('ascii') + return _common.send_fds( + socket=self.socket, msg=msg, fds=fds, logger=None) + + def receive_fds(self, msglen=200, maxfds=10): + """Receive file descriptors over a Unix socket. + """ + msg,fds = _common.receive_fds( + socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None) + msg = str(msg, 'utf-8') + self.logger.info('S: {}'.format(msg.rstrip('\n'))) + return fds diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/common.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/common.py new file mode 100644 index 0000000..12d21c3 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/common.py @@ -0,0 +1,314 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Items common to both the client and server +""" + +import array as _array +import re as _re +import socket as _socket + +from . import LOG as _LOG +from . import error as _error + + +LINE_LENGTH = 1002 # 1000 + [CR,]LF +_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')' +_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN) +_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii')) +_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})') +_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})') +_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z') + + +def encode(data): + r""" + + >>> encode('It grew by 5%!\n') + 'It grew by 5%25!%0A' + >>> encode(b'It grew by 5%!\n') + b'It grew by 5%25!%0A' + """ + if isinstance(data, bytes): + regexp = _ENCODE_BYTE_REGEXP + else: + regexp = _ENCODE_STR_REGEXP + return regexp.sub( + lambda x : to_hex(x.group()), data) + +def decode(data): + r""" + + >>> decode('%22Look out!%22%0AWhere%3F') + '"Look out!"\nWhere?' + >>> decode(b'%22Look out!%22%0AWhere%3F') + b'"Look out!"\nWhere?' + """ + if isinstance(data, bytes): + regexp = _DECODE_BYTE_REGEXP + else: + regexp = _DECODE_STR_REGEXP + return regexp.sub( + lambda x : from_hex(x.group()), data) + +def from_hex(code): + r""" + + >>> from_hex('%22') + '"' + >>> from_hex('%0A') + '\n' + >>> from_hex(b'%0A') + b'\n' + """ + c = chr(int(code[1:], 16)) + if isinstance(code, bytes): + c =c.encode('ascii') + return c + +def to_hex(char): + r""" + + >>> to_hex('"') + '%22' + >>> to_hex('\n') + '%0A' + >>> to_hex(b'\n') + b'%0A' + """ + hx = '%{:02X}'.format(ord(char)) + if isinstance(char, bytes): + hx = hx.encode('ascii') + return hx + + +class Request (object): + """A client request + + http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html + + >>> r = Request(command='BYE') + >>> str(r) + 'BYE' + >>> r = Request(command='OPTION', parameters='testing at 5%') + >>> str(r) + 'OPTION testing at 5%25' + >>> bytes(r) + b'OPTION testing at 5%25' + >>> r.from_bytes(b'BYE') + >>> r.command + 'BYE' + >>> print(r.parameters) + None + >>> r.from_bytes(b'OPTION testing at 5%25') + >>> r.command + 'OPTION' + >>> print(r.parameters) + testing at 5% + >>> r.from_bytes(b' invalid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 170 Invalid request + >>> r.from_bytes(b'in-valid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 170 Invalid request + """ + def __init__(self, command=None, parameters=None, encoded=False): + self.command = command + self.parameters = parameters + self.encoded = encoded + + def __str__(self): + if self.parameters: + if self.encoded: + encoded_parameters = self.parameters + else: + encoded_parameters = encode(self.parameters) + return '{} {}'.format(self.command, encoded_parameters) + return self.command + + def __bytes__(self): + if self.parameters: + if self.encoded: + encoded_parameters = self.parameters + else: + encoded_parameters = encode(self.parameters) + return '{} {}'.format( + self.command, encoded_parameters).encode('utf-8') + return self.command.encode('utf-8') + + def from_bytes(self, line): + if len(line) > 1000: # TODO: byte-vs-str and newlines? + raise _error.AssuanError(message='Line too long') + line = str(line, encoding='utf-8') + match = _REQUEST_REGEXP.match(line) + if not match: + raise _error.AssuanError(message='Invalid request') + self.command = match.group(1) + if match.group(3): + if match.group(2): + self.parameters = decode(match.group(3)) + else: + raise _error.AssuanError(message='Invalid request') + else: + self.parameters = None + + +class Response (object): + """A server response + + http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html + + >>> r = Response(type='OK') + >>> str(r) + 'OK' + >>> r = Response(type='ERR', parameters='1 General error') + >>> str(r) + 'ERR 1 General error' + >>> bytes(r) + b'ERR 1 General error' + >>> r.from_bytes(b'OK') + >>> r.type + 'OK' + >>> print(r.parameters) + None + >>> r.from_bytes(b'ERR 1 General error') + >>> r.type + 'ERR' + >>> print(r.parameters) + 1 General error + >>> r.from_bytes(b' invalid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 76 Invalid response + >>> r.from_bytes(b'in-valid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 76 Invalid response + """ + types = { + 'O': 'OK', + 'E': 'ERR', + 'S': 'S', + '#': '#', + 'D': 'D', + 'I': 'INQUIRE', + } + + def __init__(self, type=None, parameters=None): + self.type = type + self.parameters = parameters + + def __str__(self): + if self.parameters: + return '{} {}'.format(self.type, encode(self.parameters)) + return self.type + + def __bytes__(self): + if self.parameters: + if self.type == 'D': + return b' '.join((b'D', self.parameters)) + else: + return '{} {}'.format( + self.type, encode(self.parameters)).encode('utf-8') + return self.type.encode('utf-8') + + def from_bytes(self, line): + if len(line) > 1000: # TODO: byte-vs-str and newlines? + raise _error.AssuanError(message='Line too long') + if line.startswith(b'D'): + self.command = t = 'D' + else: + line = str(line, encoding='utf-8') + t = line[0] + try: + type = self.types[t] + except KeyError: + raise _error.AssuanError(message='Invalid response') + self.type = type + if type == 'D': # data + self.parameters = decode(line[2:]) + elif type == '#': # comment + self.parameters = decode(line[2:]) + else: + match = _REQUEST_REGEXP.match(line) + if not match: + raise _error.AssuanError(message='Invalid request') + if match.group(3): + if match.group(2): + self.parameters = decode(match.group(3)) + else: + raise _error.AssuanError(message='Invalid request') + else: + self.parameters = None + + +def error_response(error): + """ + + >>> from pyassuan.error import AssuanError + >>> error = AssuanError(1) + >>> response = error_response(error) + >>> print(response) + ERR 1 General error + """ + return Response(type='ERR', parameters=str(error)) + + +def send_fds(socket, msg=None, fds=None, logger=_LOG): + """Send a file descriptor over a Unix socket using ``sendmsg``. + + ``sendmsg`` suport requires Python >= 3.3. + + Code from + http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg + + Assuan equivalent is + http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd + """ + if msg is None: + msg = b''.join( + [b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n']) + if logger is not None: + logger.debug('sending file descriptors {} down {}'.format(fds, socket)) + return socket.sendmsg( + [msg], + [(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))]) + +def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG): + """Recieve file descriptors using ``recvmsg``. + + ``recvmsg`` suport requires Python >= 3.3. + + Code from http://docs.python.org/dev/library/socket.html + + Assuan equivalent is + http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd + """ + fds = _array.array('i') # Array of ints + msg,ancdata,flags,addr = socket.recvmsg( + msglen, _socket.CMSG_LEN(maxfds * fds.itemsize)) + for cmsg_level,cmsg_type,cmsg_data in ancdata: + if (cmsg_level == _socket.SOL_SOCKET and + cmsg_type == _socket.SCM_RIGHTS): + # Append data, ignoring any truncated integers at the end. + fds.fromstring( + cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)]) + if logger is not None: + logger.debug('receiving file descriptors {} from {} ({})'.format( + fds, socket, msg)) + return (msg, list(fds)) diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/error.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/error.py new file mode 100644 index 0000000..9865601 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/error.py @@ -0,0 +1,302 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Assuan errors as defined in `libgpg-error`_. + +The Assuan_ docs_ suggest these error codes. + +.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/ +.. _Assuan: + http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html +.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html +""" + +MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h + 0: 'Success', + 1: 'General error', + 2: 'Unknown packet', + 3: 'Unknown version in packet', + 4: 'Invalid public key algorithm', + 5: 'Invalid digest algorithm', + 6: 'Bad public key', + 7: 'Bad secret key', + 8: 'Bad signature', + 9: 'No public key', + 10: 'Checksum error', + 11: 'Bad passphrase', + 12: 'Invalid cipher algorithm', + 13: 'Keyring open', + 14: 'Invalid packet', + 15: 'Invalid armor', + 16: 'No user ID', + 17: 'No secret key', + 18: 'Wrong secret key used', + 19: 'Bad session key', + 20: 'Unknown compression algorithm', + 21: 'Number is not prime', + 22: 'Invalid encoding method', + 23: 'Invalid encryption scheme', + 24: 'Invalid signature scheme', + 25: 'Invalid attribute', + 26: 'No value', + 27: 'Not found', + 28: 'Value not found', + 29: 'Syntax error', + 30: 'Bad MPI value', + 31: 'Invalid passphrase', + 32: 'Invalid signature class', + 33: 'Resources exhausted', + 34: 'Invalid keyring', + 35: 'Trust DB error', + 36: 'Bad certificate', + 37: 'Invalid user ID', + 38: 'Unexpected error', + 39: 'Time conflict', + 40: 'Keyserver error', + 41: 'Wrong public key algorithm', + 42: 'Tribute to D. A.', + 43: 'Weak encryption key', + 44: 'Invalid key length', + 45: 'Invalid argument', + 46: 'Syntax error in URI', + 47: 'Invalid URI', + 48: 'Network error', + 49: 'Unknown host', + 50: 'Selftest failed', + 51: 'Data not encrypted', + 52: 'Data not processed', + 53: 'Unusable public key', + 54: 'Unusable secret key', + 55: 'Invalid value', + 56: 'Bad certificate chain', + 57: 'Missing certificate', + 58: 'No data', + 59: 'Bug', + 60: 'Not supported', + 61: 'Invalid operation code', + 62: 'Timeout', + 63: 'Internal error', + 64: 'EOF (gcrypt)', + 65: 'Invalid object', + 66: 'Provided object is too short', + 67: 'Provided object is too large', + 68: 'Missing item in object', + 69: 'Not implemented', + 70: 'Conflicting use', + 71: 'Invalid cipher mode', + 72: 'Invalid flag', + 73: 'Invalid handle', + 74: 'Result truncated', + 75: 'Incomplete line', + 76: 'Invalid response', + 77: 'No agent running', + 78: 'agent error', + 79: 'Invalid data', + 80: 'Unspecific Assuan server fault', + 81: 'General Assuan error', + 82: 'Invalid session key', + 83: 'Invalid S-expression', + 84: 'Unsupported algorithm', + 85: 'No pinentry', + 86: 'pinentry error', + 87: 'Bad PIN', + 88: 'Invalid name', + 89: 'Bad data', + 90: 'Invalid parameter', + 91: 'Wrong card', + 92: 'No dirmngr', + 93: 'dirmngr error', + 94: 'Certificate revoked', + 95: 'No CRL known', + 96: 'CRL too old', + 97: 'Line too long', + 98: 'Not trusted', + 99: 'Operation cancelled', + 100: 'Bad CA certificate', + 101: 'Certificate expired', + 102: 'Certificate too young', + 103: 'Unsupported certificate', + 104: 'Unknown S-expression', + 105: 'Unsupported protection', + 106: 'Corrupted protection', + 107: 'Ambiguous name', + 108: 'Card error', + 109: 'Card reset required', + 110: 'Card removed', + 111: 'Invalid card', + 112: 'Card not present', + 113: 'No PKCS15 application', + 114: 'Not confirmed', + 115: 'Configuration error', + 116: 'No policy match', + 117: 'Invalid index', + 118: 'Invalid ID', + 119: 'No SmartCard daemon', + 120: 'SmartCard daemon error', + 121: 'Unsupported protocol', + 122: 'Bad PIN method', + 123: 'Card not initialized', + 124: 'Unsupported operation', + 125: 'Wrong key usage', + 126: 'Nothing found', + 127: 'Wrong blob type', + 128: 'Missing value', + 129: 'Hardware problem', + 130: 'PIN blocked', + 131: 'Conditions of use not satisfied', + 132: 'PINs are not synced', + 133: 'Invalid CRL', + 134: 'BER error', + 135: 'Invalid BER', + 136: 'Element not found', + 137: 'Identifier not found', + 138: 'Invalid tag', + 139: 'Invalid length', + 140: 'Invalid key info', + 141: 'Unexpected tag', + 142: 'Not DER encoded', + 143: 'No CMS object', + 144: 'Invalid CMS object', + 145: 'Unknown CMS object', + 146: 'Unsupported CMS object', + 147: 'Unsupported encoding', + 148: 'Unsupported CMS version', + 149: 'Unknown algorithm', + 150: 'Invalid crypto engine', + 151: 'Public key not trusted', + 152: 'Decryption failed', + 153: 'Key expired', + 154: 'Signature expired', + 155: 'Encoding problem', + 156: 'Invalid state', + 157: 'Duplicated value', + 158: 'Missing action', + 159: 'ASN.1 module not found', + 160: 'Invalid OID string', + 161: 'Invalid time', + 162: 'Invalid CRL object', + 163: 'Unsupported CRL version', + 164: 'Invalid certificate object', + 165: 'Unknown name', + 166: 'A locale function failed', + 167: 'Not locked', + 168: 'Protocol violation', + 169: 'Invalid MAC', + 170: 'Invalid request', + 171: 'Unknown extension', + 172: 'Unknown critical extension', + 173: 'Locked', + 174: 'Unknown option', + 175: 'Unknown command', + 176: 'Not operational', + 177: 'No passphrase given', + 178: 'No PIN given', + 179: 'Not enabled', + 180: 'No crypto engine', + 181: 'Missing key', + 182: 'Too many objects', + 183: 'Limit reached', + 184: 'Not initialized', + 185: 'Missing issuer certificate', + 198: 'Operation fully cancelled', + 199: 'Operation not yet finished', + 200: 'Buffer too short', + 201: 'Invalid length specifier in S-expression', + 202: 'String too long in S-expression', + 203: 'Unmatched parentheses in S-expression', + 204: 'S-expression not canonical', + 205: 'Bad character in S-expression', + 206: 'Bad quotation in S-expression', + 207: 'Zero prefix in S-expression', + 208: 'Nested display hints in S-expression', + 209: 'Unmatched display hints', + 210: 'Unexpected reserved punctuation in S-expression', + 211: 'Bad hexadecimal character in S-expression', + 212: 'Odd hexadecimal numbers in S-expression', + 213: 'Bad octal character in S-expression', + 257: 'General IPC error', + 258: 'IPC accept call failed', + 259: 'IPC connect call failed', + 260: 'Invalid IPC response', + 261: 'Invalid value passed to IPC', + 262: 'Incomplete line passed to IPC', + 263: 'Line passed to IPC too long', + 264: 'Nested IPC commands', + 265: 'No data callback in IPC', + 266: 'No inquire callback in IPC', + 267: 'Not an IPC server', + 268: 'Not an IPC client', + 269: 'Problem starting IPC server', + 270: 'IPC read error', + 271: 'IPC write error', + 273: 'Too much data for IPC layer', + 274: 'Unexpected IPC command', + 275: 'Unknown IPC command', + 276: 'IPC syntax error', + 277: 'IPC call has been cancelled', + 278: 'No input source for IPC', + 279: 'No output source for IPC', + 280: 'IPC parameter error', + 281: 'Unknown IPC inquire', + 1024: 'User defined error code 1', + 1025: 'User defined error code 2', + 1026: 'User defined error code 3', + 1027: 'User defined error code 4', + 1028: 'User defined error code 5', + 1029: 'User defined error code 6', + 1030: 'User defined error code 7', + 1031: 'User defined error code 8', + 1032: 'User defined error code 9', + 1033: 'User defined error code 10', + 1034: 'User defined error code 11', + 1035: 'User defined error code 12', + 1036: 'User defined error code 13', + 1037: 'User defined error code 14', + 1038: 'User defined error code 15', + 1039: 'User defined error code 16', + 16381: 'System error w/o errno', + 16382: 'Unknown system error', + 16383: 'End of file', + } +UNKNOWN = 'Unknown error code' + +CODE = dict((message,code) for code,message in MESSAGE.items()) + +# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.) + +class AssuanError (Exception): + r""" + + >>> e = AssuanError(1) + >>> print(e) + 1 General error + >>> e = AssuanError(1024, 'testing!') + >>> print(e) + 1024 testing! + >>> e = AssuanError(message='Unknown packet') + >>> print(e) + 2 Unknown packet + """ + def __init__(self, code=None, message=None): + if code is None and message is None: + raise ValueError('missing both `code` and `message`') + if message is None: + message = MESSAGE[code] + if code is None: + code = CODE.get(message, UNKNOWN) + self.code = code + self.message = message + super(AssuanError, self).__init__('{} {}'.format(code, message)) diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/server.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/server.py new file mode 100644 index 0000000..d9f5f0a --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/server.py @@ -0,0 +1,299 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import logging as _logging +import re as _re +import socket as _socket +import sys as _sys +import threading as _threading +import traceback as _traceback + +from . import LOG as _LOG +from . import common as _common +from . import error as _error + + +_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z') + + +class AssuanServer (object): + """A single-threaded Assuan server based on the `devolpment suggestions`_ + + Extend by subclassing and adding ``_handle_XXX`` methods for each + command you want to handle. + + .. _development suggestions: + http://www.gnupg.org/documentation/manuals/assuan/Server-code.html + """ + def __init__(self, name, logger=_LOG, use_sublogger=True, + valid_options=None, strict_options=True, + single_request=False, listen_to_quit=False, + close_on_disconnect=False): + self.name = name + if use_sublogger: + logger = _logging.getLogger('{}.{}'.format(logger.name, self.name)) + self.logger = logger + if valid_options is None: + valid_options = [] + self.valid_options = valid_options + self.strict_options = strict_options + self.single_request = single_request + self.listen_to_quit = listen_to_quit + self.close_on_disconnect = close_on_disconnect + self.input = self.output = None + self.options = {} + self.reset() + + def reset(self): + self.stop = False + self.options.clear() + + def run(self): + self.reset() + self.logger.info('running') + self.connect() + try: + self.handle_requests() + finally: + self.disconnect() + self.logger.info('stopping') + + def connect(self): + if not self.input: + self.logger.info('read from stdin') + self.input = _sys.stdin.buffer + if not self.output: + self.logger.info('write to stdout') + self.output = _sys.stdout.buffer + + def disconnect(self): + if self.close_on_disconnect: + self.logger.info('disconnecting') + self.input = None + self.output = None + + def handle_requests(self): + self.send_response(_common.Response('OK', 'Your orders please')) + self.output.flush() + while not self.stop: + line = self.input.readline() + if not line: + break # EOF + if len(line) > _common.LINE_LENGTH: + self.raise_error( + _error.AssuanError(message='Line too long')) + if not line.endswith(b'\n'): + self.logger.info('C: {}'.format(line)) + self.send_error_response( + _error.AssuanError(message='Invalid request')) + continue + line = line[:-1] # remove the trailing newline + self.logger.info('C: {}'.format(line)) + request = _common.Request() + try: + request.from_bytes(line) + except _error.AssuanError as e: + self.send_error_response(e) + continue + self.handle_request(request) + + def handle_request(self, request): + try: + handle = getattr( + self, '_handle_{}'.format(request.command)) + except AttributeError: + self.logger.warn('unknown command: {}'.format(request.command)) + self.send_error_response( + _error.AssuanError(message='Unknown command')) + return + try: + responses = handle(request.parameters) + for response in responses: + self.send_response(response) + except _error.AssuanError as error: + self.send_error_response(error) + return + except Exception as e: + self.logger.error( + 'exception while executing {}:\n{}'.format( + handle, _traceback.format_exc().rstrip())) + self.send_error_response( + _error.AssuanError(message='Unspecific Assuan server fault')) + return + + def send_response(self, response): + """For internal use by ``.handle_requests()`` + """ + rstring = str(response) + self.logger.info('S: {}'.format(response)) + self.output.write(bytes(response)) + self.output.write(b'\n') + try: + self.output.flush() + except IOError: + if not self.stop: + raise + + def send_error_response(self, error): + """For internal use by ``.handle_requests()`` + """ + self.send_response(_common.error_response(error)) + + # common commands defined at + # http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html + + def _handle_BYE(self, arg): + if self.single_request: + self.stop = True + yield _common.Response('OK', 'closing connection') + + def _handle_RESET(self, arg): + self.reset() + + def _handle_END(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_HELP(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_QUIT(self, arg): + if self.listen_to_quit: + self.stop = True + yield _common.Response('OK', 'stopping the server') + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_OPTION(self, arg): + """ + + >>> s = AssuanServer(name='test', valid_options=['my-op']) + >>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': '1'} + >>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': '2'} + >>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': '3'} + >>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': None} + >>> list(s._handle_OPTION('inv')) + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 174 Unknown option + >>> list(s._handle_OPTION('in|valid')) + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 90 Invalid parameter + """ + match = _OPTION_REGEXP.match(arg) + if not match: + raise _error.AssuanError(message='Invalid parameter') + name,space,equal,value = match.groups() + if value and not space and not equal: + # need either space or equal to separate value + raise _error.AssuanError(message='Invalid parameter') + if name not in self.valid_options: + if self.strict_options: + raise _error.AssuanError(message='Unknown option') + else: + self.logger.info('skipping invalid option: {}'.format(name)) + else: + if not value: + value = None + self.options[name] = value + yield _common.Response('OK') + + def _handle_CANCEL(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_AUTH(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + +class AssuanSocketServer (object): + """A threaded server spawning ``AssuanServer``\s for each connection + """ + def __init__(self, name, socket, server, kwargs={}, max_threads=10, + logger=_LOG, use_sublogger=True): + self.name = name + if use_sublogger: + logger = _logging.getLogger('{}.{}'.format(logger.name, self.name)) + self.logger = logger + self.socket = socket + self.server = server + assert 'name' not in kwargs, kwargs['name'] + assert 'logger' not in kwargs, kwargs['logger'] + kwargs['logger'] = self.logger + assert 'use_sublogger' not in kwargs, kwargs['use_sublogger'] + kwargs['use_sublogger'] = True + if 'close_on_disconnect' in kwargs: + assert kwargs['close_on_disconnect'] == True, ( + kwargs['close_on_disconnect']) + else: + kwargs['close_on_disconnect'] = True + self.kwargs = kwargs + self.max_threads = max_threads + self.threads = [] + + def run(self): + self.logger.info('listen on socket') + self.socket.listen() + thread_index = 0 + while True: + socket,address = self.socket.accept() + self.logger.info('connection from {}'.format(address)) + self.cleanup_threads() + if len(threads) > self.max_threads: + self.drop_connection(socket, address) + self.spawn_thread( + 'server-thread-{}'.format(thread_index), socket, address) + thread_index = (thread_index + 1) % self.max_threads + + def cleanup_threads(self): + i = 0 + while i < len(self.threads): + thread = self.threads[i] + thread.join(0) + if thread.is_alive(): + self.logger.info('joined thread {}'.format(thread.name)) + self.threads.pop(i) + thread.socket.shutdown() + thread.socket.close() + else: + i += 1 + + def drop_connection(self, socket, address): + self.logger.info('drop connection from {}'.format(address)) + # TODO: proper error to send to the client? + + def spawn_thread(self, name, socket, address): + server = self.server(name=name, **self.kwargs) + server.input = socket.makefile('rb') + server.output = socket.makefile('wb') + thread = _threading.Thread(target=server.run, name=name) + thread.start() + self.threads.append(thread) diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_common.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_common.py new file mode 100644 index 0000000..325b49b --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_common.py @@ -0,0 +1,25 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import doctest +import unittest + +from . import common + + +def load_tests(loader, tests, ignore): + tests.addTests(doctest.DocTestSuite(common)) + return tests diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_error.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_error.py new file mode 100644 index 0000000..af7badf --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_error.py @@ -0,0 +1,25 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import doctest +import unittest + +from . import error + + +def load_tests(loader, tests, ignore): + tests.addTests(doctest.DocTestSuite(error)) + return tests diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_server.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_server.py new file mode 100644 index 0000000..a3a4f57 --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_server.py @@ -0,0 +1,25 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import doctest +import unittest + +from . import server + + +def load_tests(loader, tests, ignore): + tests.addTests(doctest.DocTestSuite(server)) + return tests diff --git a/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/setup.py b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/setup.py new file mode 100644 index 0000000..a1f98fc --- /dev/null +++ b/roles/toxcore/net/Git/http-git.tremily.us/pyassuan/setup.py @@ -0,0 +1,54 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"Python module and tools for communicating in the Assuan protocol." + +from distutils.core import setup as _setup +import os.path as _os_path + +from pyassuan import __version__ + + +_this_dir = _os_path.dirname(__file__) + +_setup( + name='pyassuan', + version=__version__, + maintainer='W. Trevor King', + maintainer_email='wking@tremily.us', + url='http://blog.tremily.us/posts/pyassuan/', + download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__), + license = 'GNU General Public License (GPL)', + platforms = ['all'], + description = __doc__, + long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(), + classifiers = [ + 'Development Status :: 3 - Alpha', + 'Intended Audience :: Developers', + 'Operating System :: OS Independent', + 'License :: OSI Approved :: GNU General Public License (GPL)', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.3', + 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', + 'Topic :: Security :: Cryptography', + 'Topic :: Software Development' + ], + scripts = ['bin/get-info.py', 'bin/pinentry.py'], + packages = ['pyassuan'], + provides = ['pyassuan'], + ) diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/COPYING b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/COPYING new file mode 100644 index 0000000..94a9ed0 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/COPYING @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/README b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/README new file mode 100644 index 0000000..dbefa15 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/README @@ -0,0 +1,91 @@ +Python module and tools for communicating in the Assuan_ protocol. + +There are a number of GnuPG_ wrappers for python `out there`__, but +they mostly work via the ``gpg`` executable. This is an attempt to +cut to the chase and speak directly to ``gpgme-tool`` (source__) over +a well-defined socket protocol. + +__ wrappers_ +__ gpgme-tool_ + +Installation +============ + +Packages +-------- + +Gentoo +~~~~~~ + +I've packaged ``pyassuan`` for Gentoo_. You need layman_ and +my `wtk overlay`_. Install with:: + + # emerge -av app-portage/layman + # layman --add wtk + # emerge -av dev-python/pyassuan + +Dependencies +------------ + +``pyassuan`` is a simple package with no external dependencies outside +the Python 3.3+ standard library. + +Installing by hand +------------------ + +``pyassuan`` is available as a Git_ repository:: + + $ git clone git://tremily.us/pyassuan.git + +See the homepage_ for details. To install the checkout, run the +standard:: + + $ python setup.py install + +Usage +===== + +Checkout the docstrings and the examples in ``bin``. + +Testing +======= + +Run the internal unit tests with `Python 3.2+'s unittest discovery`__:: + + $ python -m unittest discover + +To test running servers by hand, you can use `gpg-connect-agent`_. +Despite the name, this program can connect to any Assuan server:: + + $ gpg-connect-agent --raw-socket name + +__ unittest-discovery_ + +Licence +======= + +This project is distributed under the `GNU General Public License +Version 3`_ or greater. + +Author +====== + +W. Trevor King +wking@tremily.us + + +.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/ +.. _GnuPG: http://www.gnupg.org/ +.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard +.. _gpgme-tool: + http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD +.. _Gentoo: http://www.gentoo.org/ +.. _layman: http://layman.sourceforge.net/ +.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/ +.. _Git: http://git-scm.com/ +.. _homepage: http://blog.tremily.us/posts/pyassuan/ +.. _gpg-connect-agent: + http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html +.. _unittest-discovery: + https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery +.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/bin/get-info.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/bin/get-info.py new file mode 100755 index 0000000..6b25578 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/bin/get-info.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Simple pinentry program for getting server info. +""" + +from pyassuan import __version__ +from pyassuan import client as _client +from pyassuan import common as _common +from pyassuan import error as _error + + +if __name__ == '__main__': + import argparse + import logging + + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument( + '-v', '--version', action='version', + version='%(prog)s {}'.format(__version__)) + parser.add_argument( + '-V', '--verbose', action='count', default=0, + help='increase verbosity') + parser.add_argument( + 'filename', + help="path to server's unix socket") + + args = parser.parse_args() + + client = _client.AssuanClient(name='get-info', close_on_disconnect=True) + + if args.verbose: + client.logger.setLevel(max( + logging.DEBUG, client.logger.level - 10*args.verbose)) + + client.connect(socket_path=args.filename) + try: + response = client.read_response() + assert response.type == 'OK', response + client.make_request(_common.Request('HELP')) + client.make_request(_common.Request('HELP GETINFO')) + for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']: + try: + client.make_request(_common.Request('GETINFO', attribute)) + except _error.AssuanError as e: + if e.message.startswith('No data'): + pass + else: + raise + finally: + client.make_request(_common.Request('BYE')) + client.disconnect() diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/bin/pinentry.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/bin/pinentry.py new file mode 100755 index 0000000..9a7380a --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/bin/pinentry.py @@ -0,0 +1,393 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2012-2017 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Simple pinentry program for getting pins from a terminal. +""" + +import copy as _copy +import os as _os +import os.path as _os_path +import pprint as _pprint +import re as _re +import signal as _signal +import sys as _sys +import termios as _termios + +from pyassuan import __version__ +from pyassuan import server as _server +from pyassuan import common as _common +from pyassuan import error as _error + + +class PinEntry (_server.AssuanServer): + """pinentry protocol server + + See ``pinentry-0.8.0/doc/pinentry.texi`` at:: + + ftp://ftp.gnupg.org/gcrypt/pinentry/ + http://www.gnupg.org/aegypten/ + + for details on the pinentry interface. + + Alternatively, you can just watch the logs and guess ;). Here's a + trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3):: + + S: OK Your orders please + C: OPTION grab + S: OK + C: OPTION ttyname=/dev/pts/6 + S: OK + C: OPTION ttytype=xterm + S: OK + C: OPTION lc-ctype=en_US.UTF-8 + S: OK + C: OPTION lc-messages=en_US.UTF-8 + S: OK + C: OPTION allow-external-password-cache + S: OK + C: OPTION default-ok=_OK + S: OK + C: OPTION default-cancel=_Cancel + S: OK + C: OPTION default-yes=_Yes + S: OK + C: OPTION default-no=_No + S: OK + C: OPTION default-prompt=PIN: + S: OK + C: OPTION default-pwmngr=_Save in password manager + S: OK + C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen? + S: OK + C: OPTION default-tt-visi=Make passphrase visible + S: OK + C: OPTION default-tt-hide=Hide passphrase + S: OK + C: GETINFO pid + S: D 14309 + S: OK + C: SETKEYINFO u/S9464F2C2825D2FE3 + S: OK + C: SETDESC Enter passphrase%0A + S: OK + C: SETPROMPT Passphrase + S: OK + C: GETPIN + S: D testing! + S: OK + C: BYE + S: OK closing connection + """ + _digit_regexp = _re.compile(r'\d+') + + # from proc(5): pid comm state ppid pgrp session tty_nr tpgid + _tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)') + + def __init__(self, name='pinentry', strict_options=False, + single_request=True, **kwargs): + self.strings = {} + self.connection = {} + super(PinEntry, self).__init__( + name=name, strict_options=strict_options, + single_request=single_request, **kwargs) + self.valid_options.append('ttyname') + + def reset(self): + super(PinEntry, self).reset() + self.strings.clear() + self.connection.clear() + + # user interface + + def _connect(self): + self.logger.info('connecting to user') + self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options))) + tty_name = self.options.get('ttyname', None) + if tty_name: + self.connection['tpgrp'] = self._get_pgrp(tty_name) + self.logger.info( + 'open to-user output stream for {}'.format(tty_name)) + self.connection['to_user'] = open(tty_name, 'w') + self.logger.info( + 'open from-user input stream for {}'.format(tty_name)) + self.connection['from_user'] = open(tty_name, 'r') + self.logger.info('get current termios line discipline') + self.connection['original termios'] = _termios.tcgetattr( + self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...] + new_termios = _copy.deepcopy(self.connection['original termios']) + # translate carriage return to newline on input + new_termios[0] |= _termios.ICRNL + # do not ignore carriage return on input + new_termios[0] &= ~_termios.IGNCR + # do not echo input characters + new_termios[3] &= ~_termios.ECHO + # echo input characters + #new_termios[3] |= _termios.ECHO + # echo the NL character even if ECHO is not set + new_termios[3] |= _termios.ECHONL + # enable canonical mode + new_termios[3] |= _termios.ICANON + self.logger.info('adjust termios line discipline') + _termios.tcsetattr( + self.connection['to_user'], _termios.TCSANOW, new_termios) + self.logger.info('send SIGSTOP to pgrp {}'.format( + self.connection['tpgrp'])) + #_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP) + _os.kill(-self.connection['tpgrp'], _signal.SIGSTOP) + self.connection['tpgrp stopped'] = True + else: + self.logger.info('no TTY name given; use stdin/stdout for I/O') + self.connection['to_user'] = _sys.stdout + self.connection['from_user'] = _sys.stdin + self.logger.info('connected to user') + self.connection['to_user'].write('\n') # give a clean line to work on + self.connection['active'] = True + + def _disconnect(self): + self.logger.info('disconnecting from user') + try: + if self.connection.get('original termios', None): + self.logger.info('restore original termios line discipline') + _termios.tcsetattr( + self.connection['to_user'], _termios.TCSANOW, + self.connection['original termios']) + if self.connection.get('tpgrp stopped', None) is True: + self.logger.info( + 'send SIGCONT to pgrp {}'.format(self.connection['tpgrp'])) + #_os.killpg(self.connection['tpgrp'], _signal.SIGCONT) + _os.kill(-self.connection['tpgrp'], _signal.SIGCONT) + if self.connection.get('to_user', None) not in [None, _sys.stdout]: + self.logger.info('close to-user output stream') + self.connection['to_user'].close() + if self.connection.get('from_user',None) not in [None,_sys.stdout]: + self.logger.info('close from-user input stream') + self.connection['from_user'].close() + finally: + self.connection = {'active': False} + self.logger.info('disconnected from user') + + def _get_pgrp(self, tty_name): + self.logger.info('find process group contolling {}'.format(tty_name)) + proc = '/proc' + for name in _os.listdir(proc): + path = _os_path.join(proc, name) + if not (self._digit_regexp.match(name) and _os_path.isdir(path)): + continue # not a process directory + self.logger.debug('checking process {}'.format(name)) + fd_path = _os_path.join(path, 'fd', '0') + try: + link = _os.readlink(fd_path) + except OSError as e: + self.logger.debug('not our process: {}'.format(e)) + continue # permission denied (not one of our processes) + if link != tty_name: + self.logger.debug('wrong tty: {}'.format(link)) + continue # not attached to our target tty + stat_path = _os_path.join(path, 'stat') + stat = open(stat_path, 'r').read() + self.logger.debug('check stat for pgrp: {}'.format(stat)) + match = self._tpgrp_regexp.match(stat) + assert match != None, stat + pgrp = int(match.group(1)) + self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name)) + return pgrp + raise ValueError(tty_name) + + def _write(self, string): + "Write text to the user's terminal." + self.connection['to_user'].write(string + '\n') + self.connection['to_user'].flush() + + def _read(self): + "Read and return a line from the user's terminal." + # drop trailing newline + return self.connection['from_user'].readline()[:-1] + + def _prompt(self, prompt='?', error=None, add_colon=True): + if add_colon: + prompt += ':' + if error: + self.connection['to_user'].write(error) + self.connection['to_user'].write('\n') + self.connection['to_user'].write(prompt) + self.connection['to_user'].write(' ') + self.connection['to_user'].flush() + return self._read() + + # assuan handlers + + def _handle_GETINFO(self, arg): + if arg == 'pid': + yield _common.Response('D', str(_os.getpid()).encode('ascii')) + elif arg == 'version': + yield _common.Response('D', __version__.encode('ascii')) + else: + raise _error.AssuanError(message='Invalid parameter') + yield _common.Response('OK') + + def _handle_SETKEYINFO(self, arg): + self.strings['key info'] = arg + yield _common.Response('OK') + + def _handle_CLEARPASSPHRASE(self, arg): + yield _common.Response('OK') + + def _handle_SETDESC(self, arg): + self.strings['description'] = arg + yield _common.Response('OK') + + def _handle_SETPROMPT(self, arg): + self.strings['prompt'] = arg + yield _common.Response('OK') + + def _handle_SETERROR(self, arg): + self.strings['error'] = arg + yield _common.Response('OK') + + def _handle_SETTITLE(self, arg): + self.strings['title'] = arg + yield _common.Response('OK') + + def _handle_SETOK(self, arg): + self.strings['ok'] = arg + yield _common.Response('OK') + + def _handle_SETCANCEL(self, arg): + self.strings['cancel'] = arg + yield _common.Response('OK') + + def _handle_SETNOTOK(self, arg): + self.strings['not ok'] = arg + yield _common.Response('OK') + + def _handle_SETQUALITYBAR(self, arg): + """Adds a quality indicator to the GETPIN window. + + This indicator is updated as the passphrase is typed. The + clients needs to implement an inquiry named "QUALITY" which + gets passed the current passphrase (percent-plus escaped) and + should send back a string with a single numerical vauelue + between -100 and 100. Negative values will be displayed in + red. + + If a custom label for the quality bar is required, just add + that label as an argument as percent escaped string. You will + need this feature to translate the label because pinentry has + no internal gettext except for stock strings from the toolkit + library. + + If you want to show a tooltip for the quality bar, you may use + + C: SETQUALITYBAR_TT string + S: OK + + With STRING being a percent escaped string shown as the tooltip. + + Here is a real world example of these commands in use: + + C: SETQUALITYBAR Quality%3a + S: OK + C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria. + S: OK + """ + self.strings['qualitybar'] = arg + yield _common.Response('OK') + + def _handle_SETQUALITYBAR_TT(self, arg): + self.strings['qualitybar_tooltip'] = arg + yield _common.Response('OK') + + def _handle_GETPIN(self, arg): + try: + self._connect() + self._write(self.strings['description']) + if 'key info' in self.strings: + self._write('key: {}'.format(self.strings['key info'])) + if 'qualitybar' in self.strings: + self._write(self.strings['qualitybar']) + pin = self._prompt( + prompt=self.strings['prompt'], + error=self.strings.get('error'), + add_colon=False) + finally: + self._disconnect() + yield _common.Response('D', pin.encode('ascii')) + yield _common.Response('OK') + + def _handle_CONFIRM(self, arg): + try: + self._connect() + self._write(self.strings['description']) + self._write('1) '+self.strings['ok']) + self._write('2) '+self.strings['not ok']) + value = self._prompt('?') + finally: + self._disconnect() + if value == '1': + yield _common.Response('OK') + else: + raise _error.AssuanError(message='Not confirmed') + + def _handle_MESSAGE(self, arg): + self._write(self.strings['description']) + yield _common.Response('OK') + + def _handle_CONFIRM(self, args): + assert args == '--one-button', args + try: + self._connect() + self._write(self.strings['description']) + self._write('1) '+self.strings['ok']) + value = self._prompt('?') + finally: + self._disconnect() + assert value == '1', value + yield _common.Response('OK') + + +if __name__ == '__main__': + import argparse + import logging + import traceback + + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument( + '-v', '--version', action='version', + version='%(prog)s {}'.format(__version__)) + parser.add_argument( + '-V', '--verbose', action='count', default=0, + help='increase verbosity') + parser.add_argument( + '--display', + help='set X display (ignored by this implementation)') + + args = parser.parse_args() + + p = PinEntry() + + if args.verbose: + p.logger.setLevel(max( + logging.DEBUG, p.logger.level - 10*args.verbose)) + + try: + p.run() + except: + p.logger.error( + 'exiting due to exception:\n{}'.format( + traceback.format_exc().rstrip())) + raise diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/__init__.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/__init__.py new file mode 100644 index 0000000..4c075c8 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/__init__.py @@ -0,0 +1,34 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""A Python implementation of the `Assuan protocol`_. + +.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/ +""" + +import logging as _logging +import logging.handlers as _logging_handlers + + +__version__ = '0.2' + +LOG = _logging.getLogger('pyassuan') +LOG.setLevel(_logging.ERROR) +LOG.addHandler(_logging.StreamHandler()) +#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log')) +#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log')) +LOG.handlers[0].setFormatter( + _logging.Formatter('%(name)s: %(levelname)s: %(message)s')) diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/client.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/client.py new file mode 100644 index 0000000..fc4bc5e --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/client.py @@ -0,0 +1,190 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import logging as _logging +import socket as _socket +import sys as _sys + +from . import LOG as _LOG +from . import common as _common +from . import error as _error + + +class AssuanClient (object): + """A single-threaded Assuan client based on the `development suggestions`_ + + .. _development suggestions: + http://www.gnupg.org/documentation/manuals/assuan/Client-code.html + """ + def __init__(self, name, logger=_LOG, use_sublogger=True, + close_on_disconnect=False): + self.name = name + if use_sublogger: + logger = _logging.getLogger('{}.{}'.format(logger.name, self.name)) + self.logger = logger + self.close_on_disconnect = close_on_disconnect + self.input = self.output = self.socket = None + + def connect(self, socket_path=None): + if socket_path: + self.logger.info( + 'connect to Unix socket at {}'.format(socket_path)) + self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM) + self.socket.connect(socket_path) + self.input = self.socket.makefile('rb') + self.output = self.socket.makefile('wb') + else: + if not self.input: + self.logger.info('read from stdin') + self.input = _sys.stdin.buffer + if not self.output: + self.logger.info('write to stdout') + self.output = _sys.stdout.buffer + + def disconnect(self): + if self.close_on_disconnect: + self.logger.info('disconnecting') + if self.input is not None: + self.input.close() + self.input = None + if self.output is not None: + self.output.close() + self.output = None + if self.socket is not None: + self.socket.shutdown(_socket.SHUT_RDWR) + self.socket.close() + self.socket = None + + def raise_error(self, error): + self.logger.error(str(error)) + raise(error) + + def read_response(self): + line = self.input.readline() + if not line: + self.raise_error( + _error.AssuanError(message='IPC accept call failed')) + if len(line) > _common.LINE_LENGTH: + self.raise_error( + _error.AssuanError(message='Line too long')) + if not line.endswith(b'\n'): + self.logger.info('S: {}'.format(line)) + self.raise_error( + _error.AssuanError(message='Invalid response')) + line = line[:-1] # remove trailing newline + response = _common.Response() + try: + response.from_bytes(line) + except _error.AssuanError as e: + self.logger.error(str(e)) + raise + self.logger.info('S: {}'.format(response)) + return response + + def _write_request(self, request): + self.logger.info('C: {}'.format(request)) + self.output.write(bytes(request)) + self.output.write(b'\n') + try: + self.output.flush() + except IOError: + raise + + def make_request(self, request, response=True, expect=['OK']): + self._write_request(request=request) + if response: + return self.get_responses(requests=[request], expect=expect) + + def get_responses(self, requests=None, expect=['OK']): + responses = list(self.responses()) + if responses[-1].type == 'ERR': + eresponse = responses[-1] + fields = eresponse.parameters.split(' ', 1) + code = int(fields[0]) + if len(fields) > 1: + message = fields[1].strip() + else: + message = None + error = _error.AssuanError(code=code, message=message) + if requests is not None: + error.requests = requests + error.responses = responses + raise error + if expect: + assert responses[-1].type in expect, [str(r) for r in responses] + data = [] + for response in responses: + if response.type == 'D': + data.append(response.parameters) + if data: + data = b''.join(data) + else: + data = None + return (responses, data) + + def responses(self): + while True: + response = self.read_response() + yield response + if response.type not in ['S', '#', 'D']: + break + + def send_data(self, data=None, response=True, expect=['OK']): + """Iterate through requests necessary to send ``data`` to a server. + + http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html + """ + requests = [] + if data: + encoded_data = _common.encode(data) + start = 0 + stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL + self.logger.debug('sending {} bytes of encoded data'.format( + len(encoded_data))) + while stop > start: + d = encoded_data[start:stop] + request = _common.Request( + command='D', parameters=encoded_data[start:stop], + encoded=True) + requests.append(request) + self.logger.debug('send {} byte chunk'.format(stop-start)) + self._write_request(request=request) + start = stop + stop = start + min(_common.LINE_LENGTH-4, + len(encoded_data) - start) + request = _common.Request('END') + requests.append(request) + self._write_request(request=request) + if response: + return self.get_responses(requests=requests, expect=expect) + + def send_fds(self, fds): + """Send a file descriptor over a Unix socket. + """ + msg = '# descriptors in flight: {}\n'.format(fds) + self.logger.info('C: {}'.format(msg.rstrip('\n'))) + msg = msg.encode('ascii') + return _common.send_fds( + socket=self.socket, msg=msg, fds=fds, logger=None) + + def receive_fds(self, msglen=200, maxfds=10): + """Receive file descriptors over a Unix socket. + """ + msg,fds = _common.receive_fds( + socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None) + msg = str(msg, 'utf-8') + self.logger.info('S: {}'.format(msg.rstrip('\n'))) + return fds diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/common.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/common.py new file mode 100644 index 0000000..12d21c3 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/common.py @@ -0,0 +1,314 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Items common to both the client and server +""" + +import array as _array +import re as _re +import socket as _socket + +from . import LOG as _LOG +from . import error as _error + + +LINE_LENGTH = 1002 # 1000 + [CR,]LF +_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')' +_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN) +_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii')) +_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})') +_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})') +_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z') + + +def encode(data): + r""" + + >>> encode('It grew by 5%!\n') + 'It grew by 5%25!%0A' + >>> encode(b'It grew by 5%!\n') + b'It grew by 5%25!%0A' + """ + if isinstance(data, bytes): + regexp = _ENCODE_BYTE_REGEXP + else: + regexp = _ENCODE_STR_REGEXP + return regexp.sub( + lambda x : to_hex(x.group()), data) + +def decode(data): + r""" + + >>> decode('%22Look out!%22%0AWhere%3F') + '"Look out!"\nWhere?' + >>> decode(b'%22Look out!%22%0AWhere%3F') + b'"Look out!"\nWhere?' + """ + if isinstance(data, bytes): + regexp = _DECODE_BYTE_REGEXP + else: + regexp = _DECODE_STR_REGEXP + return regexp.sub( + lambda x : from_hex(x.group()), data) + +def from_hex(code): + r""" + + >>> from_hex('%22') + '"' + >>> from_hex('%0A') + '\n' + >>> from_hex(b'%0A') + b'\n' + """ + c = chr(int(code[1:], 16)) + if isinstance(code, bytes): + c =c.encode('ascii') + return c + +def to_hex(char): + r""" + + >>> to_hex('"') + '%22' + >>> to_hex('\n') + '%0A' + >>> to_hex(b'\n') + b'%0A' + """ + hx = '%{:02X}'.format(ord(char)) + if isinstance(char, bytes): + hx = hx.encode('ascii') + return hx + + +class Request (object): + """A client request + + http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html + + >>> r = Request(command='BYE') + >>> str(r) + 'BYE' + >>> r = Request(command='OPTION', parameters='testing at 5%') + >>> str(r) + 'OPTION testing at 5%25' + >>> bytes(r) + b'OPTION testing at 5%25' + >>> r.from_bytes(b'BYE') + >>> r.command + 'BYE' + >>> print(r.parameters) + None + >>> r.from_bytes(b'OPTION testing at 5%25') + >>> r.command + 'OPTION' + >>> print(r.parameters) + testing at 5% + >>> r.from_bytes(b' invalid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 170 Invalid request + >>> r.from_bytes(b'in-valid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 170 Invalid request + """ + def __init__(self, command=None, parameters=None, encoded=False): + self.command = command + self.parameters = parameters + self.encoded = encoded + + def __str__(self): + if self.parameters: + if self.encoded: + encoded_parameters = self.parameters + else: + encoded_parameters = encode(self.parameters) + return '{} {}'.format(self.command, encoded_parameters) + return self.command + + def __bytes__(self): + if self.parameters: + if self.encoded: + encoded_parameters = self.parameters + else: + encoded_parameters = encode(self.parameters) + return '{} {}'.format( + self.command, encoded_parameters).encode('utf-8') + return self.command.encode('utf-8') + + def from_bytes(self, line): + if len(line) > 1000: # TODO: byte-vs-str and newlines? + raise _error.AssuanError(message='Line too long') + line = str(line, encoding='utf-8') + match = _REQUEST_REGEXP.match(line) + if not match: + raise _error.AssuanError(message='Invalid request') + self.command = match.group(1) + if match.group(3): + if match.group(2): + self.parameters = decode(match.group(3)) + else: + raise _error.AssuanError(message='Invalid request') + else: + self.parameters = None + + +class Response (object): + """A server response + + http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html + + >>> r = Response(type='OK') + >>> str(r) + 'OK' + >>> r = Response(type='ERR', parameters='1 General error') + >>> str(r) + 'ERR 1 General error' + >>> bytes(r) + b'ERR 1 General error' + >>> r.from_bytes(b'OK') + >>> r.type + 'OK' + >>> print(r.parameters) + None + >>> r.from_bytes(b'ERR 1 General error') + >>> r.type + 'ERR' + >>> print(r.parameters) + 1 General error + >>> r.from_bytes(b' invalid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 76 Invalid response + >>> r.from_bytes(b'in-valid') + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 76 Invalid response + """ + types = { + 'O': 'OK', + 'E': 'ERR', + 'S': 'S', + '#': '#', + 'D': 'D', + 'I': 'INQUIRE', + } + + def __init__(self, type=None, parameters=None): + self.type = type + self.parameters = parameters + + def __str__(self): + if self.parameters: + return '{} {}'.format(self.type, encode(self.parameters)) + return self.type + + def __bytes__(self): + if self.parameters: + if self.type == 'D': + return b' '.join((b'D', self.parameters)) + else: + return '{} {}'.format( + self.type, encode(self.parameters)).encode('utf-8') + return self.type.encode('utf-8') + + def from_bytes(self, line): + if len(line) > 1000: # TODO: byte-vs-str and newlines? + raise _error.AssuanError(message='Line too long') + if line.startswith(b'D'): + self.command = t = 'D' + else: + line = str(line, encoding='utf-8') + t = line[0] + try: + type = self.types[t] + except KeyError: + raise _error.AssuanError(message='Invalid response') + self.type = type + if type == 'D': # data + self.parameters = decode(line[2:]) + elif type == '#': # comment + self.parameters = decode(line[2:]) + else: + match = _REQUEST_REGEXP.match(line) + if not match: + raise _error.AssuanError(message='Invalid request') + if match.group(3): + if match.group(2): + self.parameters = decode(match.group(3)) + else: + raise _error.AssuanError(message='Invalid request') + else: + self.parameters = None + + +def error_response(error): + """ + + >>> from pyassuan.error import AssuanError + >>> error = AssuanError(1) + >>> response = error_response(error) + >>> print(response) + ERR 1 General error + """ + return Response(type='ERR', parameters=str(error)) + + +def send_fds(socket, msg=None, fds=None, logger=_LOG): + """Send a file descriptor over a Unix socket using ``sendmsg``. + + ``sendmsg`` suport requires Python >= 3.3. + + Code from + http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg + + Assuan equivalent is + http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd + """ + if msg is None: + msg = b''.join( + [b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n']) + if logger is not None: + logger.debug('sending file descriptors {} down {}'.format(fds, socket)) + return socket.sendmsg( + [msg], + [(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))]) + +def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG): + """Recieve file descriptors using ``recvmsg``. + + ``recvmsg`` suport requires Python >= 3.3. + + Code from http://docs.python.org/dev/library/socket.html + + Assuan equivalent is + http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd + """ + fds = _array.array('i') # Array of ints + msg,ancdata,flags,addr = socket.recvmsg( + msglen, _socket.CMSG_LEN(maxfds * fds.itemsize)) + for cmsg_level,cmsg_type,cmsg_data in ancdata: + if (cmsg_level == _socket.SOL_SOCKET and + cmsg_type == _socket.SCM_RIGHTS): + # Append data, ignoring any truncated integers at the end. + fds.fromstring( + cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)]) + if logger is not None: + logger.debug('receiving file descriptors {} from {} ({})'.format( + fds, socket, msg)) + return (msg, list(fds)) diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/error.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/error.py new file mode 100644 index 0000000..9865601 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/error.py @@ -0,0 +1,302 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"""Assuan errors as defined in `libgpg-error`_. + +The Assuan_ docs_ suggest these error codes. + +.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/ +.. _Assuan: + http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html +.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html +""" + +MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h + 0: 'Success', + 1: 'General error', + 2: 'Unknown packet', + 3: 'Unknown version in packet', + 4: 'Invalid public key algorithm', + 5: 'Invalid digest algorithm', + 6: 'Bad public key', + 7: 'Bad secret key', + 8: 'Bad signature', + 9: 'No public key', + 10: 'Checksum error', + 11: 'Bad passphrase', + 12: 'Invalid cipher algorithm', + 13: 'Keyring open', + 14: 'Invalid packet', + 15: 'Invalid armor', + 16: 'No user ID', + 17: 'No secret key', + 18: 'Wrong secret key used', + 19: 'Bad session key', + 20: 'Unknown compression algorithm', + 21: 'Number is not prime', + 22: 'Invalid encoding method', + 23: 'Invalid encryption scheme', + 24: 'Invalid signature scheme', + 25: 'Invalid attribute', + 26: 'No value', + 27: 'Not found', + 28: 'Value not found', + 29: 'Syntax error', + 30: 'Bad MPI value', + 31: 'Invalid passphrase', + 32: 'Invalid signature class', + 33: 'Resources exhausted', + 34: 'Invalid keyring', + 35: 'Trust DB error', + 36: 'Bad certificate', + 37: 'Invalid user ID', + 38: 'Unexpected error', + 39: 'Time conflict', + 40: 'Keyserver error', + 41: 'Wrong public key algorithm', + 42: 'Tribute to D. A.', + 43: 'Weak encryption key', + 44: 'Invalid key length', + 45: 'Invalid argument', + 46: 'Syntax error in URI', + 47: 'Invalid URI', + 48: 'Network error', + 49: 'Unknown host', + 50: 'Selftest failed', + 51: 'Data not encrypted', + 52: 'Data not processed', + 53: 'Unusable public key', + 54: 'Unusable secret key', + 55: 'Invalid value', + 56: 'Bad certificate chain', + 57: 'Missing certificate', + 58: 'No data', + 59: 'Bug', + 60: 'Not supported', + 61: 'Invalid operation code', + 62: 'Timeout', + 63: 'Internal error', + 64: 'EOF (gcrypt)', + 65: 'Invalid object', + 66: 'Provided object is too short', + 67: 'Provided object is too large', + 68: 'Missing item in object', + 69: 'Not implemented', + 70: 'Conflicting use', + 71: 'Invalid cipher mode', + 72: 'Invalid flag', + 73: 'Invalid handle', + 74: 'Result truncated', + 75: 'Incomplete line', + 76: 'Invalid response', + 77: 'No agent running', + 78: 'agent error', + 79: 'Invalid data', + 80: 'Unspecific Assuan server fault', + 81: 'General Assuan error', + 82: 'Invalid session key', + 83: 'Invalid S-expression', + 84: 'Unsupported algorithm', + 85: 'No pinentry', + 86: 'pinentry error', + 87: 'Bad PIN', + 88: 'Invalid name', + 89: 'Bad data', + 90: 'Invalid parameter', + 91: 'Wrong card', + 92: 'No dirmngr', + 93: 'dirmngr error', + 94: 'Certificate revoked', + 95: 'No CRL known', + 96: 'CRL too old', + 97: 'Line too long', + 98: 'Not trusted', + 99: 'Operation cancelled', + 100: 'Bad CA certificate', + 101: 'Certificate expired', + 102: 'Certificate too young', + 103: 'Unsupported certificate', + 104: 'Unknown S-expression', + 105: 'Unsupported protection', + 106: 'Corrupted protection', + 107: 'Ambiguous name', + 108: 'Card error', + 109: 'Card reset required', + 110: 'Card removed', + 111: 'Invalid card', + 112: 'Card not present', + 113: 'No PKCS15 application', + 114: 'Not confirmed', + 115: 'Configuration error', + 116: 'No policy match', + 117: 'Invalid index', + 118: 'Invalid ID', + 119: 'No SmartCard daemon', + 120: 'SmartCard daemon error', + 121: 'Unsupported protocol', + 122: 'Bad PIN method', + 123: 'Card not initialized', + 124: 'Unsupported operation', + 125: 'Wrong key usage', + 126: 'Nothing found', + 127: 'Wrong blob type', + 128: 'Missing value', + 129: 'Hardware problem', + 130: 'PIN blocked', + 131: 'Conditions of use not satisfied', + 132: 'PINs are not synced', + 133: 'Invalid CRL', + 134: 'BER error', + 135: 'Invalid BER', + 136: 'Element not found', + 137: 'Identifier not found', + 138: 'Invalid tag', + 139: 'Invalid length', + 140: 'Invalid key info', + 141: 'Unexpected tag', + 142: 'Not DER encoded', + 143: 'No CMS object', + 144: 'Invalid CMS object', + 145: 'Unknown CMS object', + 146: 'Unsupported CMS object', + 147: 'Unsupported encoding', + 148: 'Unsupported CMS version', + 149: 'Unknown algorithm', + 150: 'Invalid crypto engine', + 151: 'Public key not trusted', + 152: 'Decryption failed', + 153: 'Key expired', + 154: 'Signature expired', + 155: 'Encoding problem', + 156: 'Invalid state', + 157: 'Duplicated value', + 158: 'Missing action', + 159: 'ASN.1 module not found', + 160: 'Invalid OID string', + 161: 'Invalid time', + 162: 'Invalid CRL object', + 163: 'Unsupported CRL version', + 164: 'Invalid certificate object', + 165: 'Unknown name', + 166: 'A locale function failed', + 167: 'Not locked', + 168: 'Protocol violation', + 169: 'Invalid MAC', + 170: 'Invalid request', + 171: 'Unknown extension', + 172: 'Unknown critical extension', + 173: 'Locked', + 174: 'Unknown option', + 175: 'Unknown command', + 176: 'Not operational', + 177: 'No passphrase given', + 178: 'No PIN given', + 179: 'Not enabled', + 180: 'No crypto engine', + 181: 'Missing key', + 182: 'Too many objects', + 183: 'Limit reached', + 184: 'Not initialized', + 185: 'Missing issuer certificate', + 198: 'Operation fully cancelled', + 199: 'Operation not yet finished', + 200: 'Buffer too short', + 201: 'Invalid length specifier in S-expression', + 202: 'String too long in S-expression', + 203: 'Unmatched parentheses in S-expression', + 204: 'S-expression not canonical', + 205: 'Bad character in S-expression', + 206: 'Bad quotation in S-expression', + 207: 'Zero prefix in S-expression', + 208: 'Nested display hints in S-expression', + 209: 'Unmatched display hints', + 210: 'Unexpected reserved punctuation in S-expression', + 211: 'Bad hexadecimal character in S-expression', + 212: 'Odd hexadecimal numbers in S-expression', + 213: 'Bad octal character in S-expression', + 257: 'General IPC error', + 258: 'IPC accept call failed', + 259: 'IPC connect call failed', + 260: 'Invalid IPC response', + 261: 'Invalid value passed to IPC', + 262: 'Incomplete line passed to IPC', + 263: 'Line passed to IPC too long', + 264: 'Nested IPC commands', + 265: 'No data callback in IPC', + 266: 'No inquire callback in IPC', + 267: 'Not an IPC server', + 268: 'Not an IPC client', + 269: 'Problem starting IPC server', + 270: 'IPC read error', + 271: 'IPC write error', + 273: 'Too much data for IPC layer', + 274: 'Unexpected IPC command', + 275: 'Unknown IPC command', + 276: 'IPC syntax error', + 277: 'IPC call has been cancelled', + 278: 'No input source for IPC', + 279: 'No output source for IPC', + 280: 'IPC parameter error', + 281: 'Unknown IPC inquire', + 1024: 'User defined error code 1', + 1025: 'User defined error code 2', + 1026: 'User defined error code 3', + 1027: 'User defined error code 4', + 1028: 'User defined error code 5', + 1029: 'User defined error code 6', + 1030: 'User defined error code 7', + 1031: 'User defined error code 8', + 1032: 'User defined error code 9', + 1033: 'User defined error code 10', + 1034: 'User defined error code 11', + 1035: 'User defined error code 12', + 1036: 'User defined error code 13', + 1037: 'User defined error code 14', + 1038: 'User defined error code 15', + 1039: 'User defined error code 16', + 16381: 'System error w/o errno', + 16382: 'Unknown system error', + 16383: 'End of file', + } +UNKNOWN = 'Unknown error code' + +CODE = dict((message,code) for code,message in MESSAGE.items()) + +# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.) + +class AssuanError (Exception): + r""" + + >>> e = AssuanError(1) + >>> print(e) + 1 General error + >>> e = AssuanError(1024, 'testing!') + >>> print(e) + 1024 testing! + >>> e = AssuanError(message='Unknown packet') + >>> print(e) + 2 Unknown packet + """ + def __init__(self, code=None, message=None): + if code is None and message is None: + raise ValueError('missing both `code` and `message`') + if message is None: + message = MESSAGE[code] + if code is None: + code = CODE.get(message, UNKNOWN) + self.code = code + self.message = message + super(AssuanError, self).__init__('{} {}'.format(code, message)) diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/server.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/server.py new file mode 100644 index 0000000..d9f5f0a --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/server.py @@ -0,0 +1,299 @@ +# Copyright (C) 2012 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import logging as _logging +import re as _re +import socket as _socket +import sys as _sys +import threading as _threading +import traceback as _traceback + +from . import LOG as _LOG +from . import common as _common +from . import error as _error + + +_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z') + + +class AssuanServer (object): + """A single-threaded Assuan server based on the `devolpment suggestions`_ + + Extend by subclassing and adding ``_handle_XXX`` methods for each + command you want to handle. + + .. _development suggestions: + http://www.gnupg.org/documentation/manuals/assuan/Server-code.html + """ + def __init__(self, name, logger=_LOG, use_sublogger=True, + valid_options=None, strict_options=True, + single_request=False, listen_to_quit=False, + close_on_disconnect=False): + self.name = name + if use_sublogger: + logger = _logging.getLogger('{}.{}'.format(logger.name, self.name)) + self.logger = logger + if valid_options is None: + valid_options = [] + self.valid_options = valid_options + self.strict_options = strict_options + self.single_request = single_request + self.listen_to_quit = listen_to_quit + self.close_on_disconnect = close_on_disconnect + self.input = self.output = None + self.options = {} + self.reset() + + def reset(self): + self.stop = False + self.options.clear() + + def run(self): + self.reset() + self.logger.info('running') + self.connect() + try: + self.handle_requests() + finally: + self.disconnect() + self.logger.info('stopping') + + def connect(self): + if not self.input: + self.logger.info('read from stdin') + self.input = _sys.stdin.buffer + if not self.output: + self.logger.info('write to stdout') + self.output = _sys.stdout.buffer + + def disconnect(self): + if self.close_on_disconnect: + self.logger.info('disconnecting') + self.input = None + self.output = None + + def handle_requests(self): + self.send_response(_common.Response('OK', 'Your orders please')) + self.output.flush() + while not self.stop: + line = self.input.readline() + if not line: + break # EOF + if len(line) > _common.LINE_LENGTH: + self.raise_error( + _error.AssuanError(message='Line too long')) + if not line.endswith(b'\n'): + self.logger.info('C: {}'.format(line)) + self.send_error_response( + _error.AssuanError(message='Invalid request')) + continue + line = line[:-1] # remove the trailing newline + self.logger.info('C: {}'.format(line)) + request = _common.Request() + try: + request.from_bytes(line) + except _error.AssuanError as e: + self.send_error_response(e) + continue + self.handle_request(request) + + def handle_request(self, request): + try: + handle = getattr( + self, '_handle_{}'.format(request.command)) + except AttributeError: + self.logger.warn('unknown command: {}'.format(request.command)) + self.send_error_response( + _error.AssuanError(message='Unknown command')) + return + try: + responses = handle(request.parameters) + for response in responses: + self.send_response(response) + except _error.AssuanError as error: + self.send_error_response(error) + return + except Exception as e: + self.logger.error( + 'exception while executing {}:\n{}'.format( + handle, _traceback.format_exc().rstrip())) + self.send_error_response( + _error.AssuanError(message='Unspecific Assuan server fault')) + return + + def send_response(self, response): + """For internal use by ``.handle_requests()`` + """ + rstring = str(response) + self.logger.info('S: {}'.format(response)) + self.output.write(bytes(response)) + self.output.write(b'\n') + try: + self.output.flush() + except IOError: + if not self.stop: + raise + + def send_error_response(self, error): + """For internal use by ``.handle_requests()`` + """ + self.send_response(_common.error_response(error)) + + # common commands defined at + # http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html + + def _handle_BYE(self, arg): + if self.single_request: + self.stop = True + yield _common.Response('OK', 'closing connection') + + def _handle_RESET(self, arg): + self.reset() + + def _handle_END(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_HELP(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_QUIT(self, arg): + if self.listen_to_quit: + self.stop = True + yield _common.Response('OK', 'stopping the server') + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_OPTION(self, arg): + """ + + >>> s = AssuanServer(name='test', valid_options=['my-op']) + >>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': '1'} + >>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': '2'} + >>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': '3'} + >>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS + [] + >>> s.options + {'my-op': None} + >>> list(s._handle_OPTION('inv')) + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 174 Unknown option + >>> list(s._handle_OPTION('in|valid')) + Traceback (most recent call last): + ... + pyassuan.error.AssuanError: 90 Invalid parameter + """ + match = _OPTION_REGEXP.match(arg) + if not match: + raise _error.AssuanError(message='Invalid parameter') + name,space,equal,value = match.groups() + if value and not space and not equal: + # need either space or equal to separate value + raise _error.AssuanError(message='Invalid parameter') + if name not in self.valid_options: + if self.strict_options: + raise _error.AssuanError(message='Unknown option') + else: + self.logger.info('skipping invalid option: {}'.format(name)) + else: + if not value: + value = None + self.options[name] = value + yield _common.Response('OK') + + def _handle_CANCEL(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + def _handle_AUTH(self, arg): + raise _error.AssuanError( + code=175, message='Unknown command (reserved)') + + +class AssuanSocketServer (object): + """A threaded server spawning ``AssuanServer``\s for each connection + """ + def __init__(self, name, socket, server, kwargs={}, max_threads=10, + logger=_LOG, use_sublogger=True): + self.name = name + if use_sublogger: + logger = _logging.getLogger('{}.{}'.format(logger.name, self.name)) + self.logger = logger + self.socket = socket + self.server = server + assert 'name' not in kwargs, kwargs['name'] + assert 'logger' not in kwargs, kwargs['logger'] + kwargs['logger'] = self.logger + assert 'use_sublogger' not in kwargs, kwargs['use_sublogger'] + kwargs['use_sublogger'] = True + if 'close_on_disconnect' in kwargs: + assert kwargs['close_on_disconnect'] == True, ( + kwargs['close_on_disconnect']) + else: + kwargs['close_on_disconnect'] = True + self.kwargs = kwargs + self.max_threads = max_threads + self.threads = [] + + def run(self): + self.logger.info('listen on socket') + self.socket.listen() + thread_index = 0 + while True: + socket,address = self.socket.accept() + self.logger.info('connection from {}'.format(address)) + self.cleanup_threads() + if len(threads) > self.max_threads: + self.drop_connection(socket, address) + self.spawn_thread( + 'server-thread-{}'.format(thread_index), socket, address) + thread_index = (thread_index + 1) % self.max_threads + + def cleanup_threads(self): + i = 0 + while i < len(self.threads): + thread = self.threads[i] + thread.join(0) + if thread.is_alive(): + self.logger.info('joined thread {}'.format(thread.name)) + self.threads.pop(i) + thread.socket.shutdown() + thread.socket.close() + else: + i += 1 + + def drop_connection(self, socket, address): + self.logger.info('drop connection from {}'.format(address)) + # TODO: proper error to send to the client? + + def spawn_thread(self, name, socket, address): + server = self.server(name=name, **self.kwargs) + server.input = socket.makefile('rb') + server.output = socket.makefile('wb') + thread = _threading.Thread(target=server.run, name=name) + thread.start() + self.threads.append(thread) diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_common.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_common.py new file mode 100644 index 0000000..325b49b --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_common.py @@ -0,0 +1,25 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import doctest +import unittest + +from . import common + + +def load_tests(loader, tests, ignore): + tests.addTests(doctest.DocTestSuite(common)) + return tests diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_error.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_error.py new file mode 100644 index 0000000..af7badf --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_error.py @@ -0,0 +1,25 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import doctest +import unittest + +from . import error + + +def load_tests(loader, tests, ignore): + tests.addTests(doctest.DocTestSuite(error)) + return tests diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_server.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_server.py new file mode 100644 index 0000000..a3a4f57 --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/pyassuan/test_server.py @@ -0,0 +1,25 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +import doctest +import unittest + +from . import server + + +def load_tests(loader, tests, ignore): + tests.addTests(doctest.DocTestSuite(server)) + return tests diff --git a/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/setup.py b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/setup.py new file mode 100644 index 0000000..a1f98fc --- /dev/null +++ b/roles/toxcore/overlay/Linux/net/Git/http-git.tremily.us/pyassuan/setup.py @@ -0,0 +1,54 @@ +# Copyright (C) 2012-2018 W. Trevor King +# +# This file is part of pyassuan. +# +# pyassuan is free software: you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. +# +# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# pyassuan. If not, see . + +"Python module and tools for communicating in the Assuan protocol." + +from distutils.core import setup as _setup +import os.path as _os_path + +from pyassuan import __version__ + + +_this_dir = _os_path.dirname(__file__) + +_setup( + name='pyassuan', + version=__version__, + maintainer='W. Trevor King', + maintainer_email='wking@tremily.us', + url='http://blog.tremily.us/posts/pyassuan/', + download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__), + license = 'GNU General Public License (GPL)', + platforms = ['all'], + description = __doc__, + long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(), + classifiers = [ + 'Development Status :: 3 - Alpha', + 'Intended Audience :: Developers', + 'Operating System :: OS Independent', + 'License :: OSI Approved :: GNU General Public License (GPL)', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.3', + 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', + 'Topic :: Security :: Cryptography', + 'Topic :: Software Development' + ], + scripts = ['bin/get-info.py', 'bin/pinentry.py'], + packages = ['pyassuan'], + provides = ['pyassuan'], + ) diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash b/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash new file mode 100755 index 0000000..c45ce47 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash @@ -0,0 +1,50 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +PKG=analyze-ssl.pl +GIT_HUB=github.com +GIT_USER=noxxi +GIT_DIR=p5-ssl-tools +URL=raw.githubusercontent.com//master/$PKG.sh +URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG + +. $PREFIX/src/var_local_src.bash + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + if [ ! -f $PKG ] ; then + + [ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB + if [ -e $PREFIX/net/Http/$URL ] ; then + ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; } + wget -xc -P $PREFIX/net/Http https://$URL + fi + fi + + [ -f $PKG ] || cp -p $PREFIX/net/Http/$URL . + + if [ ! -e $PREFIX/bin/$PKG.bash ] ; then + cat > $PREFIX/bin/$PKG.bash << EOF +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- +ROLE=text +# https://$GIT_HUB/$GIT_USER/$GIT_DIR/ +cd $PREFIX/src/ || exit 1 +exec perl $PKG "\$@" +EOF + chmod 755 $PREFIX/bin/$PKG.bash + fi + + exit 0 + +elif [ "$1" = 'test' ] ; then # 3* + $PREFIX/bin/$PKG.bash --help || exit 30 +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.pl.bash b/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.pl.bash new file mode 100755 index 0000000..90a4675 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.pl.bash @@ -0,0 +1,7 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- +# https://github.com/noxxi/p5-ssl-tools/ +ROLE=toxcore + +cd /usr/local/src/ || exit 1 +exec perl analyze-ssl.pl "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash b/roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash new file mode 100755 index 0000000..1577a67 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash @@ -0,0 +1,28 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore +[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL + +TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible + +. /var/local/src/var_local_src.bash || exit 2 + +PKG=ansible-keepass +GIT_HUB=github.com +GIT_USER=Nekmo +GIT_DIR=ansible-keepass + +[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \ + mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars + +[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \ + wget $BASE_WGET_ARGS \ + -O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \ + https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \ + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/ansible.bash b/roles/toxcore/overlay/Linux/usr/local/bin/ansible.bash new file mode 100755 index 0000000..7ba1cba --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/ansible.bash @@ -0,0 +1,89 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore + +#? broken in ansible + +PYVER=3 +P="BASE_PYTHON${PYVER}_MINOR" +PYTHON_MINOR="$(eval echo \$$P)" +[ -z "$PYTHON_MINOR" ] || PYTHON_MINOR=3.9 +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh +PYTHON_EXE=$PYTHON_EXE_MSYS +DESC="" + +PKG="ansible" +MOD="$PKG" + +VER="2.9.22" +AVER="2.9.22" +DIR="${PKG}-$VER" +EXT="tar.gz" +URL="files.pythonhosted.org/packages/03/4f/cccab1ec2e0ecb05120184088e00404b38854809cf35aa76889406fbcbad/ansible-2.9.10.tar.gz" +TODIR=/o/data/TestForge/src/ansible + +if [ -f /var/local/src/var_local_src.bash ] ; then + . /var/local/src/var_local_src.bash + else + ols_are_we_connected () { route | grep -q ^default ; return $? ; } +fi + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + if [ ! -d "$DIR" ] ; then + if [ ! -f "$HTTP_DIR/$URL" ] ; then + ols_are_we_connected || { DEBUG not connected ; exit 0 ; } + wget -xc -P "$HTTP_DIR" "https://$URL" || exit 2 + fi + if [ "$EXT" = "zip" ] ; then + unzip "$HTTP_DIR/$URL" || exit 3 + else + tar xfvz "$HTTP_DIR/$URL" || exit 3 + fi + fi + + cd "$DIR" || exit 4 + + [ -f lib/ansible/parsing/utils/yaml.py.dst ] || \ + bash /usr/local/sbin/base_patch_from_diff.bash $ROLE \ + $TODIR/roles/$ROLE/overlay/Linux/$PREFIX/patches/$ROLE/$PWD || exit 6$? + + [ -d $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/$DIR-py$PYTHON_MINOR.egg ] || \ + pip3.sh install . >> install.log 2>&1\ + || { echo "ERROR: code $?" ; tail install.log ; exit 5 ; } + + "$PYTHON_EXE" -c "import $MOD" || exit 10 + + + grep -l '_tput\|_src' *sh ../bin*sh | \ + xargs grep -l 'echo \(INFO\|DEBUG\|ERROR\|DEBUG\):' | \ + xargs sed -e 's@echo \(INFO\|DEBUG\|ERROR\|DEBUG\):@\1 @' + + if [ -d $PREFIX/src/ansible-$AVER/docs/docsite ] ; then + cd $PREFIX/src/ansible-$AVER/docs/docsite + [ -f htmldocs.log ] || make -n -f Makefile htmldocs > htmldocs.log 2>&1 || exit 2$? + [ -f info.log ] || make -n -f Makefile.sphinx info > info.log 2>&1 || exit 3$? + + exit 0 + +elif [ "$1" = 'check' ] ; then + "$PYTHON_EXE" -c "import $MOD" || exit 10 +# msys_run_checks_requirements + +elif [ $1 = 'test' ] ; then + cd $PREFIX/src/$DIR || exit 50 + $PYTHON_EXE_MSYS -m tox >> test.log 2>&1 || \ + { echo "ERROR: $MOD code $?" ; cat test.log ; exit 51 ; } + +elif [ "$1" = 'refresh' ] ; then + cd $PREFIX/src/$DIR || exit 60 + env PWD=$PREFIX/src/$DIR \ + /usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$? +fi + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash new file mode 100755 index 0000000..2ffeb52 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash @@ -0,0 +1,121 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +DESC="" +. $PREFIX/bin/usr_local_tput.bash || exit 1 + +PKG=toxcore +DIR=c-$PKG +GIT_HUB=github.com +GIT_USER=TokTok +GIT_DIR=$DIR +GIT_BRAN=master +VERS=2.18.0 + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + + WD=$PWD + if [ ! -d "$DIR" ] ; then + if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then + [ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \ + mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" + ols_are_we_connected || { DEBUG not connected ; exit 0 ; } + cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" + git clone -b $GIT_BRAN --depth=1 https://$GIT_HUB/$GIT_USER/$GIT_DIR || exit 4 + git clone --depth=1 https://$GIT_HUB/$GIT_USER/dockerfiles + cd $WD + # wget -xcP ../net/Http/ https://github.com/TokTok/c-toxcore/releases/download/v0.2.18/c-toxcore-0.2.18.tar.gz + fi + cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"/$GIT_DIR $DIR + fi + + cd "$DIR" || exit 5 + + [ -f third_party/cmp/Makefile ] || git submodule update --init || exit 6 + +# ols_apply_testforge_patches +# # [ -f CMakeLists.txt.dst ] || patch -b -z.dst < toxcore.diff || exit 7 + + [ -f cmake.sh ] || cat > cmake.sh << EOF +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +PREFIX=$PREFIX +ROLE=$ROLE + +CORE=$PREFIX/src/c-toxcore +DIR=_build +LIB=\$CORE/\$DIR + +cd \$CORE | exit 3 + +mkdir _build +cd _build +cmake \ + -DCMAKE_BUILD_TYPE="Debug" \ + -DCMAKE_UNITY_BUILD=ON \ + -DMIN_LOGGER_LEVEL=TRACE \ + -DMUST_BUILD_TOXAV=ON \ + -DNON_HERMETIC_TESTS=ON \ + -DSTRICT_ABI=ON \ + -DTEST_TIMEOUT_SECONDS=120 \ + -DUSE_IPV6=OFF \ + -DAUTOTEST=ON \ + -DBUILD_MISC_TESTS=ON \ + -DBUILD_FUN_UTILS=ON \ + -DBOOTSTRAP_DAEMON=ON \ + .. > cmake.log 2>&1 +#sed -e 's/-DNDEBUG/-g/' -i CMakeCache.txt +make .. > make.log 2>&1 + +ls \$LIB/*so* || { echo ERROR \$LIB ; exit 2 ; } + +EOF + bash cmake.sh || { + retval=$? + ERROR cmake $retval + exit 3$retval + } + cd _build + make >> make.log 2>&1 || { + retval=$? + ERROR cmake $retval + exit 3$retval + } + + cp -p other/bootstrap_daemon/tox-bootstrapd $PREFIX/bin + cp -p other/bootstrap_daemon/tox-bootstrapd.sh $PREFIX/etc/init.d/tox-bootstrapd +# ln -s $PREFIX/etc/init.d/tox-bootstrapd /etc/init.d + exit 0 + +elif [ $1 = 'check' ] ; then # 1* +# ols_test_bins && exit 0 || exit $? + + [ ! -d $DIR/_build ] && WARN not built yet $DIR && exit 11 + [ -f $DIR/_build/libtoxcore.so.${VERS} ] && WARN not compiled yet $DIR && exit 12 + ldd $DIR/_build/libtoxcore.so.${VERS} | grep found && ERROR ldd fails $DIR && exit 13 + exit 0 + +elif [ "$1" = 'test' ] ; then # 3* + cd $PREFIX/src/$DIR/_build || exit 30 + ctest || exit 31 + +elif [ "$1" = 'refresh' ] ; then # 6* + + cd $PREFIX/src/$DIR || exit 60 + /usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$? + +elif [ "$1" = 'update' ] ; then # 7* + ols_are_we_connected || exit 0 + cd $PREFIX/src/$DIR || exit 70 + git pull || exit 7$? +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/dracut-055.bash b/roles/toxcore/overlay/Linux/usr/local/bin/dracut-055.bash new file mode 100644 index 0000000..bb440ca --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/dracut-055.bash @@ -0,0 +1,5 @@ +#!/bin/sh +ROLE=toxcore + +#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.sign +#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.gz diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/gridfire.bash b/roles/toxcore/overlay/Linux/usr/local/bin/gridfire.bash new file mode 100755 index 0000000..b609e58 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/gridfire.bash @@ -0,0 +1,80 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore + +MOD=gridfire +DIR=$MOD +GIT_HUB=github.com +GIT_USER=reid-k +GIT_DIR=gridfire + +DESC="" +[ -f /usr/local/src/usr_local_src.bash ] && \ + . /usr/local/src/usr_local_src.bash + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + cd $DIR || exit 3 + + if [ ! -e $MOD.py ] ; then + route|grep -q ^default || exit 0 + wget -c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py + fi + + #[ -f $MOD.sh ] || \ + # cp -p $PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR/$MOD.sh . + for VER in 2 3 ; do + PYVER=$VER + PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash + PYTHON_EXE=$PYTHON_EXE_MSYS + if [ ! -e $PREFIX/bin/$MOD$VER.bash ] ; then + cat > $PREFIX/bin/$MOD$VER.bash << EOF +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- +ROLE=$ROLE +# https://$GIT_HUB/$GIT_USER/$GIT_DIR/ +exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@" +EOF + chmod 755 $PREFIX/bin/$MOD$VER.bash + fi + done + + # default to python2 + BINS=$MOD + msys_install_python_scripts $BINS + + cd bin || exit 4 + for file in *.bash *.py ; do + [ $file = gridfire_ansible-vault.bash ] && continue + [ -x $PREFIX/bin/$file ] && diff -q $file $PREFIX/bin/$file && continue + cp -p $file $PREFIX/bin + [ -x $PREFIX/bin/$file ] || chmod 775 $PREFIX/bin/$file + done + cd .. + + #[ -d /usr/lib64/misc/ ] && [ ! -e /usr/lib64/misc/ssh-askpass ] \ + # && sudo ln -s $PREFIX/bin/$MOD.bash /usr/lib64/misc/ssh-askpass + + retval=0 + [ -z "$BOX_OS_FLAVOR" ] && BOX_OS_FLAVOR="Linux" + make all-$BOX_OS_FLAVOR + + OPREFIX=$PREFIX/share/genkernel/overlay + dist=dist-$BOX_OS_FLAVOR + [ -d $OPREFIX/bin ] || { sudo mkdir -p $OPREFIX/bin ; sudo chmod 1777 $OPREFIX/bin ; } + [ ! -x $dist/$MOD ] || \ + [ -x $OPREFIX/bin/$MOD -a $OPREFIX/bin/$MOD -nt $dist/$MOD ] || \ + cp -p $dist/$MOD $OPREFIX/bin/ || exit 9 + # libc.so.1 libz.so.1 libdl.so.1 + + exit 0 + +elif [ "$1" = 'test' ] ; then + $PREFIX/bin/$MOD.bash --help >/dev/null || exit 10 + make test >/dev/null || exit 11 +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash b/roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash new file mode 100755 index 0000000..6a6c942 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash @@ -0,0 +1,131 @@ +#!/bin/bash +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore + +. /usr/local/src/usr_local_src.bash || exit 2 +# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2 + +export LOG_DIR=$PREFIX/var/log/$ROLE + +DESC="" + +cd /usr/local/src || exit 4 + +if [ "$#" -eq 0 ] ; then + # /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh + [ -f /usr/local/bin/ssl-cipher-check.pl ] || \ + wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl + + if [ $USER = root ] ; then + # https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon + command -v keepassxc.bash + EXE=`command -v keepassxc.bash` + [ -z "$EXE" ] && EXE=`command -v keepassxc` + if [ -z "$EXE" ] ; then + export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring + ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'` + [ -n "$ELTS" ] && kill $ELTS + if [ -d /etc/pam.d ] ; then + cd /etc/pam.d + grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do + [ -f .$file.dst ] || cp -p $file .$file.dst + sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file + done + fi + file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service + if [ ! -f $file ] || ! grep -q $EXE $file ; then + cat > $file < ~/.config/autostart/$file < "$A" < $HOME/.config/gajim/config </dev/null + done + + fi + for f in "${FILES[@]}" ; do + base=`basename $f .tar.gz` + [ -d base ] && continue + tar xvfkz $PREFIX/net/Http/$f 2>/dev/null + cd $base + pip3.sh install --prefix=/usr/local . >> install.log 2>&1 || \ + WARN problems installing $base retval=$retval + cd .. + done + + exit 0 + +elif [ "$1" = 'test' ] ; then # 3* + cd $PREFIX/src/$DIR/_build || exit 30 + ctest || exit 31 + +elif [ "$1" = 'refresh' ] ; then # 6* + + cd $PREFIX/src/$DIR || exit 60 + /usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$? + +elif [ "$1" = 'update' ] ; then # 7* + ols_are_we_connected || exit 0 + cd $PREFIX/src/$DIR || exit 70 + git pull || exit 7$? +fi + diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/pex2.bash b/roles/toxcore/overlay/Linux/usr/local/bin/pex2.bash new file mode 100755 index 0000000..617421d --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/pex2.bash @@ -0,0 +1,6 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +# --not-zip-safe --no-index linux_x86_64-cp-27-cp27mu +ROLE=toxcore +exec /usr/local/bin/python2.sh -m pex --python $PREFIX/bin/python2.sh --python-shebang $PREFIX/bin/python2.sh "$@" + diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/pex3.bash b/roles/toxcore/overlay/Linux/usr/local/bin/pex3.bash new file mode 100755 index 0000000..38d5882 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/pex3.bash @@ -0,0 +1,7 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +ROLE=toxcore +# -f /usr/lib/python3/dist-packages/ +exec /usr/local/bin/pex \ + --python /usr/local/bin/python3.sh \ + --python-shebang /usr/local/bin/python3.sh "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash b/roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash new file mode 100644 index 0000000..df337e9 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash @@ -0,0 +1,67 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +#See /var/local/src/ZeroNet.bash + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore + +PYVER=3 +P="BASE_PYTHON${PYVER}_MINOR" +[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)" +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh +PYTHON_EXE=$PYTHON_EXE_MSYS +PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh + +MOD="pyassuan" +DIR="${MOD}" +BINS="get-info pinentry" + +GIT_HUB=http-git.tremily.us +GIT_DIR=pyassuan + +#ols_funtoo_requires + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + + if [ ! -d "$DIR" ] ; then + if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then + [ -d "$PREFIX/net/Git/$GIT_HUB" ] || \ + mkdir "$PREFIX/net/Git/$GIT_HUB" + route|grep ^def || { DEBUG not connected ; exit 0 ; } + (cd "$PREFIX/net/Git/$GIT_HUB" && \ + git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\ + exit 2 + fi + cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \ + exit 3 + fi + + cd "$DIR" || exit 4 + + # ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@' + + #? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash + + [ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \ + msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; } + + # msys_python_bins $BINS + + "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 + + exit 0 + +elif [ $1 = 'check' ] ; then # 1* + "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20 + # ols_test_bins + exit $? + +elif [ "$1" = 'test' ] ; then # 3* + cd $WD/$DIR + $PYTHON_EXE_MSYS -m unittest discover >>test.log || exit 31$? +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/sdwdate.bash b/roles/toxcore/overlay/Linux/usr/local/bin/sdwdate.bash new file mode 100755 index 0000000..d4d102e --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/sdwdate.bash @@ -0,0 +1,96 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +# 19 Nov 00:48:20 ntpdate[24018]: step time server 132.163.97.3 offset +4125.279643 sec + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore + +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash || exit 1 + + +# python3.6 problems on gentoo with gevent not installing +# python3.7 -c 'import gevent' + +PYVER=3 +PYTHON_MINOR=3.11 + +PYTHON_EXE_MSYS=python$PYTHON_MINOR.sh +PYTHON_EXE=$PYTHON_EXE_MSYS + +PKG=sdwdate +URL=github.com/Whonix/sdwdate +DIR=$PKG + +cd $PREFIX/src || exit 2 +WD=$PWD + +cd $DIR || exit 3 + +site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages + +if ! [ -d $site_packages/$DIR/ ] ; then + rsync -vax usr/lib/python3/dist-packages/$DIR/ $site_packages/$DIR/ + sed -e 's@/usr/lib@/usr/local/lib@' -i $site_packages/$DIR/*py + fi +[ -d $site_packages/$DIR/ ] || exit 4 + +[ -d $PREFIX/etc/sdwdate.d ] || mkdir $PREFIX/etc/sdwdate.d +[ -f $PREFIX/etc/sdwdate.d/30_default.conf ] || \ + cp -p etc/sdwdate.d/30_default.conf $PREFIX/etc/sdwdate.d/30_default.conf + +if [ ! -f $PREFIX/bin/${PKG}_.py ] ; then + cp -p usr/bin/${PKG} $PREFIX/bin/${PKG}_.py || exit 5 + patch -b -z .dst $PREFIX/bin/${PKG}_.py < $PREFIX/src/${PKG}_.py,diff + fi + +if ! [ -d /usr/local/lib/helper-scripts ] ; then + rsync -vax ../helper-scripts/ $PREFIX/lib/helper-scripts/ + fi + +# share/sdwdate/onion_tester +if ! [ -d /usr/local/share/sdwdate ] ; then + rsync -vax usr/share/$DIR/ $PREFIX/share/$DIR/ + fi + +if ! [ -d /usr/local/lib/sdwdate ] ; then + rsync -vax usr/lib/$DIR/ $PREFIX/lib/$DIR/ + + ## Compatibility with anon-ws-disable-stacked-tor. + # addgroup debian-tor 2>/dev/null || true + + # adduser --home /run/sdwdate --no-create-home --quiet --system --group sdwdate || true + + ## Add sdwdate to group debian-tor so it can read + ## /run/tor/control.authcookie which is required to check if Tor has + ## already successfully established a circuit before fetching time. + # addgroup sdwdate debian-tor + cd /usr/local/lib/$DIR + [ -x sclockadj ] || \ + gcc sclockadj.c -o sclockadj -ldl -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now || exit 7 + cd $WD +fi + +if grep -q /usr/lib /usr/local/lib/sdwdate/* ; then + sed -e 's@/usr/lib@/usr/local/lib@' -i /usr/local/lib/sdwdate/* +fi +cd $WD + +if [ ! -e $PREFIX/bin/${ROLE}_${PKG}.bash ] ; then + cat > $PREFIX/bin/${ROLE}_${PKG}.bash << EOF +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +if [ -x /usr/local/bin/proxy_ping_test.bash ] ; then + sh /usr/local/bin/proxy_ping_test.bash wifi || exit 1 + sh /usr/local/bin/proxy_ping_test.bash 30 || exit 2 + fi +export PYTHONPATH=$site_packages +exec $PYTHON_EXE_MSYS $PREFIX/bin/${PKG}_.py "\$@" +EOF + chmod 755 $PREFIX/bin/${ROLE}_${PKG}.bash + fi + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_alsa_info.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_alsa_info.bash new file mode 100755 index 0000000..b8ec831 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_alsa_info.bash @@ -0,0 +1,7 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +ROLE=testforge + +export http_proxy=localhost:9999 +export https_proxy=localhost:9999 +exec alsa-info.sh --stdout --no-load $* diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash new file mode 100755 index 0000000..c78d666 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash @@ -0,0 +1,149 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +# https://lukas.dzunko.sk/index.php/Linux:_incremental_backup_using_rsync_on_btrfs_with_snapshots + +PREFIX=/var/local +ROLE=testforge + +MONIKER=4TA +DEST=/mnt/backup +snapshot="" +opt="" + +usage() { + echo "Usage: $0 [OPTIONS] dirs" + echo + echo " -s | --snapshot - snapshot" + echo " -c | --checksum - checksum" + echo " -p | --dedupe - dedupe" + echo " -d | --dest - destination (default - $DEST )" + echo + echo " -V | --version - print version of this script" + echo " -h | --help - print this help" +} + +[ "$#" -eq 0 ] && usage && exit 1 + +SHORTOPTS="hVcspm:d:" +LONGOPTS="help,version,checksum,snapshot,dedupe,moniker:,dest:" +dedupe= +DIRS= + +. /usr/local/bin/usr_local_base.bash || exit 2 +error () { retval=$1 ; shift; echo "ERROR: $prog" $* ; exit $retval ; } + +ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@") +[ $? != 0 ] && error 2 "Aborting." + +eval set -- "$ARGS" + +while true; do +# echo $* + case "$1" in + -p|--dedupe) + dedupe="true" + ;; + -s|--snapshot) + snapshot="true" + ;; + -c|--checksum) + opt="--checksum" + ;; + -m|--moniker) + shift + MONIKER="$1" + ;; + -d|--dest) + shift + DEST="$1" + ;; + -v|--verbosity) + shift + verbosity="$1" + ;; + -V|--version) + usage + exit 0 + ;; + -h|--help) + usage + exit 0 + ;; + '--') + shift + DIRS="$@" + break + ;; + *) + error 3 "unrecognized arguments $*" + break + ;; + esac + shift +done + +[ -z "$DIRS" ] && error 4 "no directories given" + +df | grep ${DEST} || mount -v ${DEST} || exit 3 + +echo "INFO: Copying data ..." +# output of following commands is saved along with backup +( echo; echo "lsusb:" ; lsusb; + echo; echo "lspci:"; lspci; + echo; echo "lshw:" ; lshw -short; + echo; echo "date:" ; date; + echo; echo "# EOF" ; +) > /.lastbackup_$MONIKER +echo + +shopt -s nullglob + +[ -d /var/local/etc/testforge/backup ] || mkdir /var/local/etc/testforge/backup +file=/var/local/etc/testforge/backup/$MONIKER.exclude +if ! [ -f $file ] ; then + cat > $file << EOF +/cdrom +/dev +/media +/mnt +/proc +/run +/sys +/tmp +EOF + for elt in /root/.cache /home/*/.cache ; do + grep -q ^$elt $file || echo $eelt >> $file + done + fi + +LARGS="${opt} -vaxHAX --delete --delete-excluded --human-readable --stats --exclude-from=$file" +for dir in $DIRS ; do + [ -d $dir ] || continue + # copy data to backup location + dest=$( echo $dir | sed -e 's@/mnt/@@' ) + rsync $LARGS\ + ${DEST}/${MONIKER}/$dest || { retval=$? ; ERROR backing up $dir ; sync; exit $retval ; } + done + +echo "Flushing file system buffers ..." +time sync +btrfs filesystem sync ${DEST} +time sync +echo + +if [ $dedupe = "true" ] ; then + echo "INFO: deduping backup ..." + time $PREFIX/bin/testforge_ln_dups.perl ${DEST}/${MONIKER} +fi + +if [ $snapshot = "true" ] ; then + echo "INFO: Creating snapshot of backup ..." + btrfs sub snap -r ${DEST}/${MONIKER} "${DEST}/${MONIKER}_$(LANG=C date +%Y-%m-%d_%s)" || exit 4 +fi + +echo "INFO: Umounting backup filesystem ..." +umount -v ${DEST} || exit 6 +echo + +exit 0 + diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash new file mode 100755 index 0000000..038f94d --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash @@ -0,0 +1,113 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +. /usr/local/bin/usr_local_tput.bash || exit 2 +PREFIX=$PREFIX +ROLE=testforge + +# too early +[ -f /usr/local/etc/testforge/testforge.bash ] || exit 0 + +. /usr/local/etc/testforge/testforge.bash || exit 1 + +[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL + +if uname -a | grep entoo ; then + GENTOO=0 +else + GENTOO=1 +fi +UBUNTU=$( [ -d /etc/apt ] ) + +for PYTHON_MINOR in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do + [ -z "$PYTHON_MINOR" ] && continue + # [ "$PYTHON_MINOR" = "$BASE_PYTHON2_MINOR" ] && PYMAJOR=2 || PYMAJOR=3 + PYVER="${PYTHON_MINOR:0:1}" + + cd $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ || exit $PYVER + [ -f __init__.py ] || touch __init__.py + INFO $PYVER GENTOO=$GENTOO $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ + ls -1d * | \ + grep -v '__init__.py\|~$\|egg-info\|__pycache__\|egg-link\|dist-info\|pyc$\|pyo$\|pth$\|.sh$$\|.so$\|.egg$\|.tar$\|.log$\|.lis$\|.err$' | \ + sed -e 's/\.py$//' | \ + while read elt ; do + [ -z "$elt" ] && continue + [ $elt = cachecontrol ] && mod=CacheControl || mod=$elt + + #exceptions + [ $elt = pip ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue + [ $elt = ansible ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue + #?FixMe: - we are now allowing site.py + [ $elt = site ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue + # broken for MarkupSafe-1.1.1-py2.7.egg-info + [ $elt = markupsafe ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue + # broken for PyYAML-5.3.1-py2.7.egg-info + [ $elt = yaml ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue + # Pygments-2.5.2-py2.7.egg-info + [ $elt = pygments ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue + + # FixMe: what about the selenium patches + [ $elt = selenium ] && continue + + # FixMe: + if [ $GENTOO -eq 0 ] && eix -r ^dev-python/${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then + DBUG $PYVER $elt is Installed + elif [ $GENTOO -eq 0 ] && eix ^dev-python/py${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then + DBUG $PYVER py$elt is Installed + elif [ -e /usr/$LIB/python$PYTHON_MINOR/$elt ] ; then + [ $elt = sitecustomize ] && echo WHY?: in /usr/$LIB/python$PYTHON_MINOR/$elt && continue + echo "DEBUG: $PYVER $elt is in /usr/$LIB/python$PYTHON_MINOR/$elt" + # The python$PYVER -s is crucial - otherwise + # /root/.local/lib64/python2.7/site-packages precedes + # /usr/lib64/python2.7/site-packageson sys.path + elif python$PYVER -s -c "import $mod,os; print os.path.realpath($mod.__path__[0])" 2>/dev/null | grep /usr/$LIB/ ; then + echo "DEBUG: $PYVER $elt is in /usr/$LIB/" + else + echo "INFO: $PYTHON_MINOR Checked OK - $elt" + continue + fi + + WARN "$PYTHON_MINOR deleting - $elt" + + if [ -d $elt ] ; then + INFO rm -rf *${elt}* .*${elt}* + rm -rf *${elt}* .*${elt}* + elif file $elt | grep 'empty' ; then + INFO rm -rf ${elt} + rm -rf ${elt} + elif [ -f "$elt.py" ] ; then + INFO rm ${elt}.py* + rm ${elt}.py* + elif [ -f "$elt.pyo" ] || [ -f "$elt.pyc" ] ; then + INFO rm -f ${elt}.pyc ${elt}.pyo + rm -f ${elt}.pyc ${elt}.pyo + else + echo "ERROR: oddball not a dir or file $( file $elt ) - \"$elt\"" + fi + done + # FixMe: these are missed and crucial + [ -f /usr/local/lib64/python$PYTHON_MINOR7/site-packages/pkg_resources/__init__.py -a \ + -f /usr/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/__init__.py ] && + rm -rf /usr/local/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/ + /usr/local/bin/python$PYVER.sh -c 'from pkg_resources import ensure_directory, ContextualZipFile' || \ + WARN "from pkg_resources import ensure_directory, ContextualZipFile " +done + +cd /usr/local/bin +for file in * ; do + [ -x $file ] || continue + [ -e /usr/bin/$file -o -e /usr/sbin/$file -o -e /usr/bin/$file.py ] || continue + # ls -l /usr/bin/$file $file + root=$( basename $file .py ) + [[ $file =~ .*2.py$ ]] && DBUG $file && continue + [[ $file =~ .*2$ ]] && DBUG $file && continue + if file $file | grep -q 'Python script' && head -2 $file | grep -q '/python2' ; then + [[ $file =~ .*.py$ ]] && INFO mv $file ${root}2.py && mv $file ${root}2.py && continue + [ -e /usr/bin/$file.py ] && INFO mv $file ${file}2 && mv $file ${file}2 &&z \ + INFO ln -s /usr/bin/$file.py $file && ln -s /usr/bin/$file.py $file && continue + WARN $file not python ; continue + fi + INFO mv $file ${file}2; mv $file ${file}2 +done + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dbus_session_address.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dbus_session_address.bash new file mode 100755 index 0000000..3cf3757 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dbus_session_address.bash @@ -0,0 +1,8 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +ROLE=testforge + +ps axwe | grep -v grep | grep DBUS_SESSION_BUS_ADDRESS | \ + sed -e 's/[A-Z][A-Z].*DBUS_SESSION_BUS_ADDRESS/DBUS_SESSION_BUS_ADDRESS/' \ + -e 's/ [A-CE-Z][A-Z].*//' diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash new file mode 100755 index 0000000..009dee3 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash @@ -0,0 +1,39 @@ +#!/bin/sh +# -*- mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- + +ROLE=toxcore +prog=$(basename $0 .bash) + +KEY=0x066DAFCB81E42C40 +TIMEO=15 +WARGS="-v -S --dns-timeout $TIMEO --connect-timeout $TIMEO --read-timeout $TIMEO" + +. /usr/local/bin/proxy_export.bash + +if [ is = dead ] ; then +# URL="http://hkps.pool.sks-keyservers.net:80/pks/lookup?op=get&options=mr&search=$KEY" +URL="http://pgp.mit.edu:80/pks/lookup?op=get&options=mr&search=$KEY" +DBUG wget $URL +wget $WARGS -o /tmp/2$$.log -O /tmp/2$$.html $URL || { + ERROR retval=$? ; cat /tmp/2$$.log; exit 2 ; +} +grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/2$$.html || exit 210 +grep -q 'HTTP/1.1 200 OK' /tmp/2$$.log || exit 220 +fi + +URL="http://keyserver.ubuntu.com:80/pks/lookup?op=get&options=mr&search=$KEY" +DBUG wget $URL +wget $WARGS -o /tmp/3$$.log -O /tmp/3$$.html $URL || { + ERROR retval=$? /tmp/3$$.log + exit 3 +} +grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html || { + ERROR '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html + exit 310 +} +grep -q 'HTTP/1.1 200 OK' /tmp/3$$.log || { + ERROR NO 'HTTP/1.1 200 OK' /tmp/3$$.log + exit 320 +} + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_get_inventory.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_get_inventory.bash new file mode 100755 index 0000000..8ef49e9 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_get_inventory.bash @@ -0,0 +1,36 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +# on stdout - messages on stderr + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=base +base=AnsI + +# quiet +[ "$#" -eq 0 ] && exit 1 +VARIABLE=$1 + +[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash + +[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible + +name=`hostname` + +if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then + base=$name + ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \ + --playbook-dir=$TESTFORGE_ANSIBLE_SRC \ + --host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err + if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then + #!? export + VALUE=`jq .$VARIABLE &2 "DEBUG: $prog base=$base VALUE=$VALUE" + [ "$VALUE" = "null" ] && VALUE="" + echo -n "$VALUE" + fi + rm -f /tmp/${AnsI}$$.json +fi + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash new file mode 100755 index 0000000..e968bbc --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash @@ -0,0 +1,39 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +prog=$( basename $0 .bash ) +PREFIX=/usr/local +ROLE=base +. /usr/local/bin/usr_local_base.bash || exit 2 + +umask 0022 +[ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge +[ -f $inidir ] || mkdir -p $inidir + +if [ -f $inidir ] ; then + inifile=$inidir + else + inifile=$inidir/testforge.ini + fi + +# echo -n "DEBUG: $prog "; ls -l $inifile +[ -e $inifile ] || { ERROR no file $inifile ; exit 1 ; } +[ -s $inifile ] || { ERROR empty file $inifile ; exit 2 ; } + +bashfile=$( echo $inifile | sed -e 's/.ini$/.bash/' ) +if [ ! -s $bashfile ] || [ $inifile -nt $bashfile ] ; then + INFO "$inifile > $bashfile" + /usr/local/bin/fact_to_bash.bash < $inifile > $bashfile || exit 3 + echo 'export PATH=$PATH:/sbin:/usr/local/bin:/var/local/bin' >> $bashfile + echo -n "DEBUG: $prog bashfile"; ls -l $bashfile +fi + +ymlfile=$( echo $inifile | sed -e 's/.ini$/.yml/' ) +if [ ! -s $ymlfile ] || [ $inifile -nt $ymlfile ] ; then + INFO "$inifile > $ymlfile" + /usr/local/bin/fact_to_yaml.bash < $inifile > $ymlfile || exit 4 + echo -n "DEBUG: $prog ymlfile "; ls -l $ymlfile + fi +. $bashfile || exit $? + +exec bash /usr/local/bin/base_sheebang_after_pip.bash diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_perm.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_perm.bash new file mode 100755 index 0000000..dc45e6d --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_perm.bash @@ -0,0 +1,33 @@ +#!/bin/sh +# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*- + +# very dangerous +[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/ +[ -n "$ROOT" ] || exit 1 +[ -d "$ROOT" ] || exit 2 + +ROLE=testforge + +cd $ROOT || exit 2 +GROUP=adm +[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash +[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP + +if [ -d ${ROOT}$PREFIX ] ; then + # allow + chgrp -R $GROUP ${ROOT}$PREFIX/{bin,data,lib64,src,net} + chmod -R g+rw,o-w ${ROOT}$PREFIX/{bin,data,lib64,src,net} + chmod a+x ${ROOT}$PREFIX/{bin,src,share/bash}/*sh + # if [ -d ${ROOT}$PREFIX/src/lynis ] ; then + + chgrp -R $GROUP ${ROOT}$PREFIX/{bin,data,lib64,src,net} + # forbid /var + chgrp -R root ${ROOT}$PREFIX/{etc,var,share} + chmod -R g-w,o-w ${ROOT}$PREFIX/{etc,var,share} + fi +if [ -d ${ROOT}/usr/local ] ; then + # forbid /usr but lib/python* will be created and allowed on install + chgrp -R root ${ROOT}/usr/local/ + chmod -R g-w,o-rw ${ROOT}/usr/local/ +fi +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash new file mode 100755 index 0000000..89177af --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash @@ -0,0 +1,93 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +PREFIX=/usr/local +ROLE=testforge +BASE=/usr/share/ca-certificates/mozilla +TO=/usr/local/share/ca-certificates/mozilla +VER=20190110 +DIR=ca-certificates-$VER +URL=deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_$VER.tar.xz +URL_CERTDATA=hg.mozilla.org/releases/mozilla-beta/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt +LOG_DIR=/var/local/var/log + +[ -d $LOG_DIR ] || mkdir $LOG_DIR +LOG_FILE=$LOG_DIR/ca-certificates_$$.log +rm -f $LOG_FILE + +# on Gentoo it may be up to date +if false && which equery 2>/dev/null >/dev/null ; then + # 20190110.3.43 + equery f app-misc/ca-certificates|grep /usr/share/doc/ca-certificates-$VER +fi + +[ -d $TO ] || mkdir -p $TO +cd /usr/local/src || exit 1 + +if [ ! -d $DIR ] ; then + grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { echo INFO: not connected ; exit 0 ; } + [ -f /usr/local/net/Http/$URL ] || \ + wget -xcP /usr/local/net/Http/ http://$URL || exit 1 + tar xvfJ /usr/local/net/Http/$URL + fi + +cd $DIR/mozilla || exit 2 +# will regenerate these if they exist +rm -f *crt + +# leave the original OS /usr/share certs renamed to .old +ls $BASE/*.crt >/dev/null 2>/dev/null && \ +for file in $BASE/*.crt ; do + [ -f "$file.old" ] && sudo rm "$file.old" + sudo mv "$file" "$file.old" || \ + { echo ERROR: moving $file $file.old ; exit 3 ; } + done + +[ -f blacklist.txt ] || { echo ERROR: missing blacklist.txt ; exit 4 ; } + +if [ ! -f certdata.txt.mozilla ] && grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then + [ -f /usr/local/net/Http/$URL_CERTDATA ] || \ + wget -xcP /usr/local/net/Http/ http://$URL_CERTDATA +fi +if [ ! -f certdata.txt.mozilla ] && [ -f /usr/local/net/Http/$URL ] ; then + cp -p /usr/local/net/Http/$URL_CERTDATA certdata.txt.mozilla +fi + +if [ -f certdata.txt.mozilla -a certdata.txt.mozilla -nt certdata.txt ] ; then + [ -f certdata.txt.debian ] || mv certdata.txt certdata.txt.debian + cp -p certdata.txt.mozilla certdata.txt + fi +python2 ./certdata2pem.py >> $LOG_FILE 2>&1 || exit 5 + +ls *.crt >/dev/null 2>/dev/null && \ +for file in *crt ; do + sudo mv $file $TO/$file || \ + { echo ERROR: moving $file $TO/$file ; exit 6 ; } + done + +[ -f $TO/blacklist.txt ] || \ + sudo cp -p blacklist.txt $TO + +#[ -f /etc/ca-certificates.conf ] && [ ! -f /etc/ca-certificates.conf.old ] && \ +# sudo mv /etc/ca-certificates.conf /etc/ca-certificates.conf.old +# morons: this return rc=0 even when there is an exception - with java7 - +# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct? +sudo bash /usr/sbin/update-ca-certificates --verbose > $LOG_FILE 2>&1 +[ $? -ne 0 ] && exit 7$? + +grep Exception: $LOG_FILE && exit 8 + +cd /usr/local/share/ca-certificates/mozilla || exit 9 +for file in *crt; do diff $file /usr/share/ca-certificates/mozilla/$file.old ; done \ + >> $LOG_FILE 2>&1 + +cd /usr/share/ca-certificates/mozilla || exit 10 +echo INFO: /usr/share/ca-certificates/mozilla >> $LOG_FILE 2>&1 +for file in *.old; do diff $file /usr/local/share/ca-certificates/mozilla$( basename $file .old );done \ + >> $LOG_FILE 2>&1 + +exit 0 + + +# alternate +# wget -xcP /usr/local/net/Http/ http://ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb;alien -t -c /usr/local/net/Http/ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb ; tar xvfz ca-certificates-20190110.tgz -C /usr/local/share/ca-certificates/mozilla diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash new file mode 100755 index 0000000..dfd097a --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash @@ -0,0 +1,25 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=$PREFIX +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +PYVER=2 +P="BASE_PYTHON${PYVER}_MINOR" +PYTHON_MINOR="$(eval echo \$$P)" +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash +PYTHON_EXE=$PYTHON_EXE_MSYS + +# doctest.py +# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE') +# ELLIPSIS = register_optionflag('ELLIPSIS') +LOPTS="-o ELLIPSIS --fail-fast" + +#? -S causes problems - why was it there? +for file in "$@" ; do + $PREFIX/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \ + $LOPTS --box '' --file "$file" +done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash new file mode 100755 index 0000000..8b74df4 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash @@ -0,0 +1,26 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=$PREFIX +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +PYVER=3 +P="BASE_PYTHON${PYVER}_MINOR" +PYTHON_MINOR="$(eval echo \$$P)" +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash +PYTHON_EXE=$PYTHON_EXE_MSYS + +# doctest.py +# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE') +# ELLIPSIS = register_optionflag('ELLIPSIS') +LOPTS="-o ELLIPSIS --fail-fast" + +#? -S causes problems - why was it there? +for file in "$@" ; do + [ ! -f "$file" ] && WARN file not found $file && continue + /usr/local/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \ + $LOPTS --box '' --file "$file" +done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash new file mode 100755 index 0000000..b02df96 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash @@ -0,0 +1,60 @@ +#!/bin/sh +# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*- + +. /usr/local/bin/usr_local_base.bash || exit 2 +PREFIX=/usr/local +ROLE=base + +[ -z "$BASE_PYTHON2_MINOR" ] && \ + BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) +[ -z "$BASE_PYTHON3_MINOR" ] && \ + BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) + +for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do + [ -z "$PYTHON_MINOR" ] && continue +if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then + LIB=lib +elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then + LIB=lib64 +elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then + ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages +fi +done + +umask 0022 +# [ "$#" -eq 0 ] && set -- $PREFIX/bin + +# FixMe? /usr/local/bin too? I think not, except for ours? + +for prefix in /usr/local /var/local ; do + cd $prefix/bin || exit 1 + #? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do + ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \ + while read file ; do + head -1 $file | grep -q python || continue + head -1 $file | grep -q $prefix/python..bash && continue + base=$( echo $file | sed -e 's/\.bash$//' ) + under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' ) + if [ -h /etc/python-exec/$base.conf ] ; then + link=$( readlink /etc/python-exec/$base.conf ) + if [ "$link" = python2.conf ] ; then + sed -f $prefix/share/sed/${under}_python2.sed -i $file + else + sed -f $prefix/share/sed/${under}_python3.sed -i $file + fi + else + sed -f $prefix/share/sed/${under}_python2.sed -i $file + sed -f $prefix/share/sed/${under}_python3.sed -i $file + fi + # echo $file + done + + # failsafe - Eberly - no longer active + for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do + [ -f $prefix/${LIB}/python$elt/site-packages/site.py ] + # WARN missing $prefix/${LIB}/python$elt/site-packages/site.py + done + +done + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash new file mode 100755 index 0000000..82c52ca --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash @@ -0,0 +1,519 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +[ -f /usr/local/bin/usr_local_tput.bash ] && \ + . /usr/local/bin/usr_local_tput.bash + +. /usr/local/bin/proxy_curl_lib.bash +[ -z "$TIMEOUT" ] && TIMEOUT=30 +TIMEOUT3=`expr 3 \* $TIMEOUT` + +SSLSCAN_ARGS="-4 --show-certificate --bugs --timeout $TIMEOUT" +[ $SSL_VER = 3 ] && SSLSCAN_ARGS="$SSLSCAN_ARGS --tls13" || \ + SSLSCAN_ARGS="$SSLSCAN_ARGS --tls12" +# -cipher 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' -debug + +# no timeout -no_tls1_1 -no_tls1_2 +OPENSSL_ARGS="-4 -showcerts -bugs -status -state -no_ign_eof" +[ $SSL_VER = 3 ] && OPENSSL_ARGS="$OPENSSL_ARGS -tls1_3" || \ + OPENSSL_ARGS="$OPENSSL_ARGS -tls1_2" +# --no-colour ?--show-certificate ?--show-client-cas ?--show-ciphers ?--tlsall + +TESTSSL_ARGS="-4 --server-defaults --protocols --grease --server-preference --heartbleed --ccs-injection --renegotiation --breach --tls-fallback --drown --assume-http --connect-timeout $TIMEOUT3 --openssl-timeout $TIMEOUT3 --standard --vulnerable --ssl-native --phone-out --nodns none" + +ANALYZE_ARGS="--timeout $TIMEOUT --all-ciphers --verbose" + +NMAP_ARGS="--script ssl-enum-ciphers -v --script-trace" +# no --cert-status -> ocsp +CURL_ARGS="--silent -vvv --head --connect-timeout $TIMEOUT" +CURL_HTTP_ARGS="$CURL_ARGS --fail --location --http2 --proto-redir https --proto-default https --proto =https" +# [ -d /usr/local/share/ca-certificates/mozilla ] && \ +# CURL_ARGS="$CURL_ARGS --capath usr/local/share/ca-certificates/mozilla" + +[ $SSL_VER = 3 ] && CURL_ARGS="$CURL_ARGS --tlsv1.3" || \ + CURL_ARGS="$CURL_ARGS --tlsv1.2" +NOW=`date +%s` +DATE () { + local elt=$1 + shift + # DEBUG=1 + $elt $( expr `date +%s` - $NOW )s $* + return 0 +} + +ssltest_proxies () { + + PROXY_SCHEME=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 1 -d ' '` + PROXY_HOST=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 2 -d ' '` + PROXY_PORT=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 3 -d ' '` + + # SocksPolicy Accept in /etc/tor/torrc - required and works with sslscan + TESTSSL_ENVS="env MAX_OSSL_FAIL=10 DNS_VIA_PROXY=true PROXY_WAIT=$TIMEOUT" + if [ -n "$SSLTEST_HTTP_PROXY" ] ; then + PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'` + OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT" + elif [ -n "$SSLTEST_HTTPS_PROXY" ] ; then + # WTF HTTP CONNECT failed: 502 Bad Gateway (tor protocol violation) + PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'` + OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT" + fi + + # Make sure a firewall is not between you and your scanning target! + # `sed -e 's@.*/@@' <<< $SSLTEST_HTTPS_PROXY` + # timesout 3x + # TESTSSL_ARGS="$TESTSSL_ARGS --proxy=auto" + + # use torsocks instead of + # ANALYZE_ARGS="ANALYZE_ARGS --starttls http_proxy:${PROXY_HOST}:$PROXY_PORT" + CURL_ARGS="$CURL_ARGS -x socks5h://${SOCKS_HOST}:$SOCKS_PORT" +#? NMAP_ARGS="$NMAP_ARGS -x socks4://${SOCKS_HOST}:$SOCKS_PORT" + + # no proxy args and no _proxy strings + SSLSCAN_ENVS="$TORSOCKS " + ANALYZE_ENVS="$TORSOCKS " + # proxy timesout + TESTSSL_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP $TESTSSL_ENVS" + NMAP_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP " + CURL_ENVS=" " + return 0 +} + +ssltest_nmap () { + local elt=$1 + local site=$2 + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` + local exe=nmap + + DATE DBUG $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" $eltfile + INFO $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" >> $eltfile + $NMAP_ENVS $exe $NMAP_ELTS $site >> $eltfile 2>&1 + retval=$? + if grep -q '(1 host up)' $eltfile ; then + if grep -q TLS_AKE_WITH_AES_256_GCM_SHA384 $eltfile ; then + INFO "$elt TLS_AKE_WITH_AES_256_GCM_SHA384 = $eltfile" | tee -a $eltfile + else + INFO "$elt CA=$cacert = $eltfile" | tee -a $eltfile + fi + elif [ $retval -ne 0 ] ; then + ERROR "$elt retval=$retval timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile + else + WARN $elt "NO '(1 host up)' in" $eltfile + fi + + return 0 +} + +## ssltest_nmap +## no good for 1.3 +ssltest_sslscan () { + local elt=$1 + local site=$2 + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` + local exe=sslscan + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + + DATE DBUG "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" $eltfile + INFO "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" >> $eltfile + $SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site:$SSL_PORT >> $eltfile 2>&1 + retval=$? + + # ECDHE-RSA-AES256-SHA pop.zoho.eu tls1.2 + if [ $retval -ne 0 ] ; then + ERROR "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile + elif grep ERROR $eltfile ; then + ERROR "$elt ERROR CA=$cacert = $eltfile" | tee -a $eltfile + retval=-1 + elif grep EROR: $eltfile ; then + ERROR "$elt EROR: CA=$cacert = $eltfile" | tee -a $eltfile + retval=-2 + elif grep "Certificate information cannot be retrieved." $eltfile ; then + WARN "$elt 'Certificate information cannot be retrieved' = $eltfile" | tee -a $eltfile + + elif grep "TLSv1.$SSL_VER.*disabled" $eltfile ; then + ERROR "$elt TLSv1.$SSL_VER disabled = $eltfile" | tee -a $eltfile + retval=-3 + elif ! grep '^\(Subject\|Altnames\).*'"$site" $eltfile ; then + # *.zoho.eu + WARN "$elt not 'Subject\|Altnames' = $eltfile" | tee -a $eltfile + elif ! grep -q Accepted $eltfile ; then + WARN "$elt not Accepted CA=$cacert = $eltfile" | tee -a $eltfile + elif [ $SSL_VER = 3 ] && ! grep -q TLS_AES_256_GCM_SHA384 $eltfile ; then + WARN "$elt not TLS_AES_256_GCM_SHA384 CA=$cacert = $eltfile" | tee -a $eltfile + else + DATE INFO "$elt Accepted CA=$cacert = $eltfile " | tee -a $eltfile + fi + return $retval +} + +## ssltest_openssl +ssltest_openssl () { + local elt=$1 + local site=$2 + local exe=openssl + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` + local total_s=`expr 2 \* $TIMEOUT` + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + + # -msg -msgfile $TMPDIR/$$.$site.s_client.msg + DATE DBUG "$elt s_client $OPENSSL_ELTS" $site $eltfile + INFO "$exe s_client $OPENSSL_ELTS timeout=$total_s" $site >> $eltfile + timeout $total_s $exe s_client $OPENSSL_ELTS $site < /dev/null >> $eltfile 2>&1 + retval=$? + + if [ $retval -eq 124 ] ; then + WARN "$elt failed timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile + elif [ $retval -eq 1 ] ; then + num=`grep ':SSL alert number' $eltfile | sed -e 's/.*:SSL alert number //'` + if [ $? -eq 0 ] && [ -n "$num" ] ; then + ERROR "$elt failed retval=$retval SSL alert #$num ${SSL_ALERT_CODES[$num]} CA=$cacert = $eltfile" | tee -a $eltfile + else + ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile + cat $eltfile + fi + elif grep ':error:' $eltfile ; then + a=`grep ':error:' $eltfile | sed -e 's/^[0-9]*:[^:]*:[^:]*:[^:]*:[^:]*://' -e 's/:.*//' |head -1 ` + ERROR "$elt :error: $a CA=$cacert = $eltfile" | tee -a $eltfile + elif grep 'Cipher is (NONE)\|SSL handshake has read 0 bytes' $eltfile ; then + ERROR "$elt s_client Cipher is (NONE) CA=$cacert = $eltfile" | tee -a $eltfile + elif [ $retval -ne 0 ] ; then + ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile + elif grep 'HTTP CONNECT failed:' $eltfile ; then + WARN "$elt failed HTTP CONNECT failed CA=$cacert = $eltfile" | tee -a $eltfile + elif grep 'unable to get local issuer certificate' $eltfile ; then + WARN "$elt s_client unable to get local issuer certificate CA=$cacert = $eltfile" | tee -a $eltfile + elif grep 'Verification error: certificate has expired' $eltfile ; then + WARN "$elt s_client Verification error: certificate has expired = $eltfile | tee -a $eltfile" | tee -a $eltfile + elif ! grep -q '^depth=0 CN.*'$site $eltfile ; then + WARN "$elt s_client CN NOT $site = $eltfile" | tee -a $eltfile + + elif grep 'OSCP response: no response' $eltfile ; then + WARN "$elt s_client OSCP response: no response = $eltfile | tee -a $eltfile" | tee -a $eltfile + elif grep 'New, TLSv1.$SSL_VER, Cipher is TLS' $eltfile ; then + DATE INFO "$elt TLSv1.$SSL_VER, Cipher is TLS CA=$cacert = $eltfile " | tee -a $eltfile + else + DATE INFO "$elt client CA=$cacert = $eltfile " | tee -a $eltfile + fi + return $retval +} + +## ssltest_testssl +ssltest_testssl () { + local elt=$1 + local site=$2 + local exe=/usr/local/bin/$elt.sh + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` + local total_s=`expr 2 \* $TIMEOUT3` + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + + DATE DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" $eltfile + INFO DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" >> $eltfile 2>&1 + # TLS 1.2 offered (OK) + # TLS 1.3 offered (OK) + # You should not proceed as no protocol was detected. If you still really really want to, say "YES" --> + echo YES | timeout $total_s env $TESTSSL_ENVS $exe $TESTSSL_ELTS $site:$SSL_PORT >>$eltfile 2>&1 + retval=$? + + subdir=`grep 'DEBUG (level 1): see files in' $eltfile | sed -e 's/.* //' -e "s/[$'].*//"` + if [ -n "$subdir" ] ; then + subdir="${subdir::19}" + if [ -d "$subdir" ] ; then + DBUG found \"$subdir\" + cat "$subdir"/*parse*txt >> $eltfile + fi + fi + if grep "Protocol.*TLSv1.$SSL_VER" $eltfile ; then + # timesout after success + DATE INFO "$elt $site Protocol : TLSv1.$SSL_VER CA=$cacert =$eltfile" | tee -a $eltfile + retval=0 + elif grep 'TLS 1.$SSL_VER *.*offered.*(OK)' $eltfile ; then + DATE INFO "$elt $site TLS 1.$SSL_VER offered CA=$cacert =$eltfile" | tee -a $eltfile + retval=0 + elif [ $retval -eq 124 ] ; then + WARN $elt $site "timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile + elif grep 'TLS 1.$SSL_VER.*not offered and downgraded to a weaker protocol' $eltfile ; then + DATE ERROR "$elt $site TLS 1.$SSL_VER NOT offered CA=$cacert =$eltfile" | tee -a $eltfile + retval=`expr 256 - 1` + elif grep -q 't seem to be a TLS/SSL enabled server' $eltfile ; then + DATE ERROR "$elt $site doesnt seem to be a TLS/SSL enabled server: CA=$cacert =$eltfile" | tee -a $eltfile + retval=`expr 256 - 2` + elif grep -q 'Client problem, No server cerificate could be retrieved' $eltfile ; then + WARN "$elt $site Client problem: CA=$cacert =$eltfile" | tee -a $eltfile + retval=`expr 256 - 3` + elif grep 'Fixme: something weird happened' $eltfile ; then + WARN "$elt $site Fixme: something weird happened CA=$cacert =$eltfile" | tee -a $eltfile + retval=`expr 256 - 4` + elif grep 'Oops: TCP connect problem' $eltfile ; then + WARN "$elt $site Oops: TCP connect problem CA=$cacert =$eltfile" | tee -a $eltfile + retval=`expr 256 - 5` + elif [ $retval -gt 5 ] ; then + # returns 5 + WARN "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile + elif grep ': unable to\| error:' $eltfile ; then + ERROR "$elt.bash unable to / error: CA=$cacert = $eltfile" | tee -a $eltfile + retval=`expr 256 - 6` + elif grep 'unexpected error' $eltfile ; then + ERROR "$elt.bash unexpected error CA=$cacert = $eltfile" | tee -a $eltfile + retval=`expr 256 - 7` + elif [ "$retval" -eq 1 ] ; then + DATE ERROR "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile + elif grep -q "Negotiated protocol.*TLSv1.$SSL_VER" $eltfile ; then + # TLS_AES_256_GCM_SHA384 + DATE INFO "$elt.bash TLSv1.$SSL_VER retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile + elif [ "$retval" -ne 0 ] ; then + # 5 is success + DATE WARN "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile + else + DATE INFO "$elt.bash no error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile + fi + + if grep ' VULNERABLE ' $eltfile ; then + WARN "$elt.bash VULNERABLE: CA=$cacert = $eltfile " | tee -a $eltfile + fi + grep 'Overall Grade' $eltfile + return $retval +} + +## ssltest_analyze_ssl $elt $site +ssltest_analyze_ssl () { + local elt=$1 + local site=$2 + local exe=/usr/local/bin/analyze-ssl.pl.bash + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` + local total_s=`expr 2 \* $TIMEOUT` + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + + DATE DBUG $elt "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" $eltfile + INFO "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" >> $eltfile + timeout $total_s $ANALYZE_ENVS $exe $ANALYZE_ELTS $site:$SSL_PORT >> $eltfile 2>&1 + retval=$? + + if [ ! -s $eltfile ] ; then + ERROR "$elt failed empty $eltfile" | tee -a $eltfile + retval=`expr 256 - 1` + elif grep "successful connect with TLSv1_$SSL_VER" $eltfile && \ + grep 'all certificates verified' $eltfile ; then + # succeeds but timesout + DATE INFO "$elt successful connect with TLSv1_$SSL_VER retval=$retval error = $eltfile" | tee -a $eltfile + elif [ $retval -eq 124 ] ; then + WARN "$elt timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile + elif [ $retval -ne 0 ] ; then + ERROR "$elt failed retval=$retval = $eltfile" | tee -a $eltfile + elif grep ERROR: $eltfile ; then + ERROR "$elt failed ERROR: = $eltfile" | tee -a $eltfile + retval=`expr 256 - 3` + elif grep 'certificate verify - name does not match' $eltfile ; then + ERROR "$elt failed name does not match = $eltfile" | tee -a $eltfile + retval=`expr 256 - 4` + elif ! grep 'certificate verified : ok' $eltfile ; then + ERROR "$elt failed NO certificate verified = $eltfile" | tee -a $eltfile + retval=`expr 256 - 5` + elif grep 'certificate verified : FAIL' $eltfile ; then + ERROR "$elt certificate verified : FAIL = $eltfile" | tee -a $eltfile + retval=`expr 256 - 6` + elif grep 'handshake failed with HIGH' $eltfile ; then + WARN "$elt failed handshake failed with HIGH = $eltfile" | tee -a $eltfile + retval=`expr 256 - 7` + elif grep '^ \! ' $eltfile ; then + ERROR "$elt failed \! = $eltfile" | tee -a $eltfile + retval=`expr 256 - 8` + else + DATE INFO "$elt no error = $eltfile" | tee -a $eltfile + fi + return $retval +} + +## ssltest_curl +ssltest_curl () { + local elt=$1 + local site=$2 + local exe="/usr/local/bin/s$elt.bash -- " + local outfile=$3 + [ -f "$outfile" ] || { WARN no outfile ; return 1 ; } + local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` + local total_s=`expr 2 \* $TIMEOUT` + local prot + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + [ -n "$SSL_PORT" ] || { WARN no SSL_PORT ; return 3 ; } + + exe=curl + if [ "$SSL_PORT" = 443 ] ; then + prot=https + elif [ "$SSL_PORT" = 995 ] ; then + prot=pop3s + exe=curl + CURL_ELTS="$CURL_ELTS -l" + elif [ "$SSL_PORT" = 587 ] ; then + prot=smtps + exe=curl + # CURL_ELTS="$CURL_ELTS" + else + ERROR $elt unrecognized port protocol $SSL_PORT + return 3 + fi + DATE DBUG $elt $CURL_ENVS "`basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" $eltfile + INFO $elt "$CURL_ENVS `basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" >> $eltfile + $CURL_ENVS $exe $CURL_ELTS ${prot}://$site:$SSL_PORT >> $eltfile 2>&1 + retval=$? + # grep '= /tmp/scurl' + ERRF=$eltfile + + if [ $SSL_VER -eq 3 ] && ! grep "SSL connection using TLSv1.$SSL_VER" $ERRF ; then + ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile + retval=`expr 256 - 1` + cat $eltfile + elif ! grep -q "SSL connection using TLSv1.[3$SSL_VER]" $ERRF ; then + ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile + retval=`expr 256 - 1` + cat $eltfile + elif [ $retval -eq 77 ] || grep -q 'CURLE_SSL_CACERT_BADFILE' $ERRF ; then + ERROR "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile + elif [ $retval -eq 28 ] || grep -q 'CURLE_OPERATION_TIMEDOUT' $ERRF ; then + WARN "$elt retval=$retval CURLE_OPERATION_TIMEDOUT ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile + + elif [ $retval -eq 91 ] || grep -q 'CURLE_SSL_INVALIDCERTSTATUS' $ERRF ; then + WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile + + elif [ $retval -eq 28 ] || grep 'Connection timed out' $ERRF ; then + WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile + + elif [ $retval -eq 22 ] || grep -q 'curl: (22) The requested URL returned error:' $ERRF; then + # on 22 - change to HTTP code + code=`grep 'curl: (22) The requested URL returned error:' $ERRF | sed -s 's/.*returned error: //'` + if [ "$code" = 416 ] ; then + INFO "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile + retval=$code + elif [ -n "$code" ] && [ "$code" -ge 400 ] ; then + # 403 Cloudflare + ERROR "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile + retval=$code + else + WARN "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile + fi + + elif [ $retval -ne 0 ] ; then + # curl: (3) URL using bad/illegal format or missing URL - worked + WARN "$elt retval=$retval ${CURLE[$retval]} CA=$cacert = $ERRF" | tee -a $eltfile + + elif ! grep "subject: CN=$site" $ERRF ; then + ERROR "$elt NO subject: CN=$site CA=$cacert = $ERRF" | tee -a $eltfile + retval=`expr 256 - 2` + elif grep "503 - Forwarding failure" $ERRF ; then + WARN "$elt 503 - Forwarding failure CA=$cacert = $ERRF" | tee -a $eltfile + retval=`expr 256 - 3` + elif grep 'we are not connected' $eltfile ; then + WARN "$elt CA=$cacert = $ERRF" | tee -a $eltfile + retval=0 + else + INFO "$elt CA=$cacert = $ERRF" | tee -a $eltfile + retval=0 + fi + # TLSv1.3 (IN), TLS handshake, Finished + return $retval +} + +## ssllabs_analyze +ssltest_analyze () { + local elt=$1 + local site=$2 + local exe="/usr/local/bin/scurl.bash -- " + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile` + local total_s=`expr 2 \* $TIMEOUT` + local url="https://www.ssllabs.com/ssltest/analyze.html?d=$site" + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + umask 0022 + + DATE DBUG "$elt $CURL_ELTS SSL_PORT=$SSL_PORT $url" $eltfile + INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile + $CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1 + retval=$? + if [ $retval -ne 0 ] ; then + DATE WARN "$elt retval=$retval $url" $eltfile >> $outfile + else + DATE INFO "$elt retval=$retval $url" $eltfile >> $outfile + fi + return $retval +} + +## ssltest_ssllabs +ssltest_ssllabs() { + local elt=$1 + local site=$2 + local outfile=$3 + [ -f "$outfile" ] || return 1 + local site_ip=$4 + local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile` + local host=www.ssllabs.com + local url="ssltest/analyze.html?d=$site&s=$site_ip" + local exe="/usr/local/bin/scurl.bash -- " + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + umask 0022 + + DATE DBUG "$elt $CURL_ELTS $url" $eltfile + INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile + $CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1 + retval=$? + if [ $retval -ne 0 ] ; then + DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile + elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'No' ; then + DATE ERROR "$elt retval=$retval $url" $eltfile | tee -a $eltfile + retval=`expr 256 - 1` + elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'Yes' ; then + DATE INFO "$elt retval=$retval $url" $eltfile | tee -a $eltfile + retval=0 + else + DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile + fi + return $retval +} + +## ssltest_http2_alt_svc +ssltest_http2_alt_svc() { + local elt=$1 + local site=$2 + local outfile=$3 + [ -f "$outfile" ] || return 1 + local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile` + local exe="/usr/local/bin/scurl.bash -- " + local host=www.integralblue.com + local url=1.1.1.1/fun-stuff/dns-over-tor/ + [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } + umask 0022 + + if [ -n "$socks_proxy" ] ; then + export socks_proxy=`sed -e 's/socks[a-z0-9]*:/socks5h:/' <<< $socks_proxy` + $exe --head --http2 -x $socks_proxy https://$host/$url > $eltfile 2>&1 + else + $exe --head --http2 https://$host/$url > $eltfile 2>&1 + fi + + #? grep '^HTTP/2 301' $eltfile || exit 1 + grep '^HTTP/2 ' $eltfile || return 11 + grep 'alt-svc:' $eltfile || return 12 + onion=`grep 'alt-svc:' $eltfile | sed -e 's/.*h2=.//' -e 's/";.*//'` # || exit 3 + + if [ -n "$socks_proxy" ] ; then + $exe --head -x $socks_proxy https://$onion/$url >> $eltfile 2>&1 + retval=$? + else + $exe --head https://$onion/$url >> $eltfile 2>&1 + retval=$? + fi + if [ $retval -eq 0 ] ; then + DATE INFO $elt https://$host/$url | tee -a $eltfile + else + DATE WARN $elt https://$host/$url | tee -a $eltfile + fi + return $? +} diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash new file mode 100755 index 0000000..20f6ff9 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash @@ -0,0 +1,344 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore +export PATH=/sbin:$PATH + +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +#[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL +. $PREFIX/bin/usr_local_tput.bash || exit 2 +. /usr/local/bin/proxy_ping_lib.bash >/dev/null || \ + { ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 3; } + + +#? . $PREFIX/src/usr_local_src.bash || exit 2 + +DNS_TRIES=3 +LOGP=TestSSL_`date -u +%y-%m-%d_%H_$$` +rm -f $TMPDIR/${LOGP}* + +# analyze-ssl passed files.pythonhosted.org +# INFO: 226s analyze-ssl no error = /tmp/_files.pythonhosted.org_analyze-ssl.out +[ -z "$SSLTEST_TESTS" ] && SSLTEST_TESTS="curl openssl testssl nmap" # sslscan +[ -z "$SSLTEST_CERTS" ] && SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt /usr/local/etc/ssl/cacert-testforge.pem" +[ -z "$SSLTEST_TIMEOUT" ] && SSLTEST_TIMEOUT=30 + +[ -z "$SSLTEST_SOCKS_PROXY" -a -n "$socks_proxy" ] && SSLTEST_SOCKS_PROXY=$socks_proxy \ + && DBUG SSLTEST_SOCKS_PROXY=$socks_proxy +if [ -z "$SSLTEST_HTTPS_PROXY" -a -n "$https_proxy" ] ; then + SSLTEST_HTTPS_PROXY=$https_proxy + DBUG SSLTEST_HTTPS_PROXY=$SSLTEST_HTTPS_PROXY +fi +[ -z "$SSLTEST_HTTP_PROXY" -a -n "$http_proxy" ] && SSLTEST_HTTP_PROXY=$http_proxy \ + && DBUG SSLTEST_HTTP_PROXY=$http_proxy +[ -z "$BOX_BYPASS_PROXY_GROUP" ] && BOX_BYPASS_PROXY_GROUP=bin + +SSL_LIB=openssl + +# [ "$MODE" ] && proxy_ping_test.bash $MODE + +declare -a BADSSL_SITES +BADSSL_SITES=( + self-signed.badssl.com + expired.badssl.com + mixed.badssl.com + rc4.badssl.com + hsts.badssl.com +) +declare -a GOODSSL_SITES +GOODSSL_SITES=( + files.pythonhosted.org + mirrors.dotsrc.org + deb.devuan.org +# dfw.source.kernel.org +# cdn.kernel.org +) + +badssl=0 +goodssl=0 +[ "$#" -eq 0 ] && goodssl=1 +tests="$SSLTEST_TESTS" +verbosity=2 +outdir=/tmp +timeout=$SSLTEST_TIMEOUT +onion=0 +CAFILE=/usr/local/etc/ssl/cacert-testforge.pem +TMPDIR=/tmp +SSL_PORT=443 +SSL_VER=3 + +usage() { + echo "Usage: $0 [OPTIONS] dirs-or-files" + echo + echo " -B | --badssl - test badssl.org sites" + echo " -G | --goodssl - test good sites" + echo " -S | --ssl - tls version v1.x - 2 or 3" + echo " -O | --onion - onion" + echo " -o | --outdir=$TMPDIR - output directory" + echo " -v | --verbosity=$verbosity - verbosity 0 least 5 most" + echo " -T | --timeout=$timeout - timeout in sec." + echo " -E | --tests=`sed -e 's/ /,/g' <<< $tests` - tests, comma separated" + echo " -C | --certs=`sed -e 's/ /,/g' <<< $SSLTEST_CERTS` - tests, comma separated" + echo " -Y | --ciphers - comma sep list of ciphers" + echo " -P | --port - port default $SSL_PORT" + echo " -N | --connect - connect" + echo + echo " -V | --version - print version of this script" + echo " -h | --help - print this help" +} + +SHORTOPTS="hVGBv:T:C:P:S:E:Y:ON:" +LONGOPTS="help,version:,goodssl,badssl,verbosity:,timeout,certs:,port:,ssl:,tests:,ciphers:,onion,connect:" +declare -a SITES +SITES=() + +ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@") +[ $? != 0 ] && { ERROR "error parsing getopt" ; exit 4 ; } + +eval set -- "$ARGS" + +while true; do + case "$1" in + -o|--outdir) + shift + TMPDIR="$1" + ;; + -v|--verbosity) + shift + verbosity="$1" + ;; + -T|--timeout) + shift + timeout="$1" + ;; + -S|--ssl) + shift + SSL_VER="$1" + ;; + -P|--port) + shift + SSL_PORT="$1" + ;; + -N|--connect) + shift + SSL_CONNECT="$1" + ;; + -C|--certs) + shift + SSLTEST_CERTS="`sed -e 's/,/ /g' <<< $1`" + ;; + -Y|--ciphers) + shift + SSLTEST_CIPHERS="`sed -e 's/,/ /g' <<< $1`" + ;; + -t|--tests) + shift + tests="`sed -e 's/,/ /g' <<< $1`" + ;; + -O|--onion) + onion=1 + ;; + -G|--goodssl) + goodssl=1 + badssl=0 + ;; + -B|--badssl) + badssl=1 + goodssl=0 + ;; + -V|--version) + usage + exit 0 + ;; + -h|--help) + usage + exit 0 + ;; + '--') + shift + SITES=("$@") + break + ;; + *) + { ERROR "unrecognized arguments $*" ; exit 5 ; } + break + ;; + esac + shift +done + +[ "${#SITES[*]}" -eq 0 -a $badssl -gt 0 ] && SITES=("${BADSSL_SITES[@]}") +[ "${#SITES[*]}" -eq 0 -a $goodssl -gt 0 ] && SITES=("${GOODSSL_SITES[@]}") +[ "${#SITES[@]}" -eq 0 ] && { ERROR "no arguments $*" ; exit 7 ; } + +[ "$SSL_VER" -ge 2 -a "$SSL_VER" -le 3 ] || { ERROR "SSL_VER $SSL_VER" ; exit 6 ; } +[ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" || { ERROR "mkdir $TMPDIR" ; exit 8 ; } +[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; exit 9 ; } + +[ $onion -eq 0 ] && TIMEOUT=$timeout || TIMEOUT=`expr $timeout \* 2` +SSLTEST_TESTS="$tests" +declare -a tests_ran +tests_ran=() + +grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; } + +IF=`route | grep ^def |sed -e 's/.* //'` +[ -n "$IF" ] || { ERROR "no IF" ; exit 10 ; } + +IP=`ifconfig $IF|grep -A 2 ^wlan |grep inet | sed -e 's/.*inet //' -e 's/ .*//'` +[ -n "$IP" ] || { ERROR "no IP" ; exit 11 ; } + +[ -z "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash + +netstat -nle4 | grep -v grep | grep -q 0.1:53 || \ + { WARN "DNS not running - netstat " ; } + +# iptables-legacy-save | grep "OUTPUT -o wlan4 -m owner --gid-owner 2 -j ACCEPT" + +# uses TIMEOUT=30 +. $PREFIX/bin/testforge_ssl_lib.bash + +if [ "$USER" = bin ] ; then + [ -z "$SOCKS_HOST" ] && SOCKS_HOST= + [ -z "$SOCKS_PORT" ] && SOCKS_PORT= + [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 +else + DEBUG=0 proxy_ping_get_socks >/dev/null + [ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1 + [ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050 + [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 +fi + +if [ "$USER" = bin ] ; then + TORSOCKS="" +elif [ $SOCKS_HOST != 127.0.0.1 ] ; then + TORSOCKS="torsocks --address $SOCKS_HOST --port $SOCKS_PORT " +elif [ $SOCKS_PORT != 9050 ] ; then + TORSOCKS="torsocks --port $SOCKS_PORT " +else + TORSOCKS="torsocks " +fi + +if [ -n "$SSLTEST_HTTPS_PROXY" ] ; then + grep -q "SocksPolicy *accept *$IP" /etc/tor/torrc || \ + { WARN "need SocksPolicy accept $IP in /etc/tor/torrc" ; } +fi + +# This works off the $https_proxy environment variable in the form http://127.0.0.1:9128 +# so you can test trans routing by call this with that unset. +ssltest_proxies $onion + +rm -f $TMPDIR/${LOGP}.*.* +OUTF=$TMPDIR/${LOGP}.out +for CAFILE in $SSLTEST_CERTS ; do + grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { + WARN $prog we are not connected >&2 + exit `expr 256 - 1` + } + + [ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; continue ; } + DATE DBUG CAFILE=$CAFILE --address $SOCKS_HOST --port $SOCKS_PORT + + cacert=`basename $CAFILE` + for site in "${SITES[@]##*/}" ; do + warns=0 + IF=`route | grep ^def |sed -e 's/.* //'` + [ -n "$IF" ] || { WARN "$site no route" ; continue ; } + + SITE_OUTF=$TMPDIR/${LOGP}_${site}.out + DEBUG=1 DATE DBUG $site CAFILE=$CAFILE $SITE_OUTF | tee -a $SITE_OUTF + + # ERROR: Could not resolve hostname www.devuan.org. + i=0 + while [ $i -le $DNS_TRIES ] ; do + if [ $onion -eq 0 ] ; then + site_ip=`dig $site +retry=5 +tries=2 +noall +answer +short | awk '{ print $1 }'` && break + else + site_ip=`tor-resolve -4 $site` && break + fi + i=`expr $i + 1` + sleep 5 + done + [ $i -ge $DNS_TRIES ] && ERROR failed resolve $site | tee -a $SITE_OUTF + [ $i -ge $DNS_TRIES ] && site_ip=$site + + elt=sslscan + SSLSCAN_ELTS="$SSLSCAN_ARGS --certs $CAFILE --sni-name $site" + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + tests_ran+=($elt) && \ + ssltest_sslscan $elt $site $SITE_OUTF $site_ip + + elt=openssl + OPENSSL_ELTS="$OPENSSL_ARGS -CAfile $CAFILE -servername $site" + [ -n "$SSL_CONNECT" ] && OPENSSL_ELTS="$OPENSSL_ARGS -connect ${SSL_CONNECT}:$SSL_PORT" + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + [ $onion -eq 0 ] && \ + tests_ran+=($elt) && \ + ssltest_openssl $elt $site $SITE_OUTF $site_ip + + elt=testssl + rm -f $TMPDIR/${LOGP}.$site.$elt.json # --jsonfile-pretty $TMPDIR/${LOGP}.$site.$elt.json + TESTSSL_ELTS="$TESTSSL_ARGS --add-ca $CAFILE --append --ip $site_ip" + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + [ $onion -eq 0 ] && \ + tests_ran+=($elt) && \ + ssltest_testssl $elt $site $SITE_OUTF $site_ip + + elt=analyze-ssl + ANALYZE_ELTS="$ANALYZE_ARGS --CApath $CAFILE --name $site" + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + [ $SSL_PORT = 443 ] && \ + tests_ran+=($elt) && \ + ssltest_analyze_ssl $elt $site $SITE_OUTF $site_ip + + elt=curl + CURL_ELTS="$CURL_ARGS --cacert $CAFILE --output /dev/null" + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + tests_ran+=($elt) && \ + ssltest_curl $elt $site $SITE_OUTF $site_ip + + elt=nmap + NMAP_ELTS="$NMAP_ARGS --host-timeout $TIMEOUT -p $SSL_PORT" + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + tests_ran+=($elt) && \ + ssltest_nmap $elt $site $SITE_OUTF $site_ip + + elt=ssllabs + [ $SSL_PORT = 443 ] && \ + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + tests_ran+=($elt) && \ + ssltest_ssllabs $elt $site $SITE_OUTF $site_ip + done +done + +# bonus +elt=alt_svc +[ $SSL_PORT = 443 ] && \ + [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ + tests_ran+=($elt) && \ + ssltest_http2_alt_svc $elt - $SITE_OUTF - + +cat $TMPDIR/${LOGP}_*.out > $OUTF +# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ +a=`openssl ciphers -v 'ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM' | wc -l | sed -e 's/ .*//'` +[ $? -eq 0 ] && [ "$a" -eq 0 ] && \ + WARN "no openssl ciphers" | tee -a $OUTF + +DEBUG=1 DBUG "${#tests_ran[@]}" TESTS="${tests_ran[@]}" +warns=`grep -c WARN: $OUTF` +[ $? -eq 0 ] && [ "$warns" -gt 0 ] && DATE WARN "$warns warns for $site in $OUTF" +errs=`grep -c 'ERROR:\|EROR:' $OUTF` +[ $? -eq 0 ] && [ "$errs" -gt 0 ] && DATE ERROR "$errs errs for $site in $OUTF" +[ $? -eq 0 ] && [ "$warns" -eq 0 -a "$errs" -eq 0 ] && \ + DATE INFO "NO warns/errs for $site in $OUTF" + +exit $errs + +# pysslscan scan --scan=protocol.http --scan=vuln.heartbleed --scan=server.renegotiation \ +# --scan=server.preferred_ciphers --scan=server.ciphers \ +# --report=term:rating=ssllabs.2009e --ssl2 --ssl3 --tls10 --tls11 --tls12 +# /usr/local/bin/ssl-cipher-check.pl + diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testssl.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testssl.bash new file mode 100755 index 0000000..7ab3511 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testssl.bash @@ -0,0 +1,68 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL + +# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher +# https://code.google.com/p/chromium/issues/detail?id=58831 + +DIR=testssl.sh +GITHUB_USER=drwetter +GITHUB_DIR=$DIR + +. $PREFIX/src/var_local_src.bash + +BINS=testssl + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + [ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR + + for elt in $BINS ; do + file=$PREFIX/bin/$elt.bash + if [ ! -f $file ] ; then + cat > $file << EOF +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +cd $PREFIX/src/$DIR +exec bash testssl.sh "\$@" +EOF + chmod +x $PREFIX/bin/testssl.bash + fi + done + + exit 0 + +elif [ $1 = 'check' ] ; then # 1* + ols_test_bins && exit 0 || exit 1$? + +elif [ $1 = 'lint' ] ; then # 2* + /var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$? + +elif [ "$1" = 'test' ] ; then # 3* + for bin in $BINS ; do + $PREFIX/bin/$bin.bash --help >/dev/null || exit 3$? + done + +elif [ "$1" = 'update' ] ; then # 7* + ols_are_we_connected || exit 0 + cd $PREFIX/src/$DIR || exit 70 + git pull || exit 7$? + + #error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream + #error: 1970 bytes of body are still expected + #fetch-pack: unexpected disconnect while reading sideband packet + #fatal: early EOF + #fatal: fetch-pack: invalid index-pack output + +fi + +# wget -P https://testssl.sh/testssl.sh + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testssl.sh b/roles/toxcore/overlay/Linux/usr/local/bin/testssl.sh new file mode 100755 index 0000000..7feb070 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/testssl.sh @@ -0,0 +1,6 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +PREFIX=/usr/local +ROLE=toxcore +cd $PREFIX/src/testssl.sh || exit 1 +exec bash testssl.sh "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash b/roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash new file mode 100755 index 0000000..6c4b26f --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash @@ -0,0 +1,50 @@ +#/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore +[ -n "$PYDEV_VAR_LOCAL" ] && PREFIX=$PYDEV_VAR_LOCAL + +DESC="" +. /usr/local/src/usr_local_src.bash || exit 1 +HTTP_DIR=$PREFIX/net/Http + +DIR=tinfoilhat.shmoo.com +URL=web.archive.org/web/20121116091222/http:/ + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ $# -eq 0 ] ; then + if [ ! -d $DIR ] ; then + route|grep -q ^default || exit 0 + mkdir $DIR $DIR/source + wget -cP $DIR/source http://$URL/$DIR/source/bb-random.c \ + http://$URL/$DIR/source/gpggrid-version-on-floppy.c \ + http://$URL/$DIR/source/gpggrid.c || exit 3 + fi + + cd $PREFIX/src/$DIR/source || exit 4 + + [ -x gpggrid ] || \ + cc -o gpggrid --static gpggrid.c || exit 5 + + [ -f staticgpggrid.c ] || \ + sed -e 's/"gpg"/"staticgpg"/' gpggrid.c > staticgpggrid.c + [ -x staticgpggrid ] || \ + cc -o staticgpggrid --static staticgpggrid.c || exit 6 + + [ -x $PREFIX/bin/gpggrid -a $PREFIX/bin/gpggrid -nt gpggrid ] || \ + cp -p gpggrid $PREFIX/bin/ || exit 7 + + [ -x $PREFIX/bin/staticgpggrid -a $PREFIX/bin/staticgpggrid -nt gpggrid ] || \ + cp -p staticgpggrid $PREFIX/bin/ || exit 8 + + OPREFIX=$PREFIX/share/genkernel/overlay + [ -d $OPREFIX/bin ] || mkdir $OPREFIX/bin + [ -x $OPREFIX/bin/staticgpggrid ] || \ + ln $OPREFIX/bin/staticgpggrid $OPREFIX/bin/ || exit 9 +fi + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/tor_bootstrap_check.bash b/roles/toxcore/overlay/Linux/usr/local/bin/tor_bootstrap_check.bash new file mode 100755 index 0000000..a390906 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/tor_bootstrap_check.bash @@ -0,0 +1,6 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +ROLE=toxcore +exec python3.sh /usr/local/lib/helper-scripts/tor_bootstrap_check.py "$@" + diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash b/roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash new file mode 100755 index 0000000..63c6995 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash @@ -0,0 +1,75 @@ +#/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +PYVER=3 +P="BASE_PYTHON${PYVER}_MINOR" +[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)" +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash +PYTHON_EXE=$PYTHON_EXE_MSYS +DESC="" +. /usr/local/src/usr_local_src.bash || exit 1 +SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages +HTTP_DIR=$PREFIX/net/Http + +DIR=tox_profile +MOD=$DIR +GIT_HUB=git.plastiras.org +GIT_USER=emdee +GIT_DIR=$DIR +# tox_profile + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + + if [ ! -d "$DIR" ] ; then + if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then + msys_are_we_connected || exit 0 + [ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \ + mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" + ( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \ + git clone "https://$GIT_HUB/$GIT_USER/$GIT_DIR" ) ||\ + exit 2 + ( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \ + git config user emdee && \ + git config email emdee@ ) + + fi + cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3 + fi + + python$PYVER.sh -c 'import namedlist' || \ + pip$PYVER.sh install namedlist + + cd $DIR || exit 4 + [ -f __init__.py ] || touch __init__.py + +# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 + + exit 0 + +elif [ $1 = 'check' ] ; then # 1* + # "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 + : + +elif [ "$1" = 'lint' ] ; then # 2* + [ -n "$PYVER" ] || return 20 + pylint -E --recursive y || exit 2$? + +elif [ "$1" = 'test' ] ; then # 3* + + cd $PREFIX/src/$DIR/$DIR || exit 32 + $PYTHON_EXE_MSYS tox_savefile_test.bash \ + >> $WD/$DIR/test.log 2>&1 || \ + { ERROR "$MOD code $?" ; cat $WD/$DIR/test.log ; exit 35 ; } + +elif [ "$1" = 'refresh' ] ; then # 6* + cd $PREFIX/src/$DIR || exit 60 + +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash old mode 100644 new mode 100755 index 6bea59a..cc3d9ee --- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash @@ -10,9 +10,19 @@ prog=`basename $0 .bash` PREFIX=/usr/local ROLE=toxcore -. /usr/locaal/etc/testforge/testforge.bash +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash TOXCORE_LOG_DIR=$PREFIX/var/log [ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR +. /usr/local/src/usr_local_src.bash + +TOHOST=files.pythonhosted.org +# mirrors.dotsrc.org + +. /usr/local/bin/proxy_export.bash +PL=/usr/local/bin/proxy_ping_lib.bash +. $PL +PL= MYID=`id -u` [ $MYID -eq 0 ] || WARN $prog should be run as root $MYID @@ -28,50 +38,96 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log #?ols_make_testforge_logs $TOXCORE_LOG_DIR -find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete +[ -d /usr/local/share/doc ] || mkdir -p /usr/local/share/doc +[ -d /var/local/share/doc/txt ] && [ ! -d /usr/local/share/doc/txt ] && \ + mv /var/local/share/doc/txt /usr/local/share/doc/txt && \ + ln -s /usr/local/share/doc/txt /var/local/share/doc/txt +find "$TOXCORE_LOG_DIR"/$ly/ -type f \ + -name W${prog}*.log -o -name E${prog}\*.log -mtime +8 -delete >/dev/null -if virsh list | grep -q Whonix-Gateway ; then - /usr/local/bin/toxcore_libvirt_test_ga.bash +[ -z "$MODE" ] || MODE=`proxy_ping_mode` + +if [ -d /etc/libvirt/qemu ] ; then + elt=qemu + DBUG elt=$elt + # -%d + if ls /var/log/libvirt/qemu/*.log 2>/dev/null >/dev/null ; then + sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | \ + grep -v 'Failed to open SPICE sockets\|Spice: Connection reset by peer' | \ + tee -a $WLOG + fi + + # FixMe missing + [ -x $PREFIX/bin/toxcore_libvirt_test_xml.bash ] && \ + $PREFIX/bin/toxcore_libvirt_test_xml.bash 2>&1 | \ + grep WARN: |tee -a $WLOG + + if which virt-host-validate 2>/dev/null ; then + [ -f $TOXCORE_LOG_DIR/daily/virt-host-validate.log ] || \ + sudo virt-host-validate > $TOXCORE_LOG_DIR/daily/virt-host-validate.log 2>&1 + b=`grep FAIL $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'` + [ $? -eq 0 -a -n "$b" -a $b -gt 0 ] + b=`grep WARN $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'` + [ $? -eq 0 -a -n "$b" -a $b -gt 0 ] && \ + WARN $b WARN in $TOXCORE_LOG_DIR/$ly/virt-host-validate.log $warns | tee -a $WLOG + fi + + if /etc/init.d/libvirtd status ; then +if [ "$MODE" = whonix ] ; then + elt=toxcore_libvirt_test_ga + DBUG $elt + if virsh net-list | grep -q External ; then + /usr/local/bin/toxcore_libvirt_test_ga.bash + fi +fi + virsh list | grep '^ [0-9]' | while read id elt rest ; do + [ $rest = running ] || continue + virsh dumpxml $elt | grep -q org.qemu.guest_agent.0.*connected || \ + WARN org.qemu.guest_agent not connected for $elt |tee -a $WLOG + # + # + done + fi fi -# -%d -if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then - sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG +export SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt" +export SSLTEST_TESTS="testssl nmap" +if route | grep -q def ; then + elt=testforge_ssl_test + DBUG $elt + $PREFIX/bin/testforge_ssl_test.bash -v 3 $TOHOST + retval=$? + if [ $retval -ne 0 ] ; then + ERROR retval=$retval testforge_ssl_test.bash -v 3 $TOHOST|tee -a $ELOG + else + INFO testforge_ssl_test.bash -v 3 $TOHOST + fi fi -# FixMe missing -[ -x $PREFIX/bin/toxcore_libvirt_test_xml.bash ] && \ - $PREFIX/bin/toxcore_libvirt_test_xml.bash 2>&1 | grep WARN: >> $WLOG - -if which virt-host-validate 2>/dev/null ; then - [ -f $TOXCORE_LOG_DIR/daily/virt-host-validate.log ] || \ - sudo virt-host-validate > $TOXCORE_LOG_DIR/daily/virt-host-validate.log 2>&1 - b=`grep FAIL $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'` - [ $? -eq 0 -a -n "$b" -a $b -gt 0 ] - b=`grep WARN $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'` - [ $? -eq 0 -a -n "$b" -a $b -gt 0 ] && \ - WARN $b WARN in $TOXCORE_LOG_DIR/$ly/virt-host-validate.log $warns | tee -a $WLOG +elt=testforge_dirmngr_test +if route | grep -q default ; then + DBUG $elt + $PREFIX/bin/testforge_dirmngr_test.bash + retval=$? + if [ $retval -ne 0 ] ; then + ERROR retval=$retval testforge_dirmngr_test.bash | tee -a $ELOG + else + INFO testforge_dirmngr_test.bash + fi fi -if /etc/init.d/libvirtd status ; then - virsh list | grep '^ [0-9]' | while read id elt rest ; do - [ $rest = running ] || continue - virsh dumpxml $elt | grep org.qemu.guest_agent.0.*connected || \ - WARN org.qemu.guest_agent not connected for $elt |tee -a $WLOG -# -# - done -fi - -warns=`grep -c WARN: "$WLOG"` -[ $warns -ne 0 ] && \ - WARN "$prog $ly $warns warnings in $WLOG" - +if [ -s $ELOG ] ; then errs=`grep -c ERROR: "$ELOG"` [ $errs -ne 0 ] && \ ERROR "$prog $ly $errs errors in $ELOG" && \ exit -$errs +fi +if [ -s $WLOG ] ; then +warns=`grep -c WARN: "$WLOG"` +[ $warns -ne 0 ] && \ + WARN "$prog $ly $warns warnings in $WLOG" +fi [ $warns -eq 0 -a $errs -eq 0 ] && \ ols_clean_testforge_logs $TOXCORE_LOG_DIR && \ diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash index 1c36411..a93b6bb 100755 --- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash @@ -10,7 +10,8 @@ prog=`basename $0 .bash` PREFIX=/usr/local ROLE=toxcore -. /usr/locaal/etc/testforge/testforge.bash +[ -f /usr/local/etc/testforge/testforge.bash ] || \ + . /usr/local/etc/testforge/testforge.bash TOXCORE_LOG_DIR=$PREFIX/var/log [ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR @@ -28,31 +29,39 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log #?ols_make_testforge_logs $TOXCORE_LOG_DIR -find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete -[ -d /var/lib/libvirt/dnsmasq/ ] && \ - sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete +find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log \ + -o -name E${prog}*.log -mtime +1 -delete + +if [ -d /etc/libvirt/qemu ] ; then + elt=qemu + DBUG elt=$elt + [ -d /var/lib/libvirt/dnsmasq/ ] && \ + sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete + + if virsh net-list | grep -q External ; then + /usr/local/bin/toxcore_libvirt_test_ga.bash + fi + + # -%d + if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then + sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG + fi -if virsh list | grep -q Whonix-Gateway ; then - /usr/local/bin/toxcore_libvirt_test_ga.bash fi -# -%d -if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then - sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG +if [ -s $ELOG ] ; then + errs=`grep -c ERROR: "$ELOG"` + [ $errs -ne 0 ] && \ + ERROR "$prog $ly $errs errors in $ELOG" && \ + exit -$errs +fi +if [ -s $WLOG ] ; then + warns=`grep -c WARN: "$WLOG"` + [ $warns -ne 0 ] && \ + WARN "$prog $ly $warns warnings in $WLOG" fi - - -warns=`grep -c WARN: "$WLOG"` -[ $warns -ne 0 ] && \ - WARN "$prog $ly $warns warnings in $WLOG" - -errs=`grep -c ERROR: "$ELOG"` -[ $errs -ne 0 ] && \ - ERROR "$prog $ly $errs errors in $ELOG" && \ - exit -$errs [ $warns -eq 0 -a $errs -eq 0 ] && \ - ols_clean_testforge_logs $TOXCORE_LOG_DIR && \ INFO "No $ly errors in $TOXCORE_LOG_DIR" exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint.bash new file mode 100755 index 0000000..621e01d --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint.bash @@ -0,0 +1,33 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +. /usr/local/bin/usr_local_tput.bash + +ROLE=toxcore +RCFILE=/usr/local/etc/testforge/pylint.rc +[ -n "$PREFIX" ] || PREFIX=/usr/local +[ -n "$PYVER" ] || PYVER=3 +[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh +[ -x "$PYTHON_EXE_MSYS" ] || return 2 + +[ -f . /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash + +[ -z "$PYVER" ] && PYVER=3 +P="BASE_PYTHON${PYVER}_MINOR" +[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)" +[ -z "$PYTHON_MINOR" -a PYVER = 2 ] && BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) +[ -z "$PYTHON_MINOR" -a PYVER = 3 ] && \ + BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) + +declare -a LARGS +LARGS=( --recursive y --verbose --py-version "$PYTHON_MINOR" --output-format colorized ) + +[ -f $RCFILE ] || exit 2 + +LARGS+=( --rcfile $RCFILE ) +export PYTHONPATH=$PWD + +#INFO python3.bash `which pylint` "${LARGS[@]}" "$@" +#/usr/local/bin/python3.sh `which pylint` "${LARGS[@]}" "$@" +exec $PYTHON_EXE_MSYS `which pylint` "${LARGS[@]}" "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint2.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint2.bash new file mode 100755 index 0000000..ecb2cc4 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint2.bash @@ -0,0 +1,16 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +. /usr/local/bin/usr_local_tput.bash + +ROLE=toxcore +RCFILE=/usr/local/etc/testforge/pylint.rc + +[ -n "$PREFIX" ] || PREFIX=/usr/local +[ -n "$PYVER" ] || PYVER=2 +[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh +[ -x "$PYTHON_EXE_MSYS" ] || return 2 +export PYVER +export PREFIX +export PYTHON_EXE_MSYS +exec toxcore_pylint.bash "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint3.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint3.bash new file mode 100755 index 0000000..ecb2cc4 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint3.bash @@ -0,0 +1,16 @@ +#!/bin/bash +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +. /usr/local/bin/usr_local_tput.bash + +ROLE=toxcore +RCFILE=/usr/local/etc/testforge/pylint.rc + +[ -n "$PREFIX" ] || PREFIX=/usr/local +[ -n "$PYVER" ] || PYVER=2 +[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh +[ -x "$PYTHON_EXE_MSYS" ] || return 2 +export PYVER +export PREFIX +export PYTHON_EXE_MSYS +exec toxcore_pylint.bash "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash index 33a6214..4fdf7d3 100755 --- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash @@ -2,14 +2,19 @@ # -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- prog=`basename $0 .bash` -PREFIX=/var/local -. /usr/local/etc/testforge/testforge.bash -ROLE=testforge +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore PYVER=3 P="BASE_PYTHON${PYVER}_MINOR" PYTHON_MINOR="$(eval echo \$$P)" -PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash +P="BASE_PYTHON${PYVER}_MINOR" +PYTHON_MINOR="$(eval echo \$$P)" +[ -n "$PYTHON_MINOR" ] || \ + PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh PYTHON_EXE=$PYTHON_EXE_MSYS # doctest.py @@ -18,5 +23,6 @@ PYTHON_EXE=$PYTHON_EXE_MSYS LOPTS="-o ELLIPSIS --fail-fast" for file in "$@" ; do - /var/local/bin/python$PYVER.bash -m doctest $LOPTS "$file" + [ -f "$file" ] || continue + $PREFIX/bin/python$PYVER.sh -m doctest $LOPTS "$file" done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash new file mode 100644 index 0000000..edc1eec --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash @@ -0,0 +1,56 @@ +#!/bin/bash +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +ROLE=toxcore +PREFIX=/usr/local + +. /usr/local/bin/usr_local_tput.bash +# we install into /usr/local/bin and it takes precedence +# export PATH=$PREFIX/bin:$PATH + +. $PREFIX/src/usr_local_src.bash || exit 2 +[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3 + +if [ "$#" -eq 0 ] ; then + cd $PREFIX/src || exit 2 + WD=$PWD + + bash c-toxcore.bash # || exit 3$? + bash tox_profile.bash # || 4$? +# sh mitogen.bash + # sh toxcore_docker.bash || exit 4$? +# which sdwdate >/dev/null 2>/dev/null || \ +# [ -f $PREFIX/bin/sdwdate.bash ] || \ +# sh sdwdate.bash + + sh gridfire.bash # || exit 6$? + sh pyassuan.bash #|| exit 7$? + sh tinfoilhat.shmoo.com.bash + # sh negotiator.bash + + [ -d testssl.sh ] || \ + sh testssl.bash || exit 9$? + + exit 0 + +elif [ "$1" = 'check' ] ; then + exit 0 + msys_run_checks_pip3 + msys_var_local_src_prog_key check || exit 10$? + exit $? + +elif [ "$1" = 'lint' ] ; then +# ols_run_tests_shellcheck $ROLE || exit 2$? + msys_var_local_src_prog_key $1 || exit 21$? +# ols_run_tests_pylint || exit 22$? + exit 0 + +elif [ "$1" = 'test' ] ; then + exit 0 + msys_var_local_src_prog_key $1 || exit 30$? + msys_check_pips_inst + msys_gentoo_test_imports || exit 32$? + #hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$? + +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/etc/testforge/pylint.rc b/roles/toxcore/overlay/Linux/usr/local/etc/testforge/pylint.rc new file mode 100644 index 0000000..baa68fd --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/etc/testforge/pylint.rc @@ -0,0 +1,375 @@ +# is file was generated by edx-lint: https://github.com/edx/edx-lint +# +# If you want to change this file, you have two choices, depending on whether +# you want to make a local change that applies only to this repo, or whether +# you want to make a central change that applies to all repos using edx-lint. +# +# Note: If your pylintrc file is simply out-of-date relative to the latest +# pylintrc in edx-lint, ensure you have the latest edx-lint installed +# and then follow the steps for a "LOCAL CHANGE". +# +# LOCAL CHANGE: +# +# 1. Edit the local pylintrc_tweaks file to add changes just to this +# repo's file. +# +# 2. Run: +# +# $ edx_lint write pylintrc +# +# 3. This will modify the local file. Submit a pull request to get it +# checked in so that others will benefit. +# +# +# CENTRAL CHANGE: +# +# 1. Edit the pylintrc file in the edx-lint repo at +# https://github.com/edx/edx-lint/blob/master/edx_lint/files/pylintrc +# +# 2. install the updated version of edx-lint (in edx-lint): +# +# $ pip install . +# +# 3. Run (in edx-lint): +# +# $ edx_lint write pylintrc +# +# 4. Make a new version of edx_lint, submit and review a pull request with the +# pylintrc update, and after merging, update the edx-lint version and +# publish the new version. +# +# 5. In your local repo, install the newer version of edx-lint. +# +# 6. Run: +# +# $ edx_lint write pylintrc +# +# 7. This will modify the local file. Submit a pull request to get it +# checked in so that others will benefit. +# +# +# +# +# +# STAY AWAY FROM THIS FILE! +# +# +# +# +# +# SERIOUSLY. +# +# ------------------------------ +# Generated by edx-lint version: 5.2.3 +# ------------------------------ +[MASTER] +ignore = ,input +persistent = yes + +[MESSAGES CONTROL] +enable = + blacklisted-name, +# line-too-long, + + abstract-class-instantiated, + abstract-method, + access-member-before-definition, + anomalous-backslash-in-string, + anomalous-unicode-escape-in-string, + arguments-differ, + assert-on-tuple, + assigning-non-slot, + assignment-from-no-return, + assignment-from-none, + attribute-defined-outside-init, + bad-except-order, + bad-format-character, + bad-format-string-key, + bad-format-string, + bad-open-mode, + bad-reversed-sequence, + bad-staticmethod-argument, + bad-str-strip-call, + bad-super-call, + binary-op-exception, + boolean-datetime, + catching-non-exception, + cell-var-from-loop, + confusing-with-statement, + continue-in-finally, + dangerous-default-value, + duplicate-argument-name, + duplicate-bases, + duplicate-except, + duplicate-key, + expression-not-assigned, + format-combined-specification, + format-needs-mapping, + function-redefined, + global-variable-undefined, + import-error, + import-self, + inconsistent-mro, + inherit-non-class, + init-is-generator, + invalid-all-object, + invalid-format-index, + invalid-length-returned, + invalid-sequence-index, + invalid-slice-index, + invalid-slots-object, + invalid-slots, + invalid-unary-operand-type, + logging-too-few-args, + logging-too-many-args, + logging-unsupported-format, + lost-exception, + method-hidden, + misplaced-bare-raise, + misplaced-future, + missing-format-argument-key, + missing-format-attribute, + missing-format-string-key, + no-member, + no-method-argument, + no-name-in-module, + no-self-argument, + no-value-for-parameter, + non-iterator-returned, + nonexistent-operator, + not-a-mapping, + not-an-iterable, + not-callable, + not-context-manager, + not-in-loop, + pointless-statement, + pointless-string-statement, + raising-bad-type, + raising-non-exception, + redefined-builtin, + redefined-outer-name, + redundant-keyword-arg, + repeated-keyword, + return-arg-in-generator, + return-in-init, + return-outside-function, + signature-differs, + super-init-not-called, + syntax-error, + too-few-format-args, + too-many-format-args, + too-many-function-args, + truncated-format-string, + undefined-all-variable, + undefined-loop-variable, + undefined-variable, + unexpected-keyword-arg, + unexpected-special-method-signature, + unpacking-non-sequence, + unreachable, + unsubscriptable-object, + unsupported-binary-operation, + unsupported-membership-test, + unused-format-string-argument, + unused-format-string-key, + used-before-assignment, + using-constant-test, + yield-outside-function, + + astroid-error, + fatal, + method-check-failed, + parse-error, + raw-checker-failed, + + empty-docstring, + invalid-characters-in-docstring, +# missing-docstring, +# wrong-spelling-in-comment, +# wrong-spelling-in-docstring, + + unused-argument, + unused-import, + unused-variable, + + eval-used, + exec-used, + + bad-classmethod-argument, + bad-mcs-classmethod-argument, + bad-mcs-method-argument, + bare-except, + broad-except, + consider-iterating-dictionary, + consider-using-enumerate, + global-at-module-level, + global-variable-not-assigned, + logging-format-interpolation, +# logging-not-lazy, + multiple-imports, + multiple-statements, + no-classmethod-decorator, + no-staticmethod-decorator, + protected-access, + redundant-unittest-assert, + reimported, + simplifiable-if-statement, + singleton-comparison, + superfluous-parens, + unidiomatic-typecheck, + unnecessary-lambda, + unnecessary-pass, + unnecessary-semicolon, + unneeded-not, + useless-else-on-loop, + + deprecated-method, + deprecated-module, + + too-many-boolean-expressions, + too-many-nested-blocks, + too-many-statements, + +# wildcard-import, +# wrong-import-order, +# wrong-import-position, + + missing-final-newline, + mixed-line-endings, + trailing-newlines, +# trailing-whitespace, + unexpected-line-ending-format, + + bad-inline-option, + bad-option-value, + deprecated-pragma, + unrecognized-inline-option, + useless-suppression, +disable = + bad-indentation, + consider-using-f-string, + duplicate-code, + file-ignored, + fixme, + global-statement, + invalid-name, + locally-disabled, + no-else-return, +## no-self-use, + suppressed-message, + too-few-public-methods, + too-many-ancestors, + too-many-arguments, + too-many-branches, + too-many-instance-attributes, + too-many-lines, + too-many-locals, + too-many-public-methods, + too-many-return-statements, + ungrouped-imports, + unspecified-encoding, + unused-wildcard-import, + use-maxsplit-arg, + + logging-fstring-interpolation, +# new + missing-module-docstring, + missing-class-docstring, + +[REPORTS] +output-format = text +##files-output = no +reports = no +score = no + +[BASIC] +##bad-functions = map,filter,apply,input +module-rgx = (([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ +const-rgx = (([A-Z_][A-Z0-9_]*)|(__.*__)|log|urlpatterns)$ +class-rgx = [A-Z_][a-zA-Z0-9]+$ +function-rgx = ([a-z_][a-z0-9_]{2,40}|test_[a-z0-9_]+)$ +method-rgx = ([a-z_][a-z0-9_]{2,40}|setUp|set[Uu]pClass|tearDown|tear[Dd]ownClass|assert[A-Z]\w*|maxDiff|test_[a-z0-9_]+)$ +attr-rgx = [a-z_][a-z0-9_]{2,30}$ +argument-rgx = [a-z_][a-z0-9_]{2,30}$ +variable-rgx = [a-z_][a-z0-9_]{2,30}$ +class-attribute-rgx = ([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ +inlinevar-rgx = [A-Za-z_][A-Za-z0-9_]*$ +good-names = f,i,j,k,db,ex,Run,_,__ +bad-names = foo,bar,baz,toto,tutu,tata +no-docstring-rgx = __.*__$|test_.+|setUp$|setUpClass$|tearDown$|tearDownClass$|Meta$ +docstring-min-length = 5 + +[FORMAT] +max-line-length = 120 +ignore-long-lines = ^\s*(# )?((?)|(\.\. \w+: .*))$ +single-line-if-stmt = no +##no-space-check = trailing-comma,dict-separator +max-module-lines = 1000 +indent-string = ' ' + +[MISCELLANEOUS] +notes = FIXME,XXX,TODO + +[SIMILARITIES] +min-similarity-lines = 4 +ignore-comments = yes +ignore-docstrings = yes +ignore-imports = no + +[TYPECHECK] +ignore-mixin-members = yes +ignored-classes = SQLObject +unsafe-load-any-extension = yes +generated-members = + REQUEST, + acl_users, + aq_parent, + objects, + DoesNotExist, + can_read, + can_write, + get_url, + size, + content, + status_code, + create, + build, + fields, + tag, + org, + course, + category, + name, + revision, + _meta, + +[VARIABLES] +init-import = no +dummy-variables-rgx = _|dummy|unused|.*_unused +additional-builtins = + +[CLASSES] +defining-attr-methods = __init__,__new__,setUp +valid-classmethod-first-arg = cls +valid-metaclass-classmethod-first-arg = mcs + +[DESIGN] +max-args = 5 +ignored-argument-names = _.* +max-locals = 15 +max-returns = 6 +max-branches = 12 +max-statements = 50 +max-parents = 7 +max-attributes = 7 +min-public-methods = 2 +max-public-methods = 20 + +[IMPORTS] +deprecated-modules = regsub,TERMIOS,Bastion,rexec +import-graph = +ext-import-graph = +int-import-graph = + +[EXCEPTIONS] +overgeneral-exceptions = BaseException diff --git a/roles/toxcore/overlay/Linux/usr/local/src/analyze-ssl.bash b/roles/toxcore/overlay/Linux/usr/local/src/analyze-ssl.bash new file mode 100755 index 0000000..c45ce47 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/analyze-ssl.bash @@ -0,0 +1,50 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +PKG=analyze-ssl.pl +GIT_HUB=github.com +GIT_USER=noxxi +GIT_DIR=p5-ssl-tools +URL=raw.githubusercontent.com//master/$PKG.sh +URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG + +. $PREFIX/src/var_local_src.bash + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + if [ ! -f $PKG ] ; then + + [ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB + if [ -e $PREFIX/net/Http/$URL ] ; then + ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; } + wget -xc -P $PREFIX/net/Http https://$URL + fi + fi + + [ -f $PKG ] || cp -p $PREFIX/net/Http/$URL . + + if [ ! -e $PREFIX/bin/$PKG.bash ] ; then + cat > $PREFIX/bin/$PKG.bash << EOF +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- +ROLE=text +# https://$GIT_HUB/$GIT_USER/$GIT_DIR/ +cd $PREFIX/src/ || exit 1 +exec perl $PKG "\$@" +EOF + chmod 755 $PREFIX/bin/$PKG.bash + fi + + exit 0 + +elif [ "$1" = 'test' ] ; then # 3* + $PREFIX/bin/$PKG.bash --help || exit 30 +fi diff --git a/roles/toxcore/overlay/Linux/usr/local/src/ansible-keepass.bash b/roles/toxcore/overlay/Linux/usr/local/src/ansible-keepass.bash new file mode 100755 index 0000000..1577a67 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/ansible-keepass.bash @@ -0,0 +1,28 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore +[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL + +TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible + +. /var/local/src/var_local_src.bash || exit 2 + +PKG=ansible-keepass +GIT_HUB=github.com +GIT_USER=Nekmo +GIT_DIR=ansible-keepass + +[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \ + mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars + +[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \ + wget $BASE_WGET_ARGS \ + -O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \ + https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \ + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash b/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash index abb3da2..df337e9 100644 --- a/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash @@ -10,8 +10,9 @@ ROLE=toxcore PYVER=3 P="BASE_PYTHON${PYVER}_MINOR" [ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)" -PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.bash +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh PYTHON_EXE=$PYTHON_EXE_MSYS +PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh MOD="pyassuan" DIR="${MOD}" @@ -27,30 +28,29 @@ WD=$PWD if [ "$#" -eq 0 ] ; then -if [ ! -d "$DIR" ] ; then - if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then - [ -d "$PREFIX/net/Git/$GIT_HUB" ] || \ + if [ ! -d "$DIR" ] ; then + if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then + [ -d "$PREFIX/net/Git/$GIT_HUB" ] || \ mkdir "$PREFIX/net/Git/$GIT_HUB" - route|grep ^def || { DEBUG not connected ; exit 0 ; } - (cd "$PREFIX/net/Git/$GIT_HUB" && \ - git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\ + route|grep ^def || { DEBUG not connected ; exit 0 ; } + (cd "$PREFIX/net/Git/$GIT_HUB" && \ + git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\ exit 2 fi - cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \ - exit 3 -fi + cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \ + exit 3 + fi -cd "$DIR" || exit 4 + cd "$DIR" || exit 4 -if [ "$#" -eq 0 ] ; then -# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@' + # ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@' #? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash [ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \ msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; } -# ols_install_python_scripts $BINS + # msys_python_bins $BINS "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 @@ -58,7 +58,7 @@ if [ "$#" -eq 0 ] ; then elif [ $1 = 'check' ] ; then # 1* "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20 -# ols_test_bins + # ols_test_bins exit $? elif [ "$1" = 'test' ] ; then # 3* diff --git a/roles/toxcore/overlay/Linux/usr/local/src/testforge_run_doctest.py b/roles/toxcore/overlay/Linux/usr/local/src/testforge_run_doctest.py new file mode 100644 index 0000000..a3513db --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/testforge_run_doctest.py @@ -0,0 +1,222 @@ +#!/usr/bin/env python +# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*- + +""" +Runs doctests locallly +doctest files are in the tests/ directory. + +Note that when writing new test files, it will be convenient to use the command-line flags to avoid time-consuming reprovisioning or to target particular boxes or tests. +""" + +from __future__ import print_function +from sys import stderr + +import argparse +import doctest +import glob +import re +import subprocess +import sys +import os + +OPTIONS = doctest.ELLIPSIS | doctest.NORMALIZE_WHITESPACE + +# Convenience items for testing. +# We'll pass these as globals to the doctests. + +if os.path.exists('/dev/null'): + DEV_NULL = open('/dev/null', 'w') + EXE='vagrant' +else: + DEV_NULL = open('NUL:', 'w') + EXE='sh /i/bin/vagrant.msys' + +# find all our available boxes +#with open('Vagrantfile', 'r') as f: +# avail_boxes = re.findall(r'^\s+config.vm.define "(.+?)"', f.read(), re.MULTILINE) +# unused because it could be a Ruby variable + +parser = argparse.ArgumentParser(description='Run playbook tests.') +parser.add_argument( + '-f', '--force', + action='store_true', + help="Force tests to proceed if box already exists. Do not destroy box at end of tests." + ) +parser.add_argument( + '-n', '--no-provision', + action='store_true', + help="Skip provisioning." + ) +parser.add_argument( + '-F', '--fail-fast', + action='store_true', + help="REPORT_ONLY_FIRST_FAILURE." + ) +parser.add_argument( + '-o', '--options', + help="" + ) +parser.add_argument( + '--haltonfail', + action='store_true', + help="Stop multibox tests after a fail; leave box running." + ) +parser.add_argument( + '--file', + help="Specify a single doctest file (default tests/*.txt).", + ) +parser.add_argument( + '--box', + help="Specify a particular target box", + action="append", + ) + +args = parser.parse_args() +if args.box: + lBoxes = args.box +else: + # find all our available running boxes + # sed -e 's/ .*//' + try: + s = os.system("vagrant global-status 2>&1| grep running | cut -f 1 -d ' ' ") + except StandardError as e: + print("ERROR: Unable to find any running boxes. Rerun with the --box argument.", file=sys.stderr) + raise + assert s, "ERROR: Unable to find a running box. Rerun with the --box argument." + lBoxes = s.split(' ') + +# mplatform = None +# def get_mplatform(): +# global mplatform +# # Linux-4.14.80-gentoo-x86_64-Intel-R-_Pentium-R-_CPU_N3700_@_1.60GHz-with-gentoo-2.2.1 +# if mplatform is None: +# mplatform = subprocess.check_output( +# """vagrant ssh %s -c 'python -mplatform'""" % box, +# shell=True, +# stderr=DEV_NULL +# ) +# return mplatform + +print (repr(args)) + +def ssh_run(cmd): + """ + Run a command line in a vagrant box via vagrant ssh. + Return the output. + """ + + return subprocess.check_output( + """%s ssh %s -c '%s'""" % (EXE, box, cmd), + shell=True, + stderr=DEV_NULL + ).replace('^@', '') + + +def run(cmd): + """ + Run a command in the host. + Stop the tests with a useful message if it fails. + """ + + if sys.platform.startswith('win'): + p = subprocess.Popen( + cmd, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + else: + p = subprocess.Popen( + cmd, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + close_fds=True + ) + stdout, stderr = p.communicate() + if p.returncode != 0: + print(stdout, file=sys.stderr) + # Stop the doctest + raise KeyboardInterrupt(stderr) + return stdout + +def cut(y, column_nums, sort=False): + """ + returns a list of lines reduced to the chosen column_nums + """ + assert y and len(y) > 0, "Empty string passed to cut" + # + if hasattr(y,'encode'): + s = y.encode('utf-8') + else: + s = y + + lines = s.splitlines() + line_lists = [l.split() for l in lines if l] + rez = ["\t".join([col[col_num] + for col_num in column_nums if col_num < len(col)]) + for col in line_lists] + if sort: + return sorted(rez) + else: + return rez + + +def joined_cut(s, column_nums, sort=False): + return "\n".join(cut(s, column_nums, sort)) + + +for box in lBoxes: + globs = { + 'ssh_run': ssh_run, + 'run': run, + 'cut': cut, + 'joined_cut': joined_cut, + 'skip_provisioning': args.no_provision, + 'no_provisioning': args.no_provision, + 'forcing': args.force, + 'box': box, + } + + if args.fail_fast: + OPTIONS = doctest.REPORT_ONLY_FIRST_FAILURE | OPTIONS + if box and not args.force: + output = subprocess.check_output("%s status %s" % (EXE, box,), shell=True) + if re.search(r"%s\s+not created" % box, output) is None: + print( "Vagrant box already exists. Destroy it or use '-f' to skip this test.", file=sys.stderr) + print ("Use '-f' in combination with '-n' to skip provisioning.", file=sys.stderr) + exit(1) + + if args.file is None: + files = glob.glob('tests/*.txt') + else: + files = [args.file] + + for fn in files: + print ( "%s / %s" % (box, fn) , file=sys.stderr) + + print( '*' * 50 ) + print (box) + print( '*' * 50 ) + print (fn) + print( '*' * 50 ) + try: + failure_count, test_count = doctest.testfile(fn, + module_relative=False, + optionflags=OPTIONS, + globs=globs) + except Exception as e: + sys.stderr.write('\n'.join(sys.path) +'\n') + raise + if args.haltonfail and failure_count > 0: + print ("Test failures occurred. Stopping tests and leaving vagrant box %s running." % box , file=sys.stderr) + exit(1) + + # Clean up our vagrant box. + + if box and not args.force: + print ( "Destroying %s" % box , file=sys.stderr) + run("%s destroy %s -f" % (EXE, box,)) + elif box: + print ( "Vagrant box %s left running." % box, file=sys.stderr) + diff --git a/roles/toxcore/overlay/Linux/usr/local/src/testforge_ss_test.err b/roles/toxcore/overlay/Linux/usr/local/src/testforge_ss_test.err new file mode 100644 index 0000000..d8981e7 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/testforge_ss_test.err @@ -0,0 +1,22 @@ +DBUG pip.sh --disable-pip-version-check --timeout=30 --cache-dir /usr/local/net/ +Cache/Pip --cert /usr/local/etc/ssl/cacert-testforge.pem install --only-binary : +none: --prefix=/usr/local --progress-bar=off namedlist + +Collecting namedlist + +WARNING: Certificate did not match expected hostname: files.pythonhosted.org. +Certificate: {'subject': ((('commonName', 'default.ssl.fastly.net'),), (('organiza +tionName', 'Fastly, Inc.'),), (('localityName', 'San Francisco'),), (('stateOrPr +ovinceName', 'California'),), (('countryName', 'US'),)), 'issuer': ((('countryNa +me', 'BE'),), (('organizationName', 'GlobalSign nv-sa'),), (('commonName', 'Glob +alSign RSA OV SSL CA 2018'),)), 'version': 3, 'serialNumber': '1FE7655920B1BB8AB +A126434', 'notBefore': 'Aug 28 16:54:01 2023 GMT', 'notAfter': 'Sep 28 16:41:01 +2024 GMT', 'subjectAltName': (('DNS', 'default.ssl.fastly.net'), ('DNS', '*.host +s.fastly.net'), ('DNS', '*.fastly.com')), 'OCSP': ('http://ocsp.globalsign.com/g +srsaovsslca2018',), 'caIssuers': ('http://secure.globalsign.com/cacert/gsrsaovss +lca2018.crt',), 'crlDistributionPoints': ('http://crl.globalsign.com/gsrsaovsslc +a2018.crl',)} + +WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) +after connection broken by +'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'default.ssl.fastly.net', '*.hosts.fastly.net', '*.fastly.com'\"))': /packages/5a/fe/2bc087aed738aa3ace8fa1e50e4619eaf33b833e5d060fe214a7ed63c1f6/namedlist-1.8-py2.py3-none-any.whl\ diff --git a/roles/toxcore/overlay/Linux/usr/local/src/testssl.bash b/roles/toxcore/overlay/Linux/usr/local/src/testssl.bash new file mode 100755 index 0000000..7ab3511 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/testssl.bash @@ -0,0 +1,68 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL + +# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher +# https://code.google.com/p/chromium/issues/detail?id=58831 + +DIR=testssl.sh +GITHUB_USER=drwetter +GITHUB_DIR=$DIR + +. $PREFIX/src/var_local_src.bash + +BINS=testssl + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ "$#" -eq 0 ] ; then + [ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR + + for elt in $BINS ; do + file=$PREFIX/bin/$elt.bash + if [ ! -f $file ] ; then + cat > $file << EOF +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +cd $PREFIX/src/$DIR +exec bash testssl.sh "\$@" +EOF + chmod +x $PREFIX/bin/testssl.bash + fi + done + + exit 0 + +elif [ $1 = 'check' ] ; then # 1* + ols_test_bins && exit 0 || exit 1$? + +elif [ $1 = 'lint' ] ; then # 2* + /var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$? + +elif [ "$1" = 'test' ] ; then # 3* + for bin in $BINS ; do + $PREFIX/bin/$bin.bash --help >/dev/null || exit 3$? + done + +elif [ "$1" = 'update' ] ; then # 7* + ols_are_we_connected || exit 0 + cd $PREFIX/src/$DIR || exit 70 + git pull || exit 7$? + + #error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream + #error: 1970 bytes of body are still expected + #fetch-pack: unexpected disconnect while reading sideband packet + #fatal: early EOF + #fatal: fetch-pack: invalid index-pack output + +fi + +# wget -P https://testssl.sh/testssl.sh + +exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/src/tox_profile.bash b/roles/toxcore/overlay/Linux/usr/local/src/tox_profile.bash index 65450e5..63c6995 100755 --- a/roles/toxcore/overlay/Linux/usr/local/src/tox_profile.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/tox_profile.bash @@ -12,7 +12,7 @@ P="BASE_PYTHON${PYVER}_MINOR" PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash PYTHON_EXE=$PYTHON_EXE_MSYS DESC="" -. /var/local/src/var_local_src.bash || exit 1 +. /usr/local/src/usr_local_src.bash || exit 1 SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages HTTP_DIR=$PREFIX/net/Http @@ -30,7 +30,7 @@ if [ "$#" -eq 0 ] ; then if [ ! -d "$DIR" ] ; then if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then - ols_are_we_connected || exit 0 + msys_are_we_connected || exit 0 [ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \ mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \ @@ -44,8 +44,8 @@ if [ "$#" -eq 0 ] ; then cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3 fi - python$PYVER.bash -c 'import namedlist' || \ - pip$PYVER.bash install namedlist + python$PYVER.sh -c 'import namedlist' || \ + pip$PYVER.sh install namedlist cd $DIR || exit 4 [ -f __init__.py ] || touch __init__.py diff --git a/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash index 7580fdc..edc1eec 100644 --- a/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash @@ -6,9 +6,10 @@ ROLE=toxcore PREFIX=/usr/local . /usr/local/bin/usr_local_tput.bash -# we install into /var/local/bin and it takes precedence +# we install into /usr/local/bin and it takes precedence # export PATH=$PREFIX/bin:$PATH -#. /var/local/src/var_local_src.bash || exit 2 + +. $PREFIX/src/usr_local_src.bash || exit 2 [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3 if [ "$#" -eq 0 ] ; then @@ -27,6 +28,9 @@ if [ "$#" -eq 0 ] ; then sh pyassuan.bash #|| exit 7$? sh tinfoilhat.shmoo.com.bash # sh negotiator.bash + + [ -d testssl.sh ] || \ + sh testssl.bash || exit 9$? exit 0 @@ -37,10 +41,10 @@ elif [ "$1" = 'check' ] ; then exit $? elif [ "$1" = 'lint' ] ; then - exit 0 - ols_run_tests_shellcheck $ROLE || exit 2$? +# ols_run_tests_shellcheck $ROLE || exit 2$? msys_var_local_src_prog_key $1 || exit 21$? # ols_run_tests_pylint || exit 22$? + exit 0 elif [ "$1" = 'test' ] ; then exit 0 diff --git a/roles/toxcore/tasks/main.yml b/roles/toxcore/tasks/main.yml index 04e557e..23150fe 100644 --- a/roles/toxcore/tasks/main.yml +++ b/roles/toxcore/tasks/main.yml @@ -167,21 +167,6 @@ # $1 %h $2 %p #? exec connect -4 -S {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}} $(tor-resolve $1 {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}}) $2 -# this should not run as root -# delegate_to: localhost? - no - per test -- name: "usr_local_toxcore.bash" - environment: "{{ shell_proxy_env }}" - shell: | - umask 0002 - sudo -u "{{ BOX_USER_NAME }}" \ - bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \ - {{ 'check' if ansible_check_mode }} - exit 0 - args: - chdir: "{{TOXCORE_USR_LOCAL}}/src" - ignore_errors: true - check_mode: false - - name: "include_tasks toxcore vms as root" include_tasks: file: "{{LOOP_ITEM}}.yml" @@ -272,6 +257,21 @@ - false with_items: "{{ toxcore_services_stopped }}" +# this should not run as root +- name: "usr_local_toxcore.bash" + become_user: "{{ LOOP_USER_F[0] }}" + environment: "{{ shell_proxy_env }}" + shell: | + umask 0002 + sudo -u "{{ BOX_USER_NAME }}" \ + bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \ + {{ 'check' if ansible_check_mode }} + exit 0 + args: + chdir: "{{TOXCORE_USR_LOCAL}}/src" + ignore_errors: true + check_mode: false + - name: run ansible-gentoo_install include_role: name: ansible-gentoo_install diff --git a/roles/toxcore/vars/Gentoo2.yml b/roles/toxcore/vars/Gentoo2.yml index 607ddea..7f5d508 100644 --- a/roles/toxcore/vars/Gentoo2.yml +++ b/roles/toxcore/vars/Gentoo2.yml @@ -36,6 +36,7 @@ toxcore_pkgs_inst: - gpg - python3-yaml - xmlstarlet + - dev-python/pylint # - app-portage/gentoolkit - sys-apps/gptfdisk - app-admin/testdisk @@ -116,7 +117,7 @@ toxcore_pips2_inst: [] # AGI_bootstrap_pips3 toxcore_pips3_inst_guest: - - negotiator-guest + - negotiator_guest toxcore_pips3_inst_host: - pycrypto