[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [ooni-probe/master] Make changes to the updater based on feedback by @bassosimone



commit 45993baf6bf0ae5377dcc9f99d9bf1c19a050b0b
Author: Arturo Filastò <arturo@xxxxxxxxxxx>
Date:   Thu Sep 15 12:41:42 2016 +0200

    Make changes to the updater based on feedback by @bassosimone
---
 MANIFEST.in               |   2 +-
 data/lepidopter-update.py | 385 ++++++++++++++++++++++++++++++++++++++++++++++
 data/updater.py           | 357 ------------------------------------------
 setup.py                  |   2 +-
 4 files changed, 387 insertions(+), 359 deletions(-)

diff --git a/MANIFEST.in b/MANIFEST.in
index 0528d4b..258459e 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -7,7 +7,7 @@ include data/oonireport.1
 include data/ooniresources.1
 include data/ooniprobe.conf.sample
 
-include data/updater.py
+include data/lepidopter-update.py
 
 include ooni/settings.ini
 include ooni/ui/consent-form.md
diff --git a/data/lepidopter-update.py b/data/lepidopter-update.py
new file mode 100755
index 0000000..bdd1cb5
--- /dev/null
+++ b/data/lepidopter-update.py
@@ -0,0 +1,385 @@
+#!/usr/bin/env python2
+"""
+This is the auto-updater script for lepidopter.
+
+It must be run from root and it takes care of downloading the most recent
+updates and doing all the operations needed to perform the update.
+
+To run it expects systemd to be configured.
+
+This script includes a self-installer which can be run via:
+
+python updater.py install
+
+It then expects to be run as a systemd service with:
+
+python updater.py update --watch
+"""
+
+from __future__ import print_function
+
+import os
+import re
+import imp # XPY3 this is deprecated in python3
+import sys
+import time
+import errno
+import shutil
+import getpass
+import logging
+import tempfile
+import argparse
+
+from subprocess import check_output, check_call, CalledProcessError
+
+# The version number of the updater
+__version__ = "1.0.0"
+
+LOG_FORMAT = "%(asctime)s - %(levelname)s - %(message)s"
+# UPDATE_BASE_URL/latest/version must return an integer containing the latest version number
+# UPDATE_BASE_URL/VERSION/update.py must return the update script for VERSION
+# UPDATE_BASE_URL/VERSION/update.py.asc must return a valid GPG signature for update.py
+UPDATE_BASE_URL = "https://github.com/OpenObservatory/lepidopter-update/releases/download/";
+
+CURRENT_VERSION_PATH = "/etc/lepidopter-update/version"
+UPDATER_PATH = "/opt/ooni/lepidopter-update/versions/"
+SCRIPT_INSTALL_PATH = "/opt/ooni/lepidopter-update/updater.py"
+
+SYSTEMD_SCRIPT_PATH = "/etc/systemd/system/lepidopter-update.service"
+SYSTEMD_SCRIPT = """\
+[Unit]
+Description=lepidopter-update service
+
+[Service]
+Type=simple
+ExecStart={0} --log-file /var/log/ooni/lepidopter-update.log update --watch
+TimeoutStartSec=300
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+""".format(SCRIPT_INSTALL_PATH)
+
+PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc"
+PUBLIC_KEY = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - https://gpgtools.org
+
+mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o
+9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4
+35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw
+520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA
+TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/
+7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x
+e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8
+6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI
+6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7
+ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG
+Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB
+tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0
+b3J5Lm9yZz6JAj0EEwEKACcFAlfEAKACGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgID
+AQACHgECF4AACgkQw+zcBCBPnSm6ug//eVOV7RiG8q5ry64TvgeTNfPlVF0R3y3d
+2dUNaWy+4H0ay9UjW/ayxZNnSSreVZY+50pOiqsKWdV5bEgtOZXkDfth8NuCNddo
+CYmVkV/x2Mvmpf3eTBXlXtmFn9j2an3GKSSHFscdfdZsPATUUv+YFyX8LK5K6vq+
+BdNEGpqqHxPEM0wyQm2/f2s0dmjkmPFNZpCGWnuBRpQQD5O2YwFKK316VNdBXvVA
+i9+MA81vLtn40FsOKZ/kDLt65khEdgYTYj8lRXIEWGuWp1iPUuMmEL8dxtlY8K1R
+qU2JbgHHOA7RHnAUqgg0Hjmyg4ZsQ/ZyWi2/3IoLn/7QGeV0HBdiGMFuShSfkFWx
+bNNMuei9FVK4nwXRLcVfAMXv1GtqQU9jTeCYXzxgr81rkEivkdqlZ3Iins+KgWEQ
+SbEEYAXOWp/oheTBOBQvLSZi+2vjMiUeIQHQUDNfhlp3/Mk6RTVLMml6thIY/NyL
+f/vABO5V9oKAdIaFMu/70tYn8PxTqPE0uJ7FwcTa7awp10dkpXXk0tm5ywYsms8l
+CA/vizq7VMiZC9G4JvZqa3vXNBT1yFe+4Ri+fLtdZw9IDgECi5ZdQlp7dx2Rei2i
+S2XkUwWR4Qv3/WzvPDChr25BMlu0Pkb8MbynrxcMs5ODFxOuOiP2kL4YW2Qppo66
+U3Z92swhAIq5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08E
+XS7eTElwDSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wf
+ot85AXqCqrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpK
+sZ094LwkO8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9l
+eaT2pe9Ta48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/c
+qWYG7znx2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBS
+VrcMyNlaft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG
+4qh/n2k508PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/
+ihhY7IpGwUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNr
+HJwUSeLMhRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/
+XgeKSxoiAmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oB
+d5YhABEBAAGJAiUEGAEKAA8FAlfEAKACGwwFCQHhM4AACgkQw+zcBCBPnSn25BAA
+xU7NKi6BokqnloYncvL74fuUpam3LJBwsOkFehuO2D+X9A2blIpbpXtUoWXwRc9V
+Jf7nL/yhMKcOB9m1MHVPtxtN5JzV9p8k2BT04/X6fa09umsJ3hwg/zhXrkGFrMVE
+hfAk6q8a0Y5oJKUOoJhzxqD9ItibxHPkqb+R/GSMfrDIRE0ecfIltDLIRQMlBF1b
+z5WN5Dwv8cikeQrsK6DNvbUUuHAbG8RZYG9QxFdkbehp46bCA8CfINENBzIskckx
+xwlTtVxcDD0Irql7EuIM1bpWdFxBZPlmcDyLrZgCYgSqPOe2mOK9V37jM3fsTqR9
+C9fmr3DDmAm8XrUBL9ORwMTFa6LIUpUoSSzG258h9qPiBySj7b51QbrJ9WXiISsQ
+5X/V8u6Qbp9PJnEUXXfIE9YVspF3+Zrfn0XqqjEND+bWi52cgDvwROSFf4KQnAto
+FdlxHtxlcZgJEFeHLyb370XI4rcNs7zMoD3B06Eyay5oY98w9JFYwrm6bVvNzis7
+CrK2K46QzSUZm1BHTOi0AlnqpYtLaJnMSQCxTmjyRBaJM5DGXs/86y/OYdBcpiYG
+aV0q9EcvDLQnSpa0vlsVM0AfMY+To1RTCMv+TGKMZHHWeV2yUABWK52raBpQHtjs
+7SonBqg04+2E4w1WmZEx1u9QyDXmlaLxnR+YIqilM7g=
+=RbWA
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+
+
+class RequestFailed(Exception):
+    pass
+
+def get_request(url, follow_redirects=True):
+    cmd = ["curl", "-q"]
+    if follow_redirects is True:
+        cmd.append("-L")
+    cmd.append(url)
+
+    tmp_file = tempfile.TemporaryFile()
+
+    try:
+        check_call(cmd, stdout=tmp_file)
+    except CalledProcessError:
+        raise RequestFailed
+
+    tmp_file.seek(0)
+
+    return tmp_file.read()
+
+def get_current_version():
+    if not os.path.exists(CURRENT_VERSION_PATH):
+        return 0
+    with open(CURRENT_VERSION_PATH) as in_file:
+        version = in_file.read()
+    return int(version)
+
+def get_latest_version():
+    version = get_request(UPDATE_BASE_URL + "latest/version")
+    return int(version)
+
+class InvalidSignature(Exception):
+    pass
+
+class InvalidPublicKey(Exception):
+    pass
+
+
+def verify_file(signature_path, file_path, signer_pk_path):
+    tmp_dir = tempfile.mkdtemp()
+    tmp_key = os.path.join(tmp_dir, "signing-key.gpg")
+
+    try:
+        try:
+            check_call(["gpg", "--batch", "--yes", "-o", tmp_key,
+                        "--dearmor", signer_pk_path])
+        except CalledProcessError:
+            raise InvalidPublicKey
+
+        try:
+            output = check_output(["gpg", "--batch", "--status-fd", "1",
+                                   "--no-default-keyring", "--keyring",
+                                   tmp_key, "--trust-model", "always",
+                                   "--verify", signature_path, file_path])
+        except CalledProcessError:
+            raise InvalidSignature
+
+    except Exception as e:
+        raise e
+
+    finally:
+        shutil.rmtree(tmp_dir)
+
+    return output
+
+class UpdateFailed(Exception):
+    pass
+
+def perform_update(version, skip_verification=False):
+    try:
+        updater = get_request(UPDATE_BASE_URL + "{0}/update.py".format(version))
+        updater_path = os.path.join(UPDATER_PATH, "update-{0}.py".format(version))
+    except RequestFailed:
+        logging.error("Failed to download update file")
+        raise UpdateFailed
+
+    if skip_verification is not True:
+        try:
+            updater_sig = get_request(UPDATE_BASE_URL + "{0}/update.py.asc".format(version))
+            updater_sig_path = os.path.join(UPDATER_PATH, "update-{0}.py.asc".format(version))
+        except RequestFailed:
+            logging.error("Failed to download update file")
+            raise UpdateFailed
+
+    with open(updater_path, "w+") as out_file:
+        out_file.write(updater)
+
+    if skip_verification is not True:
+        with open(updater_sig_path, "w+") as out_file:
+            out_file.write(updater_sig)
+
+    if skip_verification is not True:
+        try:
+            verify_file(updater_sig_path, updater_path, PUBLIC_KEY_PATH)
+        except InvalidSignature:
+            logging.error("Found an invalid signature. Bailing")
+            raise UpdateFailed
+
+    updater = imp.load_source('updater_{0}'.format(version),
+                              updater_path)
+
+    try:
+        logging.info("Running install script")
+        if updater.__version__ != str(version):
+            logging.error("There is a version mismatch in the updater file. This could be a sign of a replay attack.")
+            raise UpdateFailed
+        updater.run()
+    except Exception:
+        logging.exception("Failed to run the version update script for version {0}".format(version))
+        raise UpdateFailed
+
+    current_version_dir = os.path.dirname(CURRENT_VERSION_PATH)
+    try:
+        os.makedirs(current_version_dir)
+    except OSError as ose:
+        if ose.errno != errno.EEXIST:
+            raise
+
+    # Update the current version number
+    with open(CURRENT_VERSION_PATH, "w+") as out_file:
+        out_file.write(str(version))
+
+    logging.info("Updated to version {0}".format(version))
+
+def update_to_version(from_version, to_version, skip_verification=False):
+    versions = range(from_version + 1, to_version + 1)
+    for version in versions:
+        try:
+            perform_update(version, skip_verification)
+        except UpdateFailed:
+            logging.error("Failed to update to version {0}".format(version))
+            return
+
+def check_for_update(skip_verification=False):
+    logging.info("Checking for update")
+    current_version = get_current_version()
+    try:
+        latest_version = get_latest_version()
+    except RequestFailed:
+        logging.error("Failed to learn the latest version")
+        return
+
+    if current_version < latest_version:
+        logging.info("Updating {0}->{1}".format(current_version, latest_version))
+        update_to_version(current_version, latest_version, skip_verification)
+    else:
+        logging.info("Already up to date")
+
+class InvalidInterval(Exception):
+    pass
+
+def _get_interval(interval):
+    """
+    Returns the interval in seconds.
+    """
+    seconds = 0
+    INTERVAL_REGEXP = re.compile("(\d+d)?(\d+h)?(\d+m)?")
+    m = INTERVAL_REGEXP.match(interval)
+    days, hours, minutes = m.groups()
+
+    if days is not None:
+        seconds += int(days[:-1]) * 24 * 60 * 60
+    if hours is not None:
+        seconds += int(hours[:-1]) * 60 * 60
+    if minutes is not None:
+        seconds += int(minutes[:-1]) * 60
+
+    if seconds == 0:
+        try:
+            seconds = int(interval)
+        except ValueError:
+            raise InvalidInterval
+    return seconds
+
+
+def update(args):
+    """
+    This command fires the updater.
+    """
+    if args.watch is True:
+        seconds = _get_interval(args.interval)
+        while True:
+            check_for_update(skip_verification=args.skip_verification)
+            time.sleep(seconds)
+    else:
+        check_for_update(skip_verification=args.skip_verification)
+
+
+def install(args):
+    """
+    This command installs the updater.
+    """
+    directories = [
+        UPDATER_PATH,
+        os.path.dirname(CURRENT_VERSION_PATH)
+    ]
+    for path in directories:
+        try:
+            os.makedirs(path)
+        except OSError as ose:
+            if ose.errno != errno.EEXIST:
+                raise
+
+    with open(CURRENT_VERSION_PATH, "w") as out_file:
+        out_file.write("0")
+
+    # Copy myself over to the SCRIPT_INSTALL_PATH
+    shutil.copyfile(__file__, SCRIPT_INSTALL_PATH)
+    os.chmod(SCRIPT_INSTALL_PATH, int('744', 8))
+
+    with open(PUBLIC_KEY_PATH, "w") as out_file:
+        out_file.write(PUBLIC_KEY)
+    os.chmod(PUBLIC_KEY_PATH, int('644', 8))
+
+    with open(SYSTEMD_SCRIPT_PATH, "w") as out_file:
+        out_file.write(SYSTEMD_SCRIPT)
+
+    check_call(["systemctl", "enable", "lepidopter-update"])
+    check_call(["systemctl", "start", "lepidopter-update"])
+
+class InvalidLogLevel(Exception):
+    pass
+
+def _setup_logging(args):
+    log_file = args.log_file
+
+    try:
+        log_level = getattr(logging, args.log_level)
+    except AttributeError:
+        raise InvalidLogLevel()
+
+    logging.basicConfig(filename=log_file, level=log_level, format=LOG_FORMAT)
+
+def _check_user():
+    if getpass.getuser() != 'root':
+        print("ERROR: this script must be run as root!")
+        sys.exit(1)
+
+def main():
+    parser = argparse.ArgumentParser(description="Auto-update system for lepidopter")
+    parser.add_argument('--log-file', help="Specify the path to the logfile")
+    parser.add_argument('--log-level', help="Specify the loglevel (CRITICAL, ERROR, WARNING, INFO, DEBUG)", default="INFO")
+
+    sub_parsers = parser.add_subparsers()
+
+    parser_update = sub_parsers.add_parser('update')
+    parser_update.add_argument('--watch',
+                               action='store_true',
+                               help="Keep watching for changes in version and automatically update when a new version is available")
+    parser_update.add_argument('--interval', default='6h')
+    parser_update.add_argument('--skip-verification',
+                               action='store_true',
+                               help="Skip key verification (DANGER USE ONLY FOR TESTING))")
+    parser_update.set_defaults(func=update)
+
+    parser_install = sub_parsers.add_parser('install')
+    parser_install.set_defaults(func=install)
+
+    args = parser.parse_args()
+    _setup_logging(args)
+    _check_user()
+    args.func(args)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/data/updater.py b/data/updater.py
deleted file mode 100755
index 4cacf3d..0000000
--- a/data/updater.py
+++ /dev/null
@@ -1,357 +0,0 @@
-#!/usr/bin/env python2
-
-from __future__ import print_function
-
-import os
-import re
-import imp # XPY3 this is deprecated in python3
-import time
-import errno
-import shutil
-import logging
-import tempfile
-import argparse
-
-from subprocess import check_output, check_call, CalledProcessError
-
-# UPDATE_BASE_URL/latest/version must return an integer containing the latest version number
-# UPDATE_BASE_URL/VERSION/update.py must return the update script for VERSION
-# UPDATE_BASE_URL/VERSION/update.py.asc must return a valid GPG signature for update.py
-UPDATE_BASE_URL = "https://github.com/OpenObservatory/lepidopter-update/releases/download/";
-
-CURRENT_VERSION_PATH = "/etc/lepidopter-update/version"
-UPDATER_PATH = "/opt/ooni/lepidopter-update/versions/"
-SCRIPT_INSTALL_PATH = "/opt/ooni/lepidopter-update/updater.py"
-
-SYSTEMD_SCRIPT_PATH = "/etc/systemd/system/lepidopter-update.service"
-SYSTEMD_SCRIPT = """\
-[Unit]
-Description=lepidopter-update service
-
-[Service]
-Type=simple
-ExecStart={0} --log-file /var/log/ooni/lepidopter-update.log update --watch
-TimeoutStartSec=300
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-""".format(SCRIPT_INSTALL_PATH)
-
-PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc"
-PUBLIC_KEY = """\
------BEGIN PGP PUBLIC KEY BLOCK-----
-Comment: GPGTools - https://gpgtools.org
-
-mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o
-9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4
-35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw
-520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA
-TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/
-7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x
-e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8
-6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI
-6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7
-ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG
-Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB
-tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0
-b3J5Lm9yZz6JAj0EEwEKACcFAlfEAKACGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgID
-AQACHgECF4AACgkQw+zcBCBPnSm6ug//eVOV7RiG8q5ry64TvgeTNfPlVF0R3y3d
-2dUNaWy+4H0ay9UjW/ayxZNnSSreVZY+50pOiqsKWdV5bEgtOZXkDfth8NuCNddo
-CYmVkV/x2Mvmpf3eTBXlXtmFn9j2an3GKSSHFscdfdZsPATUUv+YFyX8LK5K6vq+
-BdNEGpqqHxPEM0wyQm2/f2s0dmjkmPFNZpCGWnuBRpQQD5O2YwFKK316VNdBXvVA
-i9+MA81vLtn40FsOKZ/kDLt65khEdgYTYj8lRXIEWGuWp1iPUuMmEL8dxtlY8K1R
-qU2JbgHHOA7RHnAUqgg0Hjmyg4ZsQ/ZyWi2/3IoLn/7QGeV0HBdiGMFuShSfkFWx
-bNNMuei9FVK4nwXRLcVfAMXv1GtqQU9jTeCYXzxgr81rkEivkdqlZ3Iins+KgWEQ
-SbEEYAXOWp/oheTBOBQvLSZi+2vjMiUeIQHQUDNfhlp3/Mk6RTVLMml6thIY/NyL
-f/vABO5V9oKAdIaFMu/70tYn8PxTqPE0uJ7FwcTa7awp10dkpXXk0tm5ywYsms8l
-CA/vizq7VMiZC9G4JvZqa3vXNBT1yFe+4Ri+fLtdZw9IDgECi5ZdQlp7dx2Rei2i
-S2XkUwWR4Qv3/WzvPDChr25BMlu0Pkb8MbynrxcMs5ODFxOuOiP2kL4YW2Qppo66
-U3Z92swhAIq5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08E
-XS7eTElwDSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wf
-ot85AXqCqrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpK
-sZ094LwkO8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9l
-eaT2pe9Ta48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/c
-qWYG7znx2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBS
-VrcMyNlaft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG
-4qh/n2k508PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/
-ihhY7IpGwUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNr
-HJwUSeLMhRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/
-XgeKSxoiAmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oB
-d5YhABEBAAGJAiUEGAEKAA8FAlfEAKACGwwFCQHhM4AACgkQw+zcBCBPnSn25BAA
-xU7NKi6BokqnloYncvL74fuUpam3LJBwsOkFehuO2D+X9A2blIpbpXtUoWXwRc9V
-Jf7nL/yhMKcOB9m1MHVPtxtN5JzV9p8k2BT04/X6fa09umsJ3hwg/zhXrkGFrMVE
-hfAk6q8a0Y5oJKUOoJhzxqD9ItibxHPkqb+R/GSMfrDIRE0ecfIltDLIRQMlBF1b
-z5WN5Dwv8cikeQrsK6DNvbUUuHAbG8RZYG9QxFdkbehp46bCA8CfINENBzIskckx
-xwlTtVxcDD0Irql7EuIM1bpWdFxBZPlmcDyLrZgCYgSqPOe2mOK9V37jM3fsTqR9
-C9fmr3DDmAm8XrUBL9ORwMTFa6LIUpUoSSzG258h9qPiBySj7b51QbrJ9WXiISsQ
-5X/V8u6Qbp9PJnEUXXfIE9YVspF3+Zrfn0XqqjEND+bWi52cgDvwROSFf4KQnAto
-FdlxHtxlcZgJEFeHLyb370XI4rcNs7zMoD3B06Eyay5oY98w9JFYwrm6bVvNzis7
-CrK2K46QzSUZm1BHTOi0AlnqpYtLaJnMSQCxTmjyRBaJM5DGXs/86y/OYdBcpiYG
-aV0q9EcvDLQnSpa0vlsVM0AfMY+To1RTCMv+TGKMZHHWeV2yUABWK52raBpQHtjs
-7SonBqg04+2E4w1WmZEx1u9QyDXmlaLxnR+YIqilM7g=
-=RbWA
------END PGP PUBLIC KEY BLOCK-----
-"""
-
-
-class RequestFailed(Exception):
-    pass
-
-def get_request(url, follow_redirects=True):
-    cmd = ["curl", "-q"]
-    if follow_redirects is True:
-        cmd.append("-L")
-    cmd.append(url)
-
-    tmp_file = tempfile.TemporaryFile()
-
-    try:
-        check_call(cmd, stdout=tmp_file)
-    except CalledProcessError:
-        raise RequestFailed
-
-    tmp_file.seek(0)
-
-    return tmp_file.read()
-
-def get_current_version():
-    if not os.path.exists(CURRENT_VERSION_PATH):
-        return 0
-    with open(CURRENT_VERSION_PATH) as in_file:
-        version = in_file.read()
-    return int(version)
-
-def get_latest_version():
-    version = get_request(UPDATE_BASE_URL + "latest/version")
-    return int(version)
-
-class InvalidSignature(Exception):
-    pass
-
-class InvalidPublicKey(Exception):
-    pass
-
-
-def verify_file(signature_path, file_path, signer_pk_path):
-    tmp_dir = tempfile.mkdtemp()
-    tmp_key = os.path.join(tmp_dir, "signing-key.gpg")
-
-    try:
-        try:
-            check_call(["gpg", "--batch", "--yes", "-o", tmp_key,
-                        "--dearmor", signer_pk_path])
-        except CalledProcessError:
-            raise InvalidPublicKey
-
-        try:
-            output = check_output(["gpg", "--batch", "--status-fd", "1",
-                                   "--no-default-keyring", "--keyring",
-                                   tmp_key, "--trust-model", "always",
-                                   "--verify", signature_path, file_path])
-        except CalledProcessError:
-            raise InvalidSignature
-
-    except Exception as e:
-        raise e
-
-    finally:
-        shutil.rmtree(tmp_dir)
-
-    return output
-
-class UpdateFailed(Exception):
-    pass
-
-def perform_update(version, skip_verification=False):
-    try:
-        updater = get_request(UPDATE_BASE_URL + "{0}/update.py".format(version))
-        updater_path = os.path.join(UPDATER_PATH, "update-{0}.py".format(version))
-    except RequestFailed:
-        logging.error("Failed to download update file")
-        raise UpdateFailed
-
-    if skip_verification is not True:
-        try:
-            updater_sig = get_request(UPDATE_BASE_URL + "{0}/update.py.asc".format(version))
-            updater_sig_path = os.path.join(UPDATER_PATH, "update-{0}.py.asc".format(version))
-        except RequestFailed:
-            logging.error("Failed to download update file")
-            raise UpdateFailed
-
-    with open(updater_path, "w+") as out_file:
-        out_file.write(updater)
-
-    if skip_verification is not True:
-        with open(updater_sig_path, "w+") as out_file:
-            out_file.write(updater_sig)
-
-    if skip_verification is not True:
-        try:
-            verify_file(updater_sig_path, updater_path, PUBLIC_KEY_PATH)
-        except InvalidSignature:
-            logging.error("Found an invalid signature. Bailing")
-            raise UpdateFailed
-
-    updater = imp.load_source('updater_{0}'.format(version),
-                              updater_path)
-
-    try:
-        logging.info("Running install script")
-        if updater.__version__ != str(version):
-            logging.error("There is a version mismatch in the updater file. This could be a sign of a replay attack.")
-            raise UpdateFailed
-        updater.run()
-    except Exception:
-        logging.exception("Failed to run the version update script for version {0}".format(version))
-        raise UpdateFailed
-
-    current_version_dir = os.path.dirname(CURRENT_VERSION_PATH)
-    try:
-        os.makedirs(current_version_dir)
-    except OSError as ose:
-        if ose.errno != errno.EEXIST:
-            raise
-
-    # Update the current version number
-    with open(CURRENT_VERSION_PATH, "w+") as out_file:
-        out_file.write(str(version))
-
-    logging.info("Updated to version {0}".format(version))
-
-def update_to_version(from_version, to_version, skip_verification=False):
-    versions = range(from_version + 1, to_version + 1)
-    for version in versions:
-        try:
-            perform_update(version, skip_verification)
-        except UpdateFailed:
-            logging.error("Failed to update to version {0}".format(version))
-            return
-
-def check_for_update(skip_verification=False):
-    logging.info("Checking for update")
-    current_version = get_current_version()
-    try:
-        latest_version = get_latest_version()
-    except RequestFailed:
-        logging.error("Failed to learn the latest version")
-        return
-
-    if current_version < latest_version:
-        logging.info("Updating {0}->{1}".format(current_version, latest_version))
-        update_to_version(current_version, latest_version, skip_verification)
-    else:
-        logging.info("Already up to date")
-
-class InvalidInterval(Exception):
-    pass
-
-def _get_interval(interval):
-    """
-    Returns the interval in seconds.
-    """
-    seconds = 0
-    INTERVAL_REGEXP = re.compile("(\d+d)?(\d+h)?(\d+m)?")
-    m = INTERVAL_REGEXP.match(interval)
-    days, hours, minutes = m.groups()
-
-    if days is not None:
-        seconds += int(days[:-1]) * 24 * 60 * 60
-    if hours is not None:
-        seconds += int(hours[:-1]) * 60 * 60
-    if minutes is not None:
-        seconds += int(minutes[:-1]) * 60
-
-    if seconds == 0:
-        try:
-            seconds = int(interval)
-        except ValueError:
-            raise InvalidInterval
-    return seconds
-
-
-def update(args):
-    """
-    This command fires the updater.
-    """
-    if args.watch is True:
-        seconds = _get_interval(args.interval)
-        while True:
-            check_for_update(skip_verification=args.skip_verification)
-            time.sleep(seconds)
-    else:
-        check_for_update(skip_verification=args.skip_verification)
-
-
-def install(args):
-    """
-    This command installs the updater.
-    """
-    directories = [
-        UPDATER_PATH,
-        os.path.dirname(CURRENT_VERSION_PATH)
-    ]
-    for path in directories:
-        try:
-            os.makedirs(path)
-        except OSError as ose:
-            if ose.errno != errno.EEXIST:
-                raise
-
-    with open(CURRENT_VERSION_PATH, "w") as out_file:
-        out_file.write("0")
-
-    # Copy myself over to the SCRIPT_INSTALL_PATH
-    shutil.copyfile(__file__, SCRIPT_INSTALL_PATH)
-    os.chmod(SCRIPT_INSTALL_PATH, int('744', 8))
-
-    with open(PUBLIC_KEY_PATH, "w") as out_file:
-        out_file.write(PUBLIC_KEY)
-    os.chmod(PUBLIC_KEY_PATH, int('644', 8))
-
-    with open(SYSTEMD_SCRIPT_PATH, "w") as out_file:
-        out_file.write(SYSTEMD_SCRIPT)
-
-    check_call(["systemctl", "enable", "lepidopter-update"])
-    check_call(["systemctl", "start", "lepidopter-update"])
-
-class InvalidLogLevel(Exception):
-    pass
-
-def _setup_logging(args):
-    log_file = args.log_file
-
-    try:
-        log_level = getattr(logging, args.log_level)
-    except AttributeError:
-        raise InvalidLogLevel()
-
-    logging.basicConfig(filename=log_file, level=log_level)
-
-def main():
-    parser = argparse.ArgumentParser(description="Auto-update system for lepidopter")
-    parser.add_argument('--log-file', help="Specify the path to the logfile")
-    parser.add_argument('--log-level', help="Specify the loglevel (CRITICAL, ERROR, WARNING, INFO, DEBUG)", default="INFO")
-
-    sub_parsers = parser.add_subparsers()
-
-    parser_update = sub_parsers.add_parser('update')
-    parser_update.add_argument('--watch',
-                               action='store_true',
-                               help="Keep watching for changes in version and automatically update when a new version is available")
-    parser_update.add_argument('--interval', default='6h')
-    parser_update.add_argument('--skip-verification',
-                               action='store_true',
-                               help="Skip key verification (DANGER USE ONLY FOR TESTING))")
-    parser_update.set_defaults(func=update)
-
-    parser_install = sub_parsers.add_parser('install')
-    parser_install.set_defaults(func=install)
-
-    args = parser.parse_args()
-    _setup_logging(args)
-    args.func(args)
-
-
-if __name__ == "__main__":
-    main()
diff --git a/setup.py b/setup.py
index e6031c6..4acbe77 100644
--- a/setup.py
+++ b/setup.py
@@ -145,7 +145,7 @@ def is_updater_installed():
 
 
 def install_lepidopter_update():
-    check_call(["data/updater.py", "install"])
+    check_call(["data/lepidopter-update.py", "install"])
 
 
 def mkdir_p(path):



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits