HEX

File: //usr/libexec/kcare/python/kcarectl/__pycache__/fetch.cpython-312.pyc
�

p��g���t�ddlZddlZddlZddlmZddlmZddlmZddlmZddlmZddlm	Z	dd	lm
Z
ddlZe
je
jgZd
ZdZdZdd
�Zd�Zd�Zej*e	j,e	j.�dd��dd��ZGd�de�Zej6d��Zd�Zy)�N�)�utils)�auth)�selinux)�
http_utils)�config)�errors)�	constantsz/usr/bin/gpgz/var/lib/kcare/gpgzrelease.content.jsonc�B�tj}|rtj}tj
r
tddd�}nt}|D]}	|||z�}n|z}tj|�|S#tj$r}||dk(r|�Yd}~�Qd}~wwxYw)N���)r�urlopenr�urlopen_authr�FORCE_JSON_SIG_V3�SIG_VERIFY_ORDERr	�NotFoundr�save_to_file)	�url�dst�do_auth�
urlopen_local�sig_exts�sig_ext�	signature�nf�sig_dsts	         �+/usr/libexec/kcare/python/kcarectl/fetch.py�fetch_signaturers����&�&�M���)�)�
�
���#�D�b�D�)��#�����	�%�c�G�m�4�I����G�m�G�	���y�'�*��N��
���	��(�2�,�&���'��	�s�A7�7B�

B�Bc��tjjt�s(t	j
dj
t���y)Nz$No {0} present. Please install gnupg)�os�path�isfile�GPG_BINr	�
KcareError�format��r�
check_gpg_binr'0s4��
�7�7�>�>�'�"���� F� M� M�g� V�W�W�#r&c	��t�|jtj�r=tj
j
td�}	tj|||�yt|d�5}|j!�}ddd�tj
j
td�}	tj"||�y#tj$r3}tjdj|t|����d}~wwxYw#1swY��xYw#t$$r3}tjdj|t|����d}~wwxYw)a8
    Check a file signature using the gpg tool.
    If signature is wrong BadSignatureException will be raised.

    :param file_path: path to file which signature will be checked
    :param signature: a file with the signature
    :return: True in case of valid signature
    :raises: BadSignatureException
    zroot-keys.jsonzBad Signature: {0}: {1}N�rbz
kcare_pub.key)r'�endswithr
�SIG_JSONrr �join�GPG_KEY_DIR�kcsig_verify�verify�Errorr	�BadSignatureExceptionr$�str�open�read�run_gpg_verify�	Exception)�	file_pathr�	root_keys�e�f�sigdata�keyrings       r�check_gpg_signaturer=5s!���O����)�,�,�-��G�G�L�L��.>�?�	�	d����	�9�i�@��)�T�
"�	�a��f�f�h�G�	��'�'�,�,�{�O�<��	d��'�'���G�D���!�!�	d��.�.�/H�/O�/O�PY�[^�_`�[a�/b�c�c��	d��	�	���	d��.�.�/H�/O�/O�PY�[^�_`�[a�/b�c�c��	d�s<�C	�3D�1D�	D�.D
�
D�D�	E�'.E�E�)�count�delayc��tj|�}tj|�}t	j
||�|r|j
||�n|rt||d��}t||�tj||�|S)NT)r)rrr�selinux_safe_tmpnamerr�checkrr=r�rename)rr�check_signature�hash_checker�response�tmprs       r�	fetch_urlrITss��� � ��%�H�
�
&�
&�s�
+�C�	���x��%�����3��$�	�#�C��d�;�	��C��+��I�I�c�3���Or&c��eZdZd�Zd�Zy)�HashCheckerc���||_tj|�jd�dz|_tjtj|��d|_y)N�/�files)	�content_filer�get_patch_server_url�rstrip�
url_prefix�json�loads�	read_file�hashes)�self�baseurlrOs   r�__init__zHashChecker.__init__esJ��(����4�4�W�=�D�D�S�I�C�O����j�j�����!>�?��H��r&c��|t|j�d}||jvr/tjdj||j���tjtj|��j�}|j|d}||k7r&tjdj|||���y)Nz3Invalid checksum: {0} not found in content file {1}�sha256z<Invalid checksum: {0} has invalid checksum {1}, expected {2})
�lenrRrVr	r#r$rO�hashlibr[r�
read_file_bin�	hexdigestr1)rWr�fname�cfname�hsh�expected_hshs      rrCzHashChecker.checkjs����S����)�+�,������$��#�#�$Y�$`�$`�ag�im�iz�iz�${�|�|��n�n�U�0�0��7�8�B�B�D���{�{�6�*�8�4���,���.�.�N�U�U�V[�]`�bn�o��
�r&N)�__name__�
__module__�__qualname__rYrCr%r&rrKrKds
��I�
r&rKc��tjsy|jsy|jt�}t
jj|�s>	ttj|jt�|tj�t|j|�S#tj$rYywxYw)N)r�USE_CONTENT_FILE_V3rX�
cache_path�CONTENT_FILErr �existsrIrrP�
USE_SIGNATUREr	rrK)�levelrs  r�get_hash_checkerrnxs����%�%���=�=��
�
�
�<�
(�C�
�7�7�>�>�#��	��e�0�0�����M�s�TZ�Th�Th�i��u�}�}�c�*�*�����	��	�s�=B'�'B=�<B=c����fd�}|S)z=Enrish request with a cache key, and save it if responce had.c�*��tj�}|�d|vri|d<||dtj<�|i|��}|jjtj�}|�)||k7r$tjtj|�|S)N�headers)r�
get_cache_keyr
�CACHE_KEY_HEADERrq�get�atomic_write�CACHE_KEY_DUMP_PATH)�args�kwargs�	cache_key�resp�
new_cache_key�clbls     �r�wrapperz$wrap_with_cache_key.<locals>.wrapper�s�����'�'�)�	�� ���&�$&��y�!�<E�F�9��i�8�8�9��T�$�V�$�����(�(��)C�)C�D�
��$��)�)C����y�<�<�m�L��r&r%)r|r}s` r�wrap_with_cache_keyr~�s���
��Nr&)F)FN)rrSr]�rrrrrr	r
r.�SIGr+rr"r-rjrr'r=�retry�	check_excr1rI�objectrK�cachedrnr~r%r&r�<module>r�s���

������������M�M�9�#5�#5�6��
��"��%���,X�
d�>
����
�V�
�
�f�:�:�
;�1�A�N��O���&��(���+��+�r&