brepo
/
mock-gui
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sign part 2

Browse Source
master
alexey 2 weeks ago
parent c6a89e7be1
commit e6d3a90231
17 changed files with 485 additions and 12 deletions
Show Stats Download Patch File Download Diff File

99
app.rb
Unescape View File

@ -1246,18 +1246,113 @@ get "/prjsign/:id" do
if prj_info.nil?
print_error_page(503, "Путь к проектам не существует")
else
gpgKeys = RepoManagerKeys.new(cgf.get_keys_path)
gpgKeys = RepoManagerKeys.new(cfg.get_keys_path)
if gpgKeys.check_key_exists
@page_name = "Подписать проект #{prj_info[:projname]} "
@pass_exists = gpgKeys.check_password_exists
@page_name = "Подписать проект #{prj_info[:projname]}"
@proj_name = prj_info[:projname]
@proj_id = params["id"]
erb :signconfirm
else
@page_name = "Ошибка подписания проекта #{prj_info[:projname]}"
erb :gpgerror
end
end
end
end
post "/prjsign/:id" do
prj = ProjectsActions.new(cfg.get_projects_path, db)
if prj.path.nil?
print_error_page(503, "Путь к проектам не существует")
else
prj_info = prj.get_project(params["id"])
if prj_info.nil?
print_error_page(503, "Путь к проектам не существует")
else
if params["cancel"].nil? && params["sign"] == "sign"
err = prj.sign_project(params["id"], cfg.get_keys_path, params["password"], "/prjsignview/#{prj_info["id"]}", cfg.get_repoview_path)
unless err.nil?
session[:prj_modal_info] = "Ошибка добавления подписи пакетов проекта"
session[:prj_modal_text] = err
end
end
redirect "/prjedit/#{params["id"]}"
end
end
end
get "/prjremoteaddr/:id" do
prj = ProjectsActions.new(cfg.get_projects_path, db)
if prj.path.nil?
print_error_page(503, "Путь к проектам не существует")
else
prj_info = prj.get_project(params["id"])
if prj_info.nil?
print_error_page(503, "Путь к проектам не существует")
else
@page_name = "Подписать проект #{prj_info[:projname]}"
@proj_name = prj_info[:projname]
@proj_id = params["id"]
@addres = prj_info[:remote_address]
erb :prjremote
end
end
end
post "/prjremoteaddr/:id" do
prj = ProjectsActions.new(cfg.get_projects_path, db)
if prj.path.nil?
print_error_page(503, "Путь к проектам не существует")
else
prj_info = prj.get_project(params["id"])
if prj_info.nil?
print_error_page(503, "Путь к проектам не существует")
else
if params["cancel"].nil? && params["addr"] == "addr"
err = prj.set_address(params["id"], params["address"])
unless err.nil?
session[:prj_modal_info] = "Ошибка установки адреса проекта"
session[:prj_modal_text] = err
end
end
if params["cancel"].nil? && params["reset"] == "reset"
err = prj.set_address(params["id"], "")
unless err.nil?
session[:prj_modal_info] = "Ошибка установки адреса проекта"
session[:prj_modal_text] = err
end
end
redirect "/prjedit/#{params["id"]}"
end
end
end
get "/prjsignview/:id" do
prj = ProjectsActions.new(cfg.get_projects_path, db)
if prj.path.nil?
print_error_page(503, "Путь к проектам не существует")
else
prj_info = prj.get_project(params["id"])
if prj_info.nil?
print_error_page(503, "Путь к проектам не существует")
else
gpgKeys = RepoManagerKeys.new(cfg.get_keys_path)
if gpgKeys.check_key_exists
sign_path = prj.get_sign_path(params["id"])
send_file File.join(sign_path, "index.html")
else
@page_name = "Ошибка подписания проекта #{prj_info[:projname]}"
erb :gpgerror
end
end
end
end
get "/prjsignview/:id/*" do
"test"
end
not_found do
status 404
@page_name = "Кто-то потерялся"

8
classes/config.rb
Unescape View File

@ -90,4 +90,12 @@ class IniConfig
"keys"
end
end
def get_repoview_path()
unless @config["repoview"]["path"].nil?
@config["repoview"]["path"].to_s
else
"repoview"
end
end
end

14
classes/db.rb
Unescape View File

@ -235,7 +235,7 @@ class DBase
#result = 0 (in progress), 1 (stopped - error), 2 (stopped - success)
def create_build_task(prj_id, git_id, proj_path)
id = BuildTask.insert(repo_id: git_id.to_i, proj_id: prj_id.to_i, signpath: "", logpath: "", errlogpath: "", result: 0)
id = BuildTask.insert(repo_id: git_id.to_i, proj_id: prj_id.to_i, logpath: "", errlogpath: "", result: 0)
@last_id = id
BuildTask.where(id: id).update(logpath: File.join(proj_path, "#{id}"), errlogpath: File.join(proj_path, "#{id}", "process.log"))
end
@ -359,4 +359,16 @@ class DBase
def projects_with_current_as_link(prj_id)
ProjectsProjects.where(proj_id_repository: prj_id.to_i).all
end
def get_rpm_info_by_hash(hash)
Rpms.where(filehash: hash).first
end
def update_rpm_sign(rpm_id, sign_path)
Rpms.where(id: rpm_id.to_i).update(sign: 1, signpath: sign_path)
end
def set_project_address(prj_id, address)
ProjectsProjects.where(proj_id: prj_id.to_i).update(remote_address: address)
end
end

83
classes/projects.rb
Unescape View File

@ -3,6 +3,7 @@ require_relative "db"
require_relative "repomanage"
require_relative "mock"
require_relative "utilities"
require "digest"
PROJECTS_STRUCTURE = {
:REPO => "repo",
@ -371,4 +372,86 @@ class ProjectsActions
end
@error
end
def sign_project(prj_id, key_path, password, url, tpl_dir)
@error = nil
proj_path = get_project_path(prj_id)
sign_repo_path = File.join(proj_path, PROJECTS_STRUCTURE[:SIGNED])
repo_path = File.join(proj_path, PROJECTS_STRUCTURE[:REPO])
repo_sign = RepoManager.new(sign_repo_path)
repo_key = RepoManagerKeys.new(key_path)
if password.nil?
password = repo_key.check_password_exists
end
if password.nil?
@error = "Не указан пароль для подписи"
else
repo_lock = File.join(proj_path, PROJECTS_STRUCTURE[:CONFIGS], ".repolock")
sign_lock = File.join(proj_path, PROJECTS_STRUCTURE[:CONFIGS], ".signlock")
prj = @db.proj(prj_id)
if repo_key.check_key_exists
File.open(sign_lock, File::RDWR | File::CREAT) do |s|
s.flock(File::LOCK_EX)
File.open(repo_lock, File::RDWR | File::CREAT) do |f|
f.flock(File::LOCK_EX)
rpm_list = get_rpms_list(repo_path)
if prj[:public] == 0
rpm_list = rpm_list.reject do |item|
block = false
block = true if item =~ /\.src\.rpm$/ || item =~ /SRPMS/ || item =~ /Debug/ || item =~ /(debuginfo.+rpm$)|(debugsource.+rpm$)/
block
end
end
rpm_signed_list = get_rpms_list(sign_repo_path)
rpm_list = rpm_list.select do |item|
sign_repo_path_rpm = File.join(sign_repo_path, item)
unless File.exist?(sign_repo_path_rpm)
file_path_full = File.join(repo_path, item)
unless File.exist?(File.dirname(sign_repo_path_rpm))
FileUtils.mkdir_p(File.dirname(sign_repo_path_rpm))
end
FileUtils.cp_r(file_path_full, File.dirname(sign_repo_path_rpm), verbose: false, remove_destination: false)
sha256 = Digest::SHA256.file(file_path_full)
rpm_info = @db.get_rpm_info_by_hash(sha256.hexdigest)
unless rpm_info.nil?
@db.update_rpm_sign(rpm_info[:id], sign_repo_path_rpm)
end
repo_key.sign_package(sign_repo_path_rpm, password)
end
end
repo_url = "http://localhost/"
if prj[:remote_address].nil? || prj[:remote_address].strip == ""
repo_url = url
else
repo_url = prj[:remote_address]
end
if repo_url[-1] != "/"
repo_url = repo_url + "/"
end
repo_sign.repoview(repo_url, prj[:projname], tpl_dir)
repo_sign.create_repo
end
end
else
@error = "Ключ для подписи отсутствует"
end
end
@error
end
def set_address(prj_id, address)
@error = nil
if address.nil?
address = ""
else
address = address.strip
end
@db.set_project_address(prj_id, address)
@error
end
def get_sign_path(id)
path = get_project_path(id)
File.join(path, PROJECTS_STRUCTURE[:SIGNED])
end
end

76
classes/repomanage.rb
Unescape View File

@ -3,6 +3,9 @@ $LOAD_PATH.unshift File.expand_path(".", "locallibs/ruby-rpm-ffi/lib")
require "rpm"
require_relative "runner"
require "ptools"
require "fileutils"
require "erb"
class RPMReader
def get_rpm_info(path_to_rpm)
@ -29,9 +32,29 @@ class RepoManagerKeys
key_file = File.join(@path, "public", "mockgui-gpg-key")
File.exist?(key_file)
end
end
#rpm --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase 1234" --addsign bayrepo-neuro-farm-0.1-2.x86_64.rpm
def check_password_exists()
passwd = nil
passwd_file = File.join(@path, "save")
if File.exist?(passwd_file)
unless File.binary?(passwd_file)
passwd = File.readlines(passwd_file).first.strip
end
end
passwd
end
def get_publick_key()
File.join(@path, "public", "mockgui-gpg-key")
end
def sign_package(rpm_path, password)
cmd_args = %Q(/usr/bin/rpm --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase #{password}" --addsign "#{rpm_path}" 2>/dev/null)
cmd = Runner.new(cmd_args)
cmd.run
cmd.exit_status
end
end
class RepoManager
attr :path, :error, :last_status, :last_pid
@ -60,4 +83,53 @@ class RepoManager
def get_rpm_info(path_to_rpm)
@reader.get_rpm_info(path_to_rpm)
end
def repoview(url, repo_name, template_dir)
rpm_list = get_rpms_list(@path)
result = {}
rpm_list.each do |item|
full_rpm_path = File.join(@path, item)
info = @reader.get_rpm_info(full_rpm_path)
dirName = File.dirname(item)
fileName = File.basename(item)
if result[dirName].nil?
result[dirName] = []
end
pkg_info = {}
pkg_info[:fname] = fileName
pkg_info[:stat] = File.stat(full_rpm_path).ctime
if info[:error].nil?
pkg_info[:chlog] = info[:pkginfo].changelog.first(5)
else
pkg_info[:chlog] = []
end
result[dirName] << pkg_info
end
repo_name = repo_name
repo_url = url
pkg_num = rpm_list.length
repo_data = []
data_keys = []
result.each_pair do |key, value|
result[key.to_s].sort_by! { |item| item[:fname] }
data_keys << key.to_s
end
data_keys.sort!
data_keys.each do |item|
repo_data << result[item]
end
tpl_file = File.join(template_dir, "template.erb")
template = File.read(tpl_file)
renderer = ERB.new(template)
result_html = renderer.result(binding)
boots_trap_css = File.join(template_dir, "bootstrap.min.css")
boots_trap_js = File.join(template_dir, "bootstrap.bundle.min.js")
index_html = File.join(@path, "index.html")
File.open(index_html, "w") do |f|
f.write(result_html)
end
FileUtils.cp_r(boots_trap_css, @path, verbose: false, remove_destination: true)
FileUtils.cp_r(boots_trap_js, @path, verbose: false, remove_destination: true)
end
end

4
classes/utilities.rb
Unescape View File

@ -50,3 +50,7 @@ end
def get_log_paths_success(directory)
Dir.glob(File.join(directory, "**", "*")).reject { |f| File.directory?(f) }.select { |f| File.extname(f) == ".log" }.reject { |f| File.basename(f) == "process.log" }
end
def get_rpms_list(directory)
Dir.glob(File.join(directory, "**", "*.rpm")).reject { |f| File.directory?(f) || f =~ /repodata\// }.map { |f| f.delete_prefix(directory + "/") }
end

5
config.ini
Unescape View File

@ -20,4 +20,7 @@ selected=msvsphere
items_per_page = 30
[sign]
path = "keys"
path = "keys"
[repoview]
path = "repoview"

3
db/migrations/202502150000000_create.rb
Unescape View File

@ -15,6 +15,8 @@ Sequel.migration do
String :projname
String :descr, text: true
Integer :public
String :remote_address, text: true
String :remote_command, text: true
Datetime :create_at, default: Sequel.lit("CURRENT_TIMESTAMP")
end
@ -53,7 +55,6 @@ Sequel.migration do
foreign_key :repo_id, :repos, :key => :id
foreign_key :proj_id, :projects, :key => :id
Datetime :create_at, default: Sequel.lit("CURRENT_TIMESTAMP")
String :signpath, text: true
String :logpath, text: true
Integer :result
String :errlogpath, text: true

1
keys/save
Unescape View File

@ -0,0 +1 @@
1234

7
repoview/bootstrap.bundle.min.js vendored
View File

File diff suppressed because one or more lines are too long

6
repoview/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

76
repoview/template.erb
Unescape View File

@ -0,0 +1,76 @@
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<title>
Список достпуных в репозитории пакетов
</title>
<link rel="stylesheet" href="bootstrap.min.css">
</head>
<body>
<div class="container p-3">
<p>Для подключения репозитория в своей системе используейте команду</p>
<div class="alert alert-warning" role="alert">
<pre>
echo -e "[<%= repo_name %>]
name=msvsphere9 repo on repo.brepo.ru
baseurl=<%= repo_url %>
enabled=1
gpgkey=<%= repo_url %><%= repo_name %>-gpg-key
gpgcheck=1" > /etc/yum.repos.d/<%= repo_name %>.repo
</pre>
</div>
</div>
<div class="container p-3">
<div class="card border-warning mb-3">
<div class="card-header">Список доступных в репозитории пакетов</div>
<div class="card-body">
<h5 class="card-title text-danger-emphasis">Всего пакетов <%= pkg_num %></h5>
<div class="accordion" id="dirInfo">
<% repo_data.each_with_index do |item, index| %>
<div class="accordion-item">
<h2 class="accordion-header">
<button class="accordion-button collapsed" type="button" data-bs-toggle="collapse"
data-bs-target="#id<%= index %>" aria-expanded="false" aria-controls="id<%= index %>">
SRPMS
</button>
</h2>
<div id="id<%= index %>" class="accordion-collapse collapse" data-bs-parent="#dirInfo">
<div class="accordion-body">
<div class="accordion accordion-flush" id="rpmInfo">
<% item.each_with_index do |idata, jndex| %>
<div class="accordion-item">
<h2 class="accordion-header">
<button class="accordion-button collapsed" type="button"
data-bs-toggle="collapse" data-bs-target="#rid<%= jndex %>" aria-expanded="false"
aria-controls="rid<%= jndex %>">
<%= idata[:fname] %> (<%= idata[:stat]%>)
</button>
</h2>
<div id="rid<%= jndex %>" class="accordion-collapse collapse" data-bs-parent="#rpmInfo">
<div class="accordion-body">
<ul class="list-group list-group-flush">
<% idata[:chlog].each do |chlg| %>
<li class="list-group-item list-group-item-warning"> - <%= chlg.text %> </li>
<% end %>
</ul>
</div>
</div>
</div>
<% end %>
</div>
</div>
</div>
</div>
<% end %>
</div>
</div>
</div>
</div>
<script src="bootstrap.bundle.min.js"></script>
</body>
</html>

59
views/gpgerror.erb
Unescape View File

@ -1,3 +1,60 @@
<%= erb :header %>
<div class="container">
<h2 class="text-bg-danger text-center rounded-3 mb-3">Отсуствуют ключи для подписи</h2>
<p class="text-danger">Важный момент - сохраните файл ~/.rpmmacros, т.к. он будет перезаписан командой <span
class="text-success">install-key</span></p>
<p>Для создания ключа, необходимо запустить скрипт <span class="text-success">install-key</span> из каталога
gen-scripts</p>
<div class="card">
<div class="card-header">
Параметры запуска скрипта
</div>
<div class="card-body">
<blockquote class="blockquote mb-0">
<p class="font-monospace">bash install-key UserName Email TimeToExpireInSecondsFromCurrentTime
PhassPhrase</p>
<footer class="blockquote-footer">
<p>Где:</p>
<ul>
<li>UserName - имя вадельца ключа</li>
<li>Email - почта владельца ключа</li>
<li>TimeToExpireInSecondsFromCurrentTime - время в секундах до истечения срока давности
ключа</li>
<li>PhassPhrase - пароль для ключа</li>
</ul>
</footer>
</blockquote>
</div>
</div>
<p>После генерации ключа пароль будет сохранен:</p>
<div class="card text-bg-light mb-3">
<div class="card-header">Сохранение пароля в файл (да, небезопасно, но пока так) в каталог keys</div>
<div class="card-body">
<h5 class="card-title">каталог keys/save</h5>
<p class="card-text">Храните файл как зеницу ока!</p>
</div>
</div>
<p>Примеры генерации ключа:</p>
<div class="card text-bg-light mb-3">
<div class="card-header">Создание ключа на один год</div>
<div class="card-body">
<h5 class="card-title">В сеундах: 366 * 24 * 60 * 60 = 31622400</h5>
<p class="card-text">./install-key RpmKeeper rpmkeeper@test.example.ru 31622400 12345678</p>
</div>
</div>
<div class="card text-bg-light mb-3">
<div class="card-header">Создание ключа на 10 лет</div>
<div class="card-body">
<h5 class="card-title">В сеундах: 366 * 10 * 24 * 60 * 60 = 316224000</h5>
<p class="card-text">./install-key RpmKeeper rpmkeeper@test.example.ru 316224000 12345678</p>
</div>
</div>
<div class="card text-bg-light mb-3">
<div class="card-header">Создание ключа на 5 лет</div>
<div class="card-body">
<h5 class="card-title">В сеундах: 366 * 5 * 24 * 60 * 60 = 1581120000</h5>
<p class="card-text">./install-key RpmKeeper rpmkeeper@test.example.ru 158112000 12345678</p>
</div>
</div>
</div>
<%= erb :footer %>

7
views/prjinfo.erb
Unescape View File

@ -46,9 +46,10 @@
class="bi bi-list"></i><span class="ms-2">Список сборок проекта</span></a>
<a href="/prjsign/<%= ERB::Util.url_encode(@proj_id) %>" class="list-group-item list-group-item-action list-group-item-dark icon-link"><i
class="bi bi-pencil-square"></i><span class="ms-2">Подписать</span></a>
<a href="/prjpub/<%= ERB::Util.url_encode(@proj_id) %>" class="list-group-item list-group-item-action list-group-item-dark icon-link"><i
class="bi bi-nut"></i><span class="ms-2">Опубликовать во
внешний репозиторий</span></a>
<a href="/prjsignview/<%= ERB::Util.url_encode(@proj_id) %>" class="list-group-item list-group-item-action list-group-item-dark icon-link"><i
class="bi bi-file-earmark-diff"></i><span class="ms-2">Просмотр подписанного репозитория</span></a>
<a href="/prjremoteaddr/<%= ERB::Util.url_encode(@proj_id) %>" class="list-group-item list-group-item-action list-group-item-dark icon-link"><i
class="bi bi-pin-map-fill"></i><span class="ms-2">Установить адрес подписаннго репозитория</span></a>
<a href="/prjdelete/<%= ERB::Util.url_encode(@proj_id) %>" class="list-group-item list-group-item-action list-group-item-dark icon-link"><i
class="bi bi-trash"></i><span class="ms-2">Удалить проект</span></a>
</div>

18
views/projremote.erb
Unescape View File

@ -0,0 +1,18 @@
<%= erb :header %>
<div class="container">
<h2 class="text-center">Подтвердите подпись пакетов проекта <%= @proj_name %></h2>
<form action="/prjremoteaddr/<%= ERB::Util.url_encode(@proj_id) %>" method="post">
<div class="form-check form-switch text-center pb-3">
<input class="form-check-input" type="text" role="switch" id="address" name="address" value="<%= @address %>">
<label class="form-check-label" for="address">
Укажите адресс удаленного репозитория:
</label>
</div>
<div class="mb-3 text-center">
<button type="submit" class="btn btn-primary" name="cancel" value="cancel">Отменить</button>
<button type="submit" class="btn btn-danger" name="reset" value="reset">Сбросить адрес</button>
<button type="submit" class="btn btn-info" name="addr" value="addr">Установить адрес</button>
</div>
</form>
</div>
<%= erb :footer %>

9
views/rpminfo.erb
Unescape View File

@ -7,6 +7,13 @@
<% end %>
<a href="/gitpackages/<%= ERB::Util.url_encode(@repo_id) %>"><i class="bi bi-git"></i></a>
</div>
<div>
<% if @rpm_data[:sign] == 1 %>
Пакет подписан
<% else %>
Пакет не подписан
<% end %>
</div>
<div class="accordion" id="rpmInfo">
<div class="accordion-item">
<h2 class="accordion-header">
@ -56,7 +63,7 @@
<div class="vstack gap-1">
<% @pkg_info.changelog.each do |entry| %>
<div class="p-1 text-warning-emphasis border">
<p><%= entry.time %> <%= entry.name %></p>
<p><%= entry.name %></p>
<p><%= entry.text %></p>
</div>
<% end %>

22
views/signconfirm.erb
Unescape View File

@ -0,0 +1,22 @@
<%= erb :header %>
<div class="container">
<h2 class="text-center">Подтвердите подпись пакетов проекта <%= @proj_name %></h2>
<form action="/prjsign/<%= ERB::Util.url_encode(@proj_id) %>" method="post">
<div class="form-check form-switch text-center pb-3">
<div class="pb-5">
Подписать пакеты проекта?
</div>
<% if @pass_exists.nil? || @pass_exists.strip == "" %>
<label class="form-check-label" for="password">
Введите пароль для ключа для подписывания:
</label>
<input type="password" class="form-control" id="password" name="password">
<% end %>
</div>
<div class="mb-3 text-center">
<button type="submit" class="btn btn-primary" name="cancel" value="cancel">Отменить</button>
<button type="submit" class="btn btn-danger" name="sign" value="sign">Подписать</button>
</div>
</form>
</div>
<%= erb :footer %>
Write Preview
Loading…
Cancel
Save