Merge ~barryprice/charm-tor/+git/charm-tor:main into charm-tor:main
- Git
- lp:~barryprice/charm-tor/+git/charm-tor
- main
- Merge into main
Status: | Work in progress |
---|---|
Proposed branch: | ~barryprice/charm-tor/+git/charm-tor:main |
Merge into: | charm-tor:main |
Diff against target: |
2994 lines (+2405/-408) 15 files modified
.gitignore (+6/-3) LICENSE (+674/-202) Makefile (+21/-0) README.md (+8/-16) charmcraft.yaml (+3/-3) config.yaml (+31/-12) dev/null (+0/-16) lib/charms/operator_libs_linux/v0/apt.py (+1329/-0) metadata.yaml (+12/-21) pyproject.toml (+38/-0) src/charm.py (+184/-82) templates/torrc (+12/-0) tests/__init__.py (+4/-0) tests/test_charm.py (+5/-53) tox.ini (+78/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tor Charmers | Pending | ||
Review via email: mp+425423@code.launchpad.net |
Commit message
WIP MP to replace the charmcraft boilerplate with a functional charm
Description of the change
- d39909c... by Barry Price
-
Add lib, pyproject, tox, refresh ,gitignore
- 47bd6c5... by Barry Price
-
Initial Makefile
- 6264307... by Barry Price
-
Add paths, lint target, run lint
- 1d7bc86... by Barry Price
-
Handle upstream torproject repo installation/
removal - d762c48... by Barry Price
-
Ensure packages are installed on hooks, sort package defs
- 2892df0... by Barry Price
-
Bugfixes
- 6b266a9... by Barry Price
-
Still WIP but a clean deploy with multiple related services works after a fashion (but relation changes fail catastrophically)
- 05532b8... by Barry Price
-
Restore boilerplate
Unmerged commits
- 05532b8... by Barry Price
-
Restore boilerplate
- 6b266a9... by Barry Price
-
Still WIP but a clean deploy with multiple related services works after a fashion (but relation changes fail catastrophically)
- 2892df0... by Barry Price
-
Bugfixes
- d762c48... by Barry Price
-
Ensure packages are installed on hooks, sort package defs
- 1d7bc86... by Barry Price
-
Handle upstream torproject repo installation/
removal - 6264307... by Barry Price
-
Add paths, lint target, run lint
- 47bd6c5... by Barry Price
-
Initial Makefile
- d39909c... by Barry Price
-
Add lib, pyproject, tox, refresh ,gitignore
- 4220710... by Barry Price
-
Basic skeleton, remove most boilerplate, no functionality yet
Preview Diff
1 | diff --git a/.gitignore b/.gitignore |
2 | index 2c3f0e5..69a2281 100644 |
3 | --- a/.gitignore |
4 | +++ b/.gitignore |
5 | @@ -1,7 +1,10 @@ |
6 | -venv/ |
7 | -build/ |
8 | +/build |
9 | +/venv |
10 | + |
11 | *.charm |
12 | +*.py[cod] |
13 | +*.swp |
14 | |
15 | .coverage |
16 | +.tox |
17 | __pycache__/ |
18 | -*.py[cod] |
19 | diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md |
20 | deleted file mode 100644 |
21 | index f5dac3b..0000000 |
22 | --- a/CONTRIBUTING.md |
23 | +++ /dev/null |
24 | @@ -1,34 +0,0 @@ |
25 | -# charm-tor |
26 | - |
27 | -## Developing |
28 | - |
29 | -Create and activate a virtualenv with the development requirements: |
30 | - |
31 | - virtualenv -p python3 venv |
32 | - source venv/bin/activate |
33 | - pip install -r requirements-dev.txt |
34 | - |
35 | -## Code overview |
36 | - |
37 | -TEMPLATE-TODO: |
38 | -One of the most important things a consumer of your charm (or library) |
39 | -needs to know is what set of functionality it provides. Which categories |
40 | -does it fit into? Which events do you listen to? Which libraries do you |
41 | -consume? Which ones do you export and how are they used? |
42 | - |
43 | -## Intended use case |
44 | - |
45 | -TEMPLATE-TODO: |
46 | -Why were these decisions made? What's the scope of your charm? |
47 | - |
48 | -## Roadmap |
49 | - |
50 | -If this Charm doesn't fulfill all of the initial functionality you were |
51 | -hoping for or planning on, please add a Roadmap or TODO here |
52 | - |
53 | -## Testing |
54 | - |
55 | -The Python operator framework includes a very nice harness for testing |
56 | -operator behaviour without full deployment. Just `run_tests`: |
57 | - |
58 | - ./run_tests |
59 | diff --git a/LICENSE b/LICENSE |
60 | index d645695..f288702 100644 |
61 | --- a/LICENSE |
62 | +++ b/LICENSE |
63 | @@ -1,202 +1,674 @@ |
64 | - |
65 | - Apache License |
66 | - Version 2.0, January 2004 |
67 | - http://www.apache.org/licenses/ |
68 | - |
69 | - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION |
70 | - |
71 | - 1. Definitions. |
72 | - |
73 | - "License" shall mean the terms and conditions for use, reproduction, |
74 | - and distribution as defined by Sections 1 through 9 of this document. |
75 | - |
76 | - "Licensor" shall mean the copyright owner or entity authorized by |
77 | - the copyright owner that is granting the License. |
78 | - |
79 | - "Legal Entity" shall mean the union of the acting entity and all |
80 | - other entities that control, are controlled by, or are under common |
81 | - control with that entity. For the purposes of this definition, |
82 | - "control" means (i) the power, direct or indirect, to cause the |
83 | - direction or management of such entity, whether by contract or |
84 | - otherwise, or (ii) ownership of fifty percent (50%) or more of the |
85 | - outstanding shares, or (iii) beneficial ownership of such entity. |
86 | - |
87 | - "You" (or "Your") shall mean an individual or Legal Entity |
88 | - exercising permissions granted by this License. |
89 | - |
90 | - "Source" form shall mean the preferred form for making modifications, |
91 | - including but not limited to software source code, documentation |
92 | - source, and configuration files. |
93 | - |
94 | - "Object" form shall mean any form resulting from mechanical |
95 | - transformation or translation of a Source form, including but |
96 | - not limited to compiled object code, generated documentation, |
97 | - and conversions to other media types. |
98 | - |
99 | - "Work" shall mean the work of authorship, whether in Source or |
100 | - Object form, made available under the License, as indicated by a |
101 | - copyright notice that is included in or attached to the work |
102 | - (an example is provided in the Appendix below). |
103 | - |
104 | - "Derivative Works" shall mean any work, whether in Source or Object |
105 | - form, that is based on (or derived from) the Work and for which the |
106 | - editorial revisions, annotations, elaborations, or other modifications |
107 | - represent, as a whole, an original work of authorship. For the purposes |
108 | - of this License, Derivative Works shall not include works that remain |
109 | - separable from, or merely link (or bind by name) to the interfaces of, |
110 | - the Work and Derivative Works thereof. |
111 | - |
112 | - "Contribution" shall mean any work of authorship, including |
113 | - the original version of the Work and any modifications or additions |
114 | - to that Work or Derivative Works thereof, that is intentionally |
115 | - submitted to Licensor for inclusion in the Work by the copyright owner |
116 | - or by an individual or Legal Entity authorized to submit on behalf of |
117 | - the copyright owner. For the purposes of this definition, "submitted" |
118 | - means any form of electronic, verbal, or written communication sent |
119 | - to the Licensor or its representatives, including but not limited to |
120 | - communication on electronic mailing lists, source code control systems, |
121 | - and issue tracking systems that are managed by, or on behalf of, the |
122 | - Licensor for the purpose of discussing and improving the Work, but |
123 | - excluding communication that is conspicuously marked or otherwise |
124 | - designated in writing by the copyright owner as "Not a Contribution." |
125 | - |
126 | - "Contributor" shall mean Licensor and any individual or Legal Entity |
127 | - on behalf of whom a Contribution has been received by Licensor and |
128 | - subsequently incorporated within the Work. |
129 | - |
130 | - 2. Grant of Copyright License. Subject to the terms and conditions of |
131 | - this License, each Contributor hereby grants to You a perpetual, |
132 | - worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
133 | - copyright license to reproduce, prepare Derivative Works of, |
134 | - publicly display, publicly perform, sublicense, and distribute the |
135 | - Work and such Derivative Works in Source or Object form. |
136 | - |
137 | - 3. Grant of Patent License. Subject to the terms and conditions of |
138 | - this License, each Contributor hereby grants to You a perpetual, |
139 | - worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
140 | - (except as stated in this section) patent license to make, have made, |
141 | - use, offer to sell, sell, import, and otherwise transfer the Work, |
142 | - where such license applies only to those patent claims licensable |
143 | - by such Contributor that are necessarily infringed by their |
144 | - Contribution(s) alone or by combination of their Contribution(s) |
145 | - with the Work to which such Contribution(s) was submitted. If You |
146 | - institute patent litigation against any entity (including a |
147 | - cross-claim or counterclaim in a lawsuit) alleging that the Work |
148 | - or a Contribution incorporated within the Work constitutes direct |
149 | - or contributory patent infringement, then any patent licenses |
150 | - granted to You under this License for that Work shall terminate |
151 | - as of the date such litigation is filed. |
152 | - |
153 | - 4. Redistribution. You may reproduce and distribute copies of the |
154 | - Work or Derivative Works thereof in any medium, with or without |
155 | - modifications, and in Source or Object form, provided that You |
156 | - meet the following conditions: |
157 | - |
158 | - (a) You must give any other recipients of the Work or |
159 | - Derivative Works a copy of this License; and |
160 | - |
161 | - (b) You must cause any modified files to carry prominent notices |
162 | - stating that You changed the files; and |
163 | - |
164 | - (c) You must retain, in the Source form of any Derivative Works |
165 | - that You distribute, all copyright, patent, trademark, and |
166 | - attribution notices from the Source form of the Work, |
167 | - excluding those notices that do not pertain to any part of |
168 | - the Derivative Works; and |
169 | - |
170 | - (d) If the Work includes a "NOTICE" text file as part of its |
171 | - distribution, then any Derivative Works that You distribute must |
172 | - include a readable copy of the attribution notices contained |
173 | - within such NOTICE file, excluding those notices that do not |
174 | - pertain to any part of the Derivative Works, in at least one |
175 | - of the following places: within a NOTICE text file distributed |
176 | - as part of the Derivative Works; within the Source form or |
177 | - documentation, if provided along with the Derivative Works; or, |
178 | - within a display generated by the Derivative Works, if and |
179 | - wherever such third-party notices normally appear. The contents |
180 | - of the NOTICE file are for informational purposes only and |
181 | - do not modify the License. You may add Your own attribution |
182 | - notices within Derivative Works that You distribute, alongside |
183 | - or as an addendum to the NOTICE text from the Work, provided |
184 | - that such additional attribution notices cannot be construed |
185 | - as modifying the License. |
186 | - |
187 | - You may add Your own copyright statement to Your modifications and |
188 | - may provide additional or different license terms and conditions |
189 | - for use, reproduction, or distribution of Your modifications, or |
190 | - for any such Derivative Works as a whole, provided Your use, |
191 | - reproduction, and distribution of the Work otherwise complies with |
192 | - the conditions stated in this License. |
193 | - |
194 | - 5. Submission of Contributions. Unless You explicitly state otherwise, |
195 | - any Contribution intentionally submitted for inclusion in the Work |
196 | - by You to the Licensor shall be under the terms and conditions of |
197 | - this License, without any additional terms or conditions. |
198 | - Notwithstanding the above, nothing herein shall supersede or modify |
199 | - the terms of any separate license agreement you may have executed |
200 | - with Licensor regarding such Contributions. |
201 | - |
202 | - 6. Trademarks. This License does not grant permission to use the trade |
203 | - names, trademarks, service marks, or product names of the Licensor, |
204 | - except as required for reasonable and customary use in describing the |
205 | - origin of the Work and reproducing the content of the NOTICE file. |
206 | - |
207 | - 7. Disclaimer of Warranty. Unless required by applicable law or |
208 | - agreed to in writing, Licensor provides the Work (and each |
209 | - Contributor provides its Contributions) on an "AS IS" BASIS, |
210 | - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
211 | - implied, including, without limitation, any warranties or conditions |
212 | - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A |
213 | - PARTICULAR PURPOSE. You are solely responsible for determining the |
214 | - appropriateness of using or redistributing the Work and assume any |
215 | - risks associated with Your exercise of permissions under this License. |
216 | - |
217 | - 8. Limitation of Liability. In no event and under no legal theory, |
218 | - whether in tort (including negligence), contract, or otherwise, |
219 | - unless required by applicable law (such as deliberate and grossly |
220 | - negligent acts) or agreed to in writing, shall any Contributor be |
221 | - liable to You for damages, including any direct, indirect, special, |
222 | - incidental, or consequential damages of any character arising as a |
223 | - result of this License or out of the use or inability to use the |
224 | - Work (including but not limited to damages for loss of goodwill, |
225 | - work stoppage, computer failure or malfunction, or any and all |
226 | - other commercial damages or losses), even if such Contributor |
227 | - has been advised of the possibility of such damages. |
228 | - |
229 | - 9. Accepting Warranty or Additional Liability. While redistributing |
230 | - the Work or Derivative Works thereof, You may choose to offer, |
231 | - and charge a fee for, acceptance of support, warranty, indemnity, |
232 | - or other liability obligations and/or rights consistent with this |
233 | - License. However, in accepting such obligations, You may act only |
234 | - on Your own behalf and on Your sole responsibility, not on behalf |
235 | - of any other Contributor, and only if You agree to indemnify, |
236 | - defend, and hold each Contributor harmless for any liability |
237 | - incurred by, or claims asserted against, such Contributor by reason |
238 | - of your accepting any such warranty or additional liability. |
239 | - |
240 | - END OF TERMS AND CONDITIONS |
241 | - |
242 | - APPENDIX: How to apply the Apache License to your work. |
243 | - |
244 | - To apply the Apache License to your work, attach the following |
245 | - boilerplate notice, with the fields enclosed by brackets "[]" |
246 | - replaced with your own identifying information. (Don't include |
247 | - the brackets!) The text should be enclosed in the appropriate |
248 | - comment syntax for the file format. We also recommend that a |
249 | - file or class name and description of purpose be included on the |
250 | - same "printed page" as the copyright notice for easier |
251 | - identification within third-party archives. |
252 | - |
253 | - Copyright [yyyy] [name of copyright owner] |
254 | - |
255 | - Licensed under the Apache License, Version 2.0 (the "License"); |
256 | - you may not use this file except in compliance with the License. |
257 | - You may obtain a copy of the License at |
258 | - |
259 | - http://www.apache.org/licenses/LICENSE-2.0 |
260 | - |
261 | - Unless required by applicable law or agreed to in writing, software |
262 | - distributed under the License is distributed on an "AS IS" BASIS, |
263 | - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
264 | - See the License for the specific language governing permissions and |
265 | - limitations under the License. |
266 | + GNU GENERAL PUBLIC LICENSE |
267 | + Version 3, 29 June 2007 |
268 | + |
269 | + Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> |
270 | + Everyone is permitted to copy and distribute verbatim copies |
271 | + of this license document, but changing it is not allowed. |
272 | + |
273 | + Preamble |
274 | + |
275 | + The GNU General Public License is a free, copyleft license for |
276 | +software and other kinds of works. |
277 | + |
278 | + The licenses for most software and other practical works are designed |
279 | +to take away your freedom to share and change the works. By contrast, |
280 | +the GNU General Public License is intended to guarantee your freedom to |
281 | +share and change all versions of a program--to make sure it remains free |
282 | +software for all its users. We, the Free Software Foundation, use the |
283 | +GNU General Public License for most of our software; it applies also to |
284 | +any other work released this way by its authors. You can apply it to |
285 | +your programs, too. |
286 | + |
287 | + When we speak of free software, we are referring to freedom, not |
288 | +price. Our General Public Licenses are designed to make sure that you |
289 | +have the freedom to distribute copies of free software (and charge for |
290 | +them if you wish), that you receive source code or can get it if you |
291 | +want it, that you can change the software or use pieces of it in new |
292 | +free programs, and that you know you can do these things. |
293 | + |
294 | + To protect your rights, we need to prevent others from denying you |
295 | +these rights or asking you to surrender the rights. Therefore, you have |
296 | +certain responsibilities if you distribute copies of the software, or if |
297 | +you modify it: responsibilities to respect the freedom of others. |
298 | + |
299 | + For example, if you distribute copies of such a program, whether |
300 | +gratis or for a fee, you must pass on to the recipients the same |
301 | +freedoms that you received. You must make sure that they, too, receive |
302 | +or can get the source code. And you must show them these terms so they |
303 | +know their rights. |
304 | + |
305 | + Developers that use the GNU GPL protect your rights with two steps: |
306 | +(1) assert copyright on the software, and (2) offer you this License |
307 | +giving you legal permission to copy, distribute and/or modify it. |
308 | + |
309 | + For the developers' and authors' protection, the GPL clearly explains |
310 | +that there is no warranty for this free software. For both users' and |
311 | +authors' sake, the GPL requires that modified versions be marked as |
312 | +changed, so that their problems will not be attributed erroneously to |
313 | +authors of previous versions. |
314 | + |
315 | + Some devices are designed to deny users access to install or run |
316 | +modified versions of the software inside them, although the manufacturer |
317 | +can do so. This is fundamentally incompatible with the aim of |
318 | +protecting users' freedom to change the software. The systematic |
319 | +pattern of such abuse occurs in the area of products for individuals to |
320 | +use, which is precisely where it is most unacceptable. Therefore, we |
321 | +have designed this version of the GPL to prohibit the practice for those |
322 | +products. If such problems arise substantially in other domains, we |
323 | +stand ready to extend this provision to those domains in future versions |
324 | +of the GPL, as needed to protect the freedom of users. |
325 | + |
326 | + Finally, every program is threatened constantly by software patents. |
327 | +States should not allow patents to restrict development and use of |
328 | +software on general-purpose computers, but in those that do, we wish to |
329 | +avoid the special danger that patents applied to a free program could |
330 | +make it effectively proprietary. To prevent this, the GPL assures that |
331 | +patents cannot be used to render the program non-free. |
332 | + |
333 | + The precise terms and conditions for copying, distribution and |
334 | +modification follow. |
335 | + |
336 | + TERMS AND CONDITIONS |
337 | + |
338 | + 0. Definitions. |
339 | + |
340 | + "This License" refers to version 3 of the GNU General Public License. |
341 | + |
342 | + "Copyright" also means copyright-like laws that apply to other kinds of |
343 | +works, such as semiconductor masks. |
344 | + |
345 | + "The Program" refers to any copyrightable work licensed under this |
346 | +License. Each licensee is addressed as "you". "Licensees" and |
347 | +"recipients" may be individuals or organizations. |
348 | + |
349 | + To "modify" a work means to copy from or adapt all or part of the work |
350 | +in a fashion requiring copyright permission, other than the making of an |
351 | +exact copy. The resulting work is called a "modified version" of the |
352 | +earlier work or a work "based on" the earlier work. |
353 | + |
354 | + A "covered work" means either the unmodified Program or a work based |
355 | +on the Program. |
356 | + |
357 | + To "propagate" a work means to do anything with it that, without |
358 | +permission, would make you directly or secondarily liable for |
359 | +infringement under applicable copyright law, except executing it on a |
360 | +computer or modifying a private copy. Propagation includes copying, |
361 | +distribution (with or without modification), making available to the |
362 | +public, and in some countries other activities as well. |
363 | + |
364 | + To "convey" a work means any kind of propagation that enables other |
365 | +parties to make or receive copies. Mere interaction with a user through |
366 | +a computer network, with no transfer of a copy, is not conveying. |
367 | + |
368 | + An interactive user interface displays "Appropriate Legal Notices" |
369 | +to the extent that it includes a convenient and prominently visible |
370 | +feature that (1) displays an appropriate copyright notice, and (2) |
371 | +tells the user that there is no warranty for the work (except to the |
372 | +extent that warranties are provided), that licensees may convey the |
373 | +work under this License, and how to view a copy of this License. If |
374 | +the interface presents a list of user commands or options, such as a |
375 | +menu, a prominent item in the list meets this criterion. |
376 | + |
377 | + 1. Source Code. |
378 | + |
379 | + The "source code" for a work means the preferred form of the work |
380 | +for making modifications to it. "Object code" means any non-source |
381 | +form of a work. |
382 | + |
383 | + A "Standard Interface" means an interface that either is an official |
384 | +standard defined by a recognized standards body, or, in the case of |
385 | +interfaces specified for a particular programming language, one that |
386 | +is widely used among developers working in that language. |
387 | + |
388 | + The "System Libraries" of an executable work include anything, other |
389 | +than the work as a whole, that (a) is included in the normal form of |
390 | +packaging a Major Component, but which is not part of that Major |
391 | +Component, and (b) serves only to enable use of the work with that |
392 | +Major Component, or to implement a Standard Interface for which an |
393 | +implementation is available to the public in source code form. A |
394 | +"Major Component", in this context, means a major essential component |
395 | +(kernel, window system, and so on) of the specific operating system |
396 | +(if any) on which the executable work runs, or a compiler used to |
397 | +produce the work, or an object code interpreter used to run it. |
398 | + |
399 | + The "Corresponding Source" for a work in object code form means all |
400 | +the source code needed to generate, install, and (for an executable |
401 | +work) run the object code and to modify the work, including scripts to |
402 | +control those activities. However, it does not include the work's |
403 | +System Libraries, or general-purpose tools or generally available free |
404 | +programs which are used unmodified in performing those activities but |
405 | +which are not part of the work. For example, Corresponding Source |
406 | +includes interface definition files associated with source files for |
407 | +the work, and the source code for shared libraries and dynamically |
408 | +linked subprograms that the work is specifically designed to require, |
409 | +such as by intimate data communication or control flow between those |
410 | +subprograms and other parts of the work. |
411 | + |
412 | + The Corresponding Source need not include anything that users |
413 | +can regenerate automatically from other parts of the Corresponding |
414 | +Source. |
415 | + |
416 | + The Corresponding Source for a work in source code form is that |
417 | +same work. |
418 | + |
419 | + 2. Basic Permissions. |
420 | + |
421 | + All rights granted under this License are granted for the term of |
422 | +copyright on the Program, and are irrevocable provided the stated |
423 | +conditions are met. This License explicitly affirms your unlimited |
424 | +permission to run the unmodified Program. The output from running a |
425 | +covered work is covered by this License only if the output, given its |
426 | +content, constitutes a covered work. This License acknowledges your |
427 | +rights of fair use or other equivalent, as provided by copyright law. |
428 | + |
429 | + You may make, run and propagate covered works that you do not |
430 | +convey, without conditions so long as your license otherwise remains |
431 | +in force. You may convey covered works to others for the sole purpose |
432 | +of having them make modifications exclusively for you, or provide you |
433 | +with facilities for running those works, provided that you comply with |
434 | +the terms of this License in conveying all material for which you do |
435 | +not control copyright. Those thus making or running the covered works |
436 | +for you must do so exclusively on your behalf, under your direction |
437 | +and control, on terms that prohibit them from making any copies of |
438 | +your copyrighted material outside their relationship with you. |
439 | + |
440 | + Conveying under any other circumstances is permitted solely under |
441 | +the conditions stated below. Sublicensing is not allowed; section 10 |
442 | +makes it unnecessary. |
443 | + |
444 | + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. |
445 | + |
446 | + No covered work shall be deemed part of an effective technological |
447 | +measure under any applicable law fulfilling obligations under article |
448 | +11 of the WIPO copyright treaty adopted on 20 December 1996, or |
449 | +similar laws prohibiting or restricting circumvention of such |
450 | +measures. |
451 | + |
452 | + When you convey a covered work, you waive any legal power to forbid |
453 | +circumvention of technological measures to the extent such circumvention |
454 | +is effected by exercising rights under this License with respect to |
455 | +the covered work, and you disclaim any intention to limit operation or |
456 | +modification of the work as a means of enforcing, against the work's |
457 | +users, your or third parties' legal rights to forbid circumvention of |
458 | +technological measures. |
459 | + |
460 | + 4. Conveying Verbatim Copies. |
461 | + |
462 | + You may convey verbatim copies of the Program's source code as you |
463 | +receive it, in any medium, provided that you conspicuously and |
464 | +appropriately publish on each copy an appropriate copyright notice; |
465 | +keep intact all notices stating that this License and any |
466 | +non-permissive terms added in accord with section 7 apply to the code; |
467 | +keep intact all notices of the absence of any warranty; and give all |
468 | +recipients a copy of this License along with the Program. |
469 | + |
470 | + You may charge any price or no price for each copy that you convey, |
471 | +and you may offer support or warranty protection for a fee. |
472 | + |
473 | + 5. Conveying Modified Source Versions. |
474 | + |
475 | + You may convey a work based on the Program, or the modifications to |
476 | +produce it from the Program, in the form of source code under the |
477 | +terms of section 4, provided that you also meet all of these conditions: |
478 | + |
479 | + a) The work must carry prominent notices stating that you modified |
480 | + it, and giving a relevant date. |
481 | + |
482 | + b) The work must carry prominent notices stating that it is |
483 | + released under this License and any conditions added under section |
484 | + 7. This requirement modifies the requirement in section 4 to |
485 | + "keep intact all notices". |
486 | + |
487 | + c) You must license the entire work, as a whole, under this |
488 | + License to anyone who comes into possession of a copy. This |
489 | + License will therefore apply, along with any applicable section 7 |
490 | + additional terms, to the whole of the work, and all its parts, |
491 | + regardless of how they are packaged. This License gives no |
492 | + permission to license the work in any other way, but it does not |
493 | + invalidate such permission if you have separately received it. |
494 | + |
495 | + d) If the work has interactive user interfaces, each must display |
496 | + Appropriate Legal Notices; however, if the Program has interactive |
497 | + interfaces that do not display Appropriate Legal Notices, your |
498 | + work need not make them do so. |
499 | + |
500 | + A compilation of a covered work with other separate and independent |
501 | +works, which are not by their nature extensions of the covered work, |
502 | +and which are not combined with it such as to form a larger program, |
503 | +in or on a volume of a storage or distribution medium, is called an |
504 | +"aggregate" if the compilation and its resulting copyright are not |
505 | +used to limit the access or legal rights of the compilation's users |
506 | +beyond what the individual works permit. Inclusion of a covered work |
507 | +in an aggregate does not cause this License to apply to the other |
508 | +parts of the aggregate. |
509 | + |
510 | + 6. Conveying Non-Source Forms. |
511 | + |
512 | + You may convey a covered work in object code form under the terms |
513 | +of sections 4 and 5, provided that you also convey the |
514 | +machine-readable Corresponding Source under the terms of this License, |
515 | +in one of these ways: |
516 | + |
517 | + a) Convey the object code in, or embodied in, a physical product |
518 | + (including a physical distribution medium), accompanied by the |
519 | + Corresponding Source fixed on a durable physical medium |
520 | + customarily used for software interchange. |
521 | + |
522 | + b) Convey the object code in, or embodied in, a physical product |
523 | + (including a physical distribution medium), accompanied by a |
524 | + written offer, valid for at least three years and valid for as |
525 | + long as you offer spare parts or customer support for that product |
526 | + model, to give anyone who possesses the object code either (1) a |
527 | + copy of the Corresponding Source for all the software in the |
528 | + product that is covered by this License, on a durable physical |
529 | + medium customarily used for software interchange, for a price no |
530 | + more than your reasonable cost of physically performing this |
531 | + conveying of source, or (2) access to copy the |
532 | + Corresponding Source from a network server at no charge. |
533 | + |
534 | + c) Convey individual copies of the object code with a copy of the |
535 | + written offer to provide the Corresponding Source. This |
536 | + alternative is allowed only occasionally and noncommercially, and |
537 | + only if you received the object code with such an offer, in accord |
538 | + with subsection 6b. |
539 | + |
540 | + d) Convey the object code by offering access from a designated |
541 | + place (gratis or for a charge), and offer equivalent access to the |
542 | + Corresponding Source in the same way through the same place at no |
543 | + further charge. You need not require recipients to copy the |
544 | + Corresponding Source along with the object code. If the place to |
545 | + copy the object code is a network server, the Corresponding Source |
546 | + may be on a different server (operated by you or a third party) |
547 | + that supports equivalent copying facilities, provided you maintain |
548 | + clear directions next to the object code saying where to find the |
549 | + Corresponding Source. Regardless of what server hosts the |
550 | + Corresponding Source, you remain obligated to ensure that it is |
551 | + available for as long as needed to satisfy these requirements. |
552 | + |
553 | + e) Convey the object code using peer-to-peer transmission, provided |
554 | + you inform other peers where the object code and Corresponding |
555 | + Source of the work are being offered to the general public at no |
556 | + charge under subsection 6d. |
557 | + |
558 | + A separable portion of the object code, whose source code is excluded |
559 | +from the Corresponding Source as a System Library, need not be |
560 | +included in conveying the object code work. |
561 | + |
562 | + A "User Product" is either (1) a "consumer product", which means any |
563 | +tangible personal property which is normally used for personal, family, |
564 | +or household purposes, or (2) anything designed or sold for incorporation |
565 | +into a dwelling. In determining whether a product is a consumer product, |
566 | +doubtful cases shall be resolved in favor of coverage. For a particular |
567 | +product received by a particular user, "normally used" refers to a |
568 | +typical or common use of that class of product, regardless of the status |
569 | +of the particular user or of the way in which the particular user |
570 | +actually uses, or expects or is expected to use, the product. A product |
571 | +is a consumer product regardless of whether the product has substantial |
572 | +commercial, industrial or non-consumer uses, unless such uses represent |
573 | +the only significant mode of use of the product. |
574 | + |
575 | + "Installation Information" for a User Product means any methods, |
576 | +procedures, authorization keys, or other information required to install |
577 | +and execute modified versions of a covered work in that User Product from |
578 | +a modified version of its Corresponding Source. The information must |
579 | +suffice to ensure that the continued functioning of the modified object |
580 | +code is in no case prevented or interfered with solely because |
581 | +modification has been made. |
582 | + |
583 | + If you convey an object code work under this section in, or with, or |
584 | +specifically for use in, a User Product, and the conveying occurs as |
585 | +part of a transaction in which the right of possession and use of the |
586 | +User Product is transferred to the recipient in perpetuity or for a |
587 | +fixed term (regardless of how the transaction is characterized), the |
588 | +Corresponding Source conveyed under this section must be accompanied |
589 | +by the Installation Information. But this requirement does not apply |
590 | +if neither you nor any third party retains the ability to install |
591 | +modified object code on the User Product (for example, the work has |
592 | +been installed in ROM). |
593 | + |
594 | + The requirement to provide Installation Information does not include a |
595 | +requirement to continue to provide support service, warranty, or updates |
596 | +for a work that has been modified or installed by the recipient, or for |
597 | +the User Product in which it has been modified or installed. Access to a |
598 | +network may be denied when the modification itself materially and |
599 | +adversely affects the operation of the network or violates the rules and |
600 | +protocols for communication across the network. |
601 | + |
602 | + Corresponding Source conveyed, and Installation Information provided, |
603 | +in accord with this section must be in a format that is publicly |
604 | +documented (and with an implementation available to the public in |
605 | +source code form), and must require no special password or key for |
606 | +unpacking, reading or copying. |
607 | + |
608 | + 7. Additional Terms. |
609 | + |
610 | + "Additional permissions" are terms that supplement the terms of this |
611 | +License by making exceptions from one or more of its conditions. |
612 | +Additional permissions that are applicable to the entire Program shall |
613 | +be treated as though they were included in this License, to the extent |
614 | +that they are valid under applicable law. If additional permissions |
615 | +apply only to part of the Program, that part may be used separately |
616 | +under those permissions, but the entire Program remains governed by |
617 | +this License without regard to the additional permissions. |
618 | + |
619 | + When you convey a copy of a covered work, you may at your option |
620 | +remove any additional permissions from that copy, or from any part of |
621 | +it. (Additional permissions may be written to require their own |
622 | +removal in certain cases when you modify the work.) You may place |
623 | +additional permissions on material, added by you to a covered work, |
624 | +for which you have or can give appropriate copyright permission. |
625 | + |
626 | + Notwithstanding any other provision of this License, for material you |
627 | +add to a covered work, you may (if authorized by the copyright holders of |
628 | +that material) supplement the terms of this License with terms: |
629 | + |
630 | + a) Disclaiming warranty or limiting liability differently from the |
631 | + terms of sections 15 and 16 of this License; or |
632 | + |
633 | + b) Requiring preservation of specified reasonable legal notices or |
634 | + author attributions in that material or in the Appropriate Legal |
635 | + Notices displayed by works containing it; or |
636 | + |
637 | + c) Prohibiting misrepresentation of the origin of that material, or |
638 | + requiring that modified versions of such material be marked in |
639 | + reasonable ways as different from the original version; or |
640 | + |
641 | + d) Limiting the use for publicity purposes of names of licensors or |
642 | + authors of the material; or |
643 | + |
644 | + e) Declining to grant rights under trademark law for use of some |
645 | + trade names, trademarks, or service marks; or |
646 | + |
647 | + f) Requiring indemnification of licensors and authors of that |
648 | + material by anyone who conveys the material (or modified versions of |
649 | + it) with contractual assumptions of liability to the recipient, for |
650 | + any liability that these contractual assumptions directly impose on |
651 | + those licensors and authors. |
652 | + |
653 | + All other non-permissive additional terms are considered "further |
654 | +restrictions" within the meaning of section 10. If the Program as you |
655 | +received it, or any part of it, contains a notice stating that it is |
656 | +governed by this License along with a term that is a further |
657 | +restriction, you may remove that term. If a license document contains |
658 | +a further restriction but permits relicensing or conveying under this |
659 | +License, you may add to a covered work material governed by the terms |
660 | +of that license document, provided that the further restriction does |
661 | +not survive such relicensing or conveying. |
662 | + |
663 | + If you add terms to a covered work in accord with this section, you |
664 | +must place, in the relevant source files, a statement of the |
665 | +additional terms that apply to those files, or a notice indicating |
666 | +where to find the applicable terms. |
667 | + |
668 | + Additional terms, permissive or non-permissive, may be stated in the |
669 | +form of a separately written license, or stated as exceptions; |
670 | +the above requirements apply either way. |
671 | + |
672 | + 8. Termination. |
673 | + |
674 | + You may not propagate or modify a covered work except as expressly |
675 | +provided under this License. Any attempt otherwise to propagate or |
676 | +modify it is void, and will automatically terminate your rights under |
677 | +this License (including any patent licenses granted under the third |
678 | +paragraph of section 11). |
679 | + |
680 | + However, if you cease all violation of this License, then your |
681 | +license from a particular copyright holder is reinstated (a) |
682 | +provisionally, unless and until the copyright holder explicitly and |
683 | +finally terminates your license, and (b) permanently, if the copyright |
684 | +holder fails to notify you of the violation by some reasonable means |
685 | +prior to 60 days after the cessation. |
686 | + |
687 | + Moreover, your license from a particular copyright holder is |
688 | +reinstated permanently if the copyright holder notifies you of the |
689 | +violation by some reasonable means, this is the first time you have |
690 | +received notice of violation of this License (for any work) from that |
691 | +copyright holder, and you cure the violation prior to 30 days after |
692 | +your receipt of the notice. |
693 | + |
694 | + Termination of your rights under this section does not terminate the |
695 | +licenses of parties who have received copies or rights from you under |
696 | +this License. If your rights have been terminated and not permanently |
697 | +reinstated, you do not qualify to receive new licenses for the same |
698 | +material under section 10. |
699 | + |
700 | + 9. Acceptance Not Required for Having Copies. |
701 | + |
702 | + You are not required to accept this License in order to receive or |
703 | +run a copy of the Program. Ancillary propagation of a covered work |
704 | +occurring solely as a consequence of using peer-to-peer transmission |
705 | +to receive a copy likewise does not require acceptance. However, |
706 | +nothing other than this License grants you permission to propagate or |
707 | +modify any covered work. These actions infringe copyright if you do |
708 | +not accept this License. Therefore, by modifying or propagating a |
709 | +covered work, you indicate your acceptance of this License to do so. |
710 | + |
711 | + 10. Automatic Licensing of Downstream Recipients. |
712 | + |
713 | + Each time you convey a covered work, the recipient automatically |
714 | +receives a license from the original licensors, to run, modify and |
715 | +propagate that work, subject to this License. You are not responsible |
716 | +for enforcing compliance by third parties with this License. |
717 | + |
718 | + An "entity transaction" is a transaction transferring control of an |
719 | +organization, or substantially all assets of one, or subdividing an |
720 | +organization, or merging organizations. If propagation of a covered |
721 | +work results from an entity transaction, each party to that |
722 | +transaction who receives a copy of the work also receives whatever |
723 | +licenses to the work the party's predecessor in interest had or could |
724 | +give under the previous paragraph, plus a right to possession of the |
725 | +Corresponding Source of the work from the predecessor in interest, if |
726 | +the predecessor has it or can get it with reasonable efforts. |
727 | + |
728 | + You may not impose any further restrictions on the exercise of the |
729 | +rights granted or affirmed under this License. For example, you may |
730 | +not impose a license fee, royalty, or other charge for exercise of |
731 | +rights granted under this License, and you may not initiate litigation |
732 | +(including a cross-claim or counterclaim in a lawsuit) alleging that |
733 | +any patent claim is infringed by making, using, selling, offering for |
734 | +sale, or importing the Program or any portion of it. |
735 | + |
736 | + 11. Patents. |
737 | + |
738 | + A "contributor" is a copyright holder who authorizes use under this |
739 | +License of the Program or a work on which the Program is based. The |
740 | +work thus licensed is called the contributor's "contributor version". |
741 | + |
742 | + A contributor's "essential patent claims" are all patent claims |
743 | +owned or controlled by the contributor, whether already acquired or |
744 | +hereafter acquired, that would be infringed by some manner, permitted |
745 | +by this License, of making, using, or selling its contributor version, |
746 | +but do not include claims that would be infringed only as a |
747 | +consequence of further modification of the contributor version. For |
748 | +purposes of this definition, "control" includes the right to grant |
749 | +patent sublicenses in a manner consistent with the requirements of |
750 | +this License. |
751 | + |
752 | + Each contributor grants you a non-exclusive, worldwide, royalty-free |
753 | +patent license under the contributor's essential patent claims, to |
754 | +make, use, sell, offer for sale, import and otherwise run, modify and |
755 | +propagate the contents of its contributor version. |
756 | + |
757 | + In the following three paragraphs, a "patent license" is any express |
758 | +agreement or commitment, however denominated, not to enforce a patent |
759 | +(such as an express permission to practice a patent or covenant not to |
760 | +sue for patent infringement). To "grant" such a patent license to a |
761 | +party means to make such an agreement or commitment not to enforce a |
762 | +patent against the party. |
763 | + |
764 | + If you convey a covered work, knowingly relying on a patent license, |
765 | +and the Corresponding Source of the work is not available for anyone |
766 | +to copy, free of charge and under the terms of this License, through a |
767 | +publicly available network server or other readily accessible means, |
768 | +then you must either (1) cause the Corresponding Source to be so |
769 | +available, or (2) arrange to deprive yourself of the benefit of the |
770 | +patent license for this particular work, or (3) arrange, in a manner |
771 | +consistent with the requirements of this License, to extend the patent |
772 | +license to downstream recipients. "Knowingly relying" means you have |
773 | +actual knowledge that, but for the patent license, your conveying the |
774 | +covered work in a country, or your recipient's use of the covered work |
775 | +in a country, would infringe one or more identifiable patents in that |
776 | +country that you have reason to believe are valid. |
777 | + |
778 | + If, pursuant to or in connection with a single transaction or |
779 | +arrangement, you convey, or propagate by procuring conveyance of, a |
780 | +covered work, and grant a patent license to some of the parties |
781 | +receiving the covered work authorizing them to use, propagate, modify |
782 | +or convey a specific copy of the covered work, then the patent license |
783 | +you grant is automatically extended to all recipients of the covered |
784 | +work and works based on it. |
785 | + |
786 | + A patent license is "discriminatory" if it does not include within |
787 | +the scope of its coverage, prohibits the exercise of, or is |
788 | +conditioned on the non-exercise of one or more of the rights that are |
789 | +specifically granted under this License. You may not convey a covered |
790 | +work if you are a party to an arrangement with a third party that is |
791 | +in the business of distributing software, under which you make payment |
792 | +to the third party based on the extent of your activity of conveying |
793 | +the work, and under which the third party grants, to any of the |
794 | +parties who would receive the covered work from you, a discriminatory |
795 | +patent license (a) in connection with copies of the covered work |
796 | +conveyed by you (or copies made from those copies), or (b) primarily |
797 | +for and in connection with specific products or compilations that |
798 | +contain the covered work, unless you entered into that arrangement, |
799 | +or that patent license was granted, prior to 28 March 2007. |
800 | + |
801 | + Nothing in this License shall be construed as excluding or limiting |
802 | +any implied license or other defenses to infringement that may |
803 | +otherwise be available to you under applicable patent law. |
804 | + |
805 | + 12. No Surrender of Others' Freedom. |
806 | + |
807 | + If conditions are imposed on you (whether by court order, agreement or |
808 | +otherwise) that contradict the conditions of this License, they do not |
809 | +excuse you from the conditions of this License. If you cannot convey a |
810 | +covered work so as to satisfy simultaneously your obligations under this |
811 | +License and any other pertinent obligations, then as a consequence you may |
812 | +not convey it at all. For example, if you agree to terms that obligate you |
813 | +to collect a royalty for further conveying from those to whom you convey |
814 | +the Program, the only way you could satisfy both those terms and this |
815 | +License would be to refrain entirely from conveying the Program. |
816 | + |
817 | + 13. Use with the GNU Affero General Public License. |
818 | + |
819 | + Notwithstanding any other provision of this License, you have |
820 | +permission to link or combine any covered work with a work licensed |
821 | +under version 3 of the GNU Affero General Public License into a single |
822 | +combined work, and to convey the resulting work. The terms of this |
823 | +License will continue to apply to the part which is the covered work, |
824 | +but the special requirements of the GNU Affero General Public License, |
825 | +section 13, concerning interaction through a network will apply to the |
826 | +combination as such. |
827 | + |
828 | + 14. Revised Versions of this License. |
829 | + |
830 | + The Free Software Foundation may publish revised and/or new versions of |
831 | +the GNU General Public License from time to time. Such new versions will |
832 | +be similar in spirit to the present version, but may differ in detail to |
833 | +address new problems or concerns. |
834 | + |
835 | + Each version is given a distinguishing version number. If the |
836 | +Program specifies that a certain numbered version of the GNU General |
837 | +Public License "or any later version" applies to it, you have the |
838 | +option of following the terms and conditions either of that numbered |
839 | +version or of any later version published by the Free Software |
840 | +Foundation. If the Program does not specify a version number of the |
841 | +GNU General Public License, you may choose any version ever published |
842 | +by the Free Software Foundation. |
843 | + |
844 | + If the Program specifies that a proxy can decide which future |
845 | +versions of the GNU General Public License can be used, that proxy's |
846 | +public statement of acceptance of a version permanently authorizes you |
847 | +to choose that version for the Program. |
848 | + |
849 | + Later license versions may give you additional or different |
850 | +permissions. However, no additional obligations are imposed on any |
851 | +author or copyright holder as a result of your choosing to follow a |
852 | +later version. |
853 | + |
854 | + 15. Disclaimer of Warranty. |
855 | + |
856 | + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY |
857 | +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT |
858 | +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY |
859 | +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, |
860 | +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
861 | +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM |
862 | +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF |
863 | +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. |
864 | + |
865 | + 16. Limitation of Liability. |
866 | + |
867 | + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING |
868 | +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS |
869 | +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY |
870 | +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE |
871 | +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF |
872 | +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD |
873 | +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), |
874 | +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF |
875 | +SUCH DAMAGES. |
876 | + |
877 | + 17. Interpretation of Sections 15 and 16. |
878 | + |
879 | + If the disclaimer of warranty and limitation of liability provided |
880 | +above cannot be given local legal effect according to their terms, |
881 | +reviewing courts shall apply local law that most closely approximates |
882 | +an absolute waiver of all civil liability in connection with the |
883 | +Program, unless a warranty or assumption of liability accompanies a |
884 | +copy of the Program in return for a fee. |
885 | + |
886 | + END OF TERMS AND CONDITIONS |
887 | + |
888 | + How to Apply These Terms to Your New Programs |
889 | + |
890 | + If you develop a new program, and you want it to be of the greatest |
891 | +possible use to the public, the best way to achieve this is to make it |
892 | +free software which everyone can redistribute and change under these terms. |
893 | + |
894 | + To do so, attach the following notices to the program. It is safest |
895 | +to attach them to the start of each source file to most effectively |
896 | +state the exclusion of warranty; and each file should have at least |
897 | +the "copyright" line and a pointer to where the full notice is found. |
898 | + |
899 | + <one line to give the program's name and a brief idea of what it does.> |
900 | + Copyright (C) <year> <name of author> |
901 | + |
902 | + This program is free software: you can redistribute it and/or modify |
903 | + it under the terms of the GNU General Public License as published by |
904 | + the Free Software Foundation, either version 3 of the License, or |
905 | + (at your option) any later version. |
906 | + |
907 | + This program is distributed in the hope that it will be useful, |
908 | + but WITHOUT ANY WARRANTY; without even the implied warranty of |
909 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
910 | + GNU General Public License for more details. |
911 | + |
912 | + You should have received a copy of the GNU General Public License |
913 | + along with this program. If not, see <https://www.gnu.org/licenses/>. |
914 | + |
915 | +Also add information on how to contact you by electronic and paper mail. |
916 | + |
917 | + If the program does terminal interaction, make it output a short |
918 | +notice like this when it starts in an interactive mode: |
919 | + |
920 | + <program> Copyright (C) <year> <name of author> |
921 | + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. |
922 | + This is free software, and you are welcome to redistribute it |
923 | + under certain conditions; type `show c' for details. |
924 | + |
925 | +The hypothetical commands `show w' and `show c' should show the appropriate |
926 | +parts of the General Public License. Of course, your program's commands |
927 | +might be different; for a GUI interface, you would use an "about box". |
928 | + |
929 | + You should also get your employer (if you work as a programmer) or school, |
930 | +if any, to sign a "copyright disclaimer" for the program, if necessary. |
931 | +For more information on this, and how to apply and follow the GNU GPL, see |
932 | +<https://www.gnu.org/licenses/>. |
933 | + |
934 | + The GNU General Public License does not permit incorporating your program |
935 | +into proprietary programs. If your program is a subroutine library, you |
936 | +may consider it more useful to permit linking proprietary applications with |
937 | +the library. If this is what you want to do, use the GNU Lesser General |
938 | +Public License instead of this License. But first, please read |
939 | +<https://www.gnu.org/licenses/why-not-lgpl.html>. |
940 | diff --git a/Makefile b/Makefile |
941 | new file mode 100644 |
942 | index 0000000..8c14478 |
943 | --- /dev/null |
944 | +++ b/Makefile |
945 | @@ -0,0 +1,21 @@ |
946 | +METADATA_FILE="metadata.yaml" |
947 | +PROJECTPATH=$(dir $(realpath $(MAKEFILE_LIST))) |
948 | + |
949 | +ifndef CHARM_BUILD_DIR |
950 | + CHARM_BUILD_DIR=${PROJECTPATH}/../builds |
951 | +endif |
952 | + |
953 | +CHARM_NAME=$(shell cat ${PROJECTPATH}/${METADATA_FILE} | grep -E "^name:" | awk '{print $$2}') |
954 | + |
955 | +clean: |
956 | + @echo "Cleaning files" |
957 | + @git clean -ffXd -e '!.idea' |
958 | + @echo "Cleaning existing build" |
959 | + @rm -rf ${CHARM_BUILD_DIR}/${CHARM_NAME} |
960 | + |
961 | +lint: |
962 | + @echo "Running lint checks" |
963 | + @cd src && tox -e lint |
964 | + |
965 | +# The targets below don't depend on a file |
966 | +.PHONY: clean lint |
967 | diff --git a/README.md b/README.md |
968 | index 148c70d..a53a7ed 100644 |
969 | --- a/README.md |
970 | +++ b/README.md |
971 | @@ -1,24 +1,16 @@ |
972 | -# charm-tor |
973 | +# charm-tor-hidden-service |
974 | |
975 | ## Description |
976 | |
977 | -TODO: Describe your charm in a few paragraphs of Markdown |
978 | +This charm enables Tor hidden services |
979 | |
980 | ## Usage |
981 | |
982 | -TODO: Provide high-level usage, such as required config or relations |
983 | +The charm relates to any number of services (e.g. ch:apache2) over the |
984 | +`reverseproxy` relation, and serves up a proxied version of that site on a |
985 | +.onion (v3) hostname. |
986 | |
987 | +If you require a specific .onion hostname (or multiple) we suggest using the |
988 | +mkp224o tool to create them, and configuring the charm with those private keys. |
989 | |
990 | -## Relations |
991 | - |
992 | -TODO: Provide any relations which are provided or required by your charm |
993 | - |
994 | -## OCI Images |
995 | - |
996 | -TODO: Include a link to the default image your charm uses |
997 | - |
998 | -## Contributing |
999 | - |
1000 | -Please see the [Juju SDK docs](https://juju.is/docs/sdk) for guidelines |
1001 | -on enhancements to this charm following best practice guidelines, and |
1002 | -`CONTRIBUTING.md` for developer guidance. |
1003 | +TODO |
1004 | diff --git a/actions.yaml b/actions.yaml |
1005 | deleted file mode 100644 |
1006 | index 7cda621..0000000 |
1007 | --- a/actions.yaml |
1008 | +++ /dev/null |
1009 | @@ -1,16 +0,0 @@ |
1010 | -# Copyright 2022 Barry Price |
1011 | -# See LICENSE file for licensing details. |
1012 | -# |
1013 | -# TEMPLATE-TODO: change this example to suit your needs. |
1014 | -# If you don't need actions, you can remove the file entirely. |
1015 | -# It ties in to the example _on_fortune_action handler in src/charm.py |
1016 | -# |
1017 | -# Learn more about actions at: https://juju.is/docs/sdk/actions |
1018 | - |
1019 | -fortune: |
1020 | - description: Returns a pithy phrase. |
1021 | - params: |
1022 | - fail: |
1023 | - description: "Fail with this message" |
1024 | - type: string |
1025 | - default: "" |
1026 | diff --git a/charmcraft.yaml b/charmcraft.yaml |
1027 | index 048d454..0d1497e 100644 |
1028 | --- a/charmcraft.yaml |
1029 | +++ b/charmcraft.yaml |
1030 | @@ -1,10 +1,10 @@ |
1031 | -# Learn more about charmcraft.yaml configuration at: |
1032 | -# https://juju.is/docs/sdk/charmcraft-config |
1033 | type: "charm" |
1034 | bases: |
1035 | - build-on: |
1036 | - name: "ubuntu" |
1037 | - channel: "20.04" |
1038 | + channel: "22.04" |
1039 | run-on: |
1040 | - name: "ubuntu" |
1041 | channel: "20.04" |
1042 | + - name: "ubuntu" |
1043 | + channel: "22.04" |
1044 | diff --git a/config.yaml b/config.yaml |
1045 | index 65fb1ce..35643c0 100644 |
1046 | --- a/config.yaml |
1047 | +++ b/config.yaml |
1048 | @@ -1,14 +1,33 @@ |
1049 | -# Copyright 2022 Barry Price |
1050 | -# See LICENSE file for licensing details. |
1051 | -# |
1052 | -# TEMPLATE-TODO: change this example to suit your needs. |
1053 | -# If you don't need a config, you can remove the file entirely. |
1054 | -# It ties in to the example _on_config_changed handler in src/charm.py |
1055 | -# |
1056 | -# Learn more about config at: https://juju.is/docs/sdk/config |
1057 | - |
1058 | options: |
1059 | - thing: |
1060 | - default: 🎁 |
1061 | - description: A thing used by the charm. |
1062 | + hidden_keys_base64: |
1063 | + default: "" |
1064 | + description: | |
1065 | + Optional pre-generated tor private keys to run your service. The |
1066 | + .onion hostname(s) will be derived from this value. |
1067 | + |
1068 | + Since the key is a binary file, this field expects a YAML formattaed |
1069 | + list of source hostnames (passed via the reverseproxy relation and |
1070 | + visible in the Message column via `juju status`) with corresponding |
1071 | + base-64 encoded strings, via e.g. `base64 -w0 path/to/secretkey`. |
1072 | + |
1073 | + If left unconfigured, a random key (and address) will be generated for |
1074 | + each site. |
1075 | + |
1076 | + e.g. |
1077 | + example1.com: ZXhhbXBsZTEK |
1078 | + example2.internal: ZXhhbXBsZTIK |
1079 | + 10.0.0.1: ZXhhbXBsZTMK # example3 |
1080 | + type: string |
1081 | + socks5_port: |
1082 | + description: SOCKS5 proxy port on which to listen |
1083 | + type: int |
1084 | + default: 9050 |
1085 | + tor_source: |
1086 | + default: torproject |
1087 | + description: | |
1088 | + Source from which tor will be installed. |
1089 | + Options are "torproject" (default), which will use the packages from |
1090 | + deb.torproject.org, or "ubuntu" which will use the package in ubuntu's |
1091 | + universe component (this option may be outdated/insecure, but is the |
1092 | + only current option for architectures other than amd64/arm64). |
1093 | type: string |
1094 | diff --git a/lib/charms/operator_libs_linux/v0/apt.py b/lib/charms/operator_libs_linux/v0/apt.py |
1095 | new file mode 100644 |
1096 | index 0000000..2b5c8f2 |
1097 | --- /dev/null |
1098 | +++ b/lib/charms/operator_libs_linux/v0/apt.py |
1099 | @@ -0,0 +1,1329 @@ |
1100 | +# Copyright 2021 Canonical Ltd. |
1101 | +# |
1102 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1103 | +# you may not use this file except in compliance with the License. |
1104 | +# You may obtain a copy of the License at |
1105 | +# |
1106 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1107 | +# |
1108 | +# Unless required by applicable law or agreed to in writing, software |
1109 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1110 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1111 | +# See the License for the specific language governing permissions and |
1112 | +# limitations under the License. |
1113 | + |
1114 | +"""Abstractions for the system's Debian/Ubuntu package information and repositories. |
1115 | + |
1116 | +This module contains abstractions and wrappers around Debian/Ubuntu-style repositories and |
1117 | +packages, in order to easily provide an idiomatic and Pythonic mechanism for adding packages and/or |
1118 | +repositories to systems for use in machine charms. |
1119 | + |
1120 | +A sane default configuration is attainable through nothing more than instantiation of the |
1121 | +appropriate classes. `DebianPackage` objects provide information about the architecture, version, |
1122 | +name, and status of a package. |
1123 | + |
1124 | +`DebianPackage` will try to look up a package either from `dpkg -L` or from `apt-cache` when |
1125 | +provided with a string indicating the package name. If it cannot be located, `PackageNotFoundError` |
1126 | +will be returned, as `apt` and `dpkg` otherwise return `100` for all errors, and a meaningful error |
1127 | +message if the package is not known is desirable. |
1128 | + |
1129 | +To install packages with convenience methods: |
1130 | + |
1131 | +```python |
1132 | +try: |
1133 | + # Run `apt-get update` |
1134 | + apt.update() |
1135 | + apt.add_package("zsh") |
1136 | + apt.add_package(["vim", "htop", "wget"]) |
1137 | +except PackageNotFoundError: |
1138 | + logger.error("a specified package not found in package cache or on system") |
1139 | +except PackageError as e: |
1140 | + logger.error("could not install package. Reason: %s", e.message) |
1141 | +```` |
1142 | + |
1143 | +To find details of a specific package: |
1144 | + |
1145 | +```python |
1146 | +try: |
1147 | + vim = apt.DebianPackage.from_system("vim") |
1148 | + |
1149 | + # To find from the apt cache only |
1150 | + # apt.DebianPackage.from_apt_cache("vim") |
1151 | + |
1152 | + # To find from installed packages only |
1153 | + # apt.DebianPackage.from_installed_package("vim") |
1154 | + |
1155 | + vim.ensure(PackageState.Latest) |
1156 | + logger.info("updated vim to version: %s", vim.fullversion) |
1157 | +except PackageNotFoundError: |
1158 | + logger.error("a specified package not found in package cache or on system") |
1159 | +except PackageError as e: |
1160 | + logger.error("could not install package. Reason: %s", e.message) |
1161 | +``` |
1162 | + |
1163 | + |
1164 | +`RepositoryMapping` will return a dict-like object containing enabled system repositories |
1165 | +and their properties (available groups, baseuri. gpg key). This class can add, disable, or |
1166 | +manipulate repositories. Items can be retrieved as `DebianRepository` objects. |
1167 | + |
1168 | +In order add a new repository with explicit details for fields, a new `DebianRepository` can |
1169 | +be added to `RepositoryMapping` |
1170 | + |
1171 | +`RepositoryMapping` provides an abstraction around the existing repositories on the system, |
1172 | +and can be accessed and iterated over like any `Mapping` object, to retrieve values by key, |
1173 | +iterate, or perform other operations. |
1174 | + |
1175 | +Keys are constructed as `{repo_type}-{}-{release}` in order to uniquely identify a repository. |
1176 | + |
1177 | +Repositories can be added with explicit values through a Python constructor. |
1178 | + |
1179 | +Example: |
1180 | + |
1181 | +```python |
1182 | +repositories = apt.RepositoryMapping() |
1183 | + |
1184 | +if "deb-example.com-focal" not in repositories: |
1185 | + repositories.add(DebianRepository(enabled=True, repotype="deb", |
1186 | + uri="https://example.com", release="focal", groups=["universe"])) |
1187 | +``` |
1188 | + |
1189 | +Alternatively, any valid `sources.list` line may be used to construct a new |
1190 | +`DebianRepository`. |
1191 | + |
1192 | +Example: |
1193 | + |
1194 | +```python |
1195 | +repositories = apt.RepositoryMapping() |
1196 | + |
1197 | +if "deb-us.archive.ubuntu.com-xenial" not in repositories: |
1198 | + line = "deb http://us.archive.ubuntu.com/ubuntu xenial main restricted" |
1199 | + repo = DebianRepository.from_repo_line(line) |
1200 | + repositories.add(repo) |
1201 | +``` |
1202 | +""" |
1203 | + |
1204 | +import fileinput |
1205 | +import glob |
1206 | +import logging |
1207 | +import os |
1208 | +import re |
1209 | +import subprocess |
1210 | +from collections.abc import Mapping |
1211 | +from enum import Enum |
1212 | +from subprocess import PIPE, CalledProcessError, check_call, check_output |
1213 | +from typing import Iterable, List, Optional, Tuple, Union |
1214 | +from urllib.parse import urlparse |
1215 | + |
1216 | +logger = logging.getLogger(__name__) |
1217 | + |
1218 | +# The unique Charmhub library identifier, never change it |
1219 | +LIBID = "7c3dbc9c2ad44a47bd6fcb25caa270e5" |
1220 | + |
1221 | +# Increment this major API version when introducing breaking changes |
1222 | +LIBAPI = 0 |
1223 | + |
1224 | +# Increment this PATCH version before using `charmcraft publish-lib` or reset |
1225 | +# to 0 if you are raising the major API version |
1226 | +LIBPATCH = 7 |
1227 | + |
1228 | + |
1229 | +VALID_SOURCE_TYPES = ("deb", "deb-src") |
1230 | +OPTIONS_MATCHER = re.compile(r"\[.*?\]") |
1231 | + |
1232 | + |
1233 | +class Error(Exception): |
1234 | + """Base class of most errors raised by this library.""" |
1235 | + |
1236 | + def __repr__(self): |
1237 | + """String representation of Error.""" |
1238 | + return "<{}.{} {}>".format(type(self).__module__, type(self).__name__, self.args) |
1239 | + |
1240 | + @property |
1241 | + def name(self): |
1242 | + """Return a string representation of the model plus class.""" |
1243 | + return "<{}.{}>".format(type(self).__module__, type(self).__name__) |
1244 | + |
1245 | + @property |
1246 | + def message(self): |
1247 | + """Return the message passed as an argument.""" |
1248 | + return self.args[0] |
1249 | + |
1250 | + |
1251 | +class PackageError(Error): |
1252 | + """Raised when there's an error installing or removing a package.""" |
1253 | + |
1254 | + |
1255 | +class PackageNotFoundError(Error): |
1256 | + """Raised when a requested package is not known to the system.""" |
1257 | + |
1258 | + |
1259 | +class PackageState(Enum): |
1260 | + """A class to represent possible package states.""" |
1261 | + |
1262 | + Present = "present" |
1263 | + Absent = "absent" |
1264 | + Latest = "latest" |
1265 | + Available = "available" |
1266 | + |
1267 | + |
1268 | +class DebianPackage: |
1269 | + """Represents a traditional Debian package and its utility functions. |
1270 | + |
1271 | + `DebianPackage` wraps information and functionality around a known package, whether installed |
1272 | + or available. The version, epoch, name, and architecture can be easily queried and compared |
1273 | + against other `DebianPackage` objects to determine the latest version or to install a specific |
1274 | + version. |
1275 | + |
1276 | + The representation of this object as a string mimics the output from `dpkg` for familiarity. |
1277 | + |
1278 | + Installation and removal of packages is handled through the `state` property or `ensure` |
1279 | + method, with the following options: |
1280 | + |
1281 | + apt.PackageState.Absent |
1282 | + apt.PackageState.Available |
1283 | + apt.PackageState.Present |
1284 | + apt.PackageState.Latest |
1285 | + |
1286 | + When `DebianPackage` is initialized, the state of a given `DebianPackage` object will be set to |
1287 | + `Available`, `Present`, or `Latest`, with `Absent` implemented as a convenience for removal |
1288 | + (though it operates essentially the same as `Available`). |
1289 | + """ |
1290 | + |
1291 | + def __init__( |
1292 | + self, name: str, version: str, epoch: str, arch: str, state: PackageState |
1293 | + ) -> None: |
1294 | + self._name = name |
1295 | + self._arch = arch |
1296 | + self._state = state |
1297 | + self._version = Version(version, epoch) |
1298 | + |
1299 | + def __eq__(self, other) -> bool: |
1300 | + """Equality for comparison. |
1301 | + |
1302 | + Args: |
1303 | + other: a `DebianPackage` object for comparison |
1304 | + |
1305 | + Returns: |
1306 | + A boolean reflecting equality |
1307 | + """ |
1308 | + return isinstance(other, self.__class__) and ( |
1309 | + self._name, |
1310 | + self._version.number, |
1311 | + ) == (other._name, other._version.number) |
1312 | + |
1313 | + def __hash__(self): |
1314 | + """A basic hash so this class can be used in Mappings and dicts.""" |
1315 | + return hash((self._name, self._version.number)) |
1316 | + |
1317 | + def __repr__(self): |
1318 | + """A representation of the package.""" |
1319 | + return "<{}.{}: {}>".format(self.__module__, self.__class__.__name__, self.__dict__) |
1320 | + |
1321 | + def __str__(self): |
1322 | + """A human-readable representation of the package.""" |
1323 | + return "<{}: {}-{}.{} -- {}>".format( |
1324 | + self.__class__.__name__, |
1325 | + self._name, |
1326 | + self._version, |
1327 | + self._arch, |
1328 | + str(self._state), |
1329 | + ) |
1330 | + |
1331 | + @staticmethod |
1332 | + def _apt( |
1333 | + command: str, |
1334 | + package_names: Union[str, List], |
1335 | + optargs: Optional[List[str]] = None, |
1336 | + ) -> None: |
1337 | + """Wrap package management commands for Debian/Ubuntu systems. |
1338 | + |
1339 | + Args: |
1340 | + command: the command given to `apt-get` |
1341 | + package_names: a package name or list of package names to operate on |
1342 | + optargs: an (Optional) list of additioanl arguments |
1343 | + |
1344 | + Raises: |
1345 | + PackageError if an error is encountered |
1346 | + """ |
1347 | + optargs = optargs if optargs is not None else [] |
1348 | + if isinstance(package_names, str): |
1349 | + package_names = [package_names] |
1350 | + _cmd = ["apt-get", "-y", *optargs, command, *package_names] |
1351 | + try: |
1352 | + check_call(_cmd, stderr=PIPE, stdout=PIPE) |
1353 | + except CalledProcessError as e: |
1354 | + raise PackageError( |
1355 | + "Could not {} package(s) [{}]: {}".format(command, [*package_names], e.output) |
1356 | + ) from None |
1357 | + |
1358 | + def _add(self) -> None: |
1359 | + """Add a package to the system.""" |
1360 | + self._apt( |
1361 | + "install", |
1362 | + "{}={}".format(self.name, self.version), |
1363 | + optargs=["--option=Dpkg::Options::=--force-confold"], |
1364 | + ) |
1365 | + |
1366 | + def _remove(self) -> None: |
1367 | + """Removes a package from the system. Implementation-specific.""" |
1368 | + return self._apt("remove", "{}={}".format(self.name, self.version)) |
1369 | + |
1370 | + @property |
1371 | + def name(self) -> str: |
1372 | + """Returns the name of the package.""" |
1373 | + return self._name |
1374 | + |
1375 | + def ensure(self, state: PackageState): |
1376 | + """Ensures that a package is in a given state. |
1377 | + |
1378 | + Args: |
1379 | + state: a `PackageState` to reconcile the package to |
1380 | + |
1381 | + Raises: |
1382 | + PackageError from the underlying call to apt |
1383 | + """ |
1384 | + if self._state is not state: |
1385 | + if state not in (PackageState.Present, PackageState.Latest): |
1386 | + self._remove() |
1387 | + else: |
1388 | + self._add() |
1389 | + self._state = state |
1390 | + |
1391 | + @property |
1392 | + def present(self) -> bool: |
1393 | + """Returns whether or not a package is present.""" |
1394 | + return self._state in (PackageState.Present, PackageState.Latest) |
1395 | + |
1396 | + @property |
1397 | + def latest(self) -> bool: |
1398 | + """Returns whether the package is the most recent version.""" |
1399 | + return self._state is PackageState.Latest |
1400 | + |
1401 | + @property |
1402 | + def state(self) -> PackageState: |
1403 | + """Returns the current package state.""" |
1404 | + return self._state |
1405 | + |
1406 | + @state.setter |
1407 | + def state(self, state: PackageState) -> None: |
1408 | + """Sets the package state to a given value. |
1409 | + |
1410 | + Args: |
1411 | + state: a `PackageState` to reconcile the package to |
1412 | + |
1413 | + Raises: |
1414 | + PackageError from the underlying call to apt |
1415 | + """ |
1416 | + if state in (PackageState.Latest, PackageState.Present): |
1417 | + self._add() |
1418 | + else: |
1419 | + self._remove() |
1420 | + self._state = state |
1421 | + |
1422 | + @property |
1423 | + def version(self) -> "Version": |
1424 | + """Returns the version for a package.""" |
1425 | + return self._version |
1426 | + |
1427 | + @property |
1428 | + def epoch(self) -> str: |
1429 | + """Returns the epoch for a package. May be unset.""" |
1430 | + return self._version.epoch |
1431 | + |
1432 | + @property |
1433 | + def arch(self) -> str: |
1434 | + """Returns the architecture for a package.""" |
1435 | + return self._arch |
1436 | + |
1437 | + @property |
1438 | + def fullversion(self) -> str: |
1439 | + """Returns the name+epoch for a package.""" |
1440 | + return "{}.{}".format(self._version, self._arch) |
1441 | + |
1442 | + @staticmethod |
1443 | + def _get_epoch_from_version(version: str) -> Tuple[str, str]: |
1444 | + """Pull the epoch, if any, out of a version string.""" |
1445 | + epoch_matcher = re.compile(r"^((?P<epoch>\d+):)?(?P<version>.*)") |
1446 | + matches = epoch_matcher.search(version).groupdict() |
1447 | + return matches.get("epoch", ""), matches.get("version") |
1448 | + |
1449 | + @classmethod |
1450 | + def from_system( |
1451 | + cls, package: str, version: Optional[str] = "", arch: Optional[str] = "" |
1452 | + ) -> "DebianPackage": |
1453 | + """Locates a package, either on the system or known to apt, and serializes the information. |
1454 | + |
1455 | + Args: |
1456 | + package: a string representing the package |
1457 | + version: an optional string if a specific version isr equested |
1458 | + arch: an optional architecture, defaulting to `dpkg --print-architecture`. If an |
1459 | + architecture is not specified, this will be used for selection. |
1460 | + |
1461 | + """ |
1462 | + try: |
1463 | + return DebianPackage.from_installed_package(package, version, arch) |
1464 | + except PackageNotFoundError: |
1465 | + logger.debug( |
1466 | + "package '%s' is not currently installed or has the wrong architecture.", package |
1467 | + ) |
1468 | + |
1469 | + # Ok, try `apt-cache ...` |
1470 | + try: |
1471 | + return DebianPackage.from_apt_cache(package, version, arch) |
1472 | + except (PackageNotFoundError, PackageError): |
1473 | + # If we get here, it's not known to the systems. |
1474 | + # This seems unnecessary, but virtually all `apt` commands have a return code of `100`, |
1475 | + # and providing meaningful error messages without this is ugly. |
1476 | + raise PackageNotFoundError( |
1477 | + "Package '{}{}' could not be found on the system or in the apt cache!".format( |
1478 | + package, ".{}".format(arch) if arch else "" |
1479 | + ) |
1480 | + ) from None |
1481 | + |
1482 | + @classmethod |
1483 | + def from_installed_package( |
1484 | + cls, package: str, version: Optional[str] = "", arch: Optional[str] = "" |
1485 | + ) -> "DebianPackage": |
1486 | + """Check whether the package is already installed and return an instance. |
1487 | + |
1488 | + Args: |
1489 | + package: a string representing the package |
1490 | + version: an optional string if a specific version isr equested |
1491 | + arch: an optional architecture, defaulting to `dpkg --print-architecture`. |
1492 | + If an architecture is not specified, this will be used for selection. |
1493 | + """ |
1494 | + system_arch = check_output( |
1495 | + ["dpkg", "--print-architecture"], universal_newlines=True |
1496 | + ).strip() |
1497 | + arch = arch if arch else system_arch |
1498 | + |
1499 | + # Regexps are a really terrible way to do this. Thanks dpkg |
1500 | + output = "" |
1501 | + try: |
1502 | + output = check_output(["dpkg", "-l", package], stderr=PIPE, universal_newlines=True) |
1503 | + except CalledProcessError: |
1504 | + raise PackageNotFoundError("Package is not installed: {}".format(package)) from None |
1505 | + |
1506 | + # Pop off the output from `dpkg -l' because there's no flag to |
1507 | + # omit it` |
1508 | + lines = str(output).splitlines()[5:] |
1509 | + |
1510 | + dpkg_matcher = re.compile( |
1511 | + r""" |
1512 | + ^(?P<package_status>\w+?)\s+ |
1513 | + (?P<package_name>.*?)(?P<throwaway_arch>:\w+?)?\s+ |
1514 | + (?P<version>.*?)\s+ |
1515 | + (?P<arch>\w+?)\s+ |
1516 | + (?P<description>.*) |
1517 | + """, |
1518 | + re.VERBOSE, |
1519 | + ) |
1520 | + |
1521 | + for line in lines: |
1522 | + try: |
1523 | + matches = dpkg_matcher.search(line).groupdict() |
1524 | + package_status = matches["package_status"] |
1525 | + |
1526 | + if not package_status.endswith("i"): |
1527 | + logger.debug( |
1528 | + "package '%s' in dpkg output but not installed, status: '%s'", |
1529 | + package, |
1530 | + package_status, |
1531 | + ) |
1532 | + break |
1533 | + |
1534 | + epoch, split_version = DebianPackage._get_epoch_from_version(matches["version"]) |
1535 | + pkg = DebianPackage( |
1536 | + matches["package_name"], |
1537 | + split_version, |
1538 | + epoch, |
1539 | + matches["arch"], |
1540 | + PackageState.Present, |
1541 | + ) |
1542 | + if (pkg.arch == "all" or pkg.arch == arch) and ( |
1543 | + version == "" or str(pkg.version) == version |
1544 | + ): |
1545 | + return pkg |
1546 | + except AttributeError: |
1547 | + logger.warning("dpkg matcher could not parse line: %s", line) |
1548 | + |
1549 | + # If we didn't find it, fail through |
1550 | + raise PackageNotFoundError("Package {}.{} is not installed!".format(package, arch)) |
1551 | + |
1552 | + @classmethod |
1553 | + def from_apt_cache( |
1554 | + cls, package: str, version: Optional[str] = "", arch: Optional[str] = "" |
1555 | + ) -> "DebianPackage": |
1556 | + """Check whether the package is already installed and return an instance. |
1557 | + |
1558 | + Args: |
1559 | + package: a string representing the package |
1560 | + version: an optional string if a specific version isr equested |
1561 | + arch: an optional architecture, defaulting to `dpkg --print-architecture`. |
1562 | + If an architecture is not specified, this will be used for selection. |
1563 | + """ |
1564 | + system_arch = check_output( |
1565 | + ["dpkg", "--print-architecture"], universal_newlines=True |
1566 | + ).strip() |
1567 | + arch = arch if arch else system_arch |
1568 | + |
1569 | + # Regexps are a really terrible way to do this. Thanks dpkg |
1570 | + keys = ("Package", "Architecture", "Version") |
1571 | + |
1572 | + try: |
1573 | + output = check_output( |
1574 | + ["apt-cache", "show", package], stderr=PIPE, universal_newlines=True |
1575 | + ) |
1576 | + except CalledProcessError as e: |
1577 | + raise PackageError( |
1578 | + "Could not list packages in apt-cache: {}".format(e.output) |
1579 | + ) from None |
1580 | + |
1581 | + pkg_groups = output.strip().split("\n\n") |
1582 | + keys = ("Package", "Architecture", "Version") |
1583 | + |
1584 | + for pkg_raw in pkg_groups: |
1585 | + lines = str(pkg_raw).splitlines() |
1586 | + vals = {} |
1587 | + for line in lines: |
1588 | + if line.startswith(keys): |
1589 | + items = line.split(":", 1) |
1590 | + vals[items[0]] = items[1].strip() |
1591 | + else: |
1592 | + continue |
1593 | + |
1594 | + epoch, split_version = DebianPackage._get_epoch_from_version(vals["Version"]) |
1595 | + pkg = DebianPackage( |
1596 | + vals["Package"], |
1597 | + split_version, |
1598 | + epoch, |
1599 | + vals["Architecture"], |
1600 | + PackageState.Available, |
1601 | + ) |
1602 | + |
1603 | + if (pkg.arch == "all" or pkg.arch == arch) and ( |
1604 | + version == "" or str(pkg.version) == version |
1605 | + ): |
1606 | + return pkg |
1607 | + |
1608 | + # If we didn't find it, fail through |
1609 | + raise PackageNotFoundError("Package {}.{} is not in the apt cache!".format(package, arch)) |
1610 | + |
1611 | + |
1612 | +class Version: |
1613 | + """An abstraction around package versions. |
1614 | + |
1615 | + This seems like it should be strictly unnecessary, except that `apt_pkg` is not usable inside a |
1616 | + venv, and wedging version comparisions into `DebianPackage` would overcomplicate it. |
1617 | + |
1618 | + This class implements the algorithm found here: |
1619 | + https://www.debian.org/doc/debian-policy/ch-controlfields.html#version |
1620 | + """ |
1621 | + |
1622 | + def __init__(self, version: str, epoch: str): |
1623 | + self._version = version |
1624 | + self._epoch = epoch or "" |
1625 | + |
1626 | + def __repr__(self): |
1627 | + """A representation of the package.""" |
1628 | + return "<{}.{}: {}>".format(self.__module__, self.__class__.__name__, self.__dict__) |
1629 | + |
1630 | + def __str__(self): |
1631 | + """A human-readable representation of the package.""" |
1632 | + return "{}{}".format("{}:".format(self._epoch) if self._epoch else "", self._version) |
1633 | + |
1634 | + @property |
1635 | + def epoch(self): |
1636 | + """Returns the epoch for a package. May be empty.""" |
1637 | + return self._epoch |
1638 | + |
1639 | + @property |
1640 | + def number(self) -> str: |
1641 | + """Returns the version number for a package.""" |
1642 | + return self._version |
1643 | + |
1644 | + def _get_parts(self, version: str) -> Tuple[str, str]: |
1645 | + """Separate the version into component upstream and Debian pieces.""" |
1646 | + try: |
1647 | + version.rindex("-") |
1648 | + except ValueError: |
1649 | + # No hyphens means no Debian version |
1650 | + return version, "0" |
1651 | + |
1652 | + upstream, debian = version.rsplit("-", 1) |
1653 | + return upstream, debian |
1654 | + |
1655 | + def _listify(self, revision: str) -> List[str]: |
1656 | + """Split a revision string into a listself. |
1657 | + |
1658 | + This list is comprised of alternating between strings and numbers, |
1659 | + padded on either end to always be "str, int, str, int..." and |
1660 | + always be of even length. This allows us to trivially implement the |
1661 | + comparison algorithm described. |
1662 | + """ |
1663 | + result = [] |
1664 | + while revision: |
1665 | + rev_1, remains = self._get_alphas(revision) |
1666 | + rev_2, remains = self._get_digits(remains) |
1667 | + result.extend([rev_1, rev_2]) |
1668 | + revision = remains |
1669 | + return result |
1670 | + |
1671 | + def _get_alphas(self, revision: str) -> Tuple[str, str]: |
1672 | + """Return a tuple of the first non-digit characters of a revision.""" |
1673 | + # get the index of the first digit |
1674 | + for i, char in enumerate(revision): |
1675 | + if char.isdigit(): |
1676 | + if i == 0: |
1677 | + return "", revision |
1678 | + return revision[0:i], revision[i:] |
1679 | + # string is entirely alphas |
1680 | + return revision, "" |
1681 | + |
1682 | + def _get_digits(self, revision: str) -> Tuple[int, str]: |
1683 | + """Return a tuple of the first integer characters of a revision.""" |
1684 | + # If the string is empty, return (0,'') |
1685 | + if not revision: |
1686 | + return 0, "" |
1687 | + # get the index of the first non-digit |
1688 | + for i, char in enumerate(revision): |
1689 | + if not char.isdigit(): |
1690 | + if i == 0: |
1691 | + return 0, revision |
1692 | + return int(revision[0:i]), revision[i:] |
1693 | + # string is entirely digits |
1694 | + return int(revision), "" |
1695 | + |
1696 | + def _dstringcmp(self, a, b): # noqa: C901 |
1697 | + """Debian package version string section lexical sort algorithm. |
1698 | + |
1699 | + The lexical comparison is a comparison of ASCII values modified so |
1700 | + that all the letters sort earlier than all the non-letters and so that |
1701 | + a tilde sorts before anything, even the end of a part. |
1702 | + """ |
1703 | + if a == b: |
1704 | + return 0 |
1705 | + try: |
1706 | + for i, char in enumerate(a): |
1707 | + if char == b[i]: |
1708 | + continue |
1709 | + # "a tilde sorts before anything, even the end of a part" |
1710 | + # (emptyness) |
1711 | + if char == "~": |
1712 | + return -1 |
1713 | + if b[i] == "~": |
1714 | + return 1 |
1715 | + # "all the letters sort earlier than all the non-letters" |
1716 | + if char.isalpha() and not b[i].isalpha(): |
1717 | + return -1 |
1718 | + if not char.isalpha() and b[i].isalpha(): |
1719 | + return 1 |
1720 | + # otherwise lexical sort |
1721 | + if ord(char) > ord(b[i]): |
1722 | + return 1 |
1723 | + if ord(char) < ord(b[i]): |
1724 | + return -1 |
1725 | + except IndexError: |
1726 | + # a is longer than b but otherwise equal, greater unless there are tildes |
1727 | + if char == "~": |
1728 | + return -1 |
1729 | + return 1 |
1730 | + # if we get here, a is shorter than b but otherwise equal, so check for tildes... |
1731 | + if b[len(a)] == "~": |
1732 | + return 1 |
1733 | + return -1 |
1734 | + |
1735 | + def _compare_revision_strings(self, first: str, second: str): # noqa: C901 |
1736 | + """Compare two debian revision strings.""" |
1737 | + if first == second: |
1738 | + return 0 |
1739 | + |
1740 | + # listify pads results so that we will always be comparing ints to ints |
1741 | + # and strings to strings (at least until we fall off the end of a list) |
1742 | + first_list = self._listify(first) |
1743 | + second_list = self._listify(second) |
1744 | + if first_list == second_list: |
1745 | + return 0 |
1746 | + try: |
1747 | + for i, item in enumerate(first_list): |
1748 | + # explicitly raise IndexError if we've fallen off the edge of list2 |
1749 | + if i >= len(second_list): |
1750 | + raise IndexError |
1751 | + # if the items are equal, next |
1752 | + if item == second_list[i]: |
1753 | + continue |
1754 | + # numeric comparison |
1755 | + if isinstance(item, int): |
1756 | + if item > second_list[i]: |
1757 | + return 1 |
1758 | + if item < second_list[i]: |
1759 | + return -1 |
1760 | + else: |
1761 | + # string comparison |
1762 | + return self._dstringcmp(item, second_list[i]) |
1763 | + except IndexError: |
1764 | + # rev1 is longer than rev2 but otherwise equal, hence greater |
1765 | + # ...except for goddamn tildes |
1766 | + if first_list[len(second_list)][0][0] == "~": |
1767 | + return 1 |
1768 | + return 1 |
1769 | + # rev1 is shorter than rev2 but otherwise equal, hence lesser |
1770 | + # ...except for goddamn tildes |
1771 | + if second_list[len(first_list)][0][0] == "~": |
1772 | + return -1 |
1773 | + return -1 |
1774 | + |
1775 | + def _compare_version(self, other) -> int: |
1776 | + if (self.number, self.epoch) == (other.number, other.epoch): |
1777 | + return 0 |
1778 | + |
1779 | + if self.epoch < other.epoch: |
1780 | + return -1 |
1781 | + if self.epoch > other.epoch: |
1782 | + return 1 |
1783 | + |
1784 | + # If none of these are true, follow the algorithm |
1785 | + upstream_version, debian_version = self._get_parts(self.number) |
1786 | + other_upstream_version, other_debian_version = self._get_parts(other.number) |
1787 | + |
1788 | + upstream_cmp = self._compare_revision_strings(upstream_version, other_upstream_version) |
1789 | + if upstream_cmp != 0: |
1790 | + return upstream_cmp |
1791 | + |
1792 | + debian_cmp = self._compare_revision_strings(debian_version, other_debian_version) |
1793 | + if debian_cmp != 0: |
1794 | + return debian_cmp |
1795 | + |
1796 | + return 0 |
1797 | + |
1798 | + def __lt__(self, other) -> bool: |
1799 | + """Less than magic method impl.""" |
1800 | + return self._compare_version(other) < 0 |
1801 | + |
1802 | + def __eq__(self, other) -> bool: |
1803 | + """Equality magic method impl.""" |
1804 | + return self._compare_version(other) == 0 |
1805 | + |
1806 | + def __gt__(self, other) -> bool: |
1807 | + """Greater than magic method impl.""" |
1808 | + return self._compare_version(other) > 0 |
1809 | + |
1810 | + def __le__(self, other) -> bool: |
1811 | + """Less than or equal to magic method impl.""" |
1812 | + return self.__eq__(other) or self.__lt__(other) |
1813 | + |
1814 | + def __ge__(self, other) -> bool: |
1815 | + """Greater than or equal to magic method impl.""" |
1816 | + return self.__gt__(other) or self.__eq__(other) |
1817 | + |
1818 | + def __ne__(self, other) -> bool: |
1819 | + """Not equal to magic method impl.""" |
1820 | + return not self.__eq__(other) |
1821 | + |
1822 | + |
1823 | +def add_package( |
1824 | + package_names: Union[str, List[str]], |
1825 | + version: Optional[str] = "", |
1826 | + arch: Optional[str] = "", |
1827 | + update_cache: Optional[bool] = False, |
1828 | +) -> Union[DebianPackage, List[DebianPackage]]: |
1829 | + """Add a package or list of packages to the system. |
1830 | + |
1831 | + Args: |
1832 | + name: the name(s) of the package(s) |
1833 | + version: an (Optional) version as a string. Defaults to the latest known |
1834 | + arch: an optional architecture for the package |
1835 | + update_cache: whether or not to run `apt-get update` prior to operating |
1836 | + |
1837 | + Raises: |
1838 | + PackageNotFoundError if the package is not in the cache. |
1839 | + """ |
1840 | + cache_refreshed = False |
1841 | + if update_cache: |
1842 | + update() |
1843 | + cache_refreshed = True |
1844 | + |
1845 | + packages = {"success": [], "retry": [], "failed": []} |
1846 | + |
1847 | + package_names = [package_names] if type(package_names) is str else package_names |
1848 | + if not package_names: |
1849 | + raise TypeError("Expected at least one package name to add, received zero!") |
1850 | + |
1851 | + if len(package_names) != 1 and version: |
1852 | + raise TypeError( |
1853 | + "Explicit version should not be set if more than one package is being added!" |
1854 | + ) |
1855 | + |
1856 | + for p in package_names: |
1857 | + pkg, success = _add(p, version, arch) |
1858 | + if success: |
1859 | + packages["success"].append(pkg) |
1860 | + else: |
1861 | + logger.warning("failed to locate and install/update '%s'", pkg) |
1862 | + packages["retry"].append(p) |
1863 | + |
1864 | + if packages["retry"] and not cache_refreshed: |
1865 | + logger.info("updating the apt-cache and retrying installation of failed packages.") |
1866 | + update() |
1867 | + |
1868 | + for p in packages["retry"]: |
1869 | + pkg, success = _add(p, version, arch) |
1870 | + if success: |
1871 | + packages["success"].append(pkg) |
1872 | + else: |
1873 | + packages["failed"].append(p) |
1874 | + |
1875 | + if packages["failed"]: |
1876 | + raise PackageError("Failed to install packages: {}".format(", ".join(packages["failed"]))) |
1877 | + |
1878 | + return packages["success"] if len(packages["success"]) > 1 else packages["success"][0] |
1879 | + |
1880 | + |
1881 | +def _add( |
1882 | + name: str, |
1883 | + version: Optional[str] = "", |
1884 | + arch: Optional[str] = "", |
1885 | +) -> Tuple[Union[DebianPackage, str], bool]: |
1886 | + """Adds a package. |
1887 | + |
1888 | + Args: |
1889 | + name: the name(s) of the package(s) |
1890 | + version: an (Optional) version as a string. Defaults to the latest known |
1891 | + arch: an optional architecture for the package |
1892 | + |
1893 | + Returns: a tuple of `DebianPackage` if found, or a :str: if it is not, and |
1894 | + a boolean indicating success |
1895 | + """ |
1896 | + try: |
1897 | + pkg = DebianPackage.from_system(name, version, arch) |
1898 | + pkg.ensure(state=PackageState.Present) |
1899 | + return pkg, True |
1900 | + except PackageNotFoundError: |
1901 | + return name, False |
1902 | + |
1903 | + |
1904 | +def remove_package( |
1905 | + package_names: Union[str, List[str]] |
1906 | +) -> Union[DebianPackage, List[DebianPackage]]: |
1907 | + """Removes a package from the system. |
1908 | + |
1909 | + Args: |
1910 | + package_names: the name of a package |
1911 | + |
1912 | + Raises: |
1913 | + PackageNotFoundError if the package is not found. |
1914 | + """ |
1915 | + packages = [] |
1916 | + |
1917 | + package_names = [package_names] if type(package_names) is str else package_names |
1918 | + if not package_names: |
1919 | + raise TypeError("Expected at least one package name to add, received zero!") |
1920 | + |
1921 | + for p in package_names: |
1922 | + try: |
1923 | + pkg = DebianPackage.from_installed_package(p) |
1924 | + pkg.ensure(state=PackageState.Absent) |
1925 | + packages.append(pkg) |
1926 | + except PackageNotFoundError: |
1927 | + logger.info("package '%s' was requested for removal, but it was not installed.", p) |
1928 | + |
1929 | + # the list of packages will be empty when no package is removed |
1930 | + logger.debug("packages: '%s'", packages) |
1931 | + return packages[0] if len(packages) == 1 else packages |
1932 | + |
1933 | + |
1934 | +def update() -> None: |
1935 | + """Updates the apt cache via `apt-get update`.""" |
1936 | + check_call(["apt-get", "update"], stderr=PIPE, stdout=PIPE) |
1937 | + |
1938 | + |
1939 | +class InvalidSourceError(Error): |
1940 | + """Exceptions for invalid source entries.""" |
1941 | + |
1942 | + |
1943 | +class GPGKeyError(Error): |
1944 | + """Exceptions for GPG keys.""" |
1945 | + |
1946 | + |
1947 | +class DebianRepository: |
1948 | + """An abstraction to represent a repository.""" |
1949 | + |
1950 | + def __init__( |
1951 | + self, |
1952 | + enabled: bool, |
1953 | + repotype: str, |
1954 | + uri: str, |
1955 | + release: str, |
1956 | + groups: List[str], |
1957 | + filename: Optional[str] = "", |
1958 | + gpg_key_filename: Optional[str] = "", |
1959 | + options: Optional[dict] = None, |
1960 | + ): |
1961 | + self._enabled = enabled |
1962 | + self._repotype = repotype |
1963 | + self._uri = uri |
1964 | + self._release = release |
1965 | + self._groups = groups |
1966 | + self._filename = filename |
1967 | + self._gpg_key_filename = gpg_key_filename |
1968 | + self._options = options |
1969 | + |
1970 | + @property |
1971 | + def enabled(self): |
1972 | + """Return whether or not the repository is enabled.""" |
1973 | + return self._enabled |
1974 | + |
1975 | + @property |
1976 | + def repotype(self): |
1977 | + """Return whether it is binary or source.""" |
1978 | + return self._repotype |
1979 | + |
1980 | + @property |
1981 | + def uri(self): |
1982 | + """Return the URI.""" |
1983 | + return self._uri |
1984 | + |
1985 | + @property |
1986 | + def release(self): |
1987 | + """Return which Debian/Ubuntu releases it is valid for.""" |
1988 | + return self._release |
1989 | + |
1990 | + @property |
1991 | + def groups(self): |
1992 | + """Return the enabled package groups.""" |
1993 | + return self._groups |
1994 | + |
1995 | + @property |
1996 | + def filename(self): |
1997 | + """Returns the filename for a repository.""" |
1998 | + return self._filename |
1999 | + |
2000 | + @filename.setter |
2001 | + def filename(self, fname: str) -> None: |
2002 | + """Sets the filename used when a repo is written back to diskself. |
2003 | + |
2004 | + Args: |
2005 | + fname: a filename to write the repository information to. |
2006 | + """ |
2007 | + if not fname.endswith(".list"): |
2008 | + raise InvalidSourceError("apt source filenames should end in .list!") |
2009 | + |
2010 | + self._filename = fname |
2011 | + |
2012 | + @property |
2013 | + def gpg_key(self): |
2014 | + """Returns the path to the GPG key for this repository.""" |
2015 | + return self._gpg_key_filename |
2016 | + |
2017 | + @property |
2018 | + def options(self): |
2019 | + """Returns any additional repo options which are set.""" |
2020 | + return self._options |
2021 | + |
2022 | + def make_options_string(self) -> str: |
2023 | + """Generate the complete options string for a a repository. |
2024 | + |
2025 | + Combining `gpg_key`, if set, and the rest of the options to find |
2026 | + a complex repo string. |
2027 | + """ |
2028 | + options = self._options if self._options else {} |
2029 | + if self._gpg_key_filename: |
2030 | + options["signed-by"] = self._gpg_key_filename |
2031 | + |
2032 | + return ( |
2033 | + "[{}] ".format(" ".join(["{}={}".format(k, v) for k, v in options.items()])) |
2034 | + if options |
2035 | + else "" |
2036 | + ) |
2037 | + |
2038 | + @staticmethod |
2039 | + def prefix_from_uri(uri: str) -> str: |
2040 | + """Get a repo list prefix from the uri, depending on whether a path is set.""" |
2041 | + uridetails = urlparse(uri) |
2042 | + path = ( |
2043 | + uridetails.path.lstrip("/").replace("/", "-") if uridetails.path else uridetails.netloc |
2044 | + ) |
2045 | + return "/etc/apt/sources.list.d/{}".format(path) |
2046 | + |
2047 | + @staticmethod |
2048 | + def from_repo_line(repo_line: str, write_file: Optional[bool] = True) -> "DebianRepository": |
2049 | + """Instantiate a new `DebianRepository` a `sources.list` entry line. |
2050 | + |
2051 | + Args: |
2052 | + repo_line: a string representing a repository entry |
2053 | + write_file: boolean to enable writing the new repo to disk |
2054 | + """ |
2055 | + repo = RepositoryMapping._parse(repo_line, "UserInput") |
2056 | + fname = "{}-{}.list".format( |
2057 | + DebianRepository.prefix_from_uri(repo.uri), repo.release.replace("/", "-") |
2058 | + ) |
2059 | + repo.filename = fname |
2060 | + |
2061 | + options = repo.options if repo.options else {} |
2062 | + if repo.gpg_key: |
2063 | + options["signed-by"] = repo.gpg_key |
2064 | + |
2065 | + # For Python 3.5 it's required to use sorted in the options dict in order to not have |
2066 | + # different results in the order of the options between executions. |
2067 | + options_str = ( |
2068 | + "[{}] ".format(" ".join(["{}={}".format(k, v) for k, v in sorted(options.items())])) |
2069 | + if options |
2070 | + else "" |
2071 | + ) |
2072 | + |
2073 | + if write_file: |
2074 | + with open(fname, "wb") as f: |
2075 | + f.write( |
2076 | + ( |
2077 | + "{}".format("#" if not repo.enabled else "") |
2078 | + + "{} {}{} ".format(repo.repotype, options_str, repo.uri) |
2079 | + + "{} {}\n".format(repo.release, " ".join(repo.groups)) |
2080 | + ).encode("utf-8") |
2081 | + ) |
2082 | + |
2083 | + return repo |
2084 | + |
2085 | + def disable(self) -> None: |
2086 | + """Remove this repository from consideration. |
2087 | + |
2088 | + Disable it instead of removing from the repository file. |
2089 | + """ |
2090 | + searcher = "{} {}{} {}".format( |
2091 | + self.repotype, self.make_options_string(), self.uri, self.release |
2092 | + ) |
2093 | + for line in fileinput.input(self._filename, inplace=True): |
2094 | + if re.match(r"^{}\s".format(re.escape(searcher)), line): |
2095 | + print("# {}".format(line), end="") |
2096 | + else: |
2097 | + print(line, end="") |
2098 | + |
2099 | + def import_key(self, key: str) -> None: |
2100 | + """Import an ASCII Armor key. |
2101 | + |
2102 | + A Radix64 format keyid is also supported for backwards |
2103 | + compatibility. In this case Ubuntu keyserver will be |
2104 | + queried for a key via HTTPS by its keyid. This method |
2105 | + is less preferrable because https proxy servers may |
2106 | + require traffic decryption which is equivalent to a |
2107 | + man-in-the-middle attack (a proxy server impersonates |
2108 | + keyserver TLS certificates and has to be explicitly |
2109 | + trusted by the system). |
2110 | + |
2111 | + Args: |
2112 | + key: A GPG key in ASCII armor format, |
2113 | + including BEGIN and END markers or a keyid. |
2114 | + |
2115 | + Raises: |
2116 | + GPGKeyError if the key could not be imported |
2117 | + """ |
2118 | + key = key.strip() |
2119 | + if "-" in key or "\n" in key: |
2120 | + # Send everything not obviously a keyid to GPG to import, as |
2121 | + # we trust its validation better than our own. eg. handling |
2122 | + # comments before the key. |
2123 | + logger.debug("PGP key found (looks like ASCII Armor format)") |
2124 | + if ( |
2125 | + "-----BEGIN PGP PUBLIC KEY BLOCK-----" in key |
2126 | + and "-----END PGP PUBLIC KEY BLOCK-----" in key |
2127 | + ): |
2128 | + logger.debug("Writing provided PGP key in the binary format") |
2129 | + key_bytes = key.encode("utf-8") |
2130 | + key_name = self._get_keyid_by_gpg_key(key_bytes) |
2131 | + key_gpg = self._dearmor_gpg_key(key_bytes) |
2132 | + self._gpg_key_filename = "/etc/apt/trusted.gpg.d/{}.gpg".format(key_name) |
2133 | + self._write_apt_gpg_keyfile(key_name=self._gpg_key_filename, key_material=key_gpg) |
2134 | + else: |
2135 | + raise GPGKeyError("ASCII armor markers missing from GPG key") |
2136 | + else: |
2137 | + logger.warning( |
2138 | + "PGP key found (looks like Radix64 format). " |
2139 | + "SECURELY importing PGP key from keyserver; " |
2140 | + "full key not provided." |
2141 | + ) |
2142 | + # as of bionic add-apt-repository uses curl with an HTTPS keyserver URL |
2143 | + # to retrieve GPG keys. `apt-key adv` command is deprecated as is |
2144 | + # apt-key in general as noted in its manpage. See lp:1433761 for more |
2145 | + # history. Instead, /etc/apt/trusted.gpg.d is used directly to drop |
2146 | + # gpg |
2147 | + key_asc = self._get_key_by_keyid(key) |
2148 | + # write the key in GPG format so that apt-key list shows it |
2149 | + key_gpg = self._dearmor_gpg_key(key_asc.encode("utf-8")) |
2150 | + self._gpg_key_filename = "/etc/apt/trusted.gpg.d/{}.gpg".format(key) |
2151 | + self._write_apt_gpg_keyfile(key_name=key, key_material=key_gpg) |
2152 | + |
2153 | + @staticmethod |
2154 | + def _get_keyid_by_gpg_key(key_material: bytes) -> str: |
2155 | + """Get a GPG key fingerprint by GPG key material. |
2156 | + |
2157 | + Gets a GPG key fingerprint (40-digit, 160-bit) by the ASCII armor-encoded |
2158 | + or binary GPG key material. Can be used, for example, to generate file |
2159 | + names for keys passed via charm options. |
2160 | + """ |
2161 | + # Use the same gpg command for both Xenial and Bionic |
2162 | + cmd = ["gpg", "--with-colons", "--with-fingerprint"] |
2163 | + ps = subprocess.run( |
2164 | + cmd, |
2165 | + stdout=PIPE, |
2166 | + stderr=PIPE, |
2167 | + input=key_material, |
2168 | + ) |
2169 | + out, err = ps.stdout.decode(), ps.stderr.decode() |
2170 | + if "gpg: no valid OpenPGP data found." in err: |
2171 | + raise GPGKeyError("Invalid GPG key material provided") |
2172 | + # from gnupg2 docs: fpr :: Fingerprint (fingerprint is in field 10) |
2173 | + return re.search(r"^fpr:{9}([0-9A-F]{40}):$", out, re.MULTILINE).group(1) |
2174 | + |
2175 | + @staticmethod |
2176 | + def _get_key_by_keyid(keyid: str) -> str: |
2177 | + """Get a key via HTTPS from the Ubuntu keyserver. |
2178 | + |
2179 | + Different key ID formats are supported by SKS keyservers (the longer ones |
2180 | + are more secure, see "dead beef attack" and https://evil32.com/). Since |
2181 | + HTTPS is used, if SSLBump-like HTTPS proxies are in place, they will |
2182 | + impersonate keyserver.ubuntu.com and generate a certificate with |
2183 | + keyserver.ubuntu.com in the CN field or in SubjAltName fields of a |
2184 | + certificate. If such proxy behavior is expected it is necessary to add the |
2185 | + CA certificate chain containing the intermediate CA of the SSLBump proxy to |
2186 | + every machine that this code runs on via ca-certs cloud-init directive (via |
2187 | + cloudinit-userdata model-config) or via other means (such as through a |
2188 | + custom charm option). Also note that DNS resolution for the hostname in a |
2189 | + URL is done at a proxy server - not at the client side. |
2190 | + 8-digit (32 bit) key ID |
2191 | + https://keyserver.ubuntu.com/pks/lookup?search=0x4652B4E6 |
2192 | + 16-digit (64 bit) key ID |
2193 | + https://keyserver.ubuntu.com/pks/lookup?search=0x6E85A86E4652B4E6 |
2194 | + 40-digit key ID: |
2195 | + https://keyserver.ubuntu.com/pks/lookup?search=0x35F77D63B5CEC106C577ED856E85A86E4652B4E6 |
2196 | + |
2197 | + Args: |
2198 | + keyid: An 8, 16 or 40 hex digit keyid to find a key for |
2199 | + |
2200 | + Returns: |
2201 | + A string contining key material for the specified GPG key id |
2202 | + |
2203 | + |
2204 | + Raises: |
2205 | + subprocess.CalledProcessError |
2206 | + """ |
2207 | + # options=mr - machine-readable output (disables html wrappers) |
2208 | + keyserver_url = ( |
2209 | + "https://keyserver.ubuntu.com" "/pks/lookup?op=get&options=mr&exact=on&search=0x{}" |
2210 | + ) |
2211 | + curl_cmd = ["curl", keyserver_url.format(keyid)] |
2212 | + # use proxy server settings in order to retrieve the key |
2213 | + return check_output(curl_cmd).decode() |
2214 | + |
2215 | + @staticmethod |
2216 | + def _dearmor_gpg_key(key_asc: bytes) -> bytes: |
2217 | + """Converts a GPG key in the ASCII armor format to the binary format. |
2218 | + |
2219 | + Args: |
2220 | + key_asc: A GPG key in ASCII armor format. |
2221 | + |
2222 | + Returns: |
2223 | + A GPG key in binary format as a string |
2224 | + |
2225 | + Raises: |
2226 | + GPGKeyError |
2227 | + """ |
2228 | + ps = subprocess.run(["gpg", "--dearmor"], stdout=PIPE, stderr=PIPE, input=key_asc) |
2229 | + out, err = ps.stdout, ps.stderr.decode() |
2230 | + if "gpg: no valid OpenPGP data found." in err: |
2231 | + raise GPGKeyError( |
2232 | + "Invalid GPG key material. Check your network setup" |
2233 | + " (MTU, routing, DNS) and/or proxy server settings" |
2234 | + " as well as destination keyserver status." |
2235 | + ) |
2236 | + else: |
2237 | + return out |
2238 | + |
2239 | + @staticmethod |
2240 | + def _write_apt_gpg_keyfile(key_name: str, key_material: bytes) -> None: |
2241 | + """Writes GPG key material into a file at a provided path. |
2242 | + |
2243 | + Args: |
2244 | + key_name: A key name to use for a key file (could be a fingerprint) |
2245 | + key_material: A GPG key material (binary) |
2246 | + """ |
2247 | + with open(key_name, "wb") as keyf: |
2248 | + keyf.write(key_material) |
2249 | + |
2250 | + |
2251 | +class RepositoryMapping(Mapping): |
2252 | + """An representation of known repositories. |
2253 | + |
2254 | + Instantiation of `RepositoryMapping` will iterate through the |
2255 | + filesystem, parse out repository files in `/etc/apt/...`, and create |
2256 | + `DebianRepository` objects in this list. |
2257 | + |
2258 | + Typical usage: |
2259 | + |
2260 | + repositories = apt.RepositoryMapping() |
2261 | + repositories.add(DebianRepository( |
2262 | + enabled=True, repotype="deb", uri="https://example.com", release="focal", |
2263 | + groups=["universe"] |
2264 | + )) |
2265 | + """ |
2266 | + |
2267 | + def __init__(self): |
2268 | + self._repository_map = {} |
2269 | + # Repositories that we're adding -- used to implement mode param |
2270 | + self.default_file = "/etc/apt/sources.list" |
2271 | + |
2272 | + # read sources.list if it exists |
2273 | + if os.path.isfile(self.default_file): |
2274 | + self.load(self.default_file) |
2275 | + |
2276 | + # read sources.list.d |
2277 | + for file in glob.iglob("/etc/apt/sources.list.d/*.list"): |
2278 | + self.load(file) |
2279 | + |
2280 | + def __contains__(self, key: str) -> bool: |
2281 | + """Magic method for checking presence of repo in mapping.""" |
2282 | + return key in self._repository_map |
2283 | + |
2284 | + def __len__(self) -> int: |
2285 | + """Return number of repositories in map.""" |
2286 | + return len(self._repository_map) |
2287 | + |
2288 | + def __iter__(self) -> Iterable[DebianRepository]: |
2289 | + """Iterator magic method for RepositoryMapping.""" |
2290 | + return iter(self._repository_map.values()) |
2291 | + |
2292 | + def __getitem__(self, repository_uri: str) -> DebianRepository: |
2293 | + """Return a given `DebianRepository`.""" |
2294 | + return self._repository_map[repository_uri] |
2295 | + |
2296 | + def __setitem__(self, repository_uri: str, repository: DebianRepository) -> None: |
2297 | + """Add a `DebianRepository` to the cache.""" |
2298 | + self._repository_map[repository_uri] = repository |
2299 | + |
2300 | + def load(self, filename: str): |
2301 | + """Load a repository source file into the cache. |
2302 | + |
2303 | + Args: |
2304 | + filename: the path to the repository file |
2305 | + """ |
2306 | + parsed = [] |
2307 | + skipped = [] |
2308 | + with open(filename, "r") as f: |
2309 | + for n, line in enumerate(f): |
2310 | + try: |
2311 | + repo = self._parse(line, filename) |
2312 | + except InvalidSourceError: |
2313 | + skipped.append(n) |
2314 | + else: |
2315 | + repo_identifier = "{}-{}-{}".format(repo.repotype, repo.uri, repo.release) |
2316 | + self._repository_map[repo_identifier] = repo |
2317 | + parsed.append(n) |
2318 | + logger.debug("parsed repo: '%s'", repo_identifier) |
2319 | + |
2320 | + if skipped: |
2321 | + skip_list = ", ".join(str(s) for s in skipped) |
2322 | + logger.debug("skipped the following lines in file '%s': %s", filename, skip_list) |
2323 | + |
2324 | + if parsed: |
2325 | + logger.info("parsed %d apt package repositories", len(parsed)) |
2326 | + else: |
2327 | + raise InvalidSourceError("all repository lines in '{}' were invalid!".format(filename)) |
2328 | + |
2329 | + @staticmethod |
2330 | + def _parse(line: str, filename: str) -> DebianRepository: |
2331 | + """Parse a line in a sources.list file. |
2332 | + |
2333 | + Args: |
2334 | + line: a single line from `load` to parse |
2335 | + filename: the filename being read |
2336 | + |
2337 | + Raises: |
2338 | + InvalidSourceError if the source type is unknown |
2339 | + """ |
2340 | + enabled = True |
2341 | + repotype = uri = release = gpg_key = "" |
2342 | + options = {} |
2343 | + groups = [] |
2344 | + |
2345 | + line = line.strip() |
2346 | + if line.startswith("#"): |
2347 | + enabled = False |
2348 | + line = line[1:] |
2349 | + |
2350 | + # Check for "#" in the line and treat a part after it as a comment then strip it off. |
2351 | + i = line.find("#") |
2352 | + if i > 0: |
2353 | + line = line[:i] |
2354 | + |
2355 | + # Split a source into substrings to initialize a new repo. |
2356 | + source = line.strip() |
2357 | + if source: |
2358 | + # Match any repo options, and get a dict representation. |
2359 | + for v in re.findall(OPTIONS_MATCHER, source): |
2360 | + opts = dict(o.split("=") for o in v.strip("[]").split()) |
2361 | + # Extract the 'signed-by' option for the gpg_key |
2362 | + gpg_key = opts.pop("signed-by", "") |
2363 | + options = opts |
2364 | + |
2365 | + # Remove any options from the source string and split the string into chunks |
2366 | + source = re.sub(OPTIONS_MATCHER, "", source) |
2367 | + chunks = source.split() |
2368 | + |
2369 | + # Check we've got a valid list of chunks |
2370 | + if len(chunks) < 3 or chunks[0] not in VALID_SOURCE_TYPES: |
2371 | + raise InvalidSourceError("An invalid sources line was found in %s!", filename) |
2372 | + |
2373 | + repotype = chunks[0] |
2374 | + uri = chunks[1] |
2375 | + release = chunks[2] |
2376 | + groups = chunks[3:] |
2377 | + |
2378 | + return DebianRepository( |
2379 | + enabled, repotype, uri, release, groups, filename, gpg_key, options |
2380 | + ) |
2381 | + else: |
2382 | + raise InvalidSourceError("An invalid sources line was found in %s!", filename) |
2383 | + |
2384 | + def add(self, repo: DebianRepository, default_filename: Optional[bool] = False) -> None: |
2385 | + """Add a new repository to the system. |
2386 | + |
2387 | + Args: |
2388 | + repo: a `DebianRepository` object |
2389 | + default_filename: an (Optional) filename if the default is not desirable |
2390 | + """ |
2391 | + new_filename = "{}-{}.list".format( |
2392 | + DebianRepository.prefix_from_uri(repo.uri), repo.release.replace("/", "-") |
2393 | + ) |
2394 | + |
2395 | + fname = repo.filename or new_filename |
2396 | + |
2397 | + options = repo.options if repo.options else {} |
2398 | + if repo.gpg_key: |
2399 | + options["signed-by"] = repo.gpg_key |
2400 | + |
2401 | + with open(fname, "wb") as f: |
2402 | + f.write( |
2403 | + ( |
2404 | + "{}".format("#" if not repo.enabled else "") |
2405 | + + "{} {}{} ".format(repo.repotype, repo.make_options_string(), repo.uri) |
2406 | + + "{} {}\n".format(repo.release, " ".join(repo.groups)) |
2407 | + ).encode("utf-8") |
2408 | + ) |
2409 | + |
2410 | + self._repository_map["{}-{}-{}".format(repo.repotype, repo.uri, repo.release)] = repo |
2411 | + |
2412 | + def disable(self, repo: DebianRepository) -> None: |
2413 | + """Remove a repository. Disable by default. |
2414 | + |
2415 | + Args: |
2416 | + repo: a `DebianRepository` to disable |
2417 | + """ |
2418 | + searcher = "{} {}{} {}".format( |
2419 | + repo.repotype, repo.make_options_string(), repo.uri, repo.release |
2420 | + ) |
2421 | + |
2422 | + for line in fileinput.input(repo.filename, inplace=True): |
2423 | + if re.match(r"^{}\s".format(re.escape(searcher)), line): |
2424 | + print("# {}".format(line), end="") |
2425 | + else: |
2426 | + print(line, end="") |
2427 | + |
2428 | + self._repository_map["{}-{}-{}".format(repo.repotype, repo.uri, repo.release)] = repo |
2429 | diff --git a/metadata.yaml b/metadata.yaml |
2430 | index de1439f..5becf33 100644 |
2431 | --- a/metadata.yaml |
2432 | +++ b/metadata.yaml |
2433 | @@ -1,23 +1,14 @@ |
2434 | -# Copyright 2022 Barry Price |
2435 | -# See LICENSE file for licensing details. |
2436 | - |
2437 | -# For a complete list of supported options, see: |
2438 | -# https://juju.is/docs/sdk/metadata-reference |
2439 | -name: charm-tor |
2440 | -display-name: | |
2441 | - TEMPLATE-TODO: fill out a display name for the Charmcraft store |
2442 | +name: charm-tor-hidden-service |
2443 | +display-name: Tor Hidden Service Charmed Operator |
2444 | +summary: Tor Hidden Service Charmed Operator |
2445 | description: | |
2446 | - TEMPLATE-TODO: fill out the charm's description |
2447 | -summary: | |
2448 | - TEMPLATE-TODO: fill out the charm's summary |
2449 | - |
2450 | -# TEMPLATE-TODO: replace with containers for your workload (delete for non-k8s) |
2451 | -containers: |
2452 | - httpbin: |
2453 | - resource: httpbin-image |
2454 | + Tor is free software and an open network that helps you defend against |
2455 | + traffic analysis, a form of network surveillance that threatens personal |
2456 | + freedom and privacy, confidential business activities and relationships, and |
2457 | + state security. |
2458 | +requires: |
2459 | + reverseproxy: |
2460 | + interface: http |
2461 | +series: |
2462 | + - jammy |
2463 | |
2464 | -# TEMPLATE-TODO: each container defined above must specify an oci-image resource |
2465 | -resources: |
2466 | - httpbin-image: |
2467 | - type: oci-image |
2468 | - description: OCI image for httpbin (kennethreitz/httpbin) |
2469 | diff --git a/pyproject.toml b/pyproject.toml |
2470 | new file mode 100644 |
2471 | index 0000000..177269a |
2472 | --- /dev/null |
2473 | +++ b/pyproject.toml |
2474 | @@ -0,0 +1,38 @@ |
2475 | +# Copyright 2022 Canonical Ltd. |
2476 | +# See LICENSE file for licensing details. |
2477 | + |
2478 | +# Testing tools configuration |
2479 | +[tool.coverage.run] |
2480 | +branch = true |
2481 | + |
2482 | +[tool.coverage.report] |
2483 | +show_missing = true |
2484 | + |
2485 | +[tool.pytest.ini_options] |
2486 | +minversion = "6.0" |
2487 | +log_cli_level = "INFO" |
2488 | + |
2489 | +# Formatting tools configuration |
2490 | +[tool.black] |
2491 | +line-length = 99 |
2492 | +target-version = ["py310"] |
2493 | + |
2494 | +[tool.isort] |
2495 | +profile = "black" |
2496 | + |
2497 | +# Linting tools configuration |
2498 | +[tool.flake8] |
2499 | +max-line-length = 99 |
2500 | +max-doc-length = 99 |
2501 | +max-complexity = 10 |
2502 | +exclude = [".git", "__pycache__", ".tox", "build", "dist", "*.egg_info", "venv"] |
2503 | +select = ["E", "W", "F", "C", "N", "R", "D", "H"] |
2504 | +# Ignore D107 Missing docstring in __init__ |
2505 | +ignore = ["D107"] |
2506 | +# D100, D101, D102, D103: Ignore missing docstrings in tests |
2507 | +per-file-ignores = ["tests/*:D100,D101,D102,D103,D104"] |
2508 | +docstring-convention = "google" |
2509 | +# Check for properly formatted copyright header in each file |
2510 | +copyright-check = "True" |
2511 | +copyright-author = "Canonical Ltd." |
2512 | +copyright-regexp = "Copyright\\s\\d{4}([-,]\\d{4})*\\s+%(author)s" |
2513 | diff --git a/src/charm.py b/src/charm.py |
2514 | index 2cac651..73b10fa 100755 |
2515 | --- a/src/charm.py |
2516 | +++ b/src/charm.py |
2517 | @@ -1,104 +1,206 @@ |
2518 | #!/usr/bin/env python3 |
2519 | -# Copyright 2022 Barry Price |
2520 | +# Copyright 2022 Canonical Ltd. |
2521 | # See LICENSE file for licensing details. |
2522 | -# |
2523 | -# Learn more at: https://juju.is/docs/sdk |
2524 | |
2525 | -"""Charm the service. |
2526 | - |
2527 | -Refer to the following post for a quick-start guide that will help you |
2528 | -develop a new k8s charm using the Operator Framework: |
2529 | - |
2530 | - https://discourse.charmhub.io/t/4208 |
2531 | -""" |
2532 | +"""Charmed Operator to provide Tor hidden services.""" |
2533 | |
2534 | import logging |
2535 | - |
2536 | -from ops.charm import CharmBase |
2537 | +import os |
2538 | +import shutil |
2539 | +import subprocess |
2540 | +import urllib.request |
2541 | + |
2542 | +import jinja2 |
2543 | + |
2544 | +from charms.operator_libs_linux.v0 import apt |
2545 | +from ops.charm import ( |
2546 | + CharmBase, |
2547 | + RelationChangedEvent, |
2548 | +) |
2549 | from ops.framework import StoredState |
2550 | from ops.main import main |
2551 | -from ops.model import ActiveStatus |
2552 | +from ops.model import ( |
2553 | + BlockedStatus, |
2554 | + Unit, |
2555 | +) |
2556 | |
2557 | logger = logging.getLogger(__name__) |
2558 | |
2559 | |
2560 | -class CharmTorCharm(CharmBase): |
2561 | - """Charm the service.""" |
2562 | +def get_series(): |
2563 | + """Return the installed Ubuntu series (e.g. "jammy").""" |
2564 | + return subprocess.check_output(["lsb_release", "-sc"]).decode('utf-8').strip() |
2565 | |
2566 | - _stored = StoredState() |
2567 | |
2568 | - def __init__(self, *args): |
2569 | - super().__init__(*args) |
2570 | - self.framework.observe(self.on.httpbin_pebble_ready, self._on_httpbin_pebble_ready) |
2571 | - self.framework.observe(self.on.config_changed, self._on_config_changed) |
2572 | - self.framework.observe(self.on.fortune_action, self._on_fortune_action) |
2573 | - self._stored.set_default(things=[]) |
2574 | - |
2575 | - def _on_httpbin_pebble_ready(self, event): |
2576 | - """Define and start a workload using the Pebble API. |
2577 | - |
2578 | - TEMPLATE-TODO: change this example to suit your needs. |
2579 | - You'll need to specify the right entrypoint and environment |
2580 | - configuration for your specific workload. Tip: you can see the |
2581 | - standard entrypoint of an existing container using docker inspect |
2582 | - |
2583 | - Learn more about Pebble layers at https://github.com/canonical/pebble |
2584 | - """ |
2585 | - # Get a reference the container attribute on the PebbleReadyEvent |
2586 | - container = event.workload |
2587 | - # Define an initial Pebble layer configuration |
2588 | - pebble_layer = { |
2589 | - "summary": "httpbin layer", |
2590 | - "description": "pebble config layer for httpbin", |
2591 | - "services": { |
2592 | - "httpbin": { |
2593 | - "override": "replace", |
2594 | - "summary": "httpbin", |
2595 | - "command": "gunicorn -b 0.0.0.0:80 httpbin:app -k gevent", |
2596 | - "startup": "enabled", |
2597 | - "environment": {"thing": self.model.config["thing"]}, |
2598 | - } |
2599 | - }, |
2600 | - } |
2601 | - # Add initial Pebble config layer using the Pebble API |
2602 | - container.add_layer("httpbin", pebble_layer, combine=True) |
2603 | - # Autostart any services that were defined with startup: enabled |
2604 | - container.autostart() |
2605 | - # Learn more about statuses in the SDK docs: |
2606 | - # https://juju.is/docs/sdk/constructs#heading--statuses |
2607 | - self.unit.status = ActiveStatus() |
2608 | +def install_tor_repo(): |
2609 | + """Authenticate, install and pin the tor package to the torproject.org repo.""" |
2610 | + # Installation is based on Tor installation instructions for Debian/Ubuntu: |
2611 | + # https://support.torproject.org/apt/tor-deb-repo/ |
2612 | + keyring_path = "/usr/share/keyrings/tor-archive-keyring.gpg" |
2613 | + base_url = "https://deb.torproject.org/torproject.org" |
2614 | |
2615 | - def _on_config_changed(self, _): |
2616 | - """Just an example to show how to deal with changed configuration. |
2617 | + # retrieve the signing key |
2618 | + keyring_url = "{}/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc".format(base_url) |
2619 | + with urllib.request.urlopen(keyring_url) as f: |
2620 | + keyring = f.read() |
2621 | + |
2622 | + with open(keyring_path, "wb") as f: |
2623 | + f.write(keyring) |
2624 | + |
2625 | + # identify our running series |
2626 | + series = get_series() |
2627 | + |
2628 | + # build .list file |
2629 | + tor_list = "deb [signed-by={}] {} {} main\n".format(keyring_path, base_url, series) |
2630 | + tor_list += "deb-src [signed-by={}] {} {} main\n".format(keyring_path, base_url, series) |
2631 | |
2632 | - TEMPLATE-TODO: change this example to suit your needs. |
2633 | - If you don't need to handle config, you can remove this method, |
2634 | - the hook created in __init__.py for it, the corresponding test, |
2635 | - and the config.py file. |
2636 | + # write .list file |
2637 | + with open("/etc/apt/sources.list.d/tor.list", "wb") as f: |
2638 | + f.write(tor_list.encode('utf-8')) |
2639 | |
2640 | - Learn more about config at https://juju.is/docs/sdk/config |
2641 | - """ |
2642 | - current = self.config["thing"] |
2643 | - if current not in self._stored.things: |
2644 | - logger.debug("found a new thing: %r", current) |
2645 | - self._stored.things.append(current) |
2646 | + # pin the tor package to this repo |
2647 | + pin_config = "Package: tor\n" |
2648 | + pin_config += "Pin: release c=main\n" |
2649 | + pin_config += "Pin-Priority: 900\n\n" |
2650 | |
2651 | - def _on_fortune_action(self, event): |
2652 | - """Just an example to show how to receive actions. |
2653 | + # don't use the universe version |
2654 | + pin_config += "Package: tor\n" |
2655 | + pin_config += "Pin: release c=universe\n" |
2656 | + pin_config += "Pin-Priority: 1\n\n" |
2657 | |
2658 | - TEMPLATE-TODO: change this example to suit your needs. |
2659 | - If you don't need to handle actions, you can remove this method, |
2660 | - the hook created in __init__.py for it, the corresponding test, |
2661 | - and the actions.py file. |
2662 | + with open("/etc/apt/preferences.d/tor-pin", "wb") as f: |
2663 | + f.write(pin_config.encode('utf-8')) |
2664 | |
2665 | - Learn more about actions at https://juju.is/docs/sdk/actions |
2666 | - """ |
2667 | - fail = event.params["fail"] |
2668 | - if fail: |
2669 | - event.fail(fail) |
2670 | - else: |
2671 | - event.set_results({"fortune": "A bug in the code is worth two in the documentation."}) |
2672 | + |
2673 | +def remove_tor_repo(): |
2674 | + """Remove and unpin the torproject.org repo.""" |
2675 | + paths = ( |
2676 | + "/etc/apt/sources.list.d/tor.list", |
2677 | + "/etc/apt/preferences.d/tor-pin", |
2678 | + "/usr/share/keyrings/tor-archive-keyring.gpg", |
2679 | + ) |
2680 | + for p in paths: |
2681 | + if os.path.isfile(p): |
2682 | + os.unlink(p) |
2683 | + |
2684 | + |
2685 | +class TorCharm(CharmBase): |
2686 | + """Charm the tor service.""" |
2687 | + |
2688 | + _state = StoredState() |
2689 | + |
2690 | + def __init__(self, *args): |
2691 | + super().__init__(*args) |
2692 | + self._state.set_default( |
2693 | + need_package_apt_transport_https=True, |
2694 | + need_package_gpg=True, |
2695 | + need_package_tor=True, |
2696 | + ) |
2697 | + self.framework.observe(self.on.config_changed, self._on_config_changed) |
2698 | + self.framework.observe( |
2699 | + self.on.reverseproxy_relation_changed, self._on_reverseproxy_relation_changed |
2700 | + ) |
2701 | + |
2702 | + def _on_config_changed(self, _): |
2703 | + """Handle config changes.""" |
2704 | + # ensure required packages are installed |
2705 | + self._ensure_apt_transport_https() |
2706 | + self._ensure_gpg() |
2707 | + self._ensure_tor() |
2708 | + |
2709 | + def _ensure_apt_transport_https(self): |
2710 | + if self._state.need_package_apt_transport_https: |
2711 | + logger.info("Ensuring apt-transport-https is installed") |
2712 | + apt.add_package("apt-transport-https", update_cache=True) |
2713 | + self._state.need_package_apt_transport_https = False |
2714 | + |
2715 | + def _ensure_gpg(self): |
2716 | + if self._state.need_package_gpg: |
2717 | + logger.info("Ensuring gpg is installed") |
2718 | + apt.add_package("gpg", update_cache=True) |
2719 | + self._state.need_package_gpg = False |
2720 | + |
2721 | + def _ensure_tor(self): |
2722 | + if self._state.need_package_tor: |
2723 | + tor_source = self.model.config['tor_source'] |
2724 | + if tor_source == 'ubuntu': |
2725 | + logger.info("Source is ubuntu, ensuring torproject repo is not set up") |
2726 | + remove_tor_repo() |
2727 | + elif tor_source == 'torproject': |
2728 | + logger.info("Source is torproject, ensuring torproject repo is set up") |
2729 | + install_tor_repo() |
2730 | + else: |
2731 | + err = "Unexpected tor_source value: {}".format(tor_source) |
2732 | + logger.error(err) |
2733 | + self.unit.status = BlockedStatus(err) |
2734 | + logger.info("Ensuring tor is installed") |
2735 | + apt.add_package("tor", update_cache=True) |
2736 | + |
2737 | + def _tor_setup(self, services): |
2738 | + cfg = {} |
2739 | + cfg['socks5_port'] = self.model.config['socks5_port'] |
2740 | + root_dir = '/var/lib/tor' |
2741 | + for k, v in services.items(): |
2742 | + logger.info('Got service name {} with value {}'.format(k, v)) |
2743 | + service_dir = '{}/{}'.format(root_dir, v.get('servername')) |
2744 | + if not os.path.isdir(service_dir): |
2745 | + subprocess.check_call( |
2746 | + ['install', '-d', service_dir, '-o', 'debian-tor', '-m', '700'] |
2747 | + ) |
2748 | + |
2749 | + for file in os.listdir(root_dir): |
2750 | + if os.path.isdir(file): |
2751 | + basename = os.path.basename(file) |
2752 | + for k, v in services.items(): |
2753 | + if k.get('servername') == basename: |
2754 | + # keep this configured directory |
2755 | + pass |
2756 | + else: |
2757 | + logger.info('Removing unconfigured site {}'.format(basename)) |
2758 | + shutil.rmtree(file) |
2759 | + |
2760 | + # NOTE: Once the below closed issue is actually resolved[1], this function |
2761 | + # should be replaced with a built-in one in Operator Framework. |
2762 | + # [1]: https://github.com/canonical/operator/issues/228 |
2763 | + |
2764 | + list_services = [] |
2765 | + for k, v in services.items(): |
2766 | + list_services.append(v) |
2767 | + |
2768 | + templates = jinja2.Environment( |
2769 | + loader=jinja2.FileSystemLoader(self.charm_dir / "templates"), |
2770 | + ) |
2771 | + template = templates.get_template("torrc") |
2772 | + torrc = template.render({'cfg': cfg, 'services': list_services}) |
2773 | + |
2774 | + torrc_filename = '/etc/tor/torrc' |
2775 | + |
2776 | + with open(torrc_filename, 'wb') as f: |
2777 | + f.write(torrc.encode('utf-8')) |
2778 | + |
2779 | + def _on_reverseproxy_relation_changed(self, event: RelationChangedEvent): |
2780 | + unit_data = event.relation.data |
2781 | + logger.info(unit_data) |
2782 | + services = {} |
2783 | + for unit in unit_data: |
2784 | + if not isinstance(unit, Unit): |
2785 | + logger.info("Skipping data of type {}".format(type(unit))) |
2786 | + continue |
2787 | + if unit.name == self.unit.name: |
2788 | + logger.info("Skipping our own unit ({})".format(unit.name)) |
2789 | + continue |
2790 | + logger.info("Found related unit {}".format(unit)) |
2791 | + |
2792 | + services.update({ |
2793 | + unit.name: { |
2794 | + 'hostname': unit_data[unit].get('hostname'), |
2795 | + 'private_address': unit_data[unit].get('private-address'), |
2796 | + 'port': unit_data[unit].get('port'), |
2797 | + 'servername': unit_data[unit].get('servername'), |
2798 | + } |
2799 | + }) |
2800 | + self._tor_setup(services) |
2801 | |
2802 | |
2803 | if __name__ == "__main__": |
2804 | - main(CharmTorCharm) |
2805 | + main(TorCharm) |
2806 | diff --git a/templates/torrc b/templates/torrc |
2807 | new file mode 100644 |
2808 | index 0000000..d709005 |
2809 | --- /dev/null |
2810 | +++ b/templates/torrc |
2811 | @@ -0,0 +1,12 @@ |
2812 | +# torrc generated by Juju. |
2813 | +# Do not edit, changes are subject to being overwritten. |
2814 | + |
2815 | +SocksPort 127.0.0.1:{{ cfg.socks5_port }} |
2816 | + |
2817 | +{% for service in services %} |
2818 | +HiddenServiceDir /var/lib/tor/{{ service.servername }}/ |
2819 | +# service.hostname is {{ service.hostname }} |
2820 | +# service.private-address is {{ service.private_address }} |
2821 | +HiddenServicePort {{ service.port }} {{ service.private_address }}:{{ service.port }} |
2822 | + |
2823 | +{% endfor %} |
2824 | diff --git a/tests/__init__.py b/tests/__init__.py |
2825 | index e163492..0c77dd5 100644 |
2826 | --- a/tests/__init__.py |
2827 | +++ b/tests/__init__.py |
2828 | @@ -1,2 +1,6 @@ |
2829 | +# Copyright 2022 Canonical Ltd. |
2830 | +# See LICENSE file for licensing details. |
2831 | + |
2832 | import ops.testing |
2833 | + |
2834 | ops.testing.SIMULATE_CAN_CONNECT = True |
2835 | diff --git a/tests/test_charm.py b/tests/test_charm.py |
2836 | index 0830b8d..c7e4d40 100644 |
2837 | --- a/tests/test_charm.py |
2838 | +++ b/tests/test_charm.py |
2839 | @@ -1,15 +1,12 @@ |
2840 | -# Copyright 2022 Barry Price |
2841 | +# Copyright 2022 Canonical Ltd. |
2842 | # See LICENSE file for licensing details. |
2843 | -# |
2844 | -# Learn more about testing at: https://juju.is/docs/sdk/testing |
2845 | |
2846 | import unittest |
2847 | -from unittest.mock import Mock |
2848 | |
2849 | -from charm import CharmTorCharm |
2850 | -from ops.model import ActiveStatus |
2851 | from ops.testing import Harness |
2852 | |
2853 | +from charm import CharmTorCharm |
2854 | + |
2855 | |
2856 | class TestCharm(unittest.TestCase): |
2857 | def setUp(self): |
2858 | @@ -19,50 +16,5 @@ class TestCharm(unittest.TestCase): |
2859 | |
2860 | def test_config_changed(self): |
2861 | self.assertEqual(list(self.harness.charm._stored.things), []) |
2862 | - self.harness.update_config({"thing": "foo"}) |
2863 | - self.assertEqual(list(self.harness.charm._stored.things), ["foo"]) |
2864 | - |
2865 | - def test_action(self): |
2866 | - # the harness doesn't (yet!) help much with actions themselves |
2867 | - action_event = Mock(params={"fail": ""}) |
2868 | - self.harness.charm._on_fortune_action(action_event) |
2869 | - |
2870 | - self.assertTrue(action_event.set_results.called) |
2871 | - |
2872 | - def test_action_fail(self): |
2873 | - action_event = Mock(params={"fail": "fail this"}) |
2874 | - self.harness.charm._on_fortune_action(action_event) |
2875 | - |
2876 | - self.assertEqual(action_event.fail.call_args, [("fail this",)]) |
2877 | - |
2878 | - def test_httpbin_pebble_ready(self): |
2879 | - # Simulate making the Pebble socket available |
2880 | - self.harness.set_can_connect("httpbin", True) |
2881 | - # Check the initial Pebble plan is empty |
2882 | - initial_plan = self.harness.get_container_pebble_plan("httpbin") |
2883 | - self.assertEqual(initial_plan.to_yaml(), "{}\n") |
2884 | - # Expected plan after Pebble ready with default config |
2885 | - expected_plan = { |
2886 | - "services": { |
2887 | - "httpbin": { |
2888 | - "override": "replace", |
2889 | - "summary": "httpbin", |
2890 | - "command": "gunicorn -b 0.0.0.0:80 httpbin:app -k gevent", |
2891 | - "startup": "enabled", |
2892 | - "environment": {"thing": "🎁"}, |
2893 | - } |
2894 | - }, |
2895 | - } |
2896 | - # Get the httpbin container from the model |
2897 | - container = self.harness.model.unit.get_container("httpbin") |
2898 | - # Emit the PebbleReadyEvent carrying the httpbin container |
2899 | - self.harness.charm.on.httpbin_pebble_ready.emit(container) |
2900 | - # Get the plan now we've run PebbleReady |
2901 | - updated_plan = self.harness.get_container_pebble_plan("httpbin").to_dict() |
2902 | - # Check we've got the plan we expected |
2903 | - self.assertEqual(expected_plan, updated_plan) |
2904 | - # Check the service was started |
2905 | - service = self.harness.model.unit.get_container("httpbin").get_service("httpbin") |
2906 | - self.assertTrue(service.is_running()) |
2907 | - # Ensure we set an ActiveStatus with no message |
2908 | - self.assertEqual(self.harness.model.unit.status, ActiveStatus()) |
2909 | + self.harness.update_config({"tor-mode": "hidden"}) |
2910 | + self.assertEqual(list(self.harness.charm._stored.things), ["hidden"]) |
2911 | diff --git a/tox.ini b/tox.ini |
2912 | new file mode 100644 |
2913 | index 0000000..bca0088 |
2914 | --- /dev/null |
2915 | +++ b/tox.ini |
2916 | @@ -0,0 +1,78 @@ |
2917 | +# Copyright 2022 Canonical Ltd. |
2918 | +# See LICENSE file for licensing details. |
2919 | + |
2920 | +[tox] |
2921 | +skipsdist=True |
2922 | +skip_missing_interpreters = True |
2923 | +envlist = lint, unit |
2924 | + |
2925 | +[vars] |
2926 | +src_path = {toxinidir}/src/ |
2927 | +tst_path = {toxinidir}/tests/ |
2928 | +lib_path = {toxinidir}/lib/charms/operator_libs_linux |
2929 | +all_path = {[vars]src_path} {[vars]tst_path} |
2930 | + |
2931 | +[testenv] |
2932 | +setenv = |
2933 | + PYTHONPATH = {toxinidir}:{toxinidir}/lib:{[vars]src_path} |
2934 | + PYTHONBREAKPOINT=ipdb.set_trace |
2935 | + PY_COLORS=1 |
2936 | +passenv = |
2937 | + PYTHONPATH |
2938 | + HOME |
2939 | + PATH |
2940 | + CHARM_BUILD_DIR |
2941 | + MODEL_SETTINGS |
2942 | + HTTP_PROXY |
2943 | + HTTPS_PROXY |
2944 | + NO_PROXY |
2945 | + |
2946 | +[testenv:fmt] |
2947 | +description = Apply coding style standards to code |
2948 | +deps = |
2949 | + black |
2950 | + isort |
2951 | +commands = |
2952 | + isort {[vars]all_path} |
2953 | + black {[vars]all_path} |
2954 | + |
2955 | +[testenv:lint] |
2956 | +description = Check code against coding style standards |
2957 | +deps = |
2958 | + black |
2959 | + flake8 |
2960 | + flake8-docstrings |
2961 | + flake8-copyright |
2962 | + flake8-builtins |
2963 | + pyproject-flake8 |
2964 | + pep8-naming |
2965 | + isort |
2966 | + codespell |
2967 | +commands = |
2968 | + codespell {toxinidir}/*.yaml {toxinidir}/*.ini {toxinidir}/*.md \ |
2969 | + {toxinidir}/*.toml {toxinidir}/*.txt {toxinidir}/.github |
2970 | + # pflake8 wrapper supports config from pyproject.toml |
2971 | + pflake8 {[vars]all_path} |
2972 | + isort --check-only --diff {[vars]all_path} |
2973 | + black --check --diff {[vars]all_path} |
2974 | + |
2975 | +[testenv:unit] |
2976 | +description = Run unit tests |
2977 | +deps = |
2978 | + pytest |
2979 | + coverage[toml] |
2980 | + -r{toxinidir}/requirements.txt |
2981 | +commands = |
2982 | + coverage run --source={[vars]src_path} \ |
2983 | + -m pytest --ignore={[vars]tst_path}integration -v --tb native -s {posargs} |
2984 | + coverage report |
2985 | + |
2986 | +[testenv:integration] |
2987 | +description = Run integration tests |
2988 | +deps = |
2989 | + git+https://github.com/juju/python-libjuju.git |
2990 | + pytest |
2991 | + git+https://github.com/charmed-kubernetes/pytest-operator.git |
2992 | + -r{toxinidir}/requirements.txt |
2993 | +commands = |
2994 | + pytest -v --tb native --ignore={[vars]tst_path}unit --log-cli-level=INFO -s {posargs} |