From 84d5e36bfa879e97ce673ba53d8900adc92dc009 Mon Sep 17 00:00:00 2001
From: Andre Anjos <andre.dos.anjos@gmail.com>
Date: Mon, 14 Jan 2019 07:48:08 +0100
Subject: [PATCH] [scripts] Add caupdate command
---
bob/devtools/constants.py | 55 ++++++++++++++++++++++++++++++++
bob/devtools/scripts/caupdate.py | 45 ++++++++++++++++++++++++++
conda/meta.yaml | 1 +
setup.py | 1 +
4 files changed, 102 insertions(+)
create mode 100644 bob/devtools/scripts/caupdate.py
diff --git a/bob/devtools/constants.py b/bob/devtools/constants.py
index c8fd691e..a5179b1d 100644
--- a/bob/devtools/constants.py
+++ b/bob/devtools/constants.py
@@ -14,17 +14,71 @@ CONDARC = pkg_resources.resource_filename(__name__,
os.path.join('data', 'build-condarc'))
'''The .condarc to use for building and creating new environments'''
+
CONDA_BUILD_CONFIG = pkg_resources.resource_filename(__name__,
os.path.join('data', 'conda_build_config.yaml'))
'''Configuration variants we like building'''
+
CONDA_RECIPE_APPEND = pkg_resources.resource_filename(__name__,
os.path.join('data', 'recipe_append.yaml'))
'''Extra information to be appended to every recipe upon building'''
+
SERVER = 'http://www.idiap.ch'
'''This is the default server use use to store data and build artifacts'''
+
+IDIAP_ROOT_CA = b'''
+Idiap Root CA 2016 - for internal use
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIG7zCCBNegAwIBAgIJAP2rGWTQbd8bMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD
+VQQGEwJDSDELMAkGA1UECBMCVlMxETAPBgNVBAcTCE1hcnRpZ255MSEwHwYDVQQK
+ExhJZGlhcCBSZXNlYXJjaCBJbnN0aXR1dGUxDDAKBgNVBAsTA1BLSTEbMBkGA1UE
+AxMSSWRpYXAgUm9vdCBDQSAyMDE2MRswGQYJKoZIhvcNAQkBFgxwa2lAaWRpYXAu
+Y2gwHhcNMTYwMTI3MTU1MzAxWhcNNDYwMTMwMTU1MzAxWjCBmDELMAkGA1UEBhMC
+Q0gxCzAJBgNVBAgTAlZTMREwDwYDVQQHEwhNYXJ0aWdueTEhMB8GA1UEChMYSWRp
+YXAgUmVzZWFyY2ggSW5zdGl0dXRlMQwwCgYDVQQLEwNQS0kxGzAZBgNVBAMTEklk
+aWFwIFJvb3QgQ0EgMjAxNjEbMBkGCSqGSIb3DQEJARYMcGtpQGlkaWFwLmNoMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAydOC2EzaT+6bPcUFin8BawnS
+OxfFzDh18536O+PDAuyycOY1cIefpC3PvLk7XM83hIlUY1Q02/yt4h0iXkAUs/RI
+VE6PyIh7pTxabyjIqIZ7xlVkK9cfGhlUm+ofd/Limo6WBbaH64jf/Jm6KdRtu2n4
+q1brII31nCIwBvf8uVBuo5Y4NMS8bWcaBxj93S+C16sV4E2gz28FYCuSpAnU5DeP
+0PwNsuBkVFgHUwc2VxfUyCmQEs+qlWb+6W7ULWvtD3K28414tygVxOSXkl9ZVJGX
+KBwevSs2TTlH25Q3TAY4mXweJ2RweFwlnbzpA0YYrQUDy5MTVslD5Sl0c5vO6HZH
+DgT4jyWbL87akczTaz028zmUQvC7RoGPKXqhHlaO3uDu1fBC7aoA/L1akqfYGnoO
+x4xU7gouGi9Hck23DKLsW1HP2PzaZ/ME++IZPr2I049aKBadz3vCbAh2bHgosdyp
+a69e6SMiq9guloQXCqFTSk+P6CwU9wWil3SdGojRafyocKyoBL67hKIFkJQOdjhq
+edi3WfoSU+1kDwEyXU2fCsTjgg0q1BsJFctSUFs7QoVMAoyXXauDCf1YuojlXuXM
+FrQmYLBzSFA7OFFynWbnn1mHMzsHEiAzAr0+7ecIreBwN1gJqx1+7hxkSQzDm2oH
+jTPGGwJfbJnej4RduBkCAwEAAaOCATgwggE0MB0GA1UdDgQWBBR6H/NwUn5K3lVV
+IVgpNR41/bxdtTCBzQYDVR0jBIHFMIHCgBR6H/NwUn5K3lVVIVgpNR41/bxdtaGB
+nqSBmzCBmDELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAlZTMREwDwYDVQQHEwhNYXJ0
+aWdueTEhMB8GA1UEChMYSWRpYXAgUmVzZWFyY2ggSW5zdGl0dXRlMQwwCgYDVQQL
+EwNQS0kxGzAZBgNVBAMTEklkaWFwIFJvb3QgQ0EgMjAxNjEbMBkGCSqGSIb3DQEJ
+ARYMcGtpQGlkaWFwLmNoggkA/asZZNBt3xswDwYDVR0TAQH/BAUwAwEB/zAJBgNV
+HRIEAjAAMBcGA1UdEQQQMA6BDHBraUBpZGlhcC5jaDAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggIBAJmXqtgmHj1XXUptloVVsCwCYBU8ykf1dZz2Kxrx
+oe0dnDO24CA6w3D3TCt8rncT2lFNRTbc/4HO32xl1IDNiWh5P/ZPNpptwd6XjGR1
+EgDjpIBKNotf+6WWvcKrs23mj9UwNPHDwNA251LAMVXaoMN2iOflzj2BbIcasY3P
+IcYeshd3CChy8QqltE1M8mjwb7brkIzwcPI5QEhW9NmfYUfbijILZrE2kgo6oOFH
+mRZIDoexrd19hHLWFLxoe0IPj6R1GFajBHi8Ttt3tPQOPjwjGQvNfVPRhWh3/kAF
+UrWZposffDDIc+8TNlrhkx+YKucYH56Tyuh6Y1Po7FCkvp2/G/JxKWeAEqKpI2+g
+8Hsl0XjSOJ9bOhs+R0wMzeBzntDk8k+6ar3KYGJD24gQ+QDy4klE/rsdC/Gp6dEi
+tSIPvH4VIvN0lLICWKj3IFhBv6IOJ12Xq5IMquDq5BZ6O2+yqoROIYQyhwHq+xhn
+rqqR6TsFMl/F5R0j14oGzg+VdB8VsIrg7rTJx+oDD9r+Pa2hua4DRmQsw+CJgnHz
+NqU3Xei/78W+eLh9HZvVqXpi4s/fF6z+lXKDHpqVRh5kNAKJbYQUfcV2H7FEtCux
+NIDS6J1GnHJKCmYPuwFSrQ5VXM/1p7w+A9MkJktsxw2kxsRUvJn7Ka+bp7M6wERU
+JHsX
+-----END CERTIFICATE-----
+'''
+
+
+CACERT_URL = 'https://curl.haxx.se/ca/cacert.pem'
+'''Location of the most up-to-date CA certificate bundle'''
+
+
CACERT = pkg_resources.resource_filename(__name__,
os.path.join('data', 'cacert.pem'))
'''We keep a copy of the CA certificates we trust here
@@ -34,6 +88,7 @@ CACERT = pkg_resources.resource_filename(__name__,
More information here: https://curl.haxx.se/docs/caextract.html
'''
+
MATPLOTLIB_RCDIR = pkg_resources.resource_filename(__name__, 'data')
'''Base directory where the file matplotlibrc lives
diff --git a/bob/devtools/scripts/caupdate.py b/bob/devtools/scripts/caupdate.py
new file mode 100644
index 00000000..575c43ad
--- /dev/null
+++ b/bob/devtools/scripts/caupdate.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+import os
+import logging
+logger = logging.getLogger(__name__)
+
+import click
+
+from . import bdt
+from ..log import verbosity_option
+
+
+@click.command(epilog='''
+Examples:
+
+ 1. Update the root certificate authority bundle on the distribution:
+
+ $ bdt caupdate -v
+ $ git status #to check if bundle changed
+ $ git commit -m '[data] Update CA bundle' #if need be
+
+''')
+@verbosity_option()
+@bdt.raise_on_error
+def caupdate():
+ """Updates the root certificate authority bundle on the distribution
+
+ This script will download the latest CA bundle from curl at
+ https://curl.haxx.se/ca/cacert.pem and will append Idiap's Root CA to the
+ bundle, so we can use https://gitlab.idiap.ch transparently.
+ """
+
+ import requests
+ from ..constants import CACERT, CACERT_URL, IDIAP_ROOT_CA
+
+ logger.info('Retrieving %s...', CACERT_URL)
+ r = requests.get(CACERT_URL, allow_redirects=True)
+
+ logger.info('Writing %s...', CACERT)
+ with open(CACERT, 'wb') as f:
+ f.write(r.content)
+ f.write(IDIAP_ROOT_CA)
+
+ logger.warn('CA bundle is updated')
+ logger.warn('Run git status, commit and push (if need be)')
diff --git a/conda/meta.yaml b/conda/meta.yaml
index 6d122fd6..14abefcd 100644
--- a/conda/meta.yaml
+++ b/conda/meta.yaml
@@ -62,6 +62,7 @@ test:
- bdt bootstrap --help
- bdt build --help
- bdt getpath --help
+ - bdt caupdate --help
- sphinx-build -aEW ${PREFIX}/share/doc/{{ name }}/doc {{ project_dir }}/sphinx
about:
diff --git a/setup.py b/setup.py
index 24c0a812..012596bf 100644
--- a/setup.py
+++ b/setup.py
@@ -49,6 +49,7 @@ setup(
'bootstrap = bob.devtools.scripts.bootstrap:bootstrap',
'build = bob.devtools.scripts.build:build',
'getpath = bob.devtools.scripts.getpath:getpath',
+ 'caupdate = bob.devtools.scripts.caupdate:caupdate',
],
},
classifiers=[
--
GitLab