20N/A# The contents of this file are subject to the terms of the 20N/A# Common Development and Distribution License (the "License"). 20N/A# You may not use this file except in compliance with the License. 20N/A# See the License for the specific language governing permissions 20N/A# and limitations under the License. 20N/A# When distributing Covered Code, include this CDDL HEADER in each 20N/A# If applicable, add the following below this CDDL HEADER, with the 20N/A# fields enclosed by brackets "[]" replaced with your own identifying 20N/A# information: Portions Copyright [yyyy] [name of copyright owner] 3339N/A# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. 22N/A# pkg.depotd - package repository daemon 50N/A# XXX The prototype pkg.depotd combines both the version management server that 50N/A# answers to pkgsend(1) sessions and the HTTP file server that answers to the 50N/A# various GET operations that a pkg(1) client makes. This split is expected to 50N/A# be made more explicit, by constraining the pkg(1) operations such that they 50N/A# can be served as a typical HTTP/HTTPS session. Thus, pkg.depotd will reduce 50N/A# to a special purpose HTTP/HTTPS server explicitly for the version management 50N/A# operations, and must manipulate the various state files--catalogs, in 50N/A# particular--such that the pkg(1) pull client can operately accurately with 50N/A# XXX Although we pushed the evaluation of next-version, etc. to the pull 50N/A# client, we should probably provide a query API to do same on the server, for 50N/A# dumb clients (like a notification service). 589N/A# The default path for static and other web content. 965N/A# cherrypy has a max_request_body_size parameter that determines whether the 965N/A# server should abort requests with REQUEST_ENTITY_TOO_LARGE when the request 965N/A# body is larger than the specified size (in bytes). The maximum size supported 965N/A# by cherrypy is 2048 * 1024 * 1024 - 1 (just short of 2048MB), but the default 965N/A# here is purposefully conservative. 382N/A# The minimum number of threads allowed. 382N/A# The default number of threads to start. 382N/A# The maximum number of threads that can be started. 382N/A# The default server socket timeout in seconds. We want this to be longer than 382N/A# the normal default of 10 seconds to accommodate clients with poor quality 3234N/A # comparison requires same type, therefore list conversion is needed 3274N/A print(
"""cherrypy 3.1.0 or greater is required to use this program.""",
3274N/A# Starting in CherryPy 3.2, its default dispatcher converts all punctuation to 3274N/A# underscore. Since publisher name can contain the hyphen symbol "-", in order 3274N/A# to let the dispatcher to find the correct page handler, we need to skip 3274N/A# converting the hyphen symbol. 466N/A """This is a dummy object that we can use to discard log entries 466N/A without relying on non-portable interfaces such as /dev/null.""" 466N/A """Discard the bits.""" 466N/A """Discard the bits.""" 1633N/A """Optionally emit a usage message and then exit using the specified 1633N/A # The full usage message isn't desired. 1633N/A emsg(_(
"Try `pkg.depotd --help or -?' for more " 1968N/A [-t socket_timeout] [--cfg] [--content-root] 1633N/A [--disable-ops op[/1][,...]] [--debug feature_list] 2515N/A [--image-root dir] [--log-access dest] [--log-errors dest] 2816N/A [--mirror] [--nasty] [--nasty-sleep] [--proxy-base url] 2816N/A [--readonly] [--ssl-cert-file] [--ssl-dialog] [--ssl-key-file] 1937N/A [--sort-file-max-size size] [--writable-root dir] 2230N/A -a address The IP address on which to listen for connections. The 2230N/A default value is 0.0.0.0 (INADDR_ANY) which will listen 2230N/A on all active interfaces. To listen on all active IPv6 2028N/A -d inst_root The file system path at which the server should find its 1968N/A repository data. Required unless PKG_REPO has been set 2028N/A -p port The port number on which the instance should listen for 1968N/A incoming package requests. The default value is 80 if 1968N/A ssl certificate and key information has not been 1968N/A provided; otherwise, the default value is 443. 2028N/A -s threads The number of threads that will be started to serve 2028N/A requests. The default value is 10. 2028N/A -t timeout The maximum number of seconds the server should wait for 1968N/A a response from a client before closing a connection. 1968N/A --cfg The pathname of the file to use when reading and writing 1968N/A depot configuration data, or a fully qualified service 1968N/A fault management resource identifier (FMRI) of the SMF 1968N/A service or instance to read configuration data from. 589N/A --content-root The file system path to the directory containing the 589N/A the static and other web content used by the depot's 589N/A browser user interface. The default value is 1431N/A --disable-ops A comma separated list of operations that the depot 1431N/A should not configure. If, for example, you wanted 1431N/A to omit loading search v1, 'search/1' should be 1431N/A provided as an argument, or to disable all search 1431N/A operations, simply 'search'. 858N/A --debug The name of a debug feature to enable; or a whitespace 1633N/A or comma separated list of features to enable. 2962N/A Possible values are: headers, hash=sha1+sha256, 3445N/A hash=sha256, hash=sha1+sha512t_256, hash=sha512t_256 2515N/A --image-root The path to the image whose file information will be 2515N/A used as a cache for file data. 466N/A --log-access The destination for any access related information 466N/A logged by the depot process. Possible values are: 466N/A stderr, stdout, none, or an absolute pathname. The 466N/A default value is stdout if stdout is a tty; otherwise 466N/A the default value is none. 466N/A --log-errors The destination for any errors or other information 466N/A logged by the depot process. Possible values are: 466N/A stderr, stdout, none, or an absolute pathname. The 466N/A default value is stderr. 589N/A --mirror Package mirror mode; publishing and metadata operations 589N/A disallowed. Cannot be used with --readonly or 1191N/A --nasty Instruct the server to misbehave. At random intervals 1191N/A it will time-out, send bad responses, hang up on 1191N/A clients, and generally be hostile. The option 1191N/A takes a value (1 to 100) for how nasty the server 2816N/A --nasty-sleep In nasty mode (see --nasty), how many seconds to 2816N/A randomly sleep when a random sleep occurs. 589N/A --proxy-base The url to use as the base for generating internal 589N/A --readonly Read-only operation; modifying operations disallowed. 589N/A Cannot be used with --mirror or --rebuild. 812N/A --ssl-cert-file The absolute pathname to a PEM-encoded Certificate file. 812N/A This option must be used with --ssl-key-file. Usage of 812N/A this option will cause the depot to only respond to SSL 812N/A requests on the provided port. 812N/A --ssl-dialog Specifies what method should be used to obtain the 812N/A passphrase needed to decrypt the file specified by 812N/A --ssl-key-file. Supported values are: builtin, 1968N/A default value is builtin. If smf is specified, an 1968N/A SMF FMRI must be provided using the --cfg option. 812N/A --ssl-key-file The absolute pathname to a PEM-encoded Private Key file. 812N/A This option must be used with --ssl-cert-file. Usage of 812N/A this option will cause the depot to only respond to SSL 812N/A requests on the provided port. 1475N/A The maximum size of the indexer sort file. Used to 1475N/A limit the amount of RAM the depot uses for indexing, 975N/A --writable-root The path to a directory to which the program has write 975N/A access. Used with --readonly to allow server to 975N/A create needed files, such as search indices, without 975N/A needing write access to the package information. 2028N/A PKG_REPO Used as default inst_root if -d not provided. 1633N/A PKG_DEPOT_CONTENT Used as default content_root if --content-root 429N/A """Option exception. """ 1968N/A # Track initial configuration values. 1968N/A "content-root=",
"debug=",
"disable-ops=",
"exit-ready",
2515N/A "help",
"image-root=",
"log-access=",
"log-errors=",
2816N/A "llmirror",
"mirror",
"nasty=",
"nasty-sleep=",
2816N/A "proxy-base=",
"readonly",
"rebuild",
"refresh-index",
2816N/A "set-property=",
"ssl-cert-file=",
"ssl-dialog=",
2816N/A "ssl-key-file=",
"sort-file-max-size=",
"writable-root="]
858N/A # A list of features can be specified using a 858N/A # "," or any whitespace character as separators. 2962N/A # We also allow key=value debug flags, which 2962N/A # get set in pkg.client.debugvalues 3194N/A "An argument must be specified.")
2816N/A # ValueError is caught by caller. 3194N/A "for nasty option.\n Please " 3194N/A "choose a value between 1 and 100.")
2816N/A # ValueError is caught by caller. 589N/A # Attempt to decompose the url provided into 589N/A # its base parts. This is done so we can 589N/A # remove any scheme information since we 3194N/A "determine the hostname from " 3194N/A "the provided URL; please use a " 3194N/A "and https are the only supported " 765N/A # Rebuild the url with the sanitized components. 429N/A # Note: This argument is for internal use 429N/A # This flag is purposefully omitted in usage. 429N/A # The supported way to forcefully reindex is to 429N/A # kill any pkg.depot using that directory, 429N/A # remove the index directory, and restart the 429N/A # pkg.depot process. The index will be rebuilt 429N/A # automatically on startup. 1968N/A "the form '<section.property>=" 1968N/A # Assume this is an override to clear 3194N/A "the Certificate file must be " 1968N/A # Assume this is an override to clear 3194N/A "the Private Key file must be " 3194N/A "specified. Expected: builtin, " 873N/A # Don't allow a somewhat 873N/A # insecure authentication method 1968N/A # Build configuration object. 3158N/A usage(
"pkg.depotd: illegal option value: {0} specified " \
1968N/A # If stdout is a tty, then send access output there by default instead 1968N/A # Check for invalid option combinations. 1542N/A usage(
"--add-content cannot be used with --rebuild")
466N/A usage(
"--refresh-index cannot be used with --rebuild")
1633N/A usage(
"--readonly and --mirror cannot be used with --rebuild " 1020N/A usage(
"--mirror cannot be used with --refresh-index")
1020N/A usage(
"--readonly can only be used with --refresh-index if " 2515N/A usage(
"--image-root can only be used with --llmirror.")
2515N/A usage(
"--image_root and --writable-root cannot be used " 2515N/A usage(
"--image-root and -d cannot be used together.")
2515N/A # If the image format changes this may need to be reexamined. 1968N/A # Set any values using defaults if they weren't provided. 2230N/A # Only use the first value for now; multiple bind addresses may be 812N/A usage(
"The --ssl-cert-file and --ssl-key-file options must " 812N/A "must both be provided when using either option.")
429N/A # If the program is going to reindex, the port is irrelevant since 429N/A # the program will not bind to a port. 1836N/A emsg(
"pkg.depotd: unable to bind to the specified " 1542N/A # Not applicable if we're not going to serve content 1968N/A # Any relative paths should be made absolute using pkg_root. 'pkg_root' 1968N/A # is a special property that was added to enable internal deployment of 1968N/A # multiple disparate versions of the pkg.depotd software. 3158N/A "executing [{0}]; unable to obtain the " 1836N/A "passphrase needed to decrypt the SSL " 1968N/A # Assume the configuration target was an SMF 1968N/A # FMRI and let svcprop fail with an error if 812N/A # The key file requires decryption, but the user has requested 812N/A # exec-based authentication, so it will have to be decoded first 812N/A # to an un-named temporary file. 1836N/A emsg(
"pkg.depotd: unable to read the SSL private key " 1836N/A emsg(
"pkg.depotd: authentication or cryptography " 1836N/A "failure while attempting to decode\nthe SSL " 812N/A # Redirect the server to the decrypted key file. 452N/A # Setup our global configuration. 382N/A "environment":
"production",
858N/A "server.shutdown_timeout":
0,
3339N/A "tools.encode.encoding":
"utf-8",
858N/A # Despite its name, this only logs headers when there is an 858N/A # error; it's redundant with the debug feature enabled. 858N/A # Causes the headers of every request to be logged to the error 858N/A # log; even if an exception occurs. 2992N/A # If stdin is not a tty and the pkgdepot controller isn't being used, 2992N/A # then assume process will be daemonized and redirect output. 2992N/A # Ensure log handlers are setup to use the file descriptors for 2992N/A # stdout and stderr as the Daemonizer (used for test suite and 2992N/A # SMF service) requires this. 466N/A "param":
"log.error_file",
466N/A "param":
"log.access_file",
466N/A # Since we've replaced cherrypy's log handler with our 466N/A # own, we don't want the output directed to a file. 612N/A # Now that our logging, etc. has been setup, it's safe to perform any 612N/A # remaining preparation. 1431N/A # Initialize repository state. 2028N/A # Not readonly, so assume a new repository should be created. 2028N/A # Already exists, nothing to do. 2028N/A # Automatically update search indexes on startup if not already 2065N/A # Only execute a index refresh here if --exit-ready was 2065N/A # requested; it will be handled later in the setup 2028N/A # Ready to start depot; exit now if requested. 451N/A # Now build our site configuration. 451N/A # This changes the base URL for our server, and is primarily 451N/A # intended to allow our depot process to operate behind Apache 451N/A # or some other webserver process. 451N/A # Visit the following URL for more information: 451N/A "tools.proxy.local":
"",
451N/A # Now merge or add our proxy configuration information into the 451N/A # existing configuration. 2065N/A # Tell depot to update search indexes when possible; 2065N/A # this is done as a background task so that packages 2065N/A # can be served immediately while search indexes are 2507N/A # If stdin is not a tty and the pkgdepot controller isn't being used, 2507N/A # then assume process should be daemonized. 2992N/A # Translate the values in log_cfg into paths. 812N/A emsg(
"pkg.depotd: unknown error starting depot server, " \
812N/A "illegal option value specified?")