18N/A# The contents of this file are subject to the terms of the 18N/A# Common Development and Distribution License (the "License"). 18N/A# You may not use this file except in compliance with the License. 18N/A# See the License for the specific language governing permissions 18N/A# and limitations under the License. 18N/A# When distributing Covered Code, include this CDDL HEADER in each 18N/A# If applicable, add the following below this CDDL HEADER, with the 18N/A# fields enclosed by brackets "[]" replaced with your own identifying 18N/A# information: Portions Copyright [yyyy] [name of copyright owner] 5242N/A# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. 3533N/A# userland-fetch - a file download utility 18N/A# A simple program similiar to wget(1), but handles local file copy, ignores 18N/A# directories, and verifies file hashes. 136N/A """ Function to decode and print IOError type exception """ 3533N/A """Given paths to a file and a detached PGP signature, verify that 3533N/A the signature is valid for the file. Current configuration allows for 3533N/A unrecognized keys to be downloaded as necessary.""" 3533N/A # Find the root of the repo so that we can point GnuPG at the right 3533N/A # configuration and keyring. 3533N/A # Skip the permissions warning: none of the information here is private, 3533N/A # so not having to worry about getting mercurial keeping the directory 3533N/A # unreadable is just simplest. 3533N/A # If the executable simply couldn't be found, just skip the 3533N/A # Only print GnuPG's output when there was a problem. 3533N/A """Given a file-like object and a hash string, verify that the hash 3533N/A matches the file contents.""" 844N/A # force migration away from sha1 3533N/A """Given a file path and a hash string, verify that the hash matches the 3533N/A """Given a file path and a hash string, verify that the hash matches the 3533N/A payload (uncompressed content) of the file.""" 3533N/A """Download the content at the given URL to the given filename 3533N/A (defaulting to the basename of the URL if not given. If 'quiet' is 3533N/A True, throw away any error messages. Returns the name of the file to 3533N/A which the content was donloaded.""" 212N/A # 3xx, 4xx and 5xx (f|ht)tp codes designate unsuccessfull action 18N/A # return the name of the file that we downloaded the data to. 5860N/A The pypi scheme has a host (with an empty host defaulting to 5860N/A only thing that makes sense in this context. 5860N/A The filename argument is the name of the expected file to download, so 5860N/A that when pypi gives us multiple archives to choose from, we can pick 5860N/A # We have to use ==; anything fancier would require pkg_resources, but 5860N/A # really that's the only thing that makes sense in this context. 5860N/A print "PyPI URLs must be of the form 'pypi:///component==version'" 5951N/A # Don't wait very long for the connection 5860N/A print "Couldn't find any suitable URLs" 3533N/A """Returns a list of URLs where the file 'filename' might be found, 3533N/A If 'filename' is None, then the list will simply contain 'url'. 42N/A # filename should always be first 42N/A # command line url is a fallback, so it's last 3533N/A """Attempts to download a file from a number of possible locations. 3533N/A Generates a list of paths where the file ends up on the local 3533N/A filesystem. This is a generator because while a download might be 3533N/A successful, the signature or hash may not validate, and the caller may 3533N/A want to try again from the next location. The 'link_arg' argument is a 3533N/A boolean which, when True, specifies that if the source is not a remote 3533N/A URL and not already found where it should be, to make a symlink to the 3533N/A source rather than copying it. 3533N/A print "not found, skipping file copy" 5951N/A print "\n translated %s to %s..." %
( 5951N/A print "\n unable to contact PyPI",
3533N/A print "Usage: %s [-f|--file (file)] [-l|--link] [-h|--hash (hash)] " \
5242N/A "[-s|--search (search-dir)] [-S|--sigurl (signature-url)] " \
5242N/A "[-t|--timeout (timeout)] --url (url)" % \
5242N/A ["file=", "link", "hash=", "search=", "sigurl=", 5242N/A print "Invalid argument for %s, should be a " \
5242N/A print "Invalid argument for %s, should be a " \
3533N/A print "\n validating signature...",
3533N/A print "skipping (no signature URL)" 3533N/A # Put the signature file in the same directory as the 3533N/A # Validate with the first signature we find. 3533N/A print "failed (couldn't fetch signature)" 3533N/A print " validating hash...",
58N/A print "skipping (no hash)" 3533N/A # If the signature validated, then we assume 3533N/A # that the expected hash is just a typo, but we 4427N/A print "invalid hash! Did you forget " \
3533N/A print "corruption detected" 4427N/A # If the hash is invalid, but the signature 4427N/A # validation succeeded, rename the archive (so 4427N/A # the user doesn't have to re-download it) and 4427N/A # fail. Otherwise, try to remove the file and 4427N/A print "archive saved as %s; " \