port glcli back from python_gardenlinux_cli

Author: yeoldegrove

pyproject.toml

@@ -29,6 +29,7 @@ black = "^24.8.0"
 gl-cname = "python_gardenlinux_lib.cname:main"
 gl-flavors-parse = "python_gardenlinux_lib.flavors.parse_flavors:main"
 flavors-parse = "python_gardenlinux_lib.flavors.parse_flavors:main"
+glcli = "python_gardenlinux_lib.glcli.glcli:main"
 
 [tool.pytest.ini_options]
 pythonpath = [

src/python_gardenlinux_lib/cname.py

@@ -21,7 +21,7 @@ def main():
 
     re_match = re.match(
         "([a-zA-Z0-9]+(-[a-zA-Z0-9\\_\\-]*?)?)(-([a-z0-9]+)(-([a-z0-9.]+)-([a-z0-9]+))*)?$",
-        args.cname
+        args.cname,
     )
 
     assert re_match, f"not a valid cname {args.cname}"
@@ -72,11 +72,13 @@ def main():
 
     print(cname)
 
+
 def get_cname_base(sorted_features):
     return reduce(
-        lambda a, b : a + ("-" if not b.startswith("_") else "") + b, sorted_features
+        lambda a, b: a + ("-" if not b.startswith("_") else "") + b, sorted_features
     )
 
+
 def get_minimal_feature_set(graph):
     return set([node for (node, degree) in graph.in_degree() if degree == 0])
 

src/python_gardenlinux_lib/constants.py

@@ -2,8 +2,19 @@
 
 # It is important that this list is sorted in descending length of the entries
 GL_MEDIA_TYPES = [
+    "secureboot.aws-efivars",
+    "secureboot.kek.auth",
     "gcpimage.tar.gz.log",
+    "secureboot.pk.auth",
+    "secureboot.kek.crt",
+    "secureboot.kek.der",
+    "secureboot.db.auth",
     "firecracker.tar.gz",
+    "secureboot.pk.crt",
+    "secureboot.pk.der",
+    "secureboot.db.crt",
+    "secureboot.db.der",
+    "secureboot.db.arn",
     "platform.test.log",
     "platform.test.xml",
     "gcpimage.tar.gz",
@@ -12,11 +23,15 @@
     "pxe.tar.gz.log",
     "root.squashfs",
     "manifest.log",
+    "squashfs.log",
     "release.log",
+    "vmlinuz.log",
+    "initrd.log",
     "pxe.tar.gz",
     "qcow2.log",
     "test-log",
     "boot.efi",
+    "squashfs",
     "manifest",
     "vmdk.log",
     "tar.log",
@@ -69,12 +84,27 @@
     "vhd.log": "application/io.gardenlinux.log",
     "ova.log": "application/io.gardenlinux.log",
     "vmlinuz": "application/io.gardenlinux.kernel",
+    "vmlinuz.log": "application/io.gardenlinux.log",
     "initrd": "application/io.gardenlinux.initrd",
+    "initrd.log": "application/io.gardenlinux.log",
     "root.squashfs": "application/io.gardenlinux.squashfs",
+    "squashfs": "application/io.gardenlinux.squashfs",
+    "squashfs.log": "application/io.gardenlinux.log",
     "boot.efi": "application/io.gardenlinux.efi",
     "platform.test.log": "application/io.gardenlinux.io.platform.test.log",
     "platform.test.xml": "application/io.gardenlinux.io.platform.test.xml",
     "chroot.test.log": "application/io.gardenlinux.io.chroot.test.log",
     "chroot.test.xml": "application/io.gardenlinux.io.chroot.test.xml",
     "oci.log": "application/io.gardenlinux.log",
+    "secureboot.pk.crt": "application/io.gardenlinux.cert.secureboot.pk.crt",
+    "secureboot.pk.der": "application/io.gardenlinux.cert.secureboot.pk.der",
+    "secureboot.pk.auth": "application/io.gardenlinux.cert.secureboot.pk.auth",
+    "secureboot.kek.crt": "application/io.gardenlinux.cert.secureboot.kek.crt",
+    "secureboot.kek.der": "application/io.gardenlinux.cert.secureboot.kek.der",
+    "secureboot.kek.auth": "application/io.gardenlinux.cert.secureboot.kek.auth",
+    "secureboot.db.crt": "application/io.gardenlinux.cert.secureboot.db.crt",
+    "secureboot.db.der": "application/io.gardenlinux.cert.secureboot.db.der",
+    "secureboot.db.auth": "application/io.gardenlinux.cert.secureboot.db.auth",
+    "secureboot.db.arn": "application/io.gardenlinux.cert.secureboot.db.arn",
+    "secureboot.aws-efivars": "application/io.gardenlinux.cert.secureboot.aws-efivars",
 }

src/python_gardenlinux_lib/crypto.py

@@ -0,0 +1,16 @@
+import hashlib
+
+
+def verify_sha256(checksum: str, data: bytes):
+    data_checksum = f"sha256:{hashlib.sha256(data).hexdigest()}"
+    if checksum != data_checksum:
+        raise ValueError(f"Invalid checksum. {checksum} != {data_checksum}")
+
+
+def calculate_sha256(file_path: str) -> str:
+    """Calculate the SHA256 checksum of a file."""
+    sha256_hash = hashlib.sha256()
+    with open(file_path, "rb") as f:
+        for byte_block in iter(lambda: f.read(4096), b""):
+            sha256_hash.update(byte_block)
+    return sha256_hash.hexdigest()

src/python_gardenlinux_lib/features/parse_features.py

@@ -38,6 +38,7 @@ def get_gardenlinux_commit(gardenlinux_root: str, limit: Optional[int] = None) -
     else:
         return commit_str
 
+
 def get_features_dict(
     cname: str, gardenlinux_root: str, feature_dir_name: str = "features"
 ) -> dict:
@@ -61,6 +62,7 @@ def get_features_dict(
 
     return features_by_type
 
+
 def get_features_graph(
     cname: str, gardenlinux_root: str, feature_dir_name: str = "features"
 ) -> networkx.graph:
@@ -78,6 +80,7 @@ def get_features_graph(
 
     return graph
 
+
 def get_features_list(
     cname: str, gardenlinux_root: str, feature_dir_name: str = "features"
 ) -> list:
@@ -93,6 +96,7 @@ def get_features_list(
 
     return features
 
+
 def get_features(
     cname: str, gardenlinux_root: str, feature_dir_name: str = "features"
 ) -> str:
@@ -107,6 +111,7 @@ def get_features(
 
     return ",".join(features)
 
+
 def construct_layer_metadata(
     filetype: str, cname: str, version: str, arch: str, commit: str
 ) -> dict:
@@ -125,6 +130,7 @@ def construct_layer_metadata(
         "annotations": {"io.gardenlinux.image.layer.architecture": arch},
     }
 
+
 def construct_layer_metadata_from_filename(filename: str, arch: str) -> dict:
     """
     :param str filename: filename of the blob
@@ -138,6 +144,7 @@ def construct_layer_metadata_from_filename(filename: str, arch: str) -> dict:
         "annotations": {"io.gardenlinux.image.layer.architecture": arch},
     }
 
+
 def get_file_set_from_cname(cname: str, version: str, arch: str, gardenlinux_root: str):
     """
     :param str cname: the target cname of the image
@@ -160,6 +167,7 @@ def get_file_set_from_cname(cname: str, version: str, arch: str, gardenlinux_roo
             )
     return file_set
 
+
 def get_oci_metadata_from_fileset(fileset: list, arch: str):
     """
     :param str arch: arch of the target image
@@ -175,6 +183,7 @@ def get_oci_metadata_from_fileset(fileset: list, arch: str):
 
     return oci_layer_metadata_list
 
+
 def get_oci_metadata(cname: str, version: str, arch: str, gardenlinux_root: str):
     """
     :param str cname: the target cname of the image
@@ -197,6 +206,7 @@ def get_oci_metadata(cname: str, version: str, arch: str, gardenlinux_root: str)
 
     return oci_layer_metadata_list
 
+
 def lookup_media_type_for_filetype(filetype: str) -> str:
     """
     :param str filetype: filetype of the target layer
@@ -209,6 +219,7 @@ def lookup_media_type_for_filetype(filetype: str) -> str:
             f"media type for {filetype} is not defined. You may want to add the definition to parse_features_lib"
         )
 
+
 def lookup_media_type_for_file(filename: str) -> str:
     """
     :param str filename: filename of the target layer
@@ -222,6 +233,7 @@ def lookup_media_type_for_file(filename: str) -> str:
             f"media type for {filename} is not defined. You may want to add the definition to parse_features_lib"
         )
 
+
 def deduce_feature_name(feature_dir: str):
     """
     :param str feature_dir: Directory of single Feature
@@ -232,20 +244,23 @@ def deduce_feature_name(feature_dir: str):
         raise ValueError("Expected name from parse_feature_yaml function to be set")
     return parsed["name"]
 
+
 def deduce_archive_filetypes(feature_dir):
     """
     :param str feature_dir: Directory of single Feature
     :return: str list of filetype for archive
     """
     return deduce_filetypes_from_string(feature_dir, "image")
 
+
 def deduce_image_filetypes(feature_dir):
     """
     :param str feature_dir: Directory of single Feature
     :return: str list of filetype for image
     """
     return deduce_filetypes_from_string(feature_dir, "convert")
 
+
 def deduce_filetypes(feature_dir):
     """
     :param str feature_dir: Directory of single Feature
@@ -260,6 +275,7 @@ def deduce_filetypes(feature_dir):
     image_file_types.extend(archive_file_types)
     return image_file_types
 
+
 def deduce_filetypes_from_string(feature_dir: str, script_base_name: str):
     """
     Garden Linux features can optionally have an image.<filetype> or convert.<filetype> script,
@@ -283,6 +299,7 @@ def deduce_filetypes_from_string(feature_dir: str, script_base_name: str):
 
     return sorted(result)
 
+
 def read_feature_files(feature_dir):
     """
     Legacy function copied from gardenlinux/builder
@@ -312,6 +329,7 @@ def read_feature_files(feature_dir):
         raise ValueError("Graph is not directed acyclic graph")
     return feature_graph
 
+
 def parse_feature_yaml(feature_yaml_file: str):
     """
     Legacy function copied from gardenlinux/builder
@@ -328,9 +346,11 @@ def parse_feature_yaml(feature_yaml_file: str):
         content = yaml.safe_load(f)
     return {"name": name, "content": content}
 
+
 def __get_node_features(node):
     return node.get("content", {}).get("features", {})
 
+
 def filter_graph(feature_graph, feature_set, ignore_excludes=False):
     filter_set = set(feature_graph.nodes())
 
@@ -369,29 +389,35 @@ def filter_func(node):
         raise ValueError("Including explicitly excluded feature")
     return graph
 
+
 def sort_set(input_set, order_list):
     return [item for item in order_list if item in input_set]
 
+
 def __sort_key(graph, node):
     prefix_map = {"platform": "0", "element": "1", "flag": "2"}
     node_type = __get_node_type(graph.nodes.get(node, {}))
     prefix = prefix_map[node_type]
     return f"{prefix}-{node}"
 
+
 def sort_nodes(graph):
     def key_function(node):
         return __sort_key(graph, node)
 
     return list(networkx.lexicographical_topological_sort(graph, key=key_function))
 
+
 def __reverse_cname_base(cname):
     cname = cname.replace("_", "-_")
     return set(cname.split("-"))
 
+
 def __reverse_sort_nodes(graph):
     reverse_graph = graph.reverse()
     assert networkx.is_directed_acyclic_graph(reverse_graph)
     return sort_nodes(reverse_graph)
 
+
 def __get_node_type(node):
     return node.get("content", {}).get("type")