-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathdino_engine.py
executable file
·440 lines (391 loc) · 18.2 KB
/
dino_engine.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
#!/usr/bin/env python
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
from http.client import HTTPMessage
import subprocess
import json
import os
import hashlib
import urllib.request, urllib.error, urllib.parse
import re
import stat
import shutil
import shlex
import pwd
import grp
import argparse
from SystemConfiguration import SCDynamicStoreCopyConsoleUser
# the downloader function accepts two arguments: the url of the file you are
# downloading and the filename (path) of the file you are downloading. The
# downloader reads the Content-Length portion of the header of the incoming
# file and determines the expected file size then reads the incoming file in
# chunks of 8192 bytes and displays the currently read bytes and percentage
# complete
def downloader(url, file_path):
download = urllib.request.urlopen(url)
meta = download.info()
file_size = int(meta.get("Content-Length")[0])
print("%s is %s bytes." % (file_path, file_size))
with open(file_path, 'wb') as code:
chunk_size = 8192
bytes_read = 0
while True:
data = download.read(chunk_size)
bytes_read += len(data)
code.write(data)
status = r"%10d [%3.2f%%]" % (bytes_read, bytes_read * 100 / file_size)
status = status + chr(8) * (len(status) + 1)
print("\r", status, end=' ')
if len(data) < chunk_size:
break
# the package installer function runs the installer binary in macOS and pipes
# stdout and stderr to the python console the return code of the package run
# can be found in the pipes object (pipes.returncode). this is the reason we
# need to run # this is the bit where we can accept an optional command with
# arguments
def pkg_install(package):
pipes = subprocess.Popen(["sudo", "installer", "-pkg", package, "-target", "/"],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = pipes.communicate()
if pipes.returncode == 1:
print(stdout)
print(stderr)
exit(1)
# the script executer executes any .sh file using bash and pipes stdout and
# stderr to the python console. the return code of the script execution can be
# found in the pipes object (pipes.returncode).
def script_exec(script):
pipes = subprocess.Popen(["/bin/bash", "-c", script],
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
# the following function is for printing errors back up to the termina
# I commented it out because I couldn't figure out how to update it for py3
# re-write this when there is extra cycles
#for line in iter(pipes.stdout.readline, b''):
# print("*** " + line.rstrip())
pipes.communicate()
if pipes.returncode == 1:
exit(1)
# the dmg installer is by far the most complicated function, because DMGs are
# more complicated than a .app inside we take the appropriate action. we also
# have the option to specify an optional command. since sometimes we must
# execute installer .apps or pkgs buried in the .app bundle, which is annoying.
def dmg_install(filename, installer, command=None):
pipes = subprocess.Popen(["hdiutil", "attach", filename], stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = pipes.communicate()
if pipes.returncode == 1:
print(stdout)
print(stderr)
exit(1)
volume_path = re.search(r'(\/Volumes\/).*$', stdout.decode('utf-8')).group(0)
installer_path = "%s/%s" % (volume_path, installer)
if command is not None and installer == '':
command = command.replace('${volume}', volume_path).encode("utf-8")
command = shlex.split(command)
pipes = subprocess.Popen(
command,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = pipes.communicate()
if pipes.returncode == 1:
print(stdout)
print(stderr)
exit(1)
if ".pkg" in installer:
pkg_install(installer_path)
if ".app" in installer:
applications_path = "/Applications/%s" % installer.rsplit('/', 1)[-1]
if os.path.exists(applications_path):
shutil.rmtree(applications_path)
shutil.copytree(installer_path, applications_path)
# current_user - the name of the user running the script. Apple suggests using
# both methods.
# uid - the UID of the user running the script
# gid - the GID of the group "admin" which the user account is expected to be a member of
# users in macOS
current_user = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]
current_user = [current_user, ""][current_user in ["loginwindow", None, ""]]
uid = pwd.getpwnam(current_user).pw_uid
gid = grp.getgrnam("admin").gr_gid
os.chown(applications_path, uid, gid)
for root, dirs, files in os.walk(applications_path):
for d in dirs:
os.chown(os.path.join(root, d), uid, gid)
for f in files:
os.chown(os.path.join(root, f), uid, gid)
pipes = subprocess.Popen(["hdiutil", "detach", volume_path], stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = pipes.communicate()
if pipes.returncode == 1:
print(stdout)
print(stderr)
exit(1)
# the mobileconfig_install function installs configuration profiles
def mobileconfig_install(mobileconfig):
pipes = subprocess.Popen(["/usr/bin/profiles", "-I", "-F", mobileconfig],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = pipes.communicate()
if pipes.returncode == 1:
print(stdout)
print(stderr)
exit(1)
# autohash-firefox helper functions
# checks given hash summary page for the line that matches given locale and returns hash
def autohash_firefox_find_hash(hash_summary, locale):
for line in hash_summary.split(b'\n'):
if locale in line:
linesplit = line.split()
# In 79.0 hashes are encoded in b'' form.
# easiest way to interpret is to split it 2nd char to 66th char, since the text is
# literal, and not read as an encoded string
# hash = linesplit[0][2:66]
# In 80.0 hashes are not in b'' form, so splitting at element 0 gets the hash
hash = linesplit[0]
return hash
return False
def autohash_firefox():
# find latest firefox version by following redirect
response = urllib.request.urlopen(
'https://download.mozilla.org/?product=firefox-latest-ssl&os=osx&lang=en-US')
version = urllib.parse.urlsplit(response.geturl()).path.split('/')[-4]
# build url to fetch official SHA256SUMS page
firefox_hash_url = "https://releases.mozilla.org/pub/firefox/releases/%s/SHA256SUMS" % version
print(("NOTICE: Manifest file is instructing us to compare against official hash for "
"Firefox %s found at %s." % (version, firefox_hash_url)))
req = urllib.request.Request(firefox_hash_url)
response = urllib.request.urlopen(req)
hash_summary = response.read()
# find the hash for given locale
hash = autohash_firefox_find_hash(hash_summary, b'mac/en-US')
return hash
# the hash_file function accepts two arguments: the filename that you need to
# determine the SHA256 hash of and the expected hash it returns True or False.
def hash_file(filename, man_hash):
if man_hash == "skip":
print("NOTICE: Manifest file is instructing us to SKIP hashing %s." % filename)
elif man_hash == "autohash-firefox":
hash_check = hashlib.sha256()
with open(filename, 'rb') as downloaded_file:
for chunk in iter(lambda: downloaded_file.read(4096), b""):
hash_check.update(chunk)
if hash_check.hexdigest() == autohash_firefox().decode():
print("\rThe hash for %s matches the official Firefox hash" % filename)
else:
print(hash_check.hexdigest())
print(autohash_firefox().decode())
print("WARNING: The the hash for %s is unexpected." % filename)
exit(1)
else:
hash_check = hashlib.sha256()
with open(filename, 'rb') as downloaded_file:
for chunk in iter(lambda: downloaded_file.read(4096), b""):
hash_check.update(chunk)
if hash_check.hexdigest() == man_hash:
print("\rThe hash for %s match the manifest file" % filename)
else:
print("WARNING: The the hash for %s is unexpected." % filename)
exit(1)
# the pointer_to_json function accepts the url of the file in the github repo
# and the password to the repo. the pointer file is read from github then
# parsed and the "oid sha256" and "size" are extracted from the pointer. an
# object is returned that contains a json request for the file that the pointer
# is associated with.
def pointer_to_json(dl_url):
content_result = urllib.request.urlopen(dl_url)
output = content_result.read()
content_result.close()
oid = re.search('(?m)^oid sha256:([a-z0-9]+)$', output)
size = re.search('(?m)^size ([0-9]+)$', output)
json_data = (
'{"operation": "download", '
'"transfers": ["basic"], '
'"objects": [{"oid": "%s", "size": %s}]}' % (oid.group(1), size.group(1)))
return json_data
# the get_lfs_url function makes a request the the lfs API of the github repo,
# receives a JSON response. then gets the download URL from the JSON response
# and returns it.
def get_lfs_url(json_input, lfs_url):
req = urllib.request.Request(lfs_url, json_input)
req.add_header("Accept", "application/vnd.git-lfs+json")
req.add_header("Content-Type", "application/vnd.git-lfs+json")
result = urllib.request.urlopen(req)
results_python = json.load(result)
file_url = results_python['objects'][0]['actions']['download']['href']
result.close()
return file_url
def main():
# local_dir - the local directory the builder will use
# org - the org that is hosting the build repository
# repo - the rep that is hosting the build
# default_branch - the default branch to build against if no --branch argument is specified
# testing
local_dir = "/var/tmp/dinobuildr"
default_org = "mozilla"
default_repo = "dinobuildr"
default_branch = "master"
default_manifest = "production_manifest.json"
# this section parses argument(s) passed to this script
# the --branch argument specified the branch that this script will build
# against, which is useful for testing. the script will default to the master
# branch if no argument is specified.
parser = argparse.ArgumentParser()
parser.add_argument("-b", "--branch",
help="The branch name to build against. Defaults to %s" % default_branch)
parser.add_argument("-m", "--manifest",
help="The manifest to build against. Defaults to %s" % default_manifest)
parser.add_argument("-r", "--repo",
help="The repo to build against. Defaults to %s" % default_repo)
parser.add_argument("-o", "--org",
help="The org to build against. Defaults to %s" % default_org)
args = parser.parse_args()
if args.branch is None:
branch = default_branch
else:
branch = args.branch
if args.manifest is None:
manifest = default_manifest
else:
manifest = args.manifest
if args.repo is None:
repo = default_repo
else:
repo = args.repo
if args.org is None:
org = default_org
else:
org = args.org
# os.environ - an environment variable for the builder's local directory to be
# passed on to shells scripts
os.environ["DINOPATH"] = local_dir
# lfs_url - the generic LFS url structure that github uses
# raw_url - the generic RAW url structure that github uses
# manifest_url - the url of the manifest file
# manifest_hash - the hash of the manifest file
# manifest_file - the expected filepath of the manifest file
lfs_url = "https://github.com/%s/%s.git/info/lfs/objects/batch" % (org, repo)
raw_url = "https://raw.githubusercontent.com/%s/%s/%s/" % (org, repo, branch)
manifest_url = "https://raw.githubusercontent.com/%s/%s/%s/%s" % (org, repo, branch, manifest)
manifest_file = "%s/%s" % (local_dir, manifest)
# check to see if user ran with sudo , since it's required
if os.getuid() != 0:
print("This script requires root to run, please try again with sudo.")
exit(1)
# if the local directory doesn't exist, we make it.
if not os.path.exists(local_dir):
os.makedirs(local_dir)
# download the manifest.json file.
print("\nDownloading the manifest file and hash-checking it.\n")
print(manifest_url)
print(manifest_file)
downloader(manifest_url, manifest_file)
print("\n***** DINOBUILDR IS BUILDING. RAWR. *****\n")
print("Building against the [%s] branch and the %s manifest\n" % (branch, manifest))
# we read the manifest file and examine each object in it. if the object is a
# .pkg file, then we assemble the download url of the pointer, read the pointer
# and request the file from LFS. if the file we get has a hash that matches
# what's in the manifest, we Popen the installer function if the object is a
# .sh file, we assemble the download url and download the file directly. if the
# script we get has a hash that matches what's in the manifest, we set the
# execute flag and Popen the script_exec function. same with dmgs, although
# dmgs are real complicated so we may end up running an arbitrary command,
# copying the installer or installing a pkg.
with open(manifest_file, 'r') as manifest_data:
data = json.load(manifest_data)
for item in data['packages']:
if item['filename'] != "":
file_name = item['filename']
else:
file_name = (
item['url'].replace('${version}', item['version'])
).rsplit('/', 1)[-1]
# TODO: this variable name is dumb, this is the path to the file we're
# working with
local_path = "%s/%s" % (local_dir, file_name)
if item['type'] == "pkg-lfs":
dl_url = raw_url + item['url']
json_data = pointer_to_json(dl_url)
lfsfile_url = get_lfs_url(json_data, lfs_url)
print("Downloading:", item['item'])
downloader(lfsfile_url, local_path)
hash_file(local_path, item['hash'])
print("Installing:", item['item'])
pkg_install(local_path)
print("\r")
if item['type'] == "pkg":
dl_url = item['url'].replace('${version}', item['version'])
print("Downloading:", item['item'])
downloader(dl_url, local_path)
hash_file(local_path, item['hash'])
print("Installing:", item['item'])
pkg_install(local_path)
print("\r")
if item['type'] == "shell":
dl_url = raw_url + item['url']
print("Downloading:", item['item'])
downloader(dl_url, local_path)
hash_file(local_path, item['hash'])
print("Executing:", item['item'])
perms = os.stat(local_path)
os.chmod(local_path, perms.st_mode | stat.S_IEXEC)
script_exec(local_path)
print("\r")
if item['type'] == "dmg":
# TODO: consisitency: there should be URL checks everywhere or do this
# TODO: dmg-installer / dmg-advanced are not being checked to allow
# for functionality that should be in a downloader function
# in the manifest generator
if item['url'] == '':
print("No URL specified for %s" % item['item'])
break
dl_url = item['url'].replace('${version}', item['version'])
print("Downloading:", item['item'])
downloader(dl_url, local_path)
hash_file(local_path, item['hash'])
if item['dmg-installer'] != '':
print("Installing:", item['dmg-installer'])
if item['dmg-advanced'] != '':
print("Getting fancy and executing:", item['dmg-advanced'])
if item['dmg-installer'] == '' and item['dmg-advanced'] == '':
print(("No installer or install command specified for %s."
"Assuming this is download only." % item['item']))
if item['dmg-installer'] != '':
dmg_install(local_path, item['dmg-installer'])
if item['dmg-advanced'] != '':
dmg_install(local_path, '', item['dmg-advanced'])
print("\r")
if item['type'] == "file-lfs":
if item['url'] == '':
print("No URL specified for %s" % item['item'])
break
dl_url = raw_url + item['url']
json_data = pointer_to_json(dl_url)
lfsfile_url = get_lfs_url(json_data, lfs_url)
print("Downloading:", item['item'])
downloader(lfsfile_url, local_path)
hash_file(local_path, item['hash'])
print("File downloaded to:", local_path)
print("\r")
if item['type'] == "file":
if item['url'] == '':
print("No URL specified for %s" % item['item'])
break
dl_url = raw_url + item['url']
print("Downloading:", item['item'])
downloader(dl_url, local_path)
hash_file(local_path, item['hash'])
print("File downloaded to:", local_path)
print("\r")
if item['type'] == "mobileconfig":
dl_url = raw_url + item['url']
print("Downloading:", item['item'])
downloader(dl_url, local_path)
hash_file(local_path, item['hash'])
print("Applying Mobileconfig:", item['item'])
mobileconfig_install(local_path)
print("\r")
# delete the temporary directory we've been downloading packages into.
print("Cleanup: Deleting %s" % local_dir)
shutil.rmtree(local_dir)
print("Build complete!")
if __name__ == '__main__':
main()