blob: 97e3d7f72ad95d6a5512576c68c084cf5500827c (
plain) (
tree)
|
|
#!/usr/bin/env python
# Synchronize Cryptech git repositories by scraping URLs from the
# automatically generated Trac page. Yes, we know too much about how
# the generation script and Trac format this page, c'est la vie.
#
# Python's built-in support for HTTPS is a bit primative, we could do
# better with something like PyCURL, but we want this to run with just
# the standard Python libraries, so we're stranded in kludge city.
from urllib import urlopen
from xml.etree.ElementTree import ElementTree
from subprocess import check_call
from tempfile import NamedTemporaryFile
import sys
import os
# URL for automatically generated Trac page listing repositories.
trac_page = "https://wiki.cryptech.is/wiki/GitRepositories"
# PEM-encoded CA certificate covering Cryptech web services.
cacert = '''\
-----BEGIN CERTIFICATE-----
MIIERzCCAy+gAwIBAgIBADANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCTUExEDAOBgNVBAcTB1JlYWRpbmcxITAfBgNVBAoTGEdydW5jaHdl
YXRoZXIgQXNzb2NpYXRlczEkMCIGCSqGSIb3DQEJARYVcG9zdG1hc3RlckBoYWN0
cm4ubmV0MCAXDTEwMDkyNTA1MzQ0MloYDzIxMDkwOTI1MDUzNDQyWjB1MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcTB1JlYWRpbmcxITAfBgNVBAoT
GEdydW5jaHdlYXRoZXIgQXNzb2NpYXRlczEkMCIGCSqGSIb3DQEJARYVcG9zdG1h
c3RlckBoYWN0cm4ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
wf723VEaWozuyJCytEgFkEMXDd17RTChb4RCpqFrlswbKEk4/Vw7IvBeLYNfl5F8
1hx6ca7CU4qD+4tVkanJ7dJhT9a1jWPKjx/Xz8rpZBSDzgiDZNlgX4giDHjG3Ju8
QcT9Elpx4SEBxeaVEl2AXXsShv1PrSpCt9WUdS+0NQkA7z3cXASNPOBFoITM37pC
21nuQuocpjFTaGXw5s3/FhVgcKSUHmQN5UdYK5N2w7pcn7UV2v92UFYSG9cEjQL5
DfPqzJeLemzmUl+XBqSfY/gPCyJdAPOudflnFyptVv3BrmMQYEyJBeRnt2o5aYWd
q1w2wB2HPsEglm1K19gEoQIDAQABo4HfMIHcMAwGA1UdEwQFMAMBAf8wCwYDVR0P
BAQDAgEGMB0GA1UdDgQWBBQkrUZV1MeYpBcTnpsuT60UPRjCZjCBnwYDVR0jBIGX
MIGUgBQkrUZV1MeYpBcTnpsuT60UPRjCZqF5pHcwdTELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAk1BMRAwDgYDVQQHEwdSZWFkaW5nMSEwHwYDVQQKExhHcnVuY2h3ZWF0
aGVyIEFzc29jaWF0ZXMxJDAiBgkqhkiG9w0BCQEWFXBvc3RtYXN0ZXJAaGFjdHJu
Lm5ldIIBADANBgkqhkiG9w0BAQUFAAOCAQEAMeBzm4x6hlwbcrR8AcjSP4S/8+pW
4WsmkuKlZMyP/E4rc2DpVBi9WRnLtQoQ+FDU47VkG1D97i+HYx1Ky7W8oU4YB3Xr
ptoAenVmiQOVnbMluuQlxBa8JbOizt+BzL0NJEC6gHvCYT5SmFFsJgXBQZNPpRJb
cDzuilf3b6vCFtRL+hD75VFLkljQWUWt59cNPGhtBItsq3q72LZ2ftPgk9ufC2h3
whlvaaZldSFGnPRcFgXYYUootSh0yUW2lIHn52s/tPRN6XXnrdz+cLUCCchSkPOi
Q9q/UFgaXUetsqlb56PINOrLZUpAfqC4xFBVVo2oI0ubFq173QlATQpn/w==
-----END CERTIFICATE-----
'''
try:
ssl_cert_file = NamedTemporaryFile("w")
ssl_cert_file.write(cacert)
ssl_cert_file.flush()
try:
os.fchmod(ssl_cert_file.fileno(), 0600)
except:
pass
os.environ["SSL_CERT_FILE"] = ssl_cert_file.name # OpenSSL looks for this
os.environ["GIT_SSL_CAINFO"] = ssl_cert_file.name # Git looks for this
head = "https://git.cryptech.is/"
tail = ".git"
errs = 0
for elt in ElementTree(file = urlopen(trac_page)).iter("{http://www.w3.org/1999/xhtml}tt"):
if elt.text.startswith(head) and elt.text.endswith(tail):
url = elt.text
repo = url[len(head):-len(tail)]
pull = os.path.isdir(repo)
print
print url
try:
if pull:
check_call(("git", "pull"), cwd = repo)
else:
check_call(("git", "clone", url, repo))
except:
print "** Error", "pulling" if pull else "cloning", repo
errs += 1
finally:
ssl_cert_file.close()
sys.exit(errs)
|