From 5206bcd72f52bece3ff35268a2284ec4e84c6109 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 3 May 2015 23:15:33 -0400 Subject: Initial commit of my silly build script collection. --- http-sync-repos.py | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100755 http-sync-repos.py (limited to 'http-sync-repos.py') diff --git a/http-sync-repos.py b/http-sync-repos.py new file mode 100755 index 0000000..97e3d7f --- /dev/null +++ b/http-sync-repos.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python + +# Synchronize Cryptech git repositories by scraping URLs from the +# automatically generated Trac page. Yes, we know too much about how +# the generation script and Trac format this page, c'est la vie. +# +# Python's built-in support for HTTPS is a bit primative, we could do +# better with something like PyCURL, but we want this to run with just +# the standard Python libraries, so we're stranded in kludge city. + +from urllib import urlopen +from xml.etree.ElementTree import ElementTree +from subprocess import check_call +from tempfile import NamedTemporaryFile +import sys +import os + +# URL for automatically generated Trac page listing repositories. + +trac_page = "https://wiki.cryptech.is/wiki/GitRepositories" + +# PEM-encoded CA certificate covering Cryptech web services. + +cacert = '''\ +-----BEGIN CERTIFICATE----- +MIIERzCCAy+gAwIBAgIBADANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCTUExEDAOBgNVBAcTB1JlYWRpbmcxITAfBgNVBAoTGEdydW5jaHdl +YXRoZXIgQXNzb2NpYXRlczEkMCIGCSqGSIb3DQEJARYVcG9zdG1hc3RlckBoYWN0 +cm4ubmV0MCAXDTEwMDkyNTA1MzQ0MloYDzIxMDkwOTI1MDUzNDQyWjB1MQswCQYD +VQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcTB1JlYWRpbmcxITAfBgNVBAoT +GEdydW5jaHdlYXRoZXIgQXNzb2NpYXRlczEkMCIGCSqGSIb3DQEJARYVcG9zdG1h +c3RlckBoYWN0cm4ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +wf723VEaWozuyJCytEgFkEMXDd17RTChb4RCpqFrlswbKEk4/Vw7IvBeLYNfl5F8 +1hx6ca7CU4qD+4tVkanJ7dJhT9a1jWPKjx/Xz8rpZBSDzgiDZNlgX4giDHjG3Ju8 +QcT9Elpx4SEBxeaVEl2AXXsShv1PrSpCt9WUdS+0NQkA7z3cXASNPOBFoITM37pC +21nuQuocpjFTaGXw5s3/FhVgcKSUHmQN5UdYK5N2w7pcn7UV2v92UFYSG9cEjQL5 +DfPqzJeLemzmUl+XBqSfY/gPCyJdAPOudflnFyptVv3BrmMQYEyJBeRnt2o5aYWd +q1w2wB2HPsEglm1K19gEoQIDAQABo4HfMIHcMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgEGMB0GA1UdDgQWBBQkrUZV1MeYpBcTnpsuT60UPRjCZjCBnwYDVR0jBIGX +MIGUgBQkrUZV1MeYpBcTnpsuT60UPRjCZqF5pHcwdTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgTAk1BMRAwDgYDVQQHEwdSZWFkaW5nMSEwHwYDVQQKExhHcnVuY2h3ZWF0 +aGVyIEFzc29jaWF0ZXMxJDAiBgkqhkiG9w0BCQEWFXBvc3RtYXN0ZXJAaGFjdHJu +Lm5ldIIBADANBgkqhkiG9w0BAQUFAAOCAQEAMeBzm4x6hlwbcrR8AcjSP4S/8+pW +4WsmkuKlZMyP/E4rc2DpVBi9WRnLtQoQ+FDU47VkG1D97i+HYx1Ky7W8oU4YB3Xr +ptoAenVmiQOVnbMluuQlxBa8JbOizt+BzL0NJEC6gHvCYT5SmFFsJgXBQZNPpRJb +cDzuilf3b6vCFtRL+hD75VFLkljQWUWt59cNPGhtBItsq3q72LZ2ftPgk9ufC2h3 +whlvaaZldSFGnPRcFgXYYUootSh0yUW2lIHn52s/tPRN6XXnrdz+cLUCCchSkPOi +Q9q/UFgaXUetsqlb56PINOrLZUpAfqC4xFBVVo2oI0ubFq173QlATQpn/w== +-----END CERTIFICATE----- +''' + +try: + ssl_cert_file = NamedTemporaryFile("w") + ssl_cert_file.write(cacert) + ssl_cert_file.flush() + try: + os.fchmod(ssl_cert_file.fileno(), 0600) + except: + pass + os.environ["SSL_CERT_FILE"] = ssl_cert_file.name # OpenSSL looks for this + os.environ["GIT_SSL_CAINFO"] = ssl_cert_file.name # Git looks for this + + head = "https://git.cryptech.is/" + tail = ".git" + errs = 0 + + for elt in ElementTree(file = urlopen(trac_page)).iter("{http://www.w3.org/1999/xhtml}tt"): + if elt.text.startswith(head) and elt.text.endswith(tail): + url = elt.text + repo = url[len(head):-len(tail)] + pull = os.path.isdir(repo) + print + print url + try: + if pull: + check_call(("git", "pull"), cwd = repo) + else: + check_call(("git", "clone", url, repo)) + except: + print "** Error", "pulling" if pull else "cloning", repo + errs += 1 + +finally: + ssl_cert_file.close() + +sys.exit(errs) -- cgit v1.2.3