diff options
Diffstat (limited to 'bitbake/bin/bitbake-hashserv')
-rwxr-xr-x | bitbake/bin/bitbake-hashserv | 147 |
1 files changed, 127 insertions, 20 deletions
diff --git a/bitbake/bin/bitbake-hashserv b/bitbake/bin/bitbake-hashserv index 153f65a378..4bfb7abfbc 100755 --- a/bitbake/bin/bitbake-hashserv +++ b/bitbake/bin/bitbake-hashserv | |||
@@ -10,55 +10,162 @@ import sys | |||
10 | import logging | 10 | import logging |
11 | import argparse | 11 | import argparse |
12 | import sqlite3 | 12 | import sqlite3 |
13 | import warnings | ||
13 | 14 | ||
14 | sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(__file__)), 'lib')) | 15 | warnings.simplefilter("default") |
16 | |||
17 | sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(__file__)), "lib")) | ||
15 | 18 | ||
16 | import hashserv | 19 | import hashserv |
20 | from hashserv.server import DEFAULT_ANON_PERMS | ||
17 | 21 | ||
18 | VERSION = "1.0.0" | 22 | VERSION = "1.0.0" |
19 | 23 | ||
20 | DEFAULT_BIND = 'unix://./hashserve.sock' | 24 | DEFAULT_BIND = "unix://./hashserve.sock" |
21 | 25 | ||
22 | 26 | ||
23 | def main(): | 27 | def main(): |
24 | parser = argparse.ArgumentParser(description='Hash Equivalence Reference Server. Version=%s' % VERSION, | 28 | parser = argparse.ArgumentParser( |
25 | epilog='''The bind address is the path to a unix domain socket if it is | 29 | description="Hash Equivalence Reference Server. Version=%s" % VERSION, |
26 | prefixed with "unix://". Otherwise, it is an IP address | 30 | formatter_class=argparse.RawTextHelpFormatter, |
27 | and port in form ADDRESS:PORT. To bind to all addresses, leave | 31 | epilog=""" |
28 | the ADDRESS empty, e.g. "--bind :8686". To bind to a specific | 32 | The bind address may take one of the following formats: |
29 | IPv6 address, enclose the address in "[]", e.g. | 33 | unix://PATH - Bind to unix domain socket at PATH |
30 | "--bind [::1]:8686"''' | 34 | ws://ADDRESS:PORT - Bind to websocket on ADDRESS:PORT |
31 | ) | 35 | ADDRESS:PORT - Bind to raw TCP socket on ADDRESS:PORT |
32 | 36 | ||
33 | parser.add_argument('-b', '--bind', default=DEFAULT_BIND, help='Bind address (default "%(default)s")') | 37 | To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or |
34 | parser.add_argument('-d', '--database', default='./hashserv.db', help='Database file (default "%(default)s")') | 38 | "--bind ws://:8686". To bind to a specific IPv6 address, enclose the address in |
35 | parser.add_argument('-l', '--log', default='WARNING', help='Set logging level') | 39 | "[]", e.g. "--bind [::1]:8686" or "--bind ws://[::1]:8686" |
36 | parser.add_argument('-u', '--upstream', help='Upstream hashserv to pull hashes from') | 40 | |
37 | parser.add_argument('-r', '--read-only', action='store_true', help='Disallow write operations from clients') | 41 | Note that the default Anonymous permissions are designed to not break existing |
42 | server instances when upgrading, but are not particularly secure defaults. If | ||
43 | you want to use authentication, it is recommended that you use "--anon-perms | ||
44 | @read" to only give anonymous users read access, or "--anon-perms @none" to | ||
45 | give un-authenticated users no access at all. | ||
46 | |||
47 | Setting "--anon-perms @all" or "--anon-perms @user-admin" is not allowed, since | ||
48 | this would allow anonymous users to manage all users accounts, which is a bad | ||
49 | idea. | ||
50 | |||
51 | If you are using user authentication, you should run your server in websockets | ||
52 | mode with an SSL terminating load balancer in front of it (as this server does | ||
53 | not implement SSL). Otherwise all usernames and passwords will be transmitted | ||
54 | in the clear. When configured this way, clients can connect using a secure | ||
55 | websocket, as in "wss://SERVER:PORT" | ||
56 | |||
57 | The following permissions are supported by the server: | ||
58 | |||
59 | @none - No permissions | ||
60 | @read - The ability to read equivalent hashes from the server | ||
61 | @report - The ability to report equivalent hashes to the server | ||
62 | @db-admin - Manage the hash database(s). This includes cleaning the | ||
63 | database, removing hashes, etc. | ||
64 | @user-admin - The ability to manage user accounts. This includes, creating | ||
65 | users, deleting users, resetting login tokens, and assigning | ||
66 | permissions. | ||
67 | @all - All possible permissions, including any that may be added | ||
68 | in the future | ||
69 | """, | ||
70 | ) | ||
71 | |||
72 | parser.add_argument( | ||
73 | "-b", | ||
74 | "--bind", | ||
75 | default=os.environ.get("HASHSERVER_BIND", DEFAULT_BIND), | ||
76 | help='Bind address (default $HASHSERVER_BIND, "%(default)s")', | ||
77 | ) | ||
78 | parser.add_argument( | ||
79 | "-d", | ||
80 | "--database", | ||
81 | default=os.environ.get("HASHSERVER_DB", "./hashserv.db"), | ||
82 | help='Database file (default $HASHSERVER_DB, "%(default)s")', | ||
83 | ) | ||
84 | parser.add_argument( | ||
85 | "-l", | ||
86 | "--log", | ||
87 | default=os.environ.get("HASHSERVER_LOG_LEVEL", "WARNING"), | ||
88 | help='Set logging level (default $HASHSERVER_LOG_LEVEL, "%(default)s")', | ||
89 | ) | ||
90 | parser.add_argument( | ||
91 | "-u", | ||
92 | "--upstream", | ||
93 | default=os.environ.get("HASHSERVER_UPSTREAM", None), | ||
94 | help="Upstream hashserv to pull hashes from ($HASHSERVER_UPSTREAM)", | ||
95 | ) | ||
96 | parser.add_argument( | ||
97 | "-r", | ||
98 | "--read-only", | ||
99 | action="store_true", | ||
100 | help="Disallow write operations from clients ($HASHSERVER_READ_ONLY)", | ||
101 | ) | ||
102 | parser.add_argument( | ||
103 | "--db-username", | ||
104 | default=os.environ.get("HASHSERVER_DB_USERNAME", None), | ||
105 | help="Database username ($HASHSERVER_DB_USERNAME)", | ||
106 | ) | ||
107 | parser.add_argument( | ||
108 | "--db-password", | ||
109 | default=os.environ.get("HASHSERVER_DB_PASSWORD", None), | ||
110 | help="Database password ($HASHSERVER_DB_PASSWORD)", | ||
111 | ) | ||
112 | parser.add_argument( | ||
113 | "--anon-perms", | ||
114 | metavar="PERM[,PERM[,...]]", | ||
115 | default=os.environ.get("HASHSERVER_ANON_PERMS", ",".join(DEFAULT_ANON_PERMS)), | ||
116 | help='Permissions to give anonymous users (default $HASHSERVER_ANON_PERMS, "%(default)s")', | ||
117 | ) | ||
118 | parser.add_argument( | ||
119 | "--admin-user", | ||
120 | default=os.environ.get("HASHSERVER_ADMIN_USER", None), | ||
121 | help="Create default admin user with name ADMIN_USER ($HASHSERVER_ADMIN_USER)", | ||
122 | ) | ||
123 | parser.add_argument( | ||
124 | "--admin-password", | ||
125 | default=os.environ.get("HASHSERVER_ADMIN_PASSWORD", None), | ||
126 | help="Create default admin user with password ADMIN_PASSWORD ($HASHSERVER_ADMIN_PASSWORD)", | ||
127 | ) | ||
38 | 128 | ||
39 | args = parser.parse_args() | 129 | args = parser.parse_args() |
40 | 130 | ||
41 | logger = logging.getLogger('hashserv') | 131 | logger = logging.getLogger("hashserv") |
42 | 132 | ||
43 | level = getattr(logging, args.log.upper(), None) | 133 | level = getattr(logging, args.log.upper(), None) |
44 | if not isinstance(level, int): | 134 | if not isinstance(level, int): |
45 | raise ValueError('Invalid log level: %s' % args.log) | 135 | raise ValueError("Invalid log level: %s (Try ERROR/WARNING/INFO/DEBUG)" % args.log) |
46 | 136 | ||
47 | logger.setLevel(level) | 137 | logger.setLevel(level) |
48 | console = logging.StreamHandler() | 138 | console = logging.StreamHandler() |
49 | console.setLevel(level) | 139 | console.setLevel(level) |
50 | logger.addHandler(console) | 140 | logger.addHandler(console) |
51 | 141 | ||
52 | server = hashserv.create_server(args.bind, args.database, upstream=args.upstream, read_only=args.read_only) | 142 | read_only = (os.environ.get("HASHSERVER_READ_ONLY", "0") == "1") or args.read_only |
143 | if "," in args.anon_perms: | ||
144 | anon_perms = args.anon_perms.split(",") | ||
145 | else: | ||
146 | anon_perms = args.anon_perms.split() | ||
147 | |||
148 | server = hashserv.create_server( | ||
149 | args.bind, | ||
150 | args.database, | ||
151 | upstream=args.upstream, | ||
152 | read_only=read_only, | ||
153 | db_username=args.db_username, | ||
154 | db_password=args.db_password, | ||
155 | anon_perms=anon_perms, | ||
156 | admin_username=args.admin_user, | ||
157 | admin_password=args.admin_password, | ||
158 | ) | ||
53 | server.serve_forever() | 159 | server.serve_forever() |
54 | return 0 | 160 | return 0 |
55 | 161 | ||
56 | 162 | ||
57 | if __name__ == '__main__': | 163 | if __name__ == "__main__": |
58 | try: | 164 | try: |
59 | ret = main() | 165 | ret = main() |
60 | except Exception: | 166 | except Exception: |
61 | ret = 1 | 167 | ret = 1 |
62 | import traceback | 168 | import traceback |
169 | |||
63 | traceback.print_exc() | 170 | traceback.print_exc() |
64 | sys.exit(ret) | 171 | sys.exit(ret) |