This file is indexed.

/usr/lib/python2.7/dist-packages/softwareproperties/ppa.py is in python-software-properties 0.92.36.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
#  software-properties PPA support
#
#  Copyright (c) 2004-2009 Canonical Ltd.
#
#  Author: Michael Vogt <mvo@debian.org>
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License as
#  published by the Free Software Foundation; either version 2 of the
#  License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
#  USA

from __future__ import print_function

import apt_pkg
import json
import os
import re
import shutil
import subprocess
import tempfile

from aptsources.sourceslist import SourceEntry
from gettext import gettext as _
from threading import Thread

from .shortcuts import ShortcutException

try:
    import urllib.request
    from urllib.error import HTTPError, URLError
    import urllib.parse
    from http.client import HTTPException
    NEED_PYCURL = False
except ImportError:
    NEED_PYCURL = True
    import pycurl
    HTTPError = pycurl.error


try:
  from urllib.parse import urlparse
except ImportError:
  from urlparse import urlparse


DEFAULT_KEYSERVER = "hkp://keyserver.ubuntu.com:80/"
# maintained until 2015
LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/~%s/+archive/%s'
# Specify to use the system default SSL store; change to a different path
# to test with custom certificates.
LAUNCHPAD_PPA_CERT = "/etc/ssl/certs/ca-certificates.crt"


class CurlCallback:
    def __init__(self):
        self.contents = ''

    def body_callback(self, buf):
        self.contents = self.contents + buf


class PPAException(Exception):

    def __init__(self, value, original_error=None):
        self.value = value
        self.original_error = original_error

    def __str__(self):
        return repr(self.value)


def encode(s):
    return re.sub("[^a-zA-Z0-9_-]", "_", s)


def expand_ppa_line(abrev, distro_codename):
    """ Convert an abbreviated ppa name of the form 'ppa:$name' to a
        proper sources.list line of the form 'deb ...' """
    # leave non-ppa: lines unchanged
    if not abrev.startswith("ppa:"):
        return (abrev, None)
    # FIXME: add support for dependency PPAs too (once we can get them
    #        via some sort of API, see LP #385129)
    abrev = abrev.split(":")[1]
    ppa_owner = abrev.split("/")[0]
    try:
        ppa_name = abrev.split("/")[1]
    except IndexError as e:
        ppa_name = "ppa"
    sourceslistd = apt_pkg.config.find_dir("Dir::Etc::sourceparts")
    line = "deb http://ppa.launchpad.net/%s/%s/ubuntu %s main" % (
        ppa_owner, ppa_name, distro_codename)
    filename = os.path.join(sourceslistd, "%s-%s-%s.list" % (
        encode(ppa_owner), encode(ppa_name), distro_codename))
    return (line, filename)


def get_ppa_info_from_lp(owner_name, ppa_name):
    lp_url = LAUNCHPAD_PPA_API % (owner_name, ppa_name)
    if NEED_PYCURL:
        # python2 has no cert verification so we need pycurl
        return _get_https_content_pycurl(lp_url)
    else:
        # python3 has cert verification so we can use the buildin urllib
        return _get_https_content_py3(lp_url)

def _get_https_content_py3(lp_url):
    try:
        request = urllib.request.Request(str(lp_url), headers={"Accept":" application/json"})
        lp_page = urllib.request.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)
        json_data = lp_page.read().decode("utf-8", "strict")
    except (URLError, HTTPException) as e:
        # HTTPException doesn't have a reason but might have a string
        # representation
        reason = hasattr(e, "reason") and e.reason or e
        raise PPAException("Error reading %s: %s" % (lp_url, reason), e)
    return json.loads(json_data)

def _get_https_content_pycurl(lp_url):
    # this is the fallback code for python2
    try:
        callback = CurlCallback()
        curl = pycurl.Curl()
        curl.setopt(pycurl.SSL_VERIFYPEER, 1)
        curl.setopt(pycurl.SSL_VERIFYHOST, 2)
        curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback)
        if LAUNCHPAD_PPA_CERT:
            curl.setopt(pycurl.CAINFO, LAUNCHPAD_PPA_CERT)
        curl.setopt(pycurl.URL, str(lp_url))
        curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
        curl.perform()
        curl.close()
        json_data = callback.contents
    except pycurl.error as e:
        raise PPAException("Error reading %s: %s" % (lp_url, e), e)
    return json.loads(json_data)

def verify_keyid_is_v4(signing_key_fingerprint):
    """Verify that the keyid is a v4 fingerprint with at least 160bit"""
    return len(signing_key_fingerprint) >= 160/8


class AddPPASigningKey(object):
    " thread class for adding the signing key in the background "

    GPG_DEFAULT_OPTIONS = ["gpg", "--no-default-keyring", "--no-options"]

    def __init__(self, ppa_path, keyserver=None):
        self.ppa_path = ppa_path
        self.keyserver = (keyserver if keyserver is not None
                          else DEFAULT_KEYSERVER)

    def _recv_key(self, keyring, secret_keyring, signing_key_fingerprint, keyring_dir):
        try:
            # double check that the signing key is a v4 fingerprint (160bit)
            if not verify_keyid_is_v4(signing_key_fingerprint):
                print("Error: signing key fingerprint '%s' too short" % 
                    signing_key_fingerprint)
                return False
        except TypeError:
            print("Error: signing key fingerprint does not exist")
            return False
        # then get it
        res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
            "--homedir", keyring_dir,
            "--secret-keyring", secret_keyring,
            "--keyring", keyring,
            "--keyserver", self.keyserver,
            "--recv", signing_key_fingerprint,
            ])
        return (res == 0)

    def _export_key(self, keyring, export_keyring, signing_key_fingerprint, keyring_dir):
        res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
          "--homedir", keyring_dir,
          "--keyring", keyring,
          "--output", export_keyring,
          "--export", signing_key_fingerprint,
          ])
        if res != 0:
            return False
        return True

    def _get_fingerprints(self, keyring, keyring_dir):
        cmd = self.GPG_DEFAULT_OPTIONS + [
          "--homedir", keyring_dir,
          "--keyring", keyring,
          "--fingerprint",
          "--batch",
          "--with-colons",
          ]
        output = subprocess.check_output(cmd, universal_newlines=True)
        fingerprints = []
        for line in output.splitlines():
            if line.startswith("fpr:"):
                fingerprints.append(line.split(":")[9])
        return fingerprints

    def _verify_fingerprint(self, keyring, expected_fingerprint, keyring_dir):
        got_fingerprints = self._get_fingerprints(keyring, keyring_dir)
        if len(got_fingerprints) > 1:
            print("Got '%s' fingerprints, expected only one" % 
                  len(got_fingerprints))
            return False
        got_fingerprint = got_fingerprints[0]
        if got_fingerprint != expected_fingerprint:
            print("Fingerprints do not match, not importing: '%s' != '%s'" % (
                    expected_fingerprint, got_fingerprint))
            return False
        return True

    def add_ppa_signing_key(self, ppa_path=None):
        """Query and add the corresponding PPA signing key.
        
        The signing key fingerprint is obtained from the Launchpad PPA page,
        via a secure channel, so it can be trusted.
        """
        if ppa_path is None:
            ppa_path = self.ppa_path

        def cleanup(tmpdir):
            shutil.rmtree(tmp_keyring_dir)
        owner_name, ppa_name, distro = ppa_path[1:].split('/')
        try:
            ppa_info = get_ppa_info_from_lp(owner_name, ppa_name)
        except PPAException as e:
            print(e.value)
            return False
        try:
            signing_key_fingerprint = ppa_info["signing_key_fingerprint"]
        except IndexError as e:
            print("Error: can't find signing_key_fingerprint at %s" % ppa_path)
            return False
        # create temp keyrings
        tmp_keyring_dir = tempfile.mkdtemp()
        tmp_secret_keyring = os.path.join(tmp_keyring_dir, "secring.gpg")
        tmp_keyring = os.path.join(tmp_keyring_dir, "pubring.gpg")
        #  download the key into a temp keyring first
        if not self._recv_key(
            tmp_keyring, tmp_secret_keyring, signing_key_fingerprint, tmp_keyring_dir):
            cleanup(tmp_keyring_dir)
            return False
        # now export the key into a temp keyring using the long key id
        tmp_export_keyring = os.path.join(tmp_keyring_dir, "export-keyring.gpg")
        if not self._export_key(
            tmp_keyring, tmp_export_keyring, signing_key_fingerprint, tmp_keyring_dir):
            cleanup(tmp_keyring_dir)
            return False
        # now verify the fingerprint
        if not self._verify_fingerprint(
            tmp_export_keyring, signing_key_fingerprint, tmp_keyring_dir):
            cleanup(tmp_keyring_dir)
            return False
        # and add it
        trustedgpgd = apt_pkg.config.find_dir("Dir::Etc::trustedparts")
        apt_keyring = os.path.join(trustedgpgd, "%s-%s.gpg" % (
            encode(owner_name), encode(ppa_name)))
        res = subprocess.call(["apt-key", "--keyring", apt_keyring, "add",
            tmp_keyring])
        # cleanup
        cleanup(tmp_keyring_dir)
        return (res == 0)


class AddPPASigningKeyThread(Thread, AddPPASigningKey):
    # This class is legacy.  There are no users inside the software-properties
    # codebase other than a test case.  It was left in case there were outside
    # users.  Internally, we've changed from having a class implement the
    # tread to explicitly launching a thread and invoking a method in it
    # see check_and_add_key_for_whitelisted_shortcut for how.
    def __init__(self, ppa_path, keyserver=None):
        Thread.__init__(self)
        AddPPASigningKey.__init__(self, ppa_path=ppa_path, keyserver=keyserver)

    def run(self):
        self.add_ppa_signing_key(self.ppa_path)


def _get_suggested_ppa_message(user):
    try:
        msg = []
        from launchpadlib.launchpad import Launchpad
        lp = Launchpad.login_anonymously(lp_application_name, "production")
        try:
            user_inst = lp.people[user]
            entity_name = _("team") if user_inst.is_team else _("user")
            if len(user_inst.ppas) > 0:
                # Translators: %(entity)s is either "team" or "user"
                msg.append(_("The %(entity)s named '%(user)s' has no PPA named '%(ppa)s'") % {
                        'entity' : entity_name,
                         'user' : user,
                         'ppa' : ppa_name})
                msg.append(_("Please choose from the following available PPAs:"))
                for ppa in user_inst.ppas:
                    msg.append(_(" * '%(name)s':  %(displayname)s") % {
                                 'name' : ppa.name,
                                 'displayname' : ppa.displayname})
            else:
                # Translators: %(entity)s is either "team" or "user"
                msg.append(_("The %(entity)s named '%(user)s' does not have any PPA") % {
                             'entity' : entity_name, 'user' : user})
            return '\n'.join(msg)
        except KeyError:
            return ''
    except ImportError:
        return _("Please check that the PPA name or format is correct.")


def get_ppa_info(shortcut):
    user, sep, ppa_name = shortcut.split(":")[1].partition("/")
    ppa_name = ppa_name or "ppa"

    try:
        ret = get_ppa_info_from_lp(user, ppa_name)
        return ret
    except (HTTPError, Exception) as e:
        msg = []
        msg.append(_("Cannot add PPA: '%s'.") % shortcut)
        if user.startswith("~"):
            msg.append((_("Did you mean 'ppa:%s/%s' ?") %(user[1:], ppa_name)))
            raise ShortcutException('\n'.join(msg) + "\n")

        # If the PPA does not exist, then try to find if the user/team
        # exists. If it exists, list down the PPAs
        raise ShortcutException('\n'.join(msg) + "\n" +
                                _get_suggested_ppa_message(user))

    except (ValueError, PPAException):
        raise ShortcutException(
            _("Cannot access PPA (%s) to get PPA information, "
              "please check your internet connection.") % \
              (LAUNCHPAD_PPA_API % (user, ppa_name)))


class PPAShortcutHandler(object):
    def __init__(self, shortcut):
        super(PPAShortcutHandler, self).__init__()
        info = get_ppa_info(shortcut)

        if "private" in info and info["private"]:
            raise ShortcutException(
                _("Adding private PPAs is not supported currently"))

        self._info = info
        self.shortcut = shortcut

    def info(self):
        return self._info

    def expand(self, codename):
        return expand_ppa_line(self.shortcut, codename)

    def should_confirm(self):
        return True

    def add_key(self, keyserver=None):
        (srcline, _fname) = self.expand("PPA_SCH_CODENAME")
        ppa_path = urlparse(SourceEntry(srcline).uri).path
        apsk = AddPPASigningKey(ppa_path, keyserver=keyserver)
        return apsk.add_ppa_signing_key()


def shortcut_handler(shortcut):
    if not shortcut.startswith("ppa:"):
        return None
    return PPAShortcutHandler(shortcut)


if __name__ == "__main__":
    import sys
    owner_name, ppa_name = sys.argv[1].split(":")[1].split("/")
    print(get_ppa_info_from_lp(owner_name, ppa_name))