smart_proxy_omaha 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3153cfdac54b440908156dbada4b9af261c53cd5
-  data.tar.gz: f35c54968e7f16b970c8e34434dfef41afa8bebb
+  metadata.gz: 4a6708a296e67836993cc8002728a630e3eb1aa3
+  data.tar.gz: 2d1a008d27a6500d01cf0f286d2de64c0a87ed47
 SHA512:
-  metadata.gz: 126dc938473bd16fb5c3cdf64d4fef7800610f22ac86473d989b654b75126c2ccb1c8bd0f05b28183de756668f156ba21bb298a3dd083bb52d5b199d9e0ebd9f
-  data.tar.gz: e40cc9ad0d51dcaf14fdc61a2769daa70bf4da74ce8c676208c55c0b6d6c134a91b8d9723ab83345bf49650649d20c9e825351359d043091b706052a20227e9c
+  metadata.gz: 1242a70477fb372e90003aae5d9b1efdc0cb081da403e1ef95f03d58cbe447c0b494ca0eff0829d2ad6ac6a6906ff4e599a236f719cdf9caa7777f4440db382b
+  data.tar.gz: ccd486cf864f01b2ac4d76c72ea901de33399a03fd6aeb1a0b8fc6cff8125da562b4aa2c48d44f9c47caeb51ac0c17d615a2f33e030f79cd51d3d2eb20930022

data/README.md

@@ -28,17 +28,25 @@ Do not forget to register the smart proxy in Foreman via the user interface.
 ## Host Configuration
 
 You need to configure your CoreOS hosts to connect to the Omaha smart-proxy for updates. You can either configure your servers manually or use cloud-config.
+If your smart-proxy uses a self-signed ssl certificate, you have to add the CA certificate to the CoreOS truststore. By default, the smart-proxys uses a PuppetCA certificate. To print the PuppetCA certificate, issue `cat $(puppet config print localcacert)` on any puppet enabled node.
 
 ### Using Config File
 
-Edit `/etc/coreos/update.conf`
+To add a custom CA certificate to CoreOS's truststore:
+
+```bash
+vim /etc/ssl/certs/customCA_root.pem
+sudo /usr/sbin/update-ca-certificates
+```
+
+To configure CoreOS to connect to the Omaha smart-proxy for updates, edit `/etc/coreos/update.conf`:
 
 ```
 GROUP=stable
 SERVER=https://omahaproxy.example.com:8443/omaha/v1/update
 ```
 
-Restart update engine
+Restart update engine:
 
 ```bash
 sudo systemctl restart update-engine
@@ -46,6 +54,8 @@ sudo systemctl restart update-engine
 
 ### Using Cloud-Config
 
+Configure CoreOS to connect to the Omaha smart-proxy for updates:
+
 ```yaml
 #cloud-config
 coreos:
@@ -54,6 +64,35 @@ coreos:
     server: "https://omahaproxy.example.com:8443/omaha/v1/update"
 ```
 
+Add a custom CA certificate to CoreOS's truststore:
+```yaml
+#cloud-config
+write-files:
+  - path: /etc/ssl/certs/customCA_root.pem
+    permissions: 0644
+    content: |
+      -----BEGIN CERTIFICATE-----
+      YOUR-BASE64-ENCODED-CERTIFICATE
+      -----END CERTIFICATE-----
+units:
+  - name: update-ca-certificates.service
+    command: start
+    content: |
+      [Unit]
+      Description=Force Update CA bundle at /etc/ssl/certs/ca-certificates.crt
+      # Since other services depend on the certificate store run this early
+      DefaultDependencies=no
+      Wants=systemd-tmpfiles-setup.service clean-ca-certificates.service
+      After=systemd-tmpfiles-setup.service clean-ca-certificates.service
+      Before=sysinit.target
+      ConditionPathIsReadWrite=/etc/ssl/certs
+
+      [Service]
+      Type=oneshot
+      ExecStart=/usr/sbin/update-ca-certificates
+```
+
+
 ### Release channels
 
 All three default release channels (alpha, beta, stable) are supported. You cannot define custom channels right now.

data/bin/smart-proxy-omaha-sync

@@ -15,6 +15,9 @@ module Proxy::LogBuffer
 end
 include Proxy::Log
 
+# Unload all other plugins
+::Proxy::Plugins.instance.loaded.delete_if { |plugin| plugin[:name] != :omaha }
+
 ::Proxy::PluginInitializer.new(::Proxy::Plugins.instance).initialize_plugins
 
 unless ::Proxy::Plugins.instance.plugin_enabled?(:omaha)

data/lib/smart_proxy_omaha/http_download.rb

@@ -1,16 +1,19 @@
 require 'thread'
+require 'base64'
 require 'smart_proxy_omaha/http_shared'
+require 'smart_proxy_omaha/http_verify'
 
 module Proxy::Omaha
   class HttpDownload
     include Proxy::Log
     include HttpShared
 
-    attr_accessor :dst, :src, :result
+    attr_accessor :dst, :src, :tmp, :result, :http_response
 
     def initialize(src, dst)
       @src = src
       @dst = dst
+      @tmp = Tempfile.new('download', File.dirname(dst))
     end
 
     def start
@@ -22,44 +25,71 @@ module Proxy::Omaha
     end
 
     def run
-      with_filelock do
-        logger.info "Downloading #{src} to #{dst}."
-        res = download
-        logger.info "Finished downloading #{dst}."
-        res
+      logger.info "#{filename}: Downloading #{src} to #{dst}."
+      unless download
+        logger.error "#{filename} failed to download."
+        return false
       end
+      logger.info "#{filename}: Finished downloading #{dst}."
+      unless valid?
+        logger.error "#{filename} is not valid. Deleting corrupt file."
+        File.unlink(tmp)
+        return false
+      end
+      # no DIGESTS file is provided for update.gz
+      # so we need to generate our own based on the
+      # http headers
+      write_digest if filename == 'update.gz'
+      finish
+    ensure
+      tmp.unlink
+      true
     end
 
     def join
       @task.join
     end
 
+    def valid?
+      verifier.valid?
+    end
+
+    def finish
+      File.rename(tmp, dst)
+      true
+    end
+
+    def write_digest
+      hexdigest = Digest.hexencode(Base64.decode64(verifier.local_md5))
+      File.open("#{dst}.DIGESTS", 'w') { |file| file.write("#{hexdigest}  #{filename}\n") }
+    end
+
     private
 
+    def verifier
+      @verifier ||= HttpVerify.new(
+        :local_file => tmp,
+        :http_request => http_response,
+        :filename => filename,
+      )
+    end
+
+    def filename
+      File.basename(dst)
+    end
+
     def download
       http, request = connection_factory(src)
 
-      http.request(request) do |response|
-        open(dst, 'w') do |io|
+      self.http_response = http.request(request) do |response|
+        open(tmp, 'w') do |io|
           response.read_body do |chunk|
             io.write chunk
           end
         end
       end
-      true
-    end
 
-    def with_filelock
-      lock = Proxy::FileLock.try_locking(dst)
-      if lock.nil?
-        false
-      else
-        begin
-          yield
-        ensure
-          Proxy::FileLock.unlock(lock)
-        end
-      end
+      true
     end
   end
 end

data/lib/smart_proxy_omaha/http_request.rb

@@ -16,5 +16,17 @@ module Proxy::Omaha
         response.body
       end
     end
+
+    def head(url)
+      http, request = connection_factory(url, :method => :head)
+
+      Timeout::timeout(10) do
+        response = http.request(request)
+
+        raise "Error retrieving from #{url}: #{response.class}" unless ["200", "201"].include?(response.code)
+
+        response
+      end
+    end
   end
 end

data/lib/smart_proxy_omaha/http_shared.rb

@@ -4,7 +4,8 @@ require 'uri'
 
 module Proxy::Omaha
   module HttpShared
-    def connection_factory(url)
+    def connection_factory(url, opts = {})
+      method = opts.fetch(:method, :get)
       uri = URI.parse(url)
 
       if Proxy::Omaha::Plugin.settings.proxy.to_s.empty?
@@ -22,7 +23,15 @@ module Proxy::Omaha
         http.use_ssl = true
       end
 
-      request = Net::HTTP::Get.new(uri.request_uri)
+      request_class = case method
+                        when :get
+                          Net::HTTP::Get
+                        when :head
+                          Net::HTTP::Head
+                        else
+                          raise "Unknown request class"
+                        end
+      request = request_class.new(uri.request_uri)
 
       [http, request]
     end

data/lib/smart_proxy_omaha/http_verify.rb

@@ -0,0 +1,73 @@
+module Proxy::Omaha
+  class HttpVerify
+    include Proxy::Log
+
+    attr_accessor :http_request, :local_file, :filename
+
+    def initialize(opts = {})
+      self.http_request = opts.fetch(:http_request)
+      self.local_file = opts.fetch(:local_file)
+      self.filename = opts.fetch(:filename, File.basename(local_file))
+    end
+
+    def valid?
+      logger.debug "#{filename}: Verifying if file is valid."
+      return false unless file_size_valid?
+      return false if headers['x-goog-hash'] && !md5_hash_valid?
+      true
+    end
+
+    def file_size_valid?
+      unless remote_size
+        logger.error "#{filename}: Cannot determine remote file size."
+        return false
+      end
+      unless local_size == remote_size
+        logger.debug "#{filename}: File sizes do not match. Remote: #{remote_size}, Local: #{local_size}"
+        return false
+      end
+      true
+    end
+
+    def local_size
+      File.size(local_file)
+    end
+
+    def remote_size
+      @remote_size ||= content_length
+    end
+
+    def md5_hash_valid?
+      unless local_md5 == remote_md5
+        logger.debug "#{filename}: MD5 checksums do not match. Remote: #{remote_md5}, Local: #{local_md5}"
+        return false
+      end
+      true
+    end
+
+    def remote_hashes
+      headers['x-goog-hash'].inject({}) do |hsh, header|
+        key, value = header.split('=', 2)
+        hsh[key] = value
+        hsh
+      end
+    end
+
+    def local_md5
+      @local_md5 ||= Digest::MD5.file(local_file).base64digest
+    end
+
+    def remote_md5
+      remote_hashes['md5']
+    end
+
+    def content_length
+      length = headers['content-length'] || headers['x-goog-stored-content-length']
+      length.first.to_i if length
+    end
+
+    def headers
+      @headers ||= http_request.to_hash
+    end
+  end
+end

data/lib/smart_proxy_omaha/omaha_api.rb

@@ -1,5 +1,6 @@
 require 'sinatra'
 require 'smart_proxy_omaha/omaha_protocol'
+require 'smart_proxy_omaha/release_repository'
 
 module Proxy::Omaha
 
@@ -27,7 +28,27 @@ module Proxy::Omaha
         :metadata_provider => metadata_provider
       )
       response = omaha_handler.handle
+      status response.http_status
       response.to_xml
     end
+
+    get '/tracks' do
+      release_repository.tracks.map do |track|
+        {
+          :name => track,
+          :architectures => release_repository.architectures(track)
+        }
+      end.to_json
+    end
+
+    get '/tracks/:track/:architecture' do |track, architecture|
+      not_found unless release_repository.tracks.include?(track)
+      not_found unless release_repository.architectures(track).include?(architecture)
+      release_repository.releases(track, architecture).map do |release|
+        release.to_h.merge(
+          :file_urls => release.file_urls(request.base_url)
+        )
+      end.to_json
+    end
   end
 end

data/lib/smart_proxy_omaha/omaha_protocol/errorinternalresponse.rb

@@ -0,0 +1,12 @@
+module Proxy::Omaha::OmahaProtocol
+  class Errorinternalresponse < Response
+
+    def http_status
+      500
+    end
+
+    protected
+
+    def xml_response(xml); end
+  end
+end

data/lib/smart_proxy_omaha/omaha_protocol/handler.rb

@@ -1,3 +1,5 @@
+require 'smart_proxy_omaha/track'
+
 module Proxy::Omaha::OmahaProtocol
   class Handler
     include ::Proxy::Log
@@ -22,7 +24,7 @@ module Proxy::Omaha::OmahaProtocol
         )
       end
 
-      unless ['stable', 'beta', 'alpha'].include?(request.track)
+      unless Proxy::Omaha::Track.valid?(request.track)
         logger.error "Unknown track requested. Aborting Omaha request."
         return Proxy::Omaha::OmahaProtocol::Eventacknowledgeresponse.new(
           :appid => request.appid,
@@ -32,13 +34,21 @@ module Proxy::Omaha::OmahaProtocol
       end
 
       upload_facts
-      process_report
+      process_report if request.event?
 
-      if request.updatecheck
+      if request.updatecheck?
         handle_update
-      else
+      elsif request.event?
         handle_event
+      elsif request.ping?
+        handle_ping
+      else
+        logger.info "OmahaHandler: Unknown request."
+        handle_error
       end
+    rescue StandardError => e
+      logger.error("OmahaHandler: Aw, Snap! Error: #{e}", e.backtrace)
+      handle_error
     end
 
     private
@@ -48,12 +58,29 @@ module Proxy::Omaha::OmahaProtocol
     end
 
     def handle_event
+      logger.info "OmahaHandler: Processing event."
       Proxy::Omaha::OmahaProtocol::Eventacknowledgeresponse.new(
         :appid => request.appid,
         :base_url => request.base_url
       )
     end
 
+    def handle_ping
+      logger.info "OmahaHandler: Processing ping."
+      Proxy::Omaha::OmahaProtocol::Pingresponse.new(
+        :appid => request.appid,
+        :base_url => request.base_url
+      )
+    end
+
+    def handle_error
+      Proxy::Omaha::OmahaProtocol::Errorinternalresponse.new(
+        :appid => request.appid,
+        :base_url => request.base_url,
+        :status => 'error-internal',
+      )
+    end
+
     def process_report
       report = {
         'host' => request.hostname,
@@ -66,7 +93,8 @@ module Proxy::Omaha::OmahaProtocol
 
     def handle_update
       latest_os = repository.latest_os(request.track, request.board)
-      if !latest_os.nil? && latest_os > Gem::Version.new(request.version)
+      if !latest_os.nil? && latest_os.version > Gem::Version.new(request.version)
+        logger.info "OmahaHandler: Offering update from #{request.version} to #{latest_os.version}"
         Proxy::Omaha::OmahaProtocol::Updateresponse.new(
           :appid => request.appid,
           :metadata => metadata_provider.get(request.track, latest_os, request.board),
@@ -74,6 +102,7 @@ module Proxy::Omaha::OmahaProtocol
           :base_url => request.base_url
         )
       else
+        logger.info "OmahaHandler: No update."
         Proxy::Omaha::OmahaProtocol::Noupdateresponse.new(
           :appid => request.appid,
           :base_url => request.base_url

data/lib/smart_proxy_omaha/omaha_protocol/pingresponse.rb

@@ -0,0 +1,9 @@
+module Proxy::Omaha::OmahaProtocol
+  class Pingresponse < Response
+    protected
+
+    def xml_response(xml)
+      xml.ping(:status => 'ok')
+    end
+  end
+end

data/lib/smart_proxy_omaha/omaha_protocol/request.rb

@@ -6,7 +6,7 @@ module Proxy::Omaha::OmahaProtocol
     attr_reader :appid, :version, :track, :updatecheck, :eventtype, :eventresult, :board,
       :alephversion, :oemversion, :oem,
       :platform, :osmajor, :osminor, :hostname, :ipaddress, :ipaddress6,
-      :body, :ip, :base_url
+      :body, :ip, :base_url, :ping
 
     def initialize(body, options)
       @body = body
@@ -46,6 +46,18 @@ module Proxy::Omaha::OmahaProtocol
       appid == Proxy::Omaha::OmahaProtocol::COREOS_APPID
     end
 
+    def updatecheck?
+      !@updatecheck.empty?
+    end
+
+    def ping?
+      !@ping.empty?
+    end
+
+    def event?
+      !@event.empty?
+    end
+
     private
 
     def parse_request
@@ -61,7 +73,9 @@ module Proxy::Omaha::OmahaProtocol
       @oem = xml_request.xpath('/request/app/@oem').to_s
       @platform = xml_request.xpath('/request/os/@platform').to_s
       @platform = 'CoreOS' if @platform.empty?
-      @updatecheck = !xml_request.xpath('/request/app/updatecheck').to_s.empty?
+      @updatecheck = xml_request.xpath('/request/app/updatecheck').to_s
+      @ping = xml_request.xpath('/request/app/ping').to_s
+      @event = xml_request.xpath('/request/app/event').to_s
       @eventtype = xml_request.xpath('/request/app/event/@eventtype').to_s.to_i
       @eventresult = xml_request.xpath('/request/app/event/@eventresult').to_s.to_i
     end

data/lib/smart_proxy_omaha/omaha_protocol/response.rb

@@ -17,6 +17,10 @@ module Proxy::Omaha::OmahaProtocol
       xml.to_xml
     end
 
+    def http_status
+      200
+    end
+
     protected
 
     def xml

data/lib/smart_proxy_omaha/omaha_protocol.rb

@@ -7,6 +7,8 @@ require 'smart_proxy_omaha/omaha_protocol/request'
 require 'smart_proxy_omaha/omaha_protocol/eventacknowledgeresponse'
 require 'smart_proxy_omaha/omaha_protocol/noupdateresponse'
 require 'smart_proxy_omaha/omaha_protocol/updateresponse'
+require 'smart_proxy_omaha/omaha_protocol/pingresponse'
+require 'smart_proxy_omaha/omaha_protocol/errorinternalresponse'
 require 'smart_proxy_omaha/omaha_protocol/handler'
 
 module Proxy::Omaha::OmahaProtocol

data/lib/smart_proxy_omaha/release.rb

@@ -1,4 +1,5 @@
 require 'fileutils'
+require 'digest/md5'
 require 'smart_proxy_omaha/http_download'
 require 'smart_proxy_omaha/metadata_provider'
 
@@ -7,6 +8,7 @@ module Proxy::Omaha
     include Proxy::Log
 
     attr_accessor :track, :version, :architecture
+    attr_writer :digests
 
     def initialize(options)
       @track = options.fetch(:track).to_s
@@ -14,8 +16,16 @@ module Proxy::Omaha
       @version = Gem::Version.new(options.fetch(:version))
     end
 
+    def base_path
+      @base_path ||= File.join(Proxy::Omaha::Plugin.settings.contentpath, track, architecture)
+    end
+
     def path
-      @path ||= File.join(Proxy::Omaha::Plugin.settings.contentpath, track, architecture, version.to_s)
+      @path ||= File.join(base_path, version.to_s)
+    end
+
+    def current_path
+      @current_path ||= File.join(base_path, 'current')
     end
 
     def metadata
@@ -27,7 +37,10 @@ module Proxy::Omaha
     end
 
     def valid?
-      expected_files_exist?
+      existing_files.select { |file| file !~ /\.(DIGESTS|sig)$/ }.map do |file|
+        next unless digests[file]
+        digests[file].include?(Digest::MD5.file(File.join(path, file)).hexdigest)
+      end.compact.all?
     end
 
     def create
@@ -38,6 +51,17 @@ module Proxy::Omaha
       true
     end
 
+    def current?
+      return false unless File.symlink?(current_path)
+      File.readlink(current_path) == path
+    end
+
+    def mark_as_current!
+      return true if current?
+      File.unlink(current_path) if File.symlink?(current_path)
+      FileUtils.ln_s(path, current_path)
+    end
+
     def <=>(other)
       return unless self.class === other
       version.<=>(other.version)
@@ -54,12 +78,13 @@ module Proxy::Omaha
     def download
       sources.map do |url|
         file = URI.parse(url).path.split('/').last
+        next if file_exists?(file)
         dst = File.join(path, file)
         logger.debug "Downloading file #{url} to #{dst}"
         task = ::Proxy::Omaha::HttpDownload.new(url, dst)
         task.start
         task
-      end.each(&:join).map(&:result).all?
+      end.compact.each(&:join).map(&:result).all?
     end
 
     def create_metadata
@@ -91,9 +116,17 @@ module Proxy::Omaha
       upstream = "https://#{track}.release.core-os.net/#{architecture}/#{version}"
       [
         "#{upstream}/coreos_production_pxe.vmlinuz",
+        "#{upstream}/coreos_production_pxe.DIGESTS",
         "#{upstream}/coreos_production_image.bin.bz2",
         "#{upstream}/coreos_production_image.bin.bz2.sig",
+        "#{upstream}/coreos_production_image.bin.bz2.DIGESTS",
         "#{upstream}/coreos_production_pxe_image.cpio.gz",
+        "#{upstream}/coreos_production_pxe_image.cpio.gz.DIGESTS",
+        "#{upstream}/coreos_production_vmware_raw_image.bin.bz2",
+        "#{upstream}/coreos_production_vmware_raw_image.bin.bz2.sig",
+        "#{upstream}/coreos_production_vmware_raw_image.bin.bz2.DIGESTS",
+        "#{upstream}/version.txt",
+        "#{upstream}/version.txt.DIGESTS",
         "https://update.release.core-os.net/#{architecture}/#{version}/update.gz"
       ]
     end
@@ -102,8 +135,24 @@ module Proxy::Omaha
       sources.map { |source| File.basename(source) }
     end
 
-    def expected_files_exist?
-      expected_files.map {|file| File.file?(File.join(path, file)) }.all?
+    def existing_files
+      Dir.glob(File.join(path, '*')).map { |file| File.basename(file) }
+    end
+
+    def missing_files
+      expected_files - existing_files
+    end
+
+    def digest_files
+      Dir.glob(File.join(path, '*.DIGESTS')).map { |file| File.basename(file) }
+    end
+
+    def complete?
+      missing_files.empty?
+    end
+
+    def file_exists?(file)
+      File.file?(File.join(path, file))
     end
 
     def purge
@@ -114,6 +163,45 @@ module Proxy::Omaha
       false
     end
 
+    def digests
+      @digests ||= load_digests!
+    end
+
+    def load_digests!
+      self.digests = {}
+      digest_files.each do |digest_file|
+        file = File.basename(digest_file, '.DIGESTS')
+        File.readlines(File.join(path, digest_file)).each do |line|
+          next unless line =~ /^\w+[ ]+\S+$/
+          hexdigest = line.split(/[ ]+/).first
+          self.digests[file] ||= []
+          self.digests[file] << hexdigest
+        end
+      end
+      self.digests
+    end
+
+    def to_h
+      {
+        :name => to_s,
+        :current => current?,
+        :architecture => architecture,
+        :track => track,
+        :complete => complete?,
+        :files => existing_files
+      }
+    end
+
+    def to_json
+      to_h.to_json
+    end
+
+    def file_urls(base_url)
+      existing_files.map do |file|
+        [base_url, 'omahareleases', track, architecture, self, file].join('/')
+      end
+    end
+
     private
 
     def metadata_provider

data/lib/smart_proxy_omaha/release_repository.rb

@@ -1,7 +1,25 @@
+require 'smart_proxy_omaha/release'
+
 module Proxy::Omaha
   class ReleaseRepository
     def releases(track, architecture)
-      Dir.glob(File.join(Proxy::Omaha::Plugin.settings.contentpath, track, architecture, '*')).select {|f| File.directory? f }.map { |f| Gem::Version.new(File.basename(f)) }
+      Dir.glob(File.join(Proxy::Omaha::Plugin.settings.contentpath, track, architecture, '*')).select do |f|
+        File.directory?(f) && ! File.symlink?(f)
+      end.map do |f|
+        Proxy::Omaha::Release.new(
+          :track => track,
+          :architecture => architecture,
+          :version => File.basename(f)
+        )
+      end
+    end
+
+    def tracks
+      Dir.glob(File.join(Proxy::Omaha::Plugin.settings.contentpath, '*')).select {|f| File.directory? f }.map { |f| File.basename(f) }
+    end
+
+    def architectures(track)
+      Dir.glob(File.join(Proxy::Omaha::Plugin.settings.contentpath, track, '*')).select {|f| File.directory? f }.map { |f| File.basename(f) }
     end
 
     def latest_os(track, architecture)

data/lib/smart_proxy_omaha/syncer.rb

@@ -1,4 +1,5 @@
 require 'smart_proxy_omaha/release'
+require 'smart_proxy_omaha/track'
 require 'smart_proxy_omaha/release_provider'
 
 module Proxy::Omaha
@@ -11,25 +12,32 @@ module Proxy::Omaha
         return
       end
 
-      ['alpha', 'beta', 'stable'].each do |track|
+      Proxy::Omaha::Track.all.each do |track|
         logger.debug "Syncing track: #{track}..."
-        sync_track(track)
+        releases = release_provider(track).releases
+        releases.last(sync_count).each do |release|
+          sync_release(track, release)
+        end
+        update_current_release(track, releases.last) if releases.any?
       end
     end
 
-    def sync_track(track)
-      release_provider(track).releases.last(sync_count).each do |release|
-        if release.exists?
-          if release.valid?
-            logger.info "#{track} release #{release} already exists and is valid."
-            next
-          else
-            logger.info "#{track} release #{release} is invalid. Purging."
-            release.purge
-          end
+    def sync_release(track, release)
+      if release.exists?
+        if !release.valid?
+          logger.info "#{track} release #{release} is invalid. Purging."
+          release.purge
+        elsif release.complete?
+          logger.info "#{track} release #{release} exists, is complete and valid. Skipping sync."
+          return
         end
-        release.create
       end
+      release.create
+    end
+
+    def update_current_release(track, release)
+      logger.debug "#{track}: Updating current release to #{release}"
+      release.mark_as_current!
     end
 
     private

data/lib/smart_proxy_omaha/track.rb

@@ -0,0 +1,15 @@
+module Proxy
+  module Omaha
+    module Track
+      TRACKS = ['alpha', 'beta', 'stable'].freeze
+
+      def self.all
+        TRACKS
+      end
+
+      def self.valid?(track)
+        all.include?(track)
+      end
+    end
+  end
+end

data/lib/smart_proxy_omaha/version.rb

@@ -1,5 +1,5 @@
 module Proxy
   module Omaha
-    VERSION = '0.0.2'
+    VERSION = '0.0.3'
   end
 end

data/test/fixtures/request_ping.xml

@@ -0,0 +1,6 @@
+<request protocol="3.0" version="update_engine-0.4.2" updaterversion="update_engine-0.4.2" installsource="scheduler" ismachine="1">
+  <os version="Chateau" platform="CoreOS" sp="1409.7.0_x86_64"></os>
+  <app appid="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}" version="1409.7.0" track="stable" bootid="{9f849398-6c5d-4ad2-af52-07fd168ff548}" oem="vmware" oemversion="10.1.5" alephversion="1409.7.0" machineid="904694c1f8e148f0a77ef0884711da1a" lang="en-US" board="amd64-usr" hardware_class="" delta_okay="false">
+    <ping active="1"></ping>
+  </app>
+</request>

data/test/fixtures/response_errorinternal.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<response protocol="3.0" server="example.org">
+  <daystart elapsed_seconds="0"/>
+  <app app_id="e96281a6-d1af-4bde-9a0a-97b76e56dc57" status="error-internal" />
+</response>

data/test/fixtures/response_ping.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<response protocol="3.0" server="example.org">
+  <daystart elapsed_seconds="0"/>
+  <app app_id="e96281a6-d1af-4bde-9a0a-97b76e56dc57" status="ok">
+    <ping status="ok"/>
+  </app>
+</response>

data/test/omaha/http_download_test.rb

@@ -16,7 +16,14 @@ class HttpDownloadTest < Test::Unit::TestCase
   end
 
   def test_downloads_file
-    stub_request(:get, @source_url).to_return(:status => [200, 'OK'], :body => "body")
+    stub_request(:get, @source_url).to_return(
+      :status => [200, 'OK'],
+      :body => 'body',
+      headers: {
+        'Content-Length' => 4,
+        'x-goog-hash' => 'md5=hBotaJrYa9FhFEdFPCLG/A=='
+      }
+    )
 
     http_download = ::Proxy::Omaha::HttpDownload.new(@source_url, @destination_path)
     task = http_download.start
@@ -24,11 +31,4 @@ class HttpDownloadTest < Test::Unit::TestCase
     assert_equal 'body', File.read(@destination_path)
     assert_equal true, http_download.result
   end
-
-  def test_should_skip_download_if_one_is_in_progress
-    locked = Proxy::FileLock.try_locking(@destination_path)
-    http_download = ::Proxy::Omaha::HttpDownload.new(@source_url, locked.path)
-    http_download.start.join
-    assert_equal false, http_download.result
-  end
 end

data/test/omaha/omaha_api_test.rb

@@ -11,7 +11,21 @@ end
 
 class TestReleaseRepository
   def releases(track, architecture)
-    ['1068.9.0', '1122.2.0'].map { |release| Gem::Version.new(release) }
+    ['1068.9.0', '1122.2.0'].map do |release|
+      Proxy::Omaha::Release.new(
+        :track => 'alpha',
+        :architecture => 'amd64-usr',
+        :version => release
+      )
+    end
+  end
+
+  def tracks
+    ['alpha', 'beta', 'stable']
+  end
+
+  def architectures(track)
+    ['amd64-usr']
   end
 
   def latest_os(track, architecture)
@@ -73,4 +87,33 @@ class OmahaApiTest < Test::Unit::TestCase
     assert last_response.ok?, "Last response was not ok: #{last_response.status} #{last_response.body}"
     assert_xml_equal xml_fixture('response_update_complete_error'), last_response.body
   end
+
+  def test_processes_ping
+    post "/v1/update", xml_fixture('request_ping')
+    assert last_response.ok?, "Last response was not ok: #{last_response.status} #{last_response.body}"
+    assert_xml_equal xml_fixture('response_ping'), last_response.body
+  end
+
+  def test_processes_internalerror
+    TestForemanClient.any_instance.stubs(:post_facts).raises(StandardError.new('Test Error'))
+    post "/v1/update", xml_fixture('request_update_complete_update')
+    refute last_response.ok?
+    assert_xml_equal xml_fixture('response_errorinternal'), last_response.body
+  end
+
+  def test_get_tracks
+    get "/tracks"
+    assert last_response.ok?, "Last response was not ok: #{last_response.status} #{last_response.body}"
+    parsed = JSON.parse(last_response.body)
+    assert_kind_of Array, parsed
+    assert_equal ['alpha', 'beta', 'stable'], parsed.map { |track| track['name'] }
+  end
+
+  def test_get_releases
+    get "/tracks/alpha/amd64-usr"
+    assert last_response.ok?, "Last response was not ok: #{last_response.status} #{last_response.body}"
+    parsed = JSON.parse(last_response.body)
+    assert_kind_of Array, parsed
+    assert_equal ['1068.9.0', '1122.2.0'], parsed.map { |track| track['name'] }
+  end
 end

data/test/omaha/omaha_protocol/request_test.rb

@@ -25,6 +25,10 @@ class RequestTest < Test::Unit::TestCase
     assert_equal 3, @request.eventtype
     assert_equal 2, @request.eventresult
     assert @request.updatecheck
+    assert @request.ping
+    assert_equal true, @request.ping?
+    assert_equal true, @request.event?
+    assert_equal true, @request.updatecheck?
   end
 
   def test_from_coreos

data/test/omaha/release_repository_test.rb

@@ -0,0 +1,40 @@
+require 'test_helper'
+require 'tmpdir'
+require 'smart_proxy_omaha/release_repository'
+
+class ReleaseRepositoryTest < Test::Unit::TestCase
+  def setup
+    @contentpath = Dir.mktmpdir
+    Proxy::Omaha::Plugin.load_test_settings(
+      {
+        :contentpath => @contentpath
+      }
+    )
+    @repository = Proxy::Omaha::ReleaseRepository.new
+  end
+
+  def teardown
+    FileUtils.rm_rf(@contentpath)
+  end
+
+  def test_releases
+    test_releases = [
+      '197.0.0', '206.0.0', '206.1.0', '225.1.0', '225.2.0', '226.0.0'
+    ]
+    test_releases.each do |test_release|
+      FileUtils.mkdir_p(release_path(test_release))
+    end
+
+    FileUtils.ln_s(release_path('current'), release_path('226.0.0'))
+
+    releases = @repository.releases('alpha', 'amd64-usr')
+    assert_equal test_releases.sort, releases.map(&:to_s).sort
+    assert_equal '226.0.0', @repository.latest_os('alpha', 'amd64-usr').to_s
+  end
+
+  private
+
+  def release_path(version)
+    File.join(@contentpath, 'alpha', 'amd64-usr', version)
+  end
+end

data/test/omaha/release_test.rb

@@ -23,8 +23,10 @@ class ReleaseTest < Test::Unit::TestCase
     FileUtils.rm_rf(@contentpath)
   end
 
-  def test_path
+  def test_paths
+    assert_equal "#{@contentpath}/stable/amd64-usr", @release.base_path
     assert_equal "#{@contentpath}/stable/amd64-usr/1068.9.0", @release.path
+    assert_equal "#{@contentpath}/stable/amd64-usr/current", @release.current_path
   end
 
   def test_exists?
@@ -84,21 +86,22 @@ class ReleaseTest < Test::Unit::TestCase
   end
 
   def test_download
-    stub_request(:get, /.*release\.core-os.*/).to_return(:status => [200, 'OK'], :body => "body")
-    expected = [
-      'coreos_production_pxe.vmlinuz',
-      'coreos_production_pxe_image.cpio.gz',
-      'coreos_production_image.bin.bz2',
-      'coreos_production_image.bin.bz2.sig',
-      'update.gz'
-    ]
+    stub_request(:get, /.*release\.core-os.*/).to_return(
+      :status => [200, 'OK'],
+      :body => 'body',
+      headers: {
+        'Content-Length' => 4,
+        'x-goog-hash' => 'md5=hBotaJrYa9FhFEdFPCLG/A=='
+      }
+    )
 
     assert_equal true, @release.create_path
     assert_equal true, @release.download
 
     existing_files = Dir.entries(@release.path) - ['.', '..']
 
-    assert_equal expected.sort, existing_files.sort
+    assert_equal (expected_release_files + ['update.gz.DIGESTS']).sort, existing_files.sort
+    assert_equal "841a2d689ad86bd1611447453c22c6fc  update.gz\n", File.read(File.join(@release.path, 'update.gz.DIGESTS'))
   end
 
   def test_create_metadata
@@ -117,4 +120,86 @@ class ReleaseTest < Test::Unit::TestCase
     assert File.exist?(file)
     assert_equal JSON.parse(expected), JSON.parse(File.read(file))
   end
+
+  def test_missing_existing_files
+    FileUtils.mkdir_p(@release.path)
+    refute @release.complete?
+    assert_empty @release.existing_files
+    assert_equal expected_release_files.sort, @release.missing_files.sort
+
+    expected_release_files.each do |file|
+      FileUtils.touch(File.join(@release.path, file))
+    end
+
+    assert @release.complete?
+    assert_empty @release.missing_files
+    assert_equal expected_release_files.sort, @release.existing_files.sort
+  end
+
+  def test_current_release_idempotent
+    FileUtils.mkdir_p(@release.path)
+    refute @release.current?
+    @release.mark_as_current!
+    assert @release.current?
+    symlinks = Dir.glob("#{@contentpath}/**/*").select { |f| File.symlink?(f) }
+    assert_equal 1, symlinks.count
+    @release.mark_as_current!
+    assert @release.current?
+    assert_equal symlinks, Dir.glob("#{@contentpath}/**/*").select { |f| File.symlink?(f) }
+    assert_equal @release.path, File.readlink(@release.current_path)
+  end
+
+  def test_current_release_update
+    FileUtils.mkdir_p(@release.path)
+    older = Proxy::Omaha::Release.new(
+      :track => :stable,
+      :architecture => 'amd64-usr',
+      :version => '100.0.0'
+    )
+    FileUtils.mkdir_p(older.path)
+    older.mark_as_current!
+    assert older.current?
+    refute @release.current?
+    @release.mark_as_current!
+    assert @release.current?
+    refute older.current?
+  end
+
+  def test_digests_valid
+    FileUtils.mkdir_p(@release.path)
+    File.open(File.join(@release.path, "update.gz"), 'w') { |file| file.write('body') }
+    File.open(File.join(@release.path, "update.gz.DIGESTS"), 'w') { |file| file.write("841a2d689ad86bd1611447453c22c6fc  update.gz\n") }
+    expected = {
+      'update.gz' => ['841a2d689ad86bd1611447453c22c6fc']
+    }
+    assert_equal expected, @release.digests
+    assert_equal true, @release.valid?
+  end
+
+  def test_digests_invalid
+    FileUtils.mkdir_p(@release.path)
+    File.open(File.join(@release.path, "update.gz"), 'w') { |file| file.write('invalid') }
+    File.open(File.join(@release.path, "update.gz.DIGESTS"), 'w') { |file| file.write("841a2d689ad86bd1611447453c22c6fc  update.gz\n") }
+    assert_equal false, @release.valid?
+  end
+
+  private
+
+  def expected_release_files
+    [
+      'coreos_production_pxe.vmlinuz',
+      'coreos_production_pxe.DIGESTS',
+      'coreos_production_pxe_image.cpio.gz',
+      'coreos_production_pxe_image.cpio.gz.DIGESTS',
+      'coreos_production_image.bin.bz2',
+      'coreos_production_image.bin.bz2.sig',
+      'coreos_production_image.bin.bz2.DIGESTS',
+      'coreos_production_vmware_raw_image.bin.bz2',
+      'coreos_production_vmware_raw_image.bin.bz2.sig',
+      'coreos_production_vmware_raw_image.bin.bz2.DIGESTS',
+      'update.gz',
+      'version.txt',
+      'version.txt.DIGESTS'
+    ]
+  end
 end

data/test/omaha/syncer_test.rb

@@ -12,7 +12,12 @@ class SyncerTest < Test::Unit::TestCase
       true
     end
 
+    def complete?
+      true
+    end
+
     def create; end
+    def mark_as_current!; end
   end
 
   class FakeReleaseProvider

data/test/omaha/track_test.rb

@@ -0,0 +1,13 @@
+require 'test_helper'
+require 'smart_proxy_omaha/track'
+
+class TrackTest < Test::Unit::TestCase
+
+  def test_valid
+    assert_equal true, Proxy::Omaha::Track.valid?('alpha')
+  end
+
+  def test_invalid
+    assert_equal false, Proxy::Omaha::Track.valid?('bär')
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_omaha
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Timo Goebel
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-24 00:00:00.000000000 Z
+date: 2017-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -131,15 +131,18 @@ files:
 - lib/smart_proxy_omaha/http_download.rb
 - lib/smart_proxy_omaha/http_request.rb
 - lib/smart_proxy_omaha/http_shared.rb
+- lib/smart_proxy_omaha/http_verify.rb
 - lib/smart_proxy_omaha/metadata.rb
 - lib/smart_proxy_omaha/metadata_provider.rb
 - lib/smart_proxy_omaha/omaha_api.rb
 - lib/smart_proxy_omaha/omaha_http_config.ru
 - lib/smart_proxy_omaha/omaha_plugin.rb
 - lib/smart_proxy_omaha/omaha_protocol.rb
+- lib/smart_proxy_omaha/omaha_protocol/errorinternalresponse.rb
 - lib/smart_proxy_omaha/omaha_protocol/eventacknowledgeresponse.rb
 - lib/smart_proxy_omaha/omaha_protocol/handler.rb
 - lib/smart_proxy_omaha/omaha_protocol/noupdateresponse.rb
+- lib/smart_proxy_omaha/omaha_protocol/pingresponse.rb
 - lib/smart_proxy_omaha/omaha_protocol/request.rb
 - lib/smart_proxy_omaha/omaha_protocol/response.rb
 - lib/smart_proxy_omaha/omaha_protocol/updateresponse.rb
@@ -147,13 +150,17 @@ files:
 - lib/smart_proxy_omaha/release_provider.rb
 - lib/smart_proxy_omaha/release_repository.rb
 - lib/smart_proxy_omaha/syncer.rb
+- lib/smart_proxy_omaha/track.rb
 - lib/smart_proxy_omaha/version.rb
 - settings.d/omaha.yml.example
 - smart_proxy_omaha.gemspec
+- test/fixtures/request_ping.xml
 - test/fixtures/request_update_complete_error.xml
 - test/fixtures/request_update_complete_noupdate.xml
 - test/fixtures/request_update_complete_update.xml
 - test/fixtures/request_update_download_started.xml
+- test/fixtures/response_errorinternal.xml
+- test/fixtures/response_ping.xml
 - test/fixtures/response_update_complete_error.xml
 - test/fixtures/response_update_complete_noupdate.xml
 - test/fixtures/response_update_complete_update.xml
@@ -164,8 +171,10 @@ files:
 - test/omaha/omaha_api_test.rb
 - test/omaha/omaha_protocol/request_test.rb
 - test/omaha/release_provider_test.rb
+- test/omaha/release_repository_test.rb
 - test/omaha/release_test.rb
 - test/omaha/syncer_test.rb
+- test/omaha/track_test.rb
 - test/test_helper.rb
 homepage: http://github.com/theforeman/smart_proxy_omaha
 licenses: