python-support-infra/stacks/site-support/scripts__security_txt/gen.py

#!/usr/bin/python3
# Copyright (C) 2023 Sofus Albert Høgsbro Rose
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
"""This script templates and signs a `security.txt` file.

Note that:
	- This script presumes that `gpg` is installed.
	- This script presumes that the private key of the configued fingerprint is available to use with `gpg --clearsign`.
	- The keyserver is hardcoded to `keys.openpgp.org`.

To use, first adjust the following configuration block:
```python
MAILTO = 
EXPIRY = 
MAILTO_PGP_FINGERPRINT = 
DEPLOY_DOMAIN = 
```

Then, just run `./gen.py`.

**REMEMBER TO REVIEW THE GENERATED FILE BEFORE DEPLOYMENT**.
"""

import os
import sys
if not all([
	sys.version_info.major == 3,
	sys.version_info.minor in [9, 10, 11, 12, 13],
]):
	sys.exit(1)

from pathlib import Path
import platform
import shutil
import subprocess
import contextlib
from datetime import datetime
from string import Template

####################
# - Configuration
####################
MAILTO = "s174509@dtu.dk"
EXPIRY = datetime(year = 2024, month = 8, day = 1).isoformat()
MAILTO_PGP_FINGERPRINT = "E3B345EFFF5B3994BC1D12603D01BE95F3EFFEB9"
DEPLOY_DOMAIN = "https://timesigned.com"

####################
# - Constants
####################
SCRIPT_PATH = Path(__file__).resolve().parent
PATH_SECURITY_TXT = (
	SCRIPT_PATH.parent / "configs" / "site-support__security.txt"
)

####################
# - Utilities
####################
@contextlib.contextmanager
def cd_script_dir() -> None:
	cwd_orig = Path.cwd()
	
	os.chdir(SCRIPT_PATH)
	try:
		yield
	finally:
		os.chdir(cwd_orig)

####################
# - Actions
####################
def sign_security_txt() -> None:
	if PATH_SECURITY_TXT.is_file():
		PATH_SECURITY_TXT.unlink()
		## Avoid platform-defined (os.rename()) shutil.move() to existing file.
	
	with cd_script_dir():
		# Template
		with open("security.txt.unsigned.tmpl", "r") as f0:
			with open("security.txt.unsigned", "w") as f1:
				f1.write(
					Template(
						f0.read()
					).substitute(
						MAILTO = MAILTO,
						EXPIRY = EXPIRY,
						MAILTO_PGP_FINGERPRINT = MAILTO_PGP_FINGERPRINT,
						DEPLOY_DOMAIN = DEPLOY_DOMAIN,
					)
				)
		
		# Sign + Delete Templated
		subprocess.run([
			"gpg",
			"--local-user", "E3B345EFFF5B3994BC1D12603D01BE95F3EFFEB9",
			"--clearsign", "security.txt.unsigned",
		])
		Path("security.txt.unsigned").unlink()
		
		# Move
		shutil.move(
			"security.txt.unsigned.asc",
			PATH_SECURITY_TXT,
		)

####################
# - Main
####################
if __name__ == "__main__":
	sign_security_txt()
	
	# `cat` the Installed File
	with open(PATH_SECURITY_TXT, "r") as f:
		print(f.read(), end = "")
feat: Working minimal, reproducible infrastructure. 2023-08-13 04:49:19 +02:00			`#!/usr/bin/python3`
			`# Copyright (C) 2023 Sofus Albert Høgsbro Rose`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`
			"""This script templates and signs a `security.txt` file.

			`Note that:`
			- This script presumes that `gpg` is installed.
			- This script presumes that the private key of the configued fingerprint is available to use with `gpg --clearsign`.
			- The keyserver is hardcoded to `keys.openpgp.org`.

			`To use, first adjust the following configuration block:`
			```python
			`MAILTO =`
			`EXPIRY =`
			`MAILTO_PGP_FINGERPRINT =`
			`DEPLOY_DOMAIN =`
			```

			Then, just run `./gen.py`.

			`REMEMBER TO REVIEW THE GENERATED FILE BEFORE DEPLOYMENT.`
			`"""`

			`import os`
			`import sys`
			`if not all([`
			`sys.version_info.major == 3,`
			`sys.version_info.minor in [9, 10, 11, 12, 13],`
			`]):`
			`sys.exit(1)`

			`from pathlib import Path`
			`import platform`
			`import shutil`
			`import subprocess`
			`import contextlib`
			`from datetime import datetime`
			`from string import Template`

			`####################`
			`# - Configuration`
			`####################`
			`MAILTO = "s174509@dtu.dk"`
			`EXPIRY = datetime(year = 2024, month = 8, day = 1).isoformat()`
			`MAILTO_PGP_FINGERPRINT = "E3B345EFFF5B3994BC1D12603D01BE95F3EFFEB9"`
			`DEPLOY_DOMAIN = "https://timesigned.com"`

			`####################`
			`# - Constants`
			`####################`
			`SCRIPT_PATH = Path(__file__).resolve().parent`
			`PATH_SECURITY_TXT = (`
			`SCRIPT_PATH.parent / "configs" / "site-support__security.txt"`
			`)`

			`####################`
			`# - Utilities`
			`####################`
			`@contextlib.contextmanager`
			`def cd_script_dir() -> None:`
			`cwd_orig = Path.cwd()`

			`os.chdir(SCRIPT_PATH)`
			`try:`
			`yield`
			`finally:`
			`os.chdir(cwd_orig)`

			`####################`
			`# - Actions`
			`####################`
			`def sign_security_txt() -> None:`
			`if PATH_SECURITY_TXT.is_file():`
			`PATH_SECURITY_TXT.unlink()`
			`## Avoid platform-defined (os.rename()) shutil.move() to existing file.`

			`with cd_script_dir():`
			`# Template`
			`with open("security.txt.unsigned.tmpl", "r") as f0:`
			`with open("security.txt.unsigned", "w") as f1:`
			`f1.write(`
			`Template(`
			`f0.read()`
			`).substitute(`
			`MAILTO = MAILTO,`
			`EXPIRY = EXPIRY,`
			`MAILTO_PGP_FINGERPRINT = MAILTO_PGP_FINGERPRINT,`
			`DEPLOY_DOMAIN = DEPLOY_DOMAIN,`
			`)`
			`)`

			`# Sign + Delete Templated`
			`subprocess.run([`
			`"gpg",`
			`"--local-user", "E3B345EFFF5B3994BC1D12603D01BE95F3EFFEB9",`
			`"--clearsign", "security.txt.unsigned",`
			`])`
			`Path("security.txt.unsigned").unlink()`

			`# Move`
			`shutil.move(`
			`"security.txt.unsigned.asc",`
			`PATH_SECURITY_TXT,`
			`)`

			`####################`
			`# - Main`
			`####################`
			`if __name__ == "__main__":`
			`sign_security_txt()`

			# `cat` the Installed File
			`with open(PATH_SECURITY_TXT, "r") as f:`
			`print(f.read(), end = "")`