423 lines
17 KiB
Python
423 lines
17 KiB
Python
import os
|
|
import patch
|
|
import sys
|
|
import time
|
|
from textwrap import dedent
|
|
|
|
import debug # pyflakes:ignore
|
|
debug.debug = True
|
|
|
|
from django.conf import settings
|
|
from django.core import checks
|
|
from django.utils.module_loading import import_string
|
|
|
|
checks_run = []
|
|
|
|
def already_ran():
|
|
import inspect
|
|
outerframe = inspect.currentframe().f_back
|
|
name = outerframe.f_code.co_name
|
|
if name in checks_run:
|
|
return True
|
|
else:
|
|
checks_run.append(name)
|
|
return False
|
|
|
|
@checks.register('directories')
|
|
def check_cdn_directory_exists(app_configs, **kwargs):
|
|
"""This checks that the path from which the CDN will serve static files for
|
|
this version of the datatracker actually exists. In development and test
|
|
mode STATIC_ROOT will normally be just static/, but in production it will be
|
|
set to a different part of the file system which is served via CDN, and the
|
|
path will contain the datatracker release version.
|
|
"""
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
if settings.SERVER_MODE == 'production' and not os.path.exists(settings.STATIC_ROOT):
|
|
errors.append(checks.Error(
|
|
"The static files directory has not been set up.",
|
|
hint="Please run 'ietf/manage.py collectstatic'.",
|
|
obj=None,
|
|
id='datatracker.E001',
|
|
))
|
|
return errors
|
|
|
|
@checks.register('files')
|
|
def check_group_email_aliases_exists(app_configs, **kwargs):
|
|
from ietf.group.views import check_group_email_aliases
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
try:
|
|
ok = check_group_email_aliases()
|
|
if not ok:
|
|
errors.append(checks.Error(
|
|
"Found no aliases in the group email aliases file\n'%s'."%settings.GROUP_ALIASES_PATH,
|
|
hint="Please run ietf/bin/generate-wg-aliases to generate them.",
|
|
obj=None,
|
|
id="datatracker.E0002",
|
|
))
|
|
except IOError as e:
|
|
errors.append(checks.Error(
|
|
"Could not read group email aliases:\n %s" % e,
|
|
hint="Please run ietf/bin/generate-wg-aliases to generate them.",
|
|
obj=None,
|
|
id="datatracker.E0003",
|
|
))
|
|
|
|
return errors
|
|
|
|
@checks.register('files')
|
|
def check_doc_email_aliases_exists(app_configs, **kwargs):
|
|
from ietf.doc.views_doc import check_doc_email_aliases
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
try:
|
|
ok = check_doc_email_aliases()
|
|
if not ok:
|
|
errors.append(checks.Error(
|
|
"Found no aliases in the document email aliases file\n'%s'."%settings.DRAFT_VIRTUAL_PATH,
|
|
hint="Please run ietf/bin/generate-draft-aliases to generate them.",
|
|
obj=None,
|
|
id="datatracker.E0004",
|
|
))
|
|
except IOError as e:
|
|
errors.append(checks.Error(
|
|
"Could not read document email aliases:\n %s" % e,
|
|
hint="Please run ietf/bin/generate-draft-aliases to generate them.",
|
|
obj=None,
|
|
id="datatracker.E0005",
|
|
))
|
|
|
|
return errors
|
|
|
|
@checks.register('directories')
|
|
def check_id_submission_directories(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
for s in ("IDSUBMIT_STAGING_PATH", "IDSUBMIT_REPOSITORY_PATH", "INTERNET_DRAFT_ARCHIVE_DIR", ):
|
|
p = getattr(settings, s)
|
|
if not os.path.exists(p):
|
|
errors.append(checks.Critical(
|
|
"A directory used by the ID submission tool does not\n"
|
|
"exist at the path given in the settings file. The setting is:\n"
|
|
" %s = %s" % (s, p),
|
|
hint = ("Please either update the local settings to point at the correct\n"
|
|
"\tdirectory, or if the setting is correct, create the indicated directory.\n"),
|
|
id = "datatracker.E0006",
|
|
))
|
|
return errors
|
|
|
|
@checks.register('files')
|
|
def check_id_submission_files(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
for s in ("IDSUBMIT_IDNITS_BINARY", ):
|
|
p = getattr(settings, s)
|
|
if not os.path.exists(p):
|
|
errors.append(checks.Critical(
|
|
"A file used by the ID submission tool does not exist\n"
|
|
"at the path given in the settings file. The setting is:\n"
|
|
" %s = %s" % (s, p),
|
|
hint = ("Please either update the local settings to point at the correct\n"
|
|
"\tfile, or if the setting is correct, make sure the file is in place and\n"
|
|
"\thas the right permissions.\n"),
|
|
id = "datatracker.E0007",
|
|
))
|
|
return errors
|
|
|
|
|
|
@checks.register('directories')
|
|
def check_yang_model_directories(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
for s in ("SUBMIT_YANG_RFC_MODEL_DIR", "SUBMIT_YANG_DRAFT_MODEL_DIR", "SUBMIT_YANG_IANA_MODEL_DIR", ):
|
|
p = getattr(settings, s)
|
|
if not os.path.exists(p):
|
|
errors.append(checks.Critical(
|
|
"A directory used by the yang validation tools does\n"
|
|
"not exist at the path gvien in the settings file. The setting is:\n"
|
|
" %s = %s" % (s, p),
|
|
hint = ("Please either update your local settings to point at the correct\n"
|
|
"\tdirectory, or if the setting is correct, create the indicated directory.\n"),
|
|
id = "datatracker.E0017",
|
|
))
|
|
return errors
|
|
|
|
|
|
@checks.register('submission-checkers')
|
|
def check_id_submission_checkers(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
for checker_path in settings.IDSUBMIT_CHECKER_CLASSES:
|
|
try:
|
|
checker_class = import_string(checker_path)
|
|
except Exception as e:
|
|
errors.append(checks.Critical(
|
|
"An exception was raised when trying to import the\n"
|
|
"draft submission checker class '%s':\n %s" % (checker_path, e),
|
|
hint = "Please check that the class exists and can be imported.\n",
|
|
id = "datatracker.E0008",
|
|
))
|
|
try:
|
|
checker = checker_class()
|
|
except Exception as e:
|
|
errors.append(checks.Critical(
|
|
"An exception was raised when trying to instantiate\n"
|
|
"the draft submission checker class '%s':\n %s" % (checker_path, e),
|
|
hint = "Please check that the class can be instantiated.\n",
|
|
id = "datatracker.E0009",
|
|
))
|
|
continue
|
|
for attr in ('name',):
|
|
if not hasattr(checker, attr):
|
|
errors.append(checks.Critical(
|
|
"The draft submission checker\n '%s'\n"
|
|
"has no attribute '%s', which is required" % (checker_path, attr),
|
|
hint = "Please update the class.\n",
|
|
id = "datatracker.E0010",
|
|
))
|
|
checker_methods = ("check_file_txt", "check_file_xml", "check_fragment_txt", "check_fragment_xml", )
|
|
for method in checker_methods:
|
|
if hasattr(checker, method):
|
|
break
|
|
else:
|
|
errors.append(checks.Critical(
|
|
"The draft submission checker\n '%s'\n"
|
|
" has no recognised checker method; "
|
|
"should be one or more of %s." % (checker_path, checker_methods),
|
|
hint = "Please update the class.\n",
|
|
id = "datatracker.E0011",
|
|
))
|
|
return errors
|
|
|
|
@checks.register('directories')
|
|
def check_media_directories(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
for s in ("PHOTOS_DIR", ):
|
|
p = getattr(settings, s)
|
|
if not os.path.exists(p):
|
|
errors.append(checks.Critical(
|
|
"A directory used for media uploads and serves does\n"
|
|
"not exist at the path given in the settings file. The setting is:\n"
|
|
" %s = %s" % (s, p),
|
|
hint = ("Please either update the local settings to point at the correct\n"
|
|
"\tdirectory, or if the setting is correct, create the indicated directory.\n"),
|
|
id = "datatracker.E0012",
|
|
))
|
|
return errors
|
|
|
|
|
|
@checks.register('directories')
|
|
def check_proceedings_directories(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
for s in ("AGENDA_PATH", ):
|
|
p = getattr(settings, s)
|
|
if not os.path.exists(p):
|
|
errors.append(checks.Critical(
|
|
"A directory used for meeting materials does not\n"
|
|
"exist at the path given in the settings file. The setting is:\n"
|
|
" %s = %s" % (s, p),
|
|
hint = ("Please either update the local settings to point at the correct\n"
|
|
"\tdirectory, or if the setting is correct, create the indicated directory.\n"),
|
|
id = "datatracker.E0013",
|
|
))
|
|
return errors
|
|
|
|
@checks.register('cache')
|
|
def check_cache(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
if settings.SERVER_MODE == 'production':
|
|
from django.core.cache import cache
|
|
def cache_error(msg, errnum):
|
|
return checks.Warning(
|
|
( "A cache test failed with the message:\n '%s'.\n"
|
|
"This indicates that the cache is unavailable or not working as expected.\n"
|
|
"It will impact performance, but isn't fatal. The default cache is:\n"
|
|
" CACHES['default']['BACKEND'] = %s") % (
|
|
msg,
|
|
settings.CACHES["default"]["BACKEND"],
|
|
),
|
|
hint = "Please check that the configured cache backend is available.\n",
|
|
id = "datatracker.%s" % errnum,
|
|
)
|
|
key = "ietf:checks:check_cache"
|
|
val = os.urandom(32)
|
|
wait = 1
|
|
cache.set(key, val, wait)
|
|
if not cache.get(key) == val:
|
|
errors.append(cache_error("Could not get value from cache", "E0014"))
|
|
time.sleep(wait+1)
|
|
# should have timed out
|
|
if cache.get(key) == val:
|
|
errors.append(cache_error("Cache value didn't time out", "E0015"))
|
|
cache.set(key, val, settings.SESSION_COOKIE_AGE)
|
|
if not cache.get(key) == val:
|
|
errors.append(cache_error("Cache didn't accept session cookie age", "E0016"))
|
|
return errors
|
|
|
|
|
|
def maybe_create_svn_symlinks(settings):
|
|
site_packages_dir = None
|
|
errors = []
|
|
for p in sys.path:
|
|
if ('/env/' in p or '/venv/' in p) and '/site-packages' in p:
|
|
site_packages_dir = p
|
|
break
|
|
if site_packages_dir:
|
|
for path in settings.SVN_PACKAGES:
|
|
if os.path.exists(path):
|
|
dir, name = os.path.split(path)
|
|
package_link = os.path.join(site_packages_dir, name)
|
|
if not os.path.lexists(package_link):
|
|
os.symlink(path, package_link)
|
|
else:
|
|
errors.append(checks.Critical(
|
|
"The setting SVN_PACKAGES specify a library path which\n"
|
|
"does not exist:\n"
|
|
" %s\n" % path,
|
|
hint = "Please provide the correct python system site-package paths for\n"
|
|
"\tsvn and libsvn in SVN_PACKAGES.\n",
|
|
id = "datatracker.E0018",))
|
|
return errors
|
|
|
|
@checks.register('cache')
|
|
def check_svn_import(app_configs, **kwargs):
|
|
#
|
|
if already_ran():
|
|
return []
|
|
#
|
|
errors = []
|
|
#
|
|
errors += maybe_create_svn_symlinks(settings)
|
|
#
|
|
if settings.SERVER_MODE == 'production':
|
|
try:
|
|
import svn # pyflakes:ignore
|
|
except ImportError as e:
|
|
errors.append(checks.Critical(
|
|
"Could not import the python svn module:\n %s\n" % e,
|
|
hint = dedent("""
|
|
You are running in production mode, and the subversion bindings for python
|
|
are necessary in order to run the Trac wiki glue scripts.
|
|
|
|
However, the subversion bindings seem to be unavailable. The subversion
|
|
bindings are not available for install using pip, but must be supplied by
|
|
the system package manager. In order to be available within the python
|
|
virtualenv, ietf.checks.check_svn_import() tries to create a symlink from
|
|
the configured location of the system-provided svn package to the
|
|
site-packages directory of the virtualenv. If you get this message, that has
|
|
failed to provide the svn package.
|
|
|
|
Please install 'python-subversion' (Debian), 'subversion-python' (RedHat,
|
|
CentOS, Fedora), 'subversion-python27bindings' (BSD); and provide the
|
|
correct path to the svn package in settings.SVN_PACKAGE. Further tips are
|
|
available at https://trac.edgewall.org/wiki/TracSubversion.
|
|
|
|
""").replace('\n', '\n ').rstrip(),
|
|
id = "datatracker.E0019",
|
|
))
|
|
return errors
|
|
|
|
@checks.register('files')
|
|
def maybe_patch_library(app_configs, **kwargs):
|
|
errors = []
|
|
# Change path to our copy of django (this assumes we're running in a
|
|
# virtualenv, which we should)
|
|
import os, django
|
|
django_path = os.path.dirname(django.__file__)
|
|
library_path = os.path.dirname(django_path)
|
|
saved_cwd = os.getcwd()
|
|
os.chdir(library_path)
|
|
# All patches in settings.CHECKS_LIBRARY_PATCHES_TO_APPLY must have a
|
|
# relative file path rooted in the django dir, for instance
|
|
# 'django/db/models/fields/__init__.py'
|
|
for patch_file in settings.CHECKS_LIBRARY_PATCHES_TO_APPLY:
|
|
patch_path = os.path.join(saved_cwd, patch_file)
|
|
with open(patch_path) as f:
|
|
p = f.read()
|
|
patch_set = patch.fromfile(patch_path)
|
|
if patch_set:
|
|
if not patch_set.apply():
|
|
errors.append(checks.Warning(
|
|
"Could not apply patch from file '%s'"%patch_file,
|
|
hint="Make sure that the patch file contains a unified diff and has valid file paths",
|
|
id="datatracker.W0002",
|
|
))
|
|
else:
|
|
errors.append(checks.Warning(
|
|
"Could not parse patch file '%s'"%patch_file,
|
|
hint="Make sure that the patch file contains a unified diff",
|
|
id="datatracker.W0001",
|
|
))
|
|
os.chdir(saved_cwd)
|
|
return errors
|
|
|
|
@checks.register('security')
|
|
def check_api_key_in_local_settings(app_configs, **kwargs):
|
|
errors = []
|
|
import settings_local
|
|
if settings.SERVER_MODE == 'production':
|
|
if not ( hasattr(settings_local, 'API_PUBLIC_KEY_PEM')
|
|
and hasattr(settings_local, 'API_PRIVATE_KEY_PEM')):
|
|
errors.append(checks.Critical(
|
|
"There are no API key settings in your settings_local.py",
|
|
hint = dedent("""
|
|
You are running in production mode, and need API key settings that are
|
|
different than the default settings. Please add settings for
|
|
API_PUBLIC_KEY_PEM and API_PRIVATE_KEY_PEM to your settings local. The
|
|
content should be matching public and private keys in PEM format. You
|
|
can generate a suitable keypair with 'ssh-keygen -f apikey.pem', and then
|
|
extract the public key with 'openssl rsa -in apikey.pem -pubout > apikey.pub'.
|
|
|
|
""").replace('\n', '\n ').rstrip(),
|
|
id = "datatracker.E0020",
|
|
))
|
|
elif not ( settings_local.API_PUBLIC_KEY_PEM == settings.API_PUBLIC_KEY_PEM
|
|
and settings_local.API_PRIVATE_KEY_PEM == settings.API_PRIVATE_KEY_PEM ):
|
|
errors.append(checks.Critical(
|
|
"Your API key settings in your settings_local.py are not picked up in settings.",
|
|
hint = dedent("""
|
|
You are running in production mode, and need API key settings which are
|
|
different than the default settings. You seem to have API key settings
|
|
in settings_local.py, but they don't seem to propagate to django.conf.settings.
|
|
Please check if you have multiple settings_local.py files.
|
|
|
|
""").replace('\n', '\n ').rstrip(),
|
|
id = "datatracker.E0021",
|
|
))
|
|
|
|
return errors
|
|
|