func TestNewCRLFromFileWithoutRevocations(t *testing.T) {
tryTwoKeyBytes, err := ioutil.ReadFile(tryTwoKey)
if err != nil {
t.Fatal(err)
}
tryTwoCertBytes, err := ioutil.ReadFile(tryTwoCert)
if err != nil {
t.Fatal(err)
}
crl, err := NewCRLFromFile([]byte("\n \n"), tryTwoCertBytes, tryTwoKeyBytes, "0")
if err != nil {
t.Fatal(err)
}
certList, err := x509.ParseDERCRL(crl)
if err != nil {
t.Fatal(err)
}
numCerts := len(certList.TBSCertList.RevokedCertificates)
expectedNum := 0
if expectedNum != numCerts {
t.Fatal("Wrong number of expired certificates")
}
}
func main() {
content, err := ioutil.ReadFile("studygolang.xml")
if err != nil {
log.Fatal(err)
}
var result Result
err = xml.Unmarshal(content, &result)
if err != nil {
log.Fatal(err)
}
log.Println(result)
log.Println(result.Persons[0].Name)
//input := "<?xml version=\"1.0\" encoding=\"GBK\"?><request><head><h_exch_code>800101</h_exch_code><h_bank_no>1111</h_bank_no><h_user_id>1038738897</h_user_id><h_branch_id>B00008211</h_branch_id><h_fact_date>20110321</h_fact_date><h_fact_time>16:28:30</h_fact_time><h_exch_date>20130929</h_exch_date><h_serial_no>123456</h_serial_no><h_rsp_code>hj123545</h_rsp_code><h_rsp_msg>ar</h_rsp_msg></head><body><record><user_pwd>54f9b3396fe28c208d525db21588965c</user_pwd></record></body></request>"
//inputReader := strings.NewReader(input)
content, err = ioutil.ReadFile("request.xml")
decoder := mahonia.NewDecoder("gb18030")
r := bufio.NewReader(decoder.NewReader(content))
if err != nil {
log.Fatal(err)
}
log.Println(content)
var request Request_800101
err = xml.Unmarshal(content, &request)
if err != nil {
log.Fatal(err)
}
log.Println(request)
}
// GetLocalRootCA validates if the contents of the file are a valid self-signed
// CA certificate, and returns the PEM-encoded Certificate if so
func GetLocalRootCA(baseDir string) (RootCA, error) {
paths := NewConfigPaths(baseDir)
// Check if we have a Certificate file
cert, err := ioutil.ReadFile(paths.RootCA.Cert)
if err != nil {
if os.IsNotExist(err) {
err = ErrNoLocalRootCA
}
return RootCA{}, err
}
key, err := ioutil.ReadFile(paths.RootCA.Key)
if err != nil {
if !os.IsNotExist(err) {
return RootCA{}, err
}
// There may not be a local key. It's okay to pass in a nil
// key. We'll get a root CA without a signer.
key = nil
}
rootCA, err := NewRootCA(cert, key, DefaultNodeCertExpiration)
if err == nil {
log.Debugf("successfully loaded the signer for the Root CA: %s", paths.RootCA.Cert)
}
return rootCA, err
}
func main() {
dat = make(map[string](map[string]string))
reportlog = make(map[string](map[string]string))
buf, _ := ioutil.ReadFile("static/data/data.json")
if len(buf) > 0 {
if err := json.Unmarshal(buf, &dat); err != nil {
panic(err)
}
}
buf, _ = ioutil.ReadFile("static/data/reportlog.json")
if len(buf) > 0 {
if err := json.Unmarshal(buf, &reportlog); err != nil {
panic(err)
}
}
http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
http.HandleFunc("/", index)
http.HandleFunc("/build", build) //设置访问的路由
http.HandleFunc("/setdat", setdat)
http.HandleFunc("/report", report)
http.HandleFunc("/upload", UploadServer)
err := http.ListenAndServe(dat["servermap"]["server"], nil) //设置监听的端口
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}
func (this *MixMatch) Regenerate() {
fmt.Printf("mixbench\n")
uuidData, err := ioutil.ReadFile("../uuid.go")
if err != nil {
panic(err)
}
if err := ioutil.WriteFile("./testdata/uuid.go", uuidData, 0666); err != nil {
panic(err)
}
data, err := ioutil.ReadFile("../thetest.proto")
if err != nil {
panic(err)
}
content := string(data)
for i, old := range this.Old {
content = strings.Replace(content, old, this.New[i], -1)
}
if err := ioutil.WriteFile("./testdata/thetest.proto", []byte(content), 0666); err != nil {
panic(err)
}
var regenerate = exec.Command("protoc", "--dgo_out=.", "-I="+config.ProtoPath, "./testdata/thetest.proto")
fmt.Printf("regenerating\n")
out, err := regenerate.CombinedOutput()
fmt.Printf("regenerate output: %v\n", string(out))
if err != nil {
panic(err)
}
}
func main() {
file := "file.txt"
r := gin.Default()
m := melody.New()
w, _ := fsnotify.NewWatcher()
r.GET("/", func(c *gin.Context) {
http.ServeFile(c.Writer, c.Request, "index.html")
})
r.GET("/ws", func(c *gin.Context) {
m.HandleRequest(c.Writer, c.Request)
})
m.HandleConnect(func(s *melody.Session) {
content, _ := ioutil.ReadFile(file)
s.Write(content)
})
go func() {
for {
ev := <-w.Events
if ev.Op == fsnotify.Write {
content, _ := ioutil.ReadFile(ev.Name)
m.Broadcast(content)
}
}
}()
w.Add(file)
r.Run(":5000")
}
func loadECertAndEnrollmentPrivateKey(enrollmentID string, password string) ([]byte, *ecdsa.PrivateKey, error) {
cooked, err := ioutil.ReadFile("./test_resources/key_" + enrollmentID + ".dump")
if err != nil {
return nil, nil, err
}
block, _ := pem.Decode(cooked)
decryptedBlock, err := x509.DecryptPEMBlock(block, []byte(password))
if err != nil {
return nil, nil, err
}
enrollmentPrivateKey, err := x509.ParseECPrivateKey(decryptedBlock)
if err != nil {
return nil, nil, err
}
if err != nil {
return nil, nil, err
}
ecertRaw, err := ioutil.ReadFile("./test_resources/ecert_" + enrollmentID + ".dump")
if err != nil {
return nil, nil, err
}
return ecertRaw, enrollmentPrivateKey, nil
}
func TestBuildGitbook(t *testing.T) {
for _, example := range buildGitbookTests {
tempDir, _ := ioutil.TempDir("", "example")
defer os.RemoveAll(tempDir)
config := Config{
OpencontrolDir: example.inputDir,
Certification: example.certificationPath,
ExportPath: tempDir,
MarkdownPath: example.markdownPath,
}
config.BuildGitbook()
// Loop through the expected output to verify it matches the actual output
matches, _ := filepath.Glob(filepath.Join(example.expectedOutputDir, "*", "*"))
for _, expectedfilePath := range matches {
actualFilePath := strings.Replace(expectedfilePath, example.expectedOutputDir, tempDir, -1)
expectedData, _ := ioutil.ReadFile(expectedfilePath)
actualData, _ := ioutil.ReadFile(actualFilePath)
actualDataString := strings.Replace(string(actualData), "\\", "/", -1)
// Verify the expected text is the same as the actual text
if string(expectedData) != actualDataString {
t.Errorf("Expected (%s):\n`%s`\nActual:\n`%s`", expectedfilePath, string(expectedData), string(actualData))
}
}
}
}
func compareFiles(t *testing.T, expectedFN string, actualFN string) {
var expectedBytes []byte
var actualBytes []byte
var err error
expectedBytes, err = ioutil.ReadFile(expectedFN)
if err != nil {
t.Logf("Failed to open for compare: %s\n", err.Error())
t.Fail()
return
}
actualBytes, err = ioutil.ReadFile(actualFN)
if err != nil {
t.Logf("Failed to open for compare: %s\n", err.Error())
t.FailNow()
return
}
if len(expectedBytes) != len(actualBytes) {
t.Logf("%s and %s differ in size\n", expectedFN, actualFN)
t.Fail()
return
}
if 0 != bytes.Compare(actualBytes, expectedBytes) {
t.Logf("%s and %s differ\n", expectedFN, actualFN)
t.Fail()
return
}
}
func TestUpdate(t *testing.T) {
file, err := ioutil.TempFile("", "")
if err != nil {
t.Fatal(err)
}
defer os.Remove(file.Name())
if err := Build(file.Name(), "10.11.12.13", "testhostname", "testdomainname", nil); err != nil {
t.Fatal(err)
}
content, err := ioutil.ReadFile(file.Name())
if err != nil {
t.Fatal(err)
}
if expected := "10.11.12.13\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) {
t.Fatalf("Expected to find '%s' got '%s'", expected, content)
}
if err := Update(file.Name(), "1.1.1.1", "testhostname"); err != nil {
t.Fatal(err)
}
content, err = ioutil.ReadFile(file.Name())
if err != nil {
t.Fatal(err)
}
if expected := "1.1.1.1\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) {
t.Fatalf("Expected to find '%s' got '%s'", expected, content)
}
}
func New(quiet bool) *SysInfo {
sysInfo := &SysInfo{}
if cgroupMemoryMountpoint, err := cgroups.FindCgroupMountpoint("memory"); err != nil {
if !quiet {
log.Printf("WARNING: %s\n", err)
}
} else {
_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))
_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))
sysInfo.MemoryLimit = err1 == nil && err2 == nil
if !sysInfo.MemoryLimit && !quiet {
log.Printf("WARNING: Your kernel does not support cgroup memory limit.")
}
_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
sysInfo.SwapLimit = err == nil
if !sysInfo.SwapLimit && !quiet {
log.Printf("WARNING: Your kernel does not support cgroup swap limit.")
}
}
// Check if AppArmor seems to be enabled on this system.
if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) {
sysInfo.AppArmor = false
} else {
sysInfo.AppArmor = true
}
return sysInfo
}
// FIXME: comment please!
func (runtime *Runtime) UpdateCapabilities(quiet bool) {
if cgroupMemoryMountpoint, err := utils.FindCgroupMountpoint("memory"); err != nil {
if !quiet {
log.Printf("WARNING: %s\n", err)
}
} else {
_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))
_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))
runtime.capabilities.MemoryLimit = err1 == nil && err2 == nil
if !runtime.capabilities.MemoryLimit && !quiet {
log.Printf("WARNING: Your kernel does not support cgroup memory limit.")
}
_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
runtime.capabilities.SwapLimit = err == nil
if !runtime.capabilities.SwapLimit && !quiet {
log.Printf("WARNING: Your kernel does not support cgroup swap limit.")
}
}
content, err3 := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")
runtime.capabilities.IPv4ForwardingDisabled = err3 != nil || len(content) == 0 || content[0] != '1'
if runtime.capabilities.IPv4ForwardingDisabled && !quiet {
log.Printf("WARNING: IPv4 forwarding is disabled.")
}
// Check if AppArmor seems to be enabled on this system.
if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) {
utils.Debugf("/sys/kernel/security/apparmor not found; assuming AppArmor is not enabled.")
runtime.capabilities.AppArmor = false
} else {
utils.Debugf("/sys/kernel/security/apparmor found; assuming AppArmor is enabled.")
runtime.capabilities.AppArmor = true
}
}
func TestBundleWithECDSAKeyMarshalJSON(t *testing.T) {
b := newCustomizedBundlerFromFile(t, testCFSSLRootBundle, testCFSSLIntBundle, "")
bundle, _ := b.BundleFromFile(leafECDSA256, leafKeyECDSA256, Optimal, "")
jsonBytes, err := json.Marshal(bundle)
if err != nil {
t.Fatal(err)
}
var obj map[string]interface{}
err = json.Unmarshal(jsonBytes, &obj)
if err != nil {
t.Fatal(err)
}
key := obj["key"].(string)
keyBytes, _ := ioutil.ReadFile(leafKeyECDSA256)
keyBytes = bytes.Trim(keyBytes, " \n")
if key != string(keyBytes) {
t.Fatal("key is not recovered.")
}
cert := obj["crt"].(string)
certBytes, _ := ioutil.ReadFile(leafECDSA256)
certBytes = bytes.Trim(certBytes, " \n")
if cert != string(certBytes) {
t.Fatal("cert is not recovered.")
}
keyType := obj["key_type"]
if keyType != "256-bit ECDSA" {
t.Fatal("Incorrect key type:", keyType)
}
}
// NewBundler creates a new Bundler from the files passed in; these
// files should contain a list of valid root certificates and a list
// of valid intermediate certificates, respectively.
func NewBundler(caBundleFile, intBundleFile string) (*Bundler, error) {
log.Debug("Loading CA bundle: ", caBundleFile)
caBundlePEM, err := ioutil.ReadFile(caBundleFile)
if err != nil {
log.Errorf("root bundle failed to load: %v", err)
return nil, errors.Wrap(errors.RootError, errors.ReadFailed, err)
}
log.Debug("Loading Intermediate bundle: ", intBundleFile)
intBundlePEM, err := ioutil.ReadFile(intBundleFile)
if err != nil {
log.Errorf("intermediate bundle failed to load: %v", err)
return nil, errors.Wrap(errors.IntermediatesError, errors.ReadFailed, err)
}
if _, err := os.Stat(IntermediateStash); err != nil && os.IsNotExist(err) {
log.Infof("intermediate stash directory %s doesn't exist, creating", IntermediateStash)
err = os.MkdirAll(IntermediateStash, 0755)
if err != nil {
log.Errorf("failed to create intermediate stash directory %s: %v",
IntermediateStash, err)
return nil, err
}
log.Infof("intermediate stash directory %s created", IntermediateStash)
}
return NewBundlerFromPEM(caBundlePEM, intBundlePEM)
}
// NewSignerFromFile reads the issuer cert, the responder cert and the responder key
// from PEM files, and takes an interval in seconds
func NewSignerFromFile(issuerFile, responderFile, keyFile string, interval time.Duration) (Signer, error) {
log.Debug("Loading issuer cert: ", issuerFile)
issuerBytes, err := ioutil.ReadFile(issuerFile)
if err != nil {
return nil, err
}
log.Debug("Loading responder cert: ", responderFile)
responderBytes, err := ioutil.ReadFile(responderFile)
if err != nil {
return nil, err
}
log.Debug("Loading responder key: ", keyFile)
keyBytes, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ReadFailed, err)
}
issuerCert, err := helpers.ParseCertificatePEM(issuerBytes)
if err != nil {
return nil, err
}
responderCert, err := helpers.ParseCertificatePEM(responderBytes)
if err != nil {
return nil, err
}
key, err := helpers.ParsePrivateKeyPEM(keyBytes)
if err != nil {
log.Debug("Malformed private key %v", err)
return nil, err
}
return NewSigner(issuerCert, responderCert, key, interval)
}
func TestPreserve(t *testing.T) {
var sbc SandboxConfig
sbc.ScriptFilename = "./testsupport/serialize.lua"
sbc.MemoryLimit = 64000
sbc.InstructionLimit = 1000
sb, err := lua.CreateLuaSandbox(&sbc)
if err != nil {
t.Errorf("%s", err)
}
err = sb.Init("")
if err != nil {
t.Errorf("%s", err)
}
output := "/tmp/serialize.lua.data"
saved := "./testsupport/serialize.lua.data"
err = sb.Destroy("/tmp/serialize.lua.data")
if err != nil {
t.Errorf("%s", err)
} else {
o, err := ioutil.ReadFile(output)
if err != nil {
t.Errorf("%s", err)
}
s, err := ioutil.ReadFile(saved)
if err != nil {
t.Errorf("%s", err)
}
if 0 != bytes.Compare(o, s) {
t.Errorf("The preserved data does not match")
}
}
}
func (o createAuthInfoOptions) validate() error {
if len(o.name) == 0 {
return errors.New("You must specify a non-empty user name")
}
methods := []string{}
if len(o.token.Value()) > 0 {
methods = append(methods, fmt.Sprintf("--%v", clientcmd.FlagBearerToken))
}
if len(o.username.Value()) > 0 || len(o.password.Value()) > 0 {
methods = append(methods, fmt.Sprintf("--%v/--%v", clientcmd.FlagUsername, clientcmd.FlagPassword))
}
if len(methods) > 1 {
return fmt.Errorf("You cannot specify more than one authentication method at the same time: %v", strings.Join(methods, ", "))
}
if o.embedCertData.Value() {
certPath := o.clientCertificate.Value()
keyPath := o.clientKey.Value()
if certPath == "" && keyPath == "" {
return fmt.Errorf("You must specify a --%s or --%s to embed", clientcmd.FlagCertFile, clientcmd.FlagKeyFile)
}
if certPath != "" {
if _, err := ioutil.ReadFile(certPath); err != nil {
return fmt.Errorf("Error reading %s data from %s: %v", clientcmd.FlagCertFile, certPath, err)
}
}
if keyPath != "" {
if _, err := ioutil.ReadFile(keyPath); err != nil {
return fmt.Errorf("Error reading %s data from %s: %v", clientcmd.FlagKeyFile, keyPath, err)
}
}
}
return nil
}
/*
* Fill in a template for the boot process for a machine.
*/
func templateHandler(w http.ResponseWriter, r *http.Request) {
re, _ := regexp.Compile(`^/template/([^/]*)(?:/(.*))?`)
matches := re.FindStringSubmatch(r.URL.Path)
templateFile := matches[1]
// Lowercase, no-colon representation of MAC address.
macAddress := strings.Replace(strings.ToLower(matches[2]), ":", "", -1)
// Get the remote IP address.
remoteIP := getRemoteIP(r)
serverConfig := make(map[string]string)
// Load master configuration data first.
bootData, err := ioutil.ReadFile("config/global")
if err == nil {
yaml.Unmarshal(bootData, &serverConfig)
}
// Load IP-specific configuration data next.
bootData, err = ioutil.ReadFile("config/" + remoteIP)
if err == nil {
// Read file into a temporary map and then merge.
var tempMap map[string]string
yaml.Unmarshal(bootData, &tempMap)
for k, v := range tempMap {
serverConfig[k] = v
}
}
// Lastly, load MAC-address-specific configuration.
bootData, err = ioutil.ReadFile("config/" + macAddress)
if err == nil {
// Read file into a temporary map and then merge.
var tempMap map[string]string
yaml.Unmarshal(bootData, &tempMap)
for k, v := range tempMap {
serverConfig[k] = v
}
}
// Populate default IP address and MAC address.
_, ok := serverConfig["ipAddress"]
if !ok {
serverConfig["ipAddress"] = remoteIP
}
_, ok = serverConfig["macAddress"]
if !ok {
serverConfig["macAddress"] = macAddress
}
templateData, _ := ioutil.ReadFile("templates/" + templateFile)
templ, _ := template.New("templ").Parse(string(templateData))
templ.Execute(w, serverConfig)
return
}
func TestYencodeBinary(t *testing.T) {
// open and read the input file
inbuf, err := ioutil.ReadFile("../test/test2.in")
if err != nil {
t.Fatalf("couldn't open test2.in: %s", err)
}
// open and read the yencode output file
testbuf, err := ioutil.ReadFile("../test/test2.ync")
if err != nil {
t.Fatalf("couldn't open test2.ync: %s", err)
}
// generate a dodgy message
out := new(bytes.Buffer)
io.WriteString(out, "=ybegin part=1 total=1 line=128 size=76800 name=test2.in\r\n")
io.WriteString(out, "=ypart begin=1 end=76800\r\n")
enc := newEncoder(out, LINE_LENGTH)
if err := enc.Encode(inbuf); err != nil {
t.Fatalf("write failed %s", err)
}
io.WriteString(out, "=yend size=76800 part=1 pcrc32=12AAC2CF\r\n")
// compare
if bytes.Compare(testbuf, out.Bytes()) != 0 {
t.Fatalf("data mismatch")
}
}
func load(direction string, enc encoding.Encoding) ([]byte, []byte, func() transform.Transformer, error) {
basename, ext, count := "", "", 0
for _, tf := range testdataFiles {
if tf.enc == enc {
basename, ext = tf.basename, tf.ext
count++
}
}
if count != 1 {
if count == 0 {
return nil, nil, nil, fmt.Errorf("no testdataFiles for %s", enc)
}
return nil, nil, nil, fmt.Errorf("too many testdataFiles for %s", enc)
}
dstFile := fmt.Sprintf("testdata/%s-%s.txt", basename, ext)
srcFile := fmt.Sprintf("testdata/%s-utf-8.txt", basename)
newTransformer := enc.NewEncoder
if direction == "Decode" {
dstFile, srcFile = srcFile, dstFile
newTransformer = enc.NewDecoder
}
dst, err := ioutil.ReadFile(dstFile)
if err != nil {
return nil, nil, nil, err
}
src, err := ioutil.ReadFile(srcFile)
if err != nil {
return nil, nil, nil, err
}
return dst, src, newTransformer, nil
}
// New returns a new SysInfo, using the filesystem to detect which features the kernel supports.
func New(quiet bool) *SysInfo {
sysInfo := &SysInfo{}
if cgroupMemoryMountpoint, err := cgroups.FindCgroupMountpoint("memory"); err != nil {
if !quiet {
logrus.Warnf("Your kernel does not support cgroup memory limit: %v", err)
}
} else {
// If memory cgroup is mounted, MemoryLimit is always enabled.
sysInfo.MemoryLimit = true
_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
sysInfo.SwapLimit = err1 == nil
if !sysInfo.SwapLimit && !quiet {
logrus.Warn("Your kernel does not support swap memory limit.")
}
_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.oom_control"))
sysInfo.OomKillDisable = err == nil
if !sysInfo.OomKillDisable && !quiet {
logrus.Warnf("Your kernel does not support oom control.")
}
}
if cgroupCpuMountpoint, err := cgroups.FindCgroupMountpoint("cpu"); err != nil {
if !quiet {
logrus.Warnf("%v", err)
}
} else {
_, err1 := ioutil.ReadFile(path.Join(cgroupCpuMountpoint, "cpu.cfs_quota_us"))
sysInfo.CpuCfsQuota = err1 == nil
if !sysInfo.CpuCfsQuota && !quiet {
logrus.Warn("Your kernel does not support cgroup cfs quotas")
}
}
// Checek if ipv4_forward is disabled.
if data, err := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward"); os.IsNotExist(err) {
sysInfo.IPv4ForwardingDisabled = true
} else {
if enabled, _ := strconv.Atoi(strings.TrimSpace(string(data))); enabled == 0 {
sysInfo.IPv4ForwardingDisabled = true
} else {
sysInfo.IPv4ForwardingDisabled = false
}
}
// Check if AppArmor is supported.
if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) {
sysInfo.AppArmor = false
} else {
sysInfo.AppArmor = true
}
// Check if Devices cgroup is mounted, it is hard requirement for container security.
if _, err := cgroups.FindCgroupMountpoint("devices"); err != nil {
logrus.Fatalf("Error mounting devices cgroup: %v", err)
}
return sysInfo
}
// FIXME: comment please!
func (runtime *Runtime) UpdateCapabilities(quiet bool) {
if cgroupMemoryMountpoint, err := utils.FindCgroupMountpoint("memory"); err != nil {
if !quiet {
log.Printf("WARNING: %s\n", err)
}
} else {
_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))
_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))
runtime.capabilities.MemoryLimit = err1 == nil && err2 == nil
if !runtime.capabilities.MemoryLimit && !quiet {
log.Printf("WARNING: Your kernel does not support cgroup memory limit.")
}
_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
runtime.capabilities.SwapLimit = err == nil
if !runtime.capabilities.SwapLimit && !quiet {
log.Printf("WARNING: Your kernel does not support cgroup swap limit.")
}
}
content, err3 := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")
runtime.capabilities.IPv4ForwardingDisabled = err3 != nil || len(content) == 0 || content[0] != '1'
if runtime.capabilities.IPv4ForwardingDisabled && !quiet {
log.Printf("WARNING: IPv4 forwarding is disabled.")
}
}
// NewSignerFromFile generates a new local signer from a caFile
// and a caKey file, both PEM encoded.
func NewSignerFromFile(caFile, caKeyFile string, policy *config.Signing) (*Signer, error) {
log.Debug("Loading CA: ", caFile)
ca, err := ioutil.ReadFile(caFile)
if err != nil {
return nil, err
}
log.Debug("Loading CA key: ", caKeyFile)
cakey, err := ioutil.ReadFile(caKeyFile)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ReadFailed, err)
}
parsedCa, err := helpers.ParseCertificatePEM(ca)
if err != nil {
return nil, err
}
priv, err := helpers.ParsePrivateKeyPEM(cakey)
if err != nil {
log.Debug("Malformed private key %v", err)
return nil, err
}
return NewSigner(priv, parsedCa, signer.DefaultSigAlgo(priv), policy)
}
func (d *Display) openFont(name string) (*Font, error) {
data, err := ioutil.ReadFile(name)
if err != nil && strings.HasPrefix(name, "/lib/font/bit/") {
root := os.Getenv("PLAN9")
if root == "" {
root = "/usr/local/plan9"
}
name1 := root + "/font/" + name[len("/lib/font/bit/"):]
data1, err1 := ioutil.ReadFile(name1)
name, data, err = name1, data1, err1
}
if err != nil && strings.HasPrefix(name, "/mnt/font/") {
data1, err1 := fontPipe(name[len("/mnt/font/"):])
if err1 == nil {
data, err = data1, err1
}
}
if err != nil {
return nil, err
}
return d.buildFont(data, name)
}
func (pfs *ProcFS) Get(k string) {
var uf = path.Join(procfsdir, "uptime")
switch k {
case PROCFS_SELF:
var selfdir = path.Join(procfsdir, "self")
if !exists(selfdir) {
return
}
fi, _ := os.Readlink(selfdir)
pfs.Self = fi
case PROCFS_UPTIME:
str, err := ioutil.ReadFile(uf)
if err == nil {
ss := strings.Fields(string(str))
if len(ss) >= 2 {
it, _ := strconv.ParseFloat(ss[0], 64)
pfs.Uptime = int(it)
}
}
case PROCFS_IDLETIME:
str, err := ioutil.ReadFile(uf)
if err == nil {
ss := strings.Fields(string(str))
if len(ss) >= 2 {
it, _ := strconv.ParseFloat(ss[1], 64)
pfs.Idletime = int(it)
}
}
case PROCFS_MOUNTS:
pfs.Mounts = getMounts(path.Join(procfsdir, "mounts"))
}
}
func TestLibirtPluginNet(t *testing.T) {
Convey("List interfaces", t, func() {
buf, err := ioutil.ReadFile("./test_domain.xml")
if err != nil {
panic(err)
}
domXMLStr := string(buf)
domXML := etree.NewDocument()
domXML.ReadFromString(domXMLStr)
data := listInterfaces(domXML)
So(data, ShouldResemble, []string{"tap88709cbd-90"})
})
Convey("List interfaces with no net interface", t, func() {
buf, err := ioutil.ReadFile("./test_domain_2.xml")
if err != nil {
panic(err)
}
domXMLStr := string(buf)
domXML := etree.NewDocument()
domXML.ReadFromString(domXMLStr)
data := listInterfaces(domXML)
So(data, ShouldResemble, []string{})
})
}
func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error) {
if len(certFile) == 0 {
return nil, errors.New("certFile missing")
}
if len(keyFile) == 0 {
return nil, errors.New("keyFile missing")
}
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
return nil, err
}
certs, err := cmdutil.CertificatesFromPEM(certPEMBlock)
if err != nil {
return nil, fmt.Errorf("Error reading %s: %s", certFile, err)
}
keyPEMBlock, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, err
}
keyPairCert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
return nil, err
}
key := keyPairCert.PrivateKey
return &TLSCertificateConfig{certs, key}, nil
}
func admin(keyfile, sigfile, role, op, host string, verify bool, args []string) {
if sigfile == "" {
sigfile = keyfile + ".sig"
}
adm, err := arx.LoadAdmin(keyfile, sigfile, role, host, verify)
if err != nil {
fmt.Println("Failed to load admin configuration.")
fmt.Printf("\t%v\n", err)
os.Exit(1)
} else if adm.KeySignature == nil {
fmt.Println("*** WARNING: signature could not be loaded. This probably won't work.")
}
if op == "role" {
if role == "" {
fmt.Println("No role specified.")
os.Exit(1)
} else if len(args) != 1 {
fmt.Println("No public key specified for role!")
os.Exit(1)
}
pub, err := ioutil.ReadFile(args[0])
if err != nil {
fmt.Println("Failed to load public key for new role: %v", err)
os.Exit(1)
}
err = adm.AddRole(role, pub)
if err != nil {
fmt.Printf("Request failed: %v\n", err)
os.Exit(1)
}
fmt.Println("OK.")
os.Exit(0)
} else if op == "revoke" {
if len(args) != 1 {
fmt.Println("No key selected for revocation.")
os.Exit(1)
}
pub, err := ioutil.ReadFile(args[0])
if err != nil {
fmt.Println("Failed to load public key for new role: %v", err)
os.Exit(1)
}
err = adm.RevokeKey(pub)
if err != nil {
fmt.Printf("Request failed: %v\n", err)
os.Exit(1)
}
fmt.Println("OK.")
os.Exit(0)
} else {
fmt.Println("Invalid request type. Valid request types are:")
fmt.Printf("\trole: make changes to a role\n")
fmt.Printf("\trevoke: revoke a key\n")
}
}
func LoadImage(root string) (*Image, error) {
// Load the json data
jsonData, err := ioutil.ReadFile(jsonPath(root))
if err != nil {
return nil, err
}
img := &Image{}
if err := json.Unmarshal(jsonData, img); err != nil {
return nil, err
}
if err := ValidateID(img.ID); err != nil {
return nil, err
}
if buf, err := ioutil.ReadFile(path.Join(root, "layersize")); err != nil {
if !os.IsNotExist(err) {
return nil, err
}
// If the layersize file does not exist then set the size to a negative number
// because a layer size of 0 (zero) is valid
img.Size = -1
} else {
size, err := strconv.Atoi(string(buf))
if err != nil {
return nil, err
}
img.Size = int64(size)
}
return img, nil
}
func (s *SnapTestSuite) TestAddSysDevice(c *C) {
makeInstalledMockSnap(s.tempdir, "")
regenerateAppArmorRulesWasCalled := mockRegenerateAppArmorRules()
err := AddHWAccess("hello-app", "/sys/devices/foo1")
c.Assert(err, IsNil)
err = AddHWAccess("hello-app", "/sys/class/gpio/foo2")
c.Assert(err, IsNil)
content, err := ioutil.ReadFile(filepath.Join(dirs.SnapAppArmorAdditionalDir, "hello-app.hwaccess.yaml"))
c.Assert(err, IsNil)
c.Assert("\n"+string(content), Equals, `
read-paths:
- /run/udev/data/*
write-paths:
- /sys/devices/foo1
- /sys/class/gpio/foo2
`)
// ensure that no udev rule has been generated
content, err = ioutil.ReadFile(filepath.Join(dirs.SnapUdevRulesDir, "70-snappy_hwassign_hello-app.rules"))
c.Assert(content, IsNil)
// ensure the regenerate code was called
c.Assert(*regenerateAppArmorRulesWasCalled, Equals, true)
}
