/* p5_crpt2.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
#include <stdio.h>
#include <stdlib.h>
#include "cryptlib.h"
#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>

/* set this to print out info about the keygen algorithm */
/* #define DEBUG_PKCS5V2 */

#ifdef DEBUG_PKCS5V2
	static void h__dump (const unsigned char *p, int len);
#endif

/* This is an implementation of PKCS#5 v2.0 password based encryption key
 * derivation function PBKDF2 using the only currently defined function HMAC
 * with SHA1. Verified against test vectors posted by Peter Gutmann
 * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
 */

int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
			   const unsigned char *salt, int saltlen, int iter,
			   int keylen, unsigned char *out)
{
	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
	int cplen, j, k, tkeylen;
	unsigned long i = 1;
	HMAC_CTX hctx;

	HMAC_CTX_init(&hctx);
	p = out;
	tkeylen = keylen;
	if(!pass) passlen = 0;
	else if(passlen == -1) passlen = strlen(pass);
	while(tkeylen) {
		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
		else cplen = tkeylen;
		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
		 * but just in case...
		 */
		itmp[0] = (unsigned char)((i >> 24) & 0xff);
		itmp[1] = (unsigned char)((i >> 16) & 0xff);
		itmp[2] = (unsigned char)((i >> 8) & 0xff);
		itmp[3] = (unsigned char)(i & 0xff);
		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
		HMAC_Update(&hctx, salt, saltlen);
		HMAC_Update(&hctx, itmp, 4);
		HMAC_Final(&hctx, digtmp, NULL);
		memcpy(p, digtmp, cplen);
		for(j = 1; j < iter; j++) {
			HMAC(EVP_sha1(), pass, passlen,
				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
		}
		tkeylen-= cplen;
		i++;
		p+= cplen;
	}
	HMAC_CTX_cleanup(&hctx);
#ifdef DEBUG_PKCS5V2
	fprintf(stderr, "Password:\n");
	h__dump (pass, passlen);
	fprintf(stderr, "Salt:\n");
	h__dump (salt, saltlen);
	fprintf(stderr, "Iteration count %d\n", iter);
	fprintf(stderr, "Key:\n");
	h__dump (out, keylen);
#endif
	return 1;
}

#ifdef DO_TEST
main()
{
	unsigned char out[4];
	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
	fprintf(stderr, "Out %02X %02X %02X %02X\n",
					 out[0], out[1], out[2], out[3]);
}

#endif

/* Now the key derivation function itself. This is a bit evil because
 * it has to check the ASN1 parameters are valid: and there are quite a
 * few of them...
 */

int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                         int en_de)
{
	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
	const unsigned char *pbuf;
	int saltlen, iter, plen;
	unsigned int keylen;
	PBE2PARAM *pbe2 = NULL;
	const EVP_CIPHER *cipher;
	PBKDF2PARAM *kdf = NULL;

	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
		return 0;
	}

	pbuf = param->value.sequence->data;
	plen = param->value.sequence->length;
	if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
		return 0;
	}

	/* See if we recognise the key derivation function */

	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
		goto err;
	}

	/* lets see if we recognise the encryption algorithm.
	 */

	cipher = EVP_get_cipherbyname(
			OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));

	if(!cipher) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
						EVP_R_UNSUPPORTED_CIPHER);
		goto err;
	}

	/* Fixup cipher based on AlgorithmIdentifier */
	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
					EVP_R_CIPHER_PARAMETER_ERROR);
		goto err;
	}
	keylen = EVP_CIPHER_CTX_key_length(ctx);
	OPENSSL_assert(keylen <= sizeof key);

	/* Now decode key derivation function */

	if(!pbe2->keyfunc->parameter ||
		 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
		{
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
		goto err;
		}

	pbuf = pbe2->keyfunc->parameter->value.sequence->data;
	plen = pbe2->keyfunc->parameter->value.sequence->length;
	if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
		goto err;
	}

	PBE2PARAM_free(pbe2);
	pbe2 = NULL;

	/* Now check the parameters of the kdf */

	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
						EVP_R_UNSUPPORTED_KEYLENGTH);
		goto err;
	}

	if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
		goto err;
	}

	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
						EVP_R_UNSUPPORTED_SALT_TYPE);
		goto err;
	}

	/* it seems that its all OK */
	salt = kdf->salt->value.octet_string->data;
	saltlen = kdf->salt->value.octet_string->length;
	iter = ASN1_INTEGER_get(kdf->iter);
	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
	OPENSSL_cleanse(key, keylen);
	PBKDF2PARAM_free(kdf);
	return 1;

	err:
	PBE2PARAM_free(pbe2);
	PBKDF2PARAM_free(kdf);
	return 0;
}

#ifdef DEBUG_PKCS5V2
static void h__dump (const unsigned char *p, int len)
{
        for (; len --; p++) fprintf(stderr, "%02X ", *p);
        fprintf(stderr, "\n");
}
#endif
#endif

<a id='n177' href='#n177'>177</a>
<a id='n178' href='#n178'>178</a>
<a id='n179' href='#n179'>179</a>
<a id='n180' href='#n180'>180</a>
<a id='n181' href='#n181'>181</a>
<a id='n182' href='#n182'>182</a>
<a id='n183' href='#n183'>183</a>
<a id='n184' href='#n184'>184</a>
<a id='n185' href='#n185'>185</a>
<a id='n186' href='#n186'>186</a>
<a id='n187' href='#n187'>187</a>
<a id='n188' href='#n188'>188</a>
<a id='n189' href='#n189'>189</a>
<a id='n190' href='#n190'>190</a>
</pre></td>
<td class='lines'><pre><code><style>pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="c1"># $Id$</span>
<span class="c1">#</span>
<span class="c1"># Copyright (C) 2012 Internet Systems Consortium, Inc. (&quot;ISC&quot;)</span>
<span class="c1">#</span>
<span class="c1"># Permission to use, copy, modify, and/or distribute this software for any</span>
<span class="c1"># purpose with or without fee is hereby granted, provided that the above</span>
<span class="c1"># copyright notice and this permission notice appear in all copies.</span>
<span class="c1">#</span>
<span class="c1"># THE SOFTWARE IS PROVIDED &quot;AS IS&quot; AND ISC DISCLAIMS ALL WARRANTIES WITH</span>
<span class="c1"># REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY</span>
<span class="c1"># AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,</span>
<span class="c1"># INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM</span>
<span class="c1"># LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE</span>
<span class="c1"># OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR</span>
<span class="c1"># PERFORMANCE OF THIS SOFTWARE.</span>

<span class="sd">&quot;&quot;&quot;</span>
<span class="sd">Archive rcynic output in a Subversion repository.</span>
<span class="sd">&quot;&quot;&quot;</span>

<span class="kn">import</span> <span class="nn">subprocess</span>
<span class="kn">import</span> <span class="nn">argparse</span>
<span class="kn">import</span> <span class="nn">datetime</span>
<span class="kn">import</span> <span class="nn">fcntl</span>
<span class="kn">import</span> <span class="nn">glob</span>
<span class="kn">import</span> <span class="nn">os</span>

<span class="k">try</span><span class="p">:</span>
  <span class="kn">from</span> <span class="nn">lxml.etree</span>            <span class="kn">import</span> <span class="n">ElementTree</span>
<span class="k">except</span> <span class="ne">ImportError</span><span class="p">:</span>
  <span class="kn">from</span> <span class="nn">xml.etree.ElementTree</span> <span class="kn">import</span> <span class="n">ElementTree</span>


<span class="n">mime_types</span> <span class="o">=</span> <span class="p">(</span>
  <span class="p">(</span><span class="s2">&quot;html&quot;</span><span class="p">,</span> <span class="s2">&quot;application/xhtml+xml&quot;</span><span class="p">),</span>
  <span class="p">(</span><span class="s2">&quot;cer&quot;</span><span class="p">,</span>  <span class="s2">&quot;application/pkix-cert&quot;</span><span class="p">),</span>
  <span class="p">(</span><span class="s2">&quot;crl&quot;</span><span class="p">,</span>  <span class="s2">&quot;application/pkix-crl&quot;</span><span class="p">),</span>
  <span class="p">(</span><span class="s2">&quot;mft&quot;</span><span class="p">,</span>  <span class="s2">&quot;application/rpki-manifest&quot;</span><span class="p">),</span>
  <span class="p">(</span><span class="s2">&quot;mnf&quot;</span><span class="p">,</span>  <span class="s2">&quot;application/rpki-manifest&quot;</span><span class="p">),</span>
  <span class="p">(</span><span class="s2">&quot;roa&quot;</span><span class="p">,</span>  <span class="s2">&quot;application/rpki-roa&quot;</span><span class="p">),</span>
  <span class="p">(</span><span class="s2">&quot;gbr&quot;</span><span class="p">,</span>  <span class="s2">&quot;application/rpki-ghostbusters&quot;</span><span class="p">))</span>


<span class="k">def</span> <span class="nf">run</span><span class="p">(</span><span class="o">*</span><span class="n">cmd</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
<span class="w">  </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd">  Run a program, displaying timing data when appropriate.</span>
<span class="sd">  &quot;&quot;&quot;</span>

  <span class="n">t</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span>
  <span class="n">subprocess</span><span class="o">.</span><span class="n">check_call</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span>
  <span class="k">if</span> <span class="n">args</span><span class="o">.</span><span class="n">show_timing</span><span class="p">:</span>
    <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span>
    <span class="nb">print</span> <span class="n">now</span><span class="p">,</span> <span class="p">(</span><span class="n">now</span> <span class="o">-</span> <span class="n">t</span><span class="p">),</span> <span class="s2">&quot; &quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span>


<span class="k">def</span> <span class="nf">runxml</span><span class="p">(</span><span class="o">*</span><span class="n">cmd</span><span class="p">):</span>
<span class="w">  </span><span class="sd">&quot;&quot;&quot;</span>

<span class="sd">  Run a program which produces XML output, displaying timing data when</span>
<span class="sd">  appropriate and returning an ElementTree constructed from the</span>
<span class="sd">  program&#39;s output.</span>
<span class="sd">  &quot;&quot;&quot;</span>
  <span class="n">t</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span>
  <span class="n">p</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">Popen</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">stdout</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">)</span>
  <span class="n">x</span> <span class="o">=</span> <span class="n">ElementTree</span><span class="p">(</span><span class="n">file</span> <span class="o">=</span> <span class="n">p</span><span class="o">.</span><span class="n">stdout</span><span class="p">)</span>
  <span class="n">s</span> <span class="o">=</span> <span class="n">p</span><span class="o">.</span><span class="n">wait</span><span class="p">()</span>
  <span class="k">if</span> <span class="n">s</span><span class="p">:</span>
    <span class="k">raise</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">CalledProcessError</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">cmd</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
  <span class="k">if</span> <span class="n">args</span><span class="o">.</span><span class="n">show_timing</span><span class="p">:</span>
    <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span>
    <span class="nb">print</span> <span class="n">now</span><span class="p">,</span> <span class="p">(</span><span class="n">now</span> <span class="o">-</span> <span class="n">t</span><span class="p">),</span> <span class="s2">&quot; &quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span>
  <span class="k">return</span> <span class="n">x</span>


<span class="c1"># Main program.</span>

<span class="n">parser</span> <span class="o">=</span> <span class="n">argparse</span><span class="o">.</span><span class="n">ArgumentParser</span><span class="p">(</span><span class="n">description</span> <span class="o">=</span> <span class="vm">__doc__</span><span class="p">)</span>

<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s2">&quot;--show_timing&quot;</span><span class="p">,</span> <span class="n">action</span> <span class="o">=</span> <span class="s2">&quot;store_true&quot;</span><span class="p">,</span> <span class="n">help</span> <span class="o">=</span> \
<span class="w">                    </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd">                    Show timing data on programs we run.</span>
<span class="sd">                    &quot;&quot;&quot;</span><span class="p">)</span>

<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s2">&quot;--verbatim&quot;</span><span class="p">,</span> <span class="n">action</span> <span class="o">=</span> <span class="s2">&quot;store_true&quot;</span><span class="p">,</span> <span class="n">help</span> <span class="o">=</span> \
<span class="w">                    </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd">                    Whether to archive rcynic&#39;s data output exactly as</span>
<span class="sd">                    rcynic writes it or map it into a directory</span>
<span class="sd">                    structure which makes more sense when used with</span>
<span class="sd">                    Subversion.  True means archive exactly as rcynic</span>
<span class="sd">                    writes it, interpreting file and directory names</span>
<span class="sd">                    as rsync would, transient directories and all.</span>
<span class="sd">                    False means map the current authenticated/ tree in</span>
<span class="sd">                    rcynic&#39;s output to a stable authenticated/ subtree</span>
<span class="sd">                    in the subversion repository, with file and</span>
<span class="sd">                    directory names from the command line shorted to</span>
<span class="sd">                    their last component.</span>
<span class="sd">                    &quot;&quot;&quot;</span><span class="p">)</span>

<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s2">&quot;--lockfile&quot;</span><span class="p">,</span> <span class="n">default</span> <span class="o">=</span> <span class="s2">&quot;rcynic-svn.lock&quot;</span><span class="p">,</span> <span class="n">help</span> <span class="o">=</span> \
<span class="w">                    </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd">                    Lock file to to prevent multiple copies of this</span>
<span class="sd">                    program (eg, running under cron) from stepping on</span>
<span class="sd">                    each other while modifying the working directory.</span>
<span class="sd">                    &quot;&quot;&quot;</span><span class="p">)</span>

<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s2">&quot;files_to_archive&quot;</span><span class="p">,</span> <span class="n">nargs</span> <span class="o">=</span> <span class="s2">&quot;*&quot;</span><span class="p">,</span> <span class="n">help</span> <span class="o">=</span> \
<span class="w">                    </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd">                    Files to archive using Subversion.  If omitted, we</span>
<span class="sd">                    assume that some other process has already</span>
<span class="sd">                    modified the Subversion working directory.</span>
<span class="sd">                    &quot;&quot;&quot;</span><span class="p">)</span>

<span class="n">parser</span><span class="o">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s2">&quot;working_directory&quot;</span><span class="p">,</span> <span class="n">help</span> <span class="o">=</span> \
<span class="w">                    </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd">                    Subversion working directory to use (must already</span>
<span class="sd">                    exist).</span>
<span class="sd">                    &quot;&quot;&quot;</span><span class="p">)</span>

<span class="n">args</span> <span class="o">=</span> <span class="n">parser</span><span class="o">.</span><span class="n">parse_args</span><span class="p">()</span>

<span class="k">if</span> <span class="n">args</span><span class="o">.</span><span class="n">show_timing</span><span class="p">:</span>
  <span class="n">t0</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span>
  <span class="nb">print</span> <span class="n">t0</span><span class="p">,</span> <span class="s2">&quot;Starting&quot;</span>

<span class="c1"># Lock out other instances of this program.  We may want some more</span>
<span class="c1"># sophsiticated approach when combining this with other programs, but</span>
<span class="c1"># this should minimize the risk of multiple copies of this program</span>
<span class="c1"># trying to modify the same subversion working directory at the same</span>
<span class="c1"># time and messing each other up.  We leave the lock file in place</span>
<span class="c1"># because doing so removes a potential race condition.</span>

<span class="n">lock</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">open</span><span class="p">(</span><span class="s2">&quot;cronjob.lock&quot;</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">O_RDONLY</span> <span class="o">|</span> <span class="n">os</span><span class="o">.</span><span class="n">O_CREAT</span> <span class="o">|</span> <span class="n">os</span><span class="o">.</span><span class="n">O_NONBLOCK</span><span class="p">,</span> <span class="mi">0666</span><span class="p">)</span>
<span class="n">fcntl</span><span class="o">.</span><span class="n">flock</span><span class="p">(</span><span class="n">lock</span><span class="p">,</span> <span class="n">fcntl</span><span class="o">.</span><span class="n">LOCK_EX</span> <span class="o">|</span> <span class="n">fcntl</span><span class="o">.</span><span class="n">LOCK_NB</span><span class="p">)</span>

<span class="c1"># Make sure working tree is up to date.</span>

<span class="n">run</span><span class="p">(</span><span class="s2">&quot;svn&quot;</span><span class="p">,</span> <span class="s2">&quot;update&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="p">)</span>

<span class="c1"># Copy rcynic&#39;s output as appropriate.</span>

<span class="k">if</span> <span class="n">args</span><span class="o">.</span><span class="n">files_to_archive</span><span class="p">:</span>

  <span class="k">if</span> <span class="n">args</span><span class="o">.</span><span class="n">verbatim</span><span class="p">:</span>
    <span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;rsync&quot;</span><span class="p">,</span> <span class="s2">&quot;--archive&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="s2">&quot;--delete&quot;</span><span class="p">]</span>
    <span class="n">cmd</span><span class="o">.</span><span class="n">extend</span><span class="p">(</span><span class="n">args</span><span class="o">.</span><span class="n">files_to_archive</span><span class="p">)</span>
    <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="p">)</span>
    <span class="n">run</span><span class="p">(</span><span class="o">*</span><span class="n">cmd</span><span class="p">)</span>

  <span class="k">else</span><span class="p">:</span>
    <span class="k">for</span> <span class="n">src</span> <span class="ow">in</span> <span class="n">args</span><span class="o">.</span><span class="n">files_to_archive</span><span class="p">:</span>
      <span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;rsync&quot;</span><span class="p">,</span> <span class="s2">&quot;--archive&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="s2">&quot;--delete&quot;</span><span class="p">,</span> <span class="s2">&quot;--copy-links&quot;</span><span class="p">]</span>
      <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">src</span><span class="o">.</span><span class="n">rstrip</span><span class="p">(</span><span class="s2">&quot;/&quot;</span><span class="p">))</span>
      <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="o">.</span><span class="n">rstrip</span><span class="p">(</span><span class="s2">&quot;/&quot;</span><span class="p">)</span> <span class="o">+</span> <span class="s2">&quot;/&quot;</span><span class="p">)</span>
      <span class="n">run</span><span class="p">(</span><span class="o">*</span><span class="n">cmd</span><span class="p">)</span>

<span class="c1"># Ask Subversion to add any new files, trying hard to get the MIME</span>
<span class="c1"># types right.</span>

<span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;svn&quot;</span><span class="p">,</span> <span class="s2">&quot;add&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="s2">&quot;--force&quot;</span><span class="p">,</span> <span class="s2">&quot;--auto-props&quot;</span><span class="p">]</span>

<span class="k">for</span> <span class="n">fn2</span><span class="p">,</span> <span class="n">mime_type</span> <span class="ow">in</span> <span class="n">mime_types</span><span class="p">:</span>
  <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s2">&quot;--config-option&quot;</span><span class="p">)</span>
  <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s2">&quot;config:auto-props:*.</span><span class="si">%s</span><span class="s2">=svn:mime-type=</span><span class="si">%s</span><span class="s2">&quot;</span> <span class="o">%</span> <span class="p">(</span><span class="n">fn2</span><span class="p">,</span> <span class="n">mime_type</span><span class="p">))</span>

<span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s2">&quot;.&quot;</span><span class="p">)</span>

<span class="n">run</span><span class="p">(</span><span class="o">*</span><span class="n">cmd</span><span class="p">,</span> <span class="n">cwd</span> <span class="o">=</span> <span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="p">)</span>

<span class="c1"># Parse XML version of Subversion&#39;s status output to figure out what</span>
<span class="c1"># files have been deleted, and tell Subversion that we deleted them</span>
<span class="c1"># intentionally.</span>

<span class="n">missing</span> <span class="o">=</span> <span class="nb">sorted</span><span class="p">(</span><span class="n">entry</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;path&quot;</span><span class="p">)</span>
                 <span class="k">for</span> <span class="n">entry</span> <span class="ow">in</span> <span class="n">runxml</span><span class="p">(</span><span class="s2">&quot;svn&quot;</span><span class="p">,</span> <span class="s2">&quot;status&quot;</span><span class="p">,</span> <span class="s2">&quot;--xml&quot;</span><span class="p">,</span> <span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="p">)</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s2">&quot;target&quot;</span><span class="p">)</span><span class="o">.</span><span class="n">findall</span><span class="p">(</span><span class="s2">&quot;entry&quot;</span><span class="p">)</span>
                 <span class="k">if</span> <span class="n">entry</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s2">&quot;wc-status&quot;</span><span class="p">)</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;item&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="s2">&quot;missing&quot;</span><span class="p">)</span>
<span class="n">deleted</span> <span class="o">=</span> <span class="p">[]</span>

<span class="k">for</span> <span class="n">path</span> <span class="ow">in</span> <span class="n">missing</span><span class="p">:</span>
  <span class="k">if</span> <span class="ow">not</span> <span class="nb">any</span><span class="p">(</span><span class="n">path</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">r</span><span class="p">)</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">deleted</span><span class="p">):</span>
    <span class="n">run</span><span class="p">(</span><span class="s2">&quot;svn&quot;</span><span class="p">,</span> <span class="s2">&quot;delete&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="n">path</span><span class="p">)</span>
    <span class="n">deleted</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">path</span> <span class="o">+</span> <span class="s2">&quot;/&quot;</span><span class="p">)</span>

<span class="c1"># Commit our changes and update the working tree.</span>

<span class="n">run</span><span class="p">(</span><span class="s2">&quot;svn&quot;</span><span class="p">,</span> <span class="s2">&quot;commit&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="s2">&quot;--message&quot;</span><span class="p">,</span> <span class="s2">&quot;Auto update.&quot;</span><span class="p">,</span> <span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="p">)</span>
<span class="n">run</span><span class="p">(</span><span class="s2">&quot;svn&quot;</span><span class="p">,</span> <span class="s2">&quot;update&quot;</span><span class="p">,</span> <span class="s2">&quot;--quiet&quot;</span><span class="p">,</span> <span class="n">args</span><span class="o">.</span><span class="n">working_directory</span><span class="p">)</span>

<span class="k">if</span> <span class="n">args</span><span class="o">.</span><span class="n">show_timing</span><span class="p">:</span>
  <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span>
  <span class="nb">print</span> <span class="n">now</span><span class="p">,</span> <span class="n">now</span> <span class="o">-</span> <span class="n">t0</span><span class="p">,</span> <span class="s2">&quot;total runtime&quot;</span>
</pre></div>