feat: ajouts get testing et corrections

core/utils.py

@@ -12,10 +12,10 @@ from tempfile import TemporaryDirectory
 from cli.clibella import Printer
 from core.exceptions import MissingDependencyError
 from gpg.exceptions import VerificationFailedError
-from gpg.keystore import debian_signing_key_is_imported, import_debian_signing_key
+from gpg.keystore import debian_signing_key_is_imported, import_debian_signing_key, debian_testing_signing_key_is_imported, import_debian_testing_signing_key
 from gpg.verify import assert_detached_signature_is_valid
 from net.download import download_file
-from net.scrape import get_debian_iso_urls
+from net.scrape import get_debian_iso_urls, get_debian_testing_iso_urls
 
 
 def hash_user_password(printer=None):
@@ -269,3 +269,85 @@ def download_and_verify_debian_iso(path_to_output_file, printer=None):
 
         # move downloaded file to specified destination
         rename(path_to_image_file, path_to_output_file)
+
+
+def download_and_verify_debian_testing_iso(path_to_output_file, printer=None):
+    """Downloads and verifies a debian testing installation ISO image.
+
+    Similar to download_and_verify_debian_iso() but for the testing release.
+    """
+
+    if not printer:
+        printer = Printer()
+
+    # create a temporary directory
+    with TemporaryDirectory() as temp_dir:
+        # scrape for URLs and filenames
+        files = get_debian_testing_iso_urls()
+
+        # set file paths
+        path_to_hash_file = Path(temp_dir)/files["hash_file"]["name"]
+        path_to_signature_file = Path(temp_dir)/files["signature_file"]["name"]
+        path_to_image_file = Path(temp_dir)/files["image_file"]["name"]
+
+        # download hash file and signature, and verify with gpg
+        download_file(
+            path_to_hash_file,
+            files["hash_file"]["url"],
+            show_progress=False,
+            printer=printer,
+        )
+        download_file(
+            path_to_signature_file,
+            files["signature_file"]["url"],
+            show_progress=False,
+            printer=printer,
+        )
+
+        # verify the hash file using gpg
+        printer.info("Verifying hash file using gpg...")
+        if not debian_testing_signing_key_is_imported():
+            printer.info("Importing Debian testing public GPG CD signing key...")
+            import_debian_testing_signing_key()
+        else:
+            printer.info("Found Debian testing public GPG CD signing key.")
+        try:
+            assert_detached_signature_is_valid(
+                path_to_hash_file,
+                path_to_signature_file,
+            )
+        except VerificationFailedError:
+            printer.error("PGP signature of the hash file was invalid!")
+            exit(1)
+        printer.ok("HASH file PGP authenticity check passed.")
+
+        # remove all lines from hash file not containing the image file name
+        trim_text_file(path_to_hash_file, files["image_file"]["name"])
+        if file_is_empty(path_to_hash_file):
+            raise RuntimeError("Failed to locate SHA512 hash sum for image.")
+
+        # download image file
+        download_file(
+            path_to_image_file,
+            files["image_file"]["url"],
+            show_progress=True,
+            printer=printer,
+        )
+
+        # validate SHA512 checksum
+        printer.info("Validating ISO file integrity...")
+        hash_check_result = run(
+            [
+                "sha512sum", "--check", path_to_hash_file
+            ],
+            text=True,
+            stdout=PIPE,
+            stderr=STDOUT,
+            cwd=path_to_image_file.parent,
+        )
+        if hash_check_result.returncode != 0:
+            raise RuntimeError("SHA512 checksum verification of the ISO failed.")
+        printer.ok("ISO file integrity check passed.")
+
+        # move downloaded file to specified destination
+        rename(path_to_image_file, path_to_output_file)