aboutsummaryrefslogtreecommitdiff
path: root/youtube_dl/__init__.py
diff options
context:
space:
mode:
authorFilippo Valsorda <filippo.valsorda@gmail.com>2012-12-26 23:22:49 +0100
committerFilippo Valsorda <filippo.valsorda@gmail.com>2012-12-30 19:50:33 +0100
commitcb6ff87fbb05e421f77b57a79699c647866ceb09 (patch)
treedc0f225e70391aed736227e6df89915a36d6c264 /youtube_dl/__init__.py
parent0deac3a2d8aeca756ae9f0620af9185449c6feb2 (diff)
The new updates system, relies on gh-pages, secured by RSA, uses external web servers
Diffstat (limited to 'youtube_dl/__init__.py')
-rw-r--r--youtube_dl/__init__.py133
1 files changed, 84 insertions, 49 deletions
diff --git a/youtube_dl/__init__.py b/youtube_dl/__init__.py
index d12ece21e..cc2f555b9 100644
--- a/youtube_dl/__init__.py
+++ b/youtube_dl/__init__.py
@@ -41,47 +41,90 @@ from .FileDownloader import *
from .InfoExtractors import *
from .PostProcessor import *
-def updateSelf(downloader, filename):
+def update_self(to_screen, verbose, filename):
"""Update the program file with the latest version from the repository"""
- # TODO: at least, check https certificates
-
from zipimport import zipimporter
+ import json, traceback, hashlib
- API_URL = "https://api.github.com/repos/rg3/youtube-dl/downloads"
- BIN_URL = "https://github.com/downloads/rg3/youtube-dl/youtube-dl"
- EXE_URL = "https://github.com/downloads/rg3/youtube-dl/youtube-dl.exe"
+ UPDATE_URL = "http://rg3.github.com/youtube-dl/update/"
+ VERSION_URL = UPDATE_URL + 'LATEST_VERSION'
+ JSON_URL = UPDATE_URL + 'versions.json'
+ UPDATES_RSA_KEY = (0x9d60ee4d8f805312fdb15a62f87b95bd66177b91df176765d13514a0f1754bcd2057295c5b6f1d35daa6742c3ffc9a82d3e118861c207995a8031e151d863c9927e304576bc80692bc8e094896fcf11b66f3e29e04e3a71e9a11558558acea1840aec37fc396fb6b65dc81a1c4144e03bd1c011de62e3f1357b327d08426fe93, 65537)
- if hasattr(sys, "frozen"): # PY2EXE
- if not os.access(filename, os.W_OK):
- sys.exit('ERROR: no write permissions on %s' % filename)
- downloader.to_screen(u'Updating to latest version...')
+ if not isinstance(globals().get('__loader__'), zipimporter) and not hasattr(sys, "frozen"):
+ to_screen(u'It looks like you installed youtube-dl with pip, setup.py or a tarball. Please use that to update.')
+ return
- urla = compat_urllib_request.urlopen(API_URL)
- download = filter(lambda x: x["name"] == "youtube-dl.exe", json.loads(urla.read()))
- if not download:
- downloader.to_screen(u'ERROR: can\'t find the current version. Please try again later.')
- return
- newversion = download[0]["description"].strip()
- if newversion == __version__:
- downloader.to_screen(u'youtube-dl is up-to-date (' + __version__ + ')')
- return
- urla.close()
+ # Check if there is a new version
+ try:
+ newversion = compat_urllib_request.urlopen(VERSION_URL).read().decode('utf-8').strip()
+ except:
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: can\'t find the current version. Please try again later.')
+ return
+ if newversion == __version__:
+ to_screen(u'youtube-dl is up-to-date (' + __version__ + ')')
+ return
+ # Download and check versions info
+ try:
+ versions_info = compat_urllib_request.urlopen(JSON_URL).read().decode('utf-8')
+ versions_info = json.loads(versions_info)
+ except:
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: can\'t obtain versions info. Please try again later.')
+ return
+ if not 'signature' in versions_info:
+ to_screen(u'ERROR: the versions file is not signed or corrupted. Aborting.')
+ return
+ signature = versions_info['signature']
+ del versions_info['signature']
+ if not rsa_verify(json.dumps(versions_info, sort_keys=True), signature, UPDATES_RSA_KEY):
+ to_screen(u'ERROR: the versions file signature is invalid. Aborting.')
+ return
+
+ to_screen(u'Updating to version ' + versions_info['latest'] + '...')
+ version = versions_info['versions'][versions_info['latest']]
+ if version.get('notes'):
+ to_screen(u'PLEASE NOTE:')
+ for note in version['notes']:
+ to_screen(note)
+
+ if not os.access(filename, os.W_OK):
+ to_screen(u'ERROR: no write permissions on %s' % filename)
+ return
+
+ # Py2EXE
+ if hasattr(sys, "frozen"):
exe = os.path.abspath(filename)
directory = os.path.dirname(exe)
if not os.access(directory, os.W_OK):
- sys.exit('ERROR: no write permissions on %s' % directory)
+ to_screen(u'ERROR: no write permissions on %s' % directory)
+ return
try:
- urlh = compat_urllib_request.urlopen(EXE_URL)
+ urlh = compat_urllib_request.urlopen(version['exe'][0])
newcontent = urlh.read()
urlh.close()
+ except (IOError, OSError) as err:
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: unable to download latest version')
+ return
+
+ newcontent_hash = hashlib.sha256(newcontent).hexdigest()
+ if newcontent_hash != version['exe'][1]:
+ to_screen(u'ERROR: the downloaded file hash does not match. Aborting.')
+ return
+
+ try:
with open(exe + '.new', 'wb') as outf:
outf.write(newcontent)
except (IOError, OSError) as err:
- sys.exit('ERROR: unable to download latest version')
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: unable to write the new version')
+ return
try:
bat = os.path.join(directory, 'youtube-dl-updater.bat')
@@ -96,43 +139,35 @@ del "%s"
os.startfile(bat)
except (IOError, OSError) as err:
- sys.exit('ERROR: unable to overwrite current version')
-
- elif isinstance(globals().get('__loader__'), zipimporter): # UNIX ZIP
- if not os.access(filename, os.W_OK):
- sys.exit('ERROR: no write permissions on %s' % filename)
-
- downloader.to_screen(u'Updating to latest version...')
-
- urla = compat_urllib_request.urlopen(API_URL)
- download = [x for x in json.loads(urla.read().decode('utf8')) if x["name"] == "youtube-dl"]
- if not download:
- downloader.to_screen(u'ERROR: can\'t find the current version. Please try again later.')
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: unable to overwrite current version')
return
- newversion = download[0]["description"].strip()
- if newversion == __version__:
- downloader.to_screen(u'youtube-dl is up-to-date (' + __version__ + ')')
- return
- urla.close()
+ # Zip unix package
+ elif isinstance(globals().get('__loader__'), zipimporter):
try:
- urlh = compat_urllib_request.urlopen(BIN_URL)
+ urlh = compat_urllib_request.urlopen(version['bin'][0])
newcontent = urlh.read()
urlh.close()
except (IOError, OSError) as err:
- sys.exit('ERROR: unable to download latest version')
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: unable to download latest version')
+ return
+
+ newcontent_hash = hashlib.sha256(newcontent).hexdigest()
+ if newcontent_hash != version['bin'][1]:
+ to_screen(u'ERROR: the downloaded file hash does not match. Aborting.')
+ return
try:
with open(filename, 'wb') as outf:
outf.write(newcontent)
except (IOError, OSError) as err:
- sys.exit('ERROR: unable to overwrite current version')
-
- else:
- downloader.to_screen(u'It looks like you installed youtube-dl with pip or setup.py. Please use that to update.')
- return
+ if verbose: to_screen(traceback.format_exc().decode())
+ to_screen(u'ERROR: unable to overwrite current version')
+ return
- downloader.to_screen(u'Updated youtube-dl. Restart youtube-dl to use the new version.')
+ to_screen(u'Updated youtube-dl. Restart youtube-dl to use the new version.')
def parseOpts():
def _readOptions(filename_bytes):
@@ -578,7 +613,7 @@ def _real_main():
# Update version
if opts.update_self:
- updateSelf(fd, sys.argv[0])
+ update_self(fd.to_screen, opts.verbose, sys.argv[0])
# Maybe do nothing
if len(all_urls) < 1: