def load_rpm(stream):
# Hmm, maybe an rpm
try:
from spacewalk.common import rhn_rpm
except ImportError:
raise_with_tb(InvalidPackageError, sys.exc_info()[2])
# Dup the file descriptor, we don't want it to get closed before we read
# the payload
newfd = os.dup(stream.fileno())
stream = os.fdopen(newfd, "r")
stream.flush()
stream.seek(0, 0)
try:
header = rhn_rpm.get_package_header(file_obj=stream)
except InvalidPackageError:
e = sys.exc_info()[1]
raise_with_tb(InvalidPackageError(*e.args), sys.exc_info()[2])
except rhn_rpm.error:
e = sys.exc_info()[1]
raise_with_tb(InvalidPackageError(e), sys.exc_info()[2])
except:
raise_with_tb(InvalidPackageError, sys.exc_info()[2])
stream.seek(0, 0)
return header, stream
def load_rpm(stream):
# Hmm, maybe an rpm
try:
from spacewalk.common import rhn_rpm
except ImportError:
raise_with_tb(InvalidPackageError, sys.exc_info()[2])
# Dup the file descriptor, we don't want it to get closed before we read
# the payload
newfd = os.dup(stream.fileno())
stream = os.fdopen(newfd, "r")
stream.flush()
stream.seek(0, 0)
try:
header = rhn_rpm.get_package_header(file_obj=stream)
except InvalidPackageError:
e = sys.exc_info()[1]
raise_with_tb(InvalidPackageError(*e.args), sys.exc_info()[2])
except rhn_rpm.error:
e = sys.exc_info()[1]
raise_with_tb(InvalidPackageError(e), sys.exc_info()[2])
except:
raise_with_tb(InvalidPackageError, sys.exc_info()[2])
stream.seek(0, 0)
return header, stream
def header(self, system_id, pkgList):
""" Clients v1-
IN: system_id: ....
a package identifier (or a list of them)
[n,v,r,e] or
[[n,v,r,e],...]
OUT: If Proxy:
If Client:
"""
log_debug(5, system_id, pkgList)
if type(pkgList) not in (ListType, TupleType) or not len(pkgList):
log_error("Invalid package list spec", type(pkgList),
"len = %d" % len(pkgList))
raise rhnFault(30, _("Invalid value %s (type %s)") % (
pkgList, type(pkgList)))
# Okay, it's a list; is it a list of lists?
if type(pkgList[0]) is StringType:
# Wrap it in a list
pkgList = [pkgList]
# Now check all params
req_list = []
for p in pkgList:
req_list.append(check_package_spec(p))
# Authenticate the system certificate
server = self.auth_system('header', system_id)
# log the entry
log_debug(1, self.server_id, "items: %d" % len(req_list))
rpmHeaders = []
for pkg in pkgList:
# Authorize this package fetch.
# XXX: a bit heavy-handed I think... but old client stuff.
# NOTE: pkg for old client is [n,v,r,e]
path = rhnPackage.get_package_path_compat_arches(
self.server_id, pkg, server.archname)
# read the header from the file on disk
h = rhn_rpm.get_package_header(filename=path)
if h is None:
log_error("Unable to read package header", pkg)
raise rhnFault(17,
_("Unable to retrieve package header %s") % str(pkg))
rpmHeaders.append(rpclib.xmlrpclib.Binary(h.unload()))
del h
# Reset the flag for the proxy download accelerator
# This gets set by default in rhnPackage
rhnFlags.set("Download-Accelerator-Path", None)
if CFG.COMPRESS_HEADERS:
# Compress
rhnFlags.set("compress_response", 1)
return rpmHeaders
def main():
packages = sys.argv[1:]
if not packages:
return
for pkgfile in packages:
# Try to open the package as a patch first
with open(pkgfile) as f:
header = rhn_rpm.get_package_header(file_obj=f)
p = rpm_to_mpm(header, f)
dest_filename = _compute_filename(p.header)
print("Writing out the package to %s" % dest_filename)
with open(dest_filename, "w+") as dest_file:
p.write(dest_file)
def _getHeaderFromFile(self, filePath, stat_info=None):
""" Utility function to extract a header from an rpm.
If stat_info was already passed, don't re-stat the file
"""
log_debug(3, filePath)
if stat_info:
s = stat_info
else:
s = None
try:
s = os.stat(filePath)
except:
usix.raise_with_tb(
rhnFault(
17, "Unable to read package %s" %
os.path.basename(filePath)),
sys.exc_info()[2])
lastModified = s[stat.ST_MTIME]
del s # XXX: not neccessary?
# Get the package header from the file
# since we stat()ed the file, we know it's there already
fd = os.open(filePath, os.O_RDONLY)
h = rhn_rpm.get_package_header(fd=fd)
os.close(fd)
if h is None:
raise rhnFault(17, "Invalid RPM %s" % os.path.basename(filePath))
stringIO = cStringIO.StringIO()
# Put the result in stringIO
stringIO.write(h.unload())
del h # XXX: not neccessary?
pkgFilename = os.path.basename(filePath)
pkg = pkgFilename.split('.')
# Replace .rpm with .hdr
pkg[-1] = "hdr"
pkgFilename = ".".join(pkg)
extra_headers = {
'X-RHN-Package-Header': pkgFilename,
}
self._set_last_modified(lastModified, extra_headers=extra_headers)
rhnFlags.set("AlreadyEncoded", 1)
return stringIO.getvalue()
def main():
packages = sys.argv[1:]
if not packages:
return
for pkgfile in packages:
# Try to open the package as a patch first
try:
f = open(pkgfile)
header = rhn_rpm.get_package_header(file_obj=f)
p = rpm_to_mpm(header, f)
dest_filename = _compute_filename(p.header)
print("Writing out the package to %s" % dest_filename)
dest_file = open(dest_filename, "w+")
p.write(dest_file)
dest_file.close()
f.close()
except:
raise
def main():
packages = sys.argv[1:]
if not packages:
return
for pkgfile in packages:
# Try to open the package as a patch first
try:
f = open(pkgfile)
header = rhn_rpm.get_package_header(file_obj=f)
p = rpm_to_mpm(header, f)
dest_filename = _compute_filename(p.header)
print("Writing out the package to %s" % dest_filename)
dest_file = open(dest_filename, "w+")
p.write(dest_file)
dest_file.close()
f.close()
except:
raise
def _getHeaderFromFile(self, filePath, stat_info=None):
""" Utility function to extract a header from an rpm.
If stat_info was already passed, don't re-stat the file
"""
log_debug(3, filePath)
if stat_info:
s = stat_info
else:
s = None
try:
s = os.stat(filePath)
except:
raise rhnFault(17, "Unable to read package %s"
% os.path.basename(filePath)), None, sys.exc_info()[2]
lastModified = s[stat.ST_MTIME]
del s # XXX: not neccessary?
# Get the package header from the file
# since we stat()ed the file, we know it's there already
fd = os.open(filePath, os.O_RDONLY)
h = rhn_rpm.get_package_header(fd=fd)
os.close(fd)
if h is None:
raise rhnFault(17, "Invalid RPM %s" % os.path.basename(filePath))
stringIO = cStringIO.StringIO()
# Put the result in stringIO
stringIO.write(h.unload())
del h # XXX: not neccessary?
pkgFilename = os.path.basename(filePath)
pkg = pkgFilename.split('.')
# Replace .rpm with .hdr
pkg[-1] = "hdr"
pkgFilename = ".".join(pkg)
extra_headers = {
'X-RHN-Package-Header' : pkgFilename,
}
self._set_last_modified(lastModified, extra_headers=extra_headers)
rhnFlags.set("AlreadyEncoded", 1)
return stringIO.getvalue()
def process_package_data():
if debug:
log = rhnLog('/var/log/rhn/update-packages.log', 5)
_get_path_sql = rhnSQL.prepare(_get_path_query)
_update_package_path = rhnSQL.prepare(_update_pkg_path_query)
_get_path_sql.execute()
paths = _get_path_sql.fetchall_dict()
if not paths:
# Nothing to change
return
if verbose:
print("Processing %s packages" % len(paths))
pb = ProgressBar(prompt='standby: ', endTag=' - Complete!',
finalSize=len(paths), finalBarLength=40, stream=sys.stdout)
pb.printAll(1)
skip_list = []
new_ok_list = []
i = 0
for path in paths:
pb.addTo(1)
pb.printIncrement()
old_path_nvrea = path['path'].split('/')
org_id = old_path_nvrea[1]
# pylint: disable=W0703
try:
nevra = parseRPMFilename(old_path_nvrea[-1])
if nevra[1] in [None, '']:
nevra[1] = path['epoch']
except Exception:
# probably not an rpm skip
if debug:
log.writeMessage("Skipping: %s Not a valid rpm"
% old_path_nvrea[-1])
continue
old_abs_path = os.path.join(CFG.MOUNT_POINT, path['path'])
checksum_type = path['checksum_type']
checksum = path['checksum']
new_path = get_package_path(nevra, org_id, prepend=old_path_nvrea[0],
checksum=checksum)
new_abs_path = os.path.join(CFG.MOUNT_POINT, new_path)
bad_abs_path = os.path.join(CFG.MOUNT_POINT,
get_package_path(nevra, org_id, prepend=old_path_nvrea[0],
omit_epoch=True, checksum=checksum))
if not os.path.exists(old_abs_path):
if os.path.exists(new_abs_path):
new_ok_list.append(new_abs_path)
if debug:
log.writeMessage("File %s already on final path %s" % (path['path'], new_abs_path))
old_abs_path = new_abs_path
elif os.path.exists(bad_abs_path):
log.writeMessage("File %s found on %s" % (path['path'], bad_abs_path))
old_abs_path = bad_abs_path
else:
skip_list.append(old_abs_path)
if debug:
log.writeMessage("Missing path %s for package %d" % (old_abs_path, path['id']))
continue
# pylint: disable=W0703
try:
hdr = rhn_rpm.get_package_header(filename=old_abs_path)
except Exception:
e = sys.exc_info()[1]
msg = "Exception occurred when reading package header %s: %s" % \
(old_abs_path, str(e))
print(msg)
if debug:
log.writeMessage(msg)
rhnSQL.commit()
sys.exit(1)
if old_abs_path != new_abs_path:
new_abs_dir = os.path.dirname(new_abs_path)
# relocate the package on the filer
if debug:
log.writeMessage("Relocating %s to %s on filer"
% (old_abs_path, new_abs_path))
if not os.path.isdir(new_abs_dir):
os.makedirs(new_abs_dir)
shutil.move(old_abs_path, new_abs_path)
# Clean up left overs
os.removedirs(os.path.dirname(old_abs_path))
# make the path readable
os.chmod(new_abs_path, int('0644', 8))
# Update the db paths
_update_package_path.execute(the_id=path['id'],
new_path=new_path)
if debug:
log.writeMessage("query Executed: update rhnPackage %d to %s"
% (path['id'], new_path))
# Process gpg key ids
server_packages.processPackageKeyAssociations(hdr, checksum_type, checksum)
if debug:
log.writeMessage("gpg key info updated from %s" % new_abs_path)
i = i + 1
# we need to break the transaction to smaller pieces
if i % 1000 == 0:
rhnSQL.commit()
pb.printComplete()
# All done, final commit
rhnSQL.commit()
sys.stderr.write("Transaction Committed! \n")
if verbose:
print(" Skipping %s packages, paths not found" % len(skip_list))
if len(new_ok_list) > 0 and verbose:
print(" There were %s packages found in the correct location" % len(new_ok_list))
return
def genServerRpm(d, verbosity=0):
""" generates server's SSL key set RPM """
serverKeyPairDir = os.path.join(d['--dir'],
getMachineName(d['--set-hostname']))
server_key_name = os.path.basename(d['--server-key'])
server_key = os.path.join(serverKeyPairDir, server_key_name)
server_cert_name = os.path.basename(d['--server-cert'])
server_cert = os.path.join(serverKeyPairDir, server_cert_name)
server_cert_req_name = os.path.basename(d['--server-cert-req'])
server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name)
jabberd_ssl_cert_name = os.path.basename(d['--jabberd-ssl-cert'])
jabberd_ssl_cert = os.path.join(serverKeyPairDir, jabberd_ssl_cert_name)
server_rpm_name = os.path.basename(d['--server-rpm'])
server_rpm = os.path.join(serverKeyPairDir, server_rpm_name)
postun_scriptlet = os.path.join(d['--dir'], 'postun.scriptlet')
genServerRpm_dependencies(d)
if verbosity >= 0:
sys.stderr.write("\n...working...\n")
# check for old installed RPM.
oldHdr = getInstalledHeader(LEGACY_SERVER_RPM_NAME1)
if oldHdr and LEGACY_SERVER_RPM_NAME1 != server_rpm_name:
sys.stderr.write("""
** NOTE ** older-styled RPM installed (%s),
it needs to be removed before installing the web server's RPM that
is about to generated.
""" % LEGACY_SERVER_RPM_NAME1)
if not oldHdr:
oldHdr = getInstalledHeader(LEGACY_SERVER_RPM_NAME2)
if oldHdr and LEGACY_SERVER_RPM_NAME2 != server_rpm_name:
sys.stderr.write("""
** NOTE ** older-styled RPM installed (%s),
it needs to be removed before installing the web server's RPM that
is about to generated.
""" % LEGACY_SERVER_RPM_NAME2)
# check for new installed RPM.
# Work out the release number.
hdr = getInstalledHeader(server_rpm_name)
#find RPMs in the directory as well.
filenames = glob.glob("%s-*.noarch.rpm" % server_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h
epo, ver, rel = None, '1.0', '0'
if hdr is not None:
epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release']
# bump the release - and let's not be too smart about it
# assume the release is a number.
if rel:
rel = str(int(rel) + 1)
description = SERVER_RPM_SUMMARY + """
Best practices suggests that this RPM should only be installed on the web
server with this hostname: %s
""" % d['--set-hostname']
# Determine which jabberd user exists:
jabberd_user = None
possible_jabberd_users = ['jabberd', 'jabber']
for juser_attempt in possible_jabberd_users:
try:
pwd.getpwnam(juser_attempt)
jabberd_user = juser_attempt
except:
# user doesn't exist, try the next
pass
if jabberd_user is None:
print("WARNING: No jabber/jabberd user on system, skipping " +
"jabberd.pem generation.")
jabberd_cert_string = ""
if jabberd_user is not None:
jabberd_cert_string = \
"/etc/pki/spacewalk/jabberd/server.pem:0600,%s,%s=%s" % \
(jabberd_user, jabberd_user, repr(cleanupAbsPath(jabberd_ssl_cert)))
## build the server RPM
args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
"--name %s --version %s --release %s --packager %s --vendor %s "
"--group 'RHN/Security' --summary %s --description %s --postun %s "
"/etc/httpd/conf/ssl.key/server.key:0600=%s "
"/etc/httpd/conf/ssl.csr/server.csr=%s "
"/etc/httpd/conf/ssl.crt/server.crt=%s "
"%s" % (repr(server_rpm_name), ver, rel, repr(d['--rpm-packager']),
repr(d['--rpm-vendor']), repr(SERVER_RPM_SUMMARY),
repr(description), repr(cleanupAbsPath(postun_scriptlet)),
repr(cleanupAbsPath(server_key)),
repr(cleanupAbsPath(server_cert_req)),
repr(cleanupAbsPath(server_cert)), jabberd_cert_string))
serverRpmName = "%s-%s-%s" % (server_rpm, ver, rel)
if verbosity >= 0:
print """
Generating web server's SSL key pair/set RPM:
%s.src.rpm
%s.noarch.rpm""" % (serverRpmName, serverRpmName)
if verbosity > 1:
print "Commandline:", args
if verbosity >= 4:
print 'Current working directory:', os.getcwd()
print "Writing postun_scriptlet:", postun_scriptlet
open(postun_scriptlet, 'w').write(POST_UNINSTALL_SCRIPT)
_disableRpmMacros()
cwd = chdir(serverKeyPairDir)
try:
ret, out_stream, err_stream = rhn_popen(args)
finally:
chdir(cwd)
_reenableRpmMacros()
os.unlink(postun_scriptlet)
out = out_stream.read()
out_stream.close()
err = err_stream.read()
err_stream.close()
if ret or not os.path.exists("%s.noarch.rpm" % serverRpmName):
raise GenServerRpmException("web server's SSL key set RPM generation "
"failed:\n%s\n%s" % (out, err))
if verbosity > 2:
if out:
print "STDOUT:", out
if err:
print "STDERR:", err
os.chmod('%s.noarch.rpm' % serverRpmName, 0600)
# generic the tarball necessary for Spacewalk Proxy against hosted installations
tarballFilepath = genProxyServerTarball(d,
version=ver,
release=rel,
verbosity=verbosity)
# write-out latest.txt information
latest_txt = os.path.join(serverKeyPairDir, 'latest.txt')
fo = open(latest_txt, 'wb')
fo.write('%s.noarch.rpm\n' % os.path.basename(serverRpmName))
fo.write('%s.src.rpm\n' % os.path.basename(serverRpmName))
fo.write('%s\n' % os.path.basename(tarballFilepath))
fo.close()
os.chmod(latest_txt, 0600)
if verbosity >= 0:
print """
Deploy the server's SSL key pair/set RPM:
(NOTE: the Red Hat Satellite or Proxy installers may do this step for you.)
The "noarch" RPM needs to be deployed to the machine working as a
web server, or Red Hat Satellite, or Spacewalk Proxy.
Presumably %s.""" % repr(d['--set-hostname'])
return "%s.noarch.rpm" % serverRpmName
def writeClientConfigOverrides(options):
""" write our "overrides" configuration file
This generated file is a configuration mapping file that is used
to map settings in up2date and rhn_register when run through a
seperate script.
"""
up2dateConfMap = {
# some are directly mapped, others are handled more delicately
'http_proxy': 'httpProxy',
'http_proxy_username': '******',
'http_proxy_password': '******',
'hostname': 'serverURL',
'ssl_cert': 'sslCACert',
'no_gpg': 'useGPG',
}
_bootstrapDir = cleanupAbsPath(os.path.join(options.pub_tree, 'bootstrap'))
if not os.path.exists(_bootstrapDir):
print "* creating '%s'" % _bootstrapDir
os.makedirs(_bootstrapDir) # permissions should be fine
d = {}
if options.hostname:
scheme = 'https'
if options.no_ssl:
scheme = 'http'
d['serverURL'] = scheme + '://' + options.hostname + '/XMLRPC'
d['noSSLServerURL'] = 'http://' + options.hostname + '/XMLRPC'
# if proxy, enable it
# if "", disable it
if options.http_proxy:
d['enableProxy'] = '1'
d[up2dateConfMap['http_proxy']] = options.http_proxy
else:
d['enableProxy'] = '0'
d[up2dateConfMap['http_proxy']] = ""
# if proxy username, enable auth proxy
# if "", disable it
if options.http_proxy_username:
d['enableProxyAuth'] = '1'
d[up2dateConfMap['http_proxy_username']] = options.http_proxy_username
d[up2dateConfMap['http_proxy_password']] = options.http_proxy_password
else:
d['enableProxyAuth'] = '0'
d[up2dateConfMap['http_proxy_username']] = ""
d[up2dateConfMap['http_proxy_password']] = ""
# CA SSL certificate is a bit complicated. options.ssl_cert may be a file
# or it may be an RPM or it may be "", which means "try to figure it out
# by searching through the --pub-tree on your own.
_isRpmYN = processCACertPath(options)
if not options.ssl_cert:
sys.stderr.write("WARNING: no SSL CA certificate or RPM found in %s\n" % options.pub_tree)
if not options.no_ssl:
sys.stderr.write(" Fix it by hand or turn off SSL in the clients (--no-ssl)\n")
_certname = os.path.basename(options.ssl_cert) or CA_CRT_NAME
_certdir = os.path.dirname(DEFAULT_CA_CERT_PATH)
if _isRpmYN:
hdr = rhn_rpm.get_package_header(options.ssl_cert)
# Grab the first file out of the rpm
d[up2dateConfMap['ssl_cert']] = hdr[rhn_rpm.RPMTAG_FILENAMES][0] # UGLY!
else:
d[up2dateConfMap['ssl_cert']] = os.path.join(_certdir, _certname)
d[up2dateConfMap['no_gpg']] = int(operator.truth(not options.no_gpg))
writeYN = 1
_overrides = cleanupAbsPath(os.path.join(_bootstrapDir, options.overrides))
if os.path.exists(_overrides):
if readConfigFile(_overrides) != d:
# only back it up if different
backup = rotateFile(_overrides, depth=5, verbosity=options.verbose)
if backup and options.verbose>=0:
print """\
* WARNING: if there were hand edits to the rotated (backed up) file,
some settings may need to be migrated."""
else:
# exactly the same... no need to write
writeYN = 0
print """\
* client configuration overrides (old and new are identical; not written):
'%s'\n""" % _overrides
if writeYN:
fout = open(_overrides, 'wb')
# header
fout.write("""\
# RHN Client (rhn_register/up2date) config-overrides file v4.0
#
# To be used only in conjuction with client_config_update.py
#
# This file was autogenerated.
#
# The simple rules:
# - a setting explicitely overwrites the setting in
# /etc/syconfig/rhn/{rhn_register,up2date} on the client system.
# - if a setting is removed, the client's state for that setting remains
# unchanged.
""")
keys = d.keys()
keys.sort()
for key in keys:
if d[key] is not None:
fout.write("%s=%s\n" % (key, d[key]))
fout.close()
print """\
* bootstrap overrides (written):
'%s'\n""" % _overrides
if options.verbose>=0:
print "Values written:"
for k, v in d.items():
print k + ' '*(25-len(k)) + repr(v)
def legacyTreeFixup(d):
""" move old server.* files to and "unknown" machinename directory
Most of this is Red Hat Satellite 2.* and 3.* changes. Near the end
we get to 3.6 changes.
"""
topdir = cleanupAbsPath(d['--dir'])
oldTree = '/etc/sysconfig/rhn/ssl'
if topdir != oldTree and os.path.exists(oldTree):
sys.stderr.write("""\
WARNING: %s
still exists even though
%s
is the currently configured build tree. You may wish to either
(a) move %s to
%s, or
(b) point directly at the old tree by via the --dir option.
""" % (oldTree, topdir, oldTree, topdir))
sys.stderr.write("Pausing for 5 secs")
for i in range(5):
sys.stderr.write(".")
time.sleep(1)
sys.stderr.write("\n")
unknown = os.path.join(topdir, 'unknown')
server_rpm_name = os.path.basename(d.get('--server-rpm', ''))
serverKeyPairDir = None
if d.has_key('--set-hostname'):
serverKeyPairDir = os.path.join(d['--dir'],
getMachineName(d['--set-hostname']))
while os.path.exists(unknown):
# to avoid clashing with a possible "unknown" machinename
unknown = unknown + '_'
old_server_splat = os.path.join(topdir, 'server.')
moveMessage = ""
for ext in ('key', 'csr', 'crt'):
if os.path.exists(old_server_splat + ext):
gendir(unknown)
files = glob.glob(old_server_splat + ext + '*')
moved = []
for f in files:
# move the files to the "unknown" directory
new_server_splat = os.path.join(unknown, os.path.basename(f))
if not os.path.exists(new_server_splat):
shutil.copy2(f, new_server_splat)
os.unlink(f)
moved.append(f)
#if files and verbosity:
if moved:
s = 'server.' + ext + '*'
moveMessage = moveMessage + (
' <BUILD_DIR>/%s --> <BUILD_DIR>/%s/%s\n' %
(s, os.path.basename(unknown), s))
# move legacy server SSL RPMs. But if server_rpm_name is the same name
# as the target RPM name, then we move the RPMs into the appropriate
# machine name directory.
for name in [LEGACY_SERVER_RPM_NAME1, LEGACY_SERVER_RPM_NAME2]:
old_server_rpms = glob.glob(os.path.join(topdir, name + '-*-*.*.rpm'))
movedYN = 0
for old_rpm in old_server_rpms:
targetDir = unknown
old_hdr = get_package_header(old_rpm)
if old_hdr and old_hdr[
'name'] == server_rpm_name and serverKeyPairDir:
targetDir = serverKeyPairDir
gendir(targetDir)
# move the files to the targetDir directory
new_rpm = os.path.join(targetDir, os.path.basename(old_rpm))
if not os.path.exists(new_rpm):
shutil.copy2(old_rpm, new_rpm)
os.unlink(old_rpm)
movedYN = 1
if movedYN:
s = name + '-*-*.{noarch,src}.rpm'
moveMessage = moveMessage + """\
<BUILD_DIR>/%s
--> <BUILD_DIR>/%s/%s\n""" % (s, os.path.basename(targetDir), s)
# I move the first 100 .pem files I find
# if there is more than that... oh well
movedYN = 0
for i in range(100):
serial = fixSerial(hex(i))
oldPemPath = os.path.join(topdir, serial + '.pem')
newPemPath = os.path.join(unknown, serial + '.pem')
if os.path.exists(oldPemPath) and not os.path.exists(newPemPath):
gendir(unknown)
shutil.copy2(oldPemPath, newPemPath)
os.unlink(oldPemPath)
movedYN = 1
if movedYN:
moveMessage = moveMessage + (
' <BUILD_DIR>/HEX*.pem --> <BUILD_DIR>/%s/HEX*.pem\n' %
os.path.basename(unknown))
if moveMessage:
sys.stdout.write('\nLegacy tree structured file(s) moved:\n%s' %
moveMessage)
# move rhn-org-httpd-ssl-MACHINENAME-VERSION.*.rpm files to the
# MACHINENAME directory! (an RHN 3.6.0 change)
rootFilename = pathJoin(topdir, 'rhn-org-httpd-ssl-key-pair-')
filenames = glob.glob(rootFilename + '*')
for filename in filenames:
# note: assuming version-rel is of that form.
machinename = filename[len(rootFilename):]
machinename = string.join(string.split(machinename, '-')[:-2], '-')
serverKeySetDir = pathJoin(topdir, machinename)
gendir(serverKeySetDir)
fileto = pathJoin(serverKeySetDir, filename)
if os.path.exists(fileto):
rotateFile(filepath=fileto, verbosity=0)
shutil.copy2(filename, fileto)
os.unlink(filename)
print """\
Moved (legacy tree cleanup):
%s
...moved to...
%s""" % (filename, fileto)
def genCaRpm(d, verbosity=0):
""" generates ssl cert RPM. """
ca_cert_name = os.path.basename(d['--ca-cert'])
ca_cert = os.path.join(d['--dir'], ca_cert_name)
ca_cert_rpm_name = os.path.basename(d['--ca-cert-rpm'])
ca_cert_rpm = os.path.join(d['--dir'], ca_cert_rpm_name)
genCaRpm_dependencies(d)
if verbosity >= 0:
sys.stderr.write("\n...working...")
# Work out the release number.
hdr = getInstalledHeader(ca_cert_rpm)
#find RPMs in the directory
filenames = glob.glob("%s-*.noarch.rpm" % ca_cert_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h
epo, ver, rel = None, '1.0', '0'
if hdr is not None:
epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release']
# bump the release - and let's not be too smart about it
# assume the release is a number.
if rel:
rel = str(int(rel) + 1)
update_trust_script = os.path.join(CERT_PATH, 'update-ca-cert-trust.sh')
# build the CA certificate RPM
args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
"--name %s --version %s --release %s --packager %s --vendor %s "
"--group 'RHN/Security' --summary %s --description %s "
"--post %s --postun %s "
"/usr/share/rhn/%s=%s" %
(repr(ca_cert_rpm_name), ver, rel, repr(
d['--rpm-packager']), repr(d['--rpm-vendor']),
repr(CA_CERT_RPM_SUMMARY), repr(CA_CERT_RPM_SUMMARY),
repr(update_trust_script), repr(update_trust_script),
repr(ca_cert_name), repr(cleanupAbsPath(ca_cert))))
clientRpmName = '%s-%s-%s' % (ca_cert_rpm, ver, rel)
if verbosity >= 0:
print """
Generating CA public certificate RPM:
%s.src.rpm
%s.noarch.rpm""" % (clientRpmName, clientRpmName)
if verbosity > 1:
print "Commandline:", args
_disableRpmMacros()
cwd = chdir(d['--dir'])
try:
ret, out_stream, err_stream = rhn_popen(args)
except Exception:
chdir(cwd)
_reenableRpmMacros()
raise
chdir(cwd)
_reenableRpmMacros()
out = out_stream.read()
out_stream.close()
err = err_stream.read()
err_stream.close()
if ret or not os.path.exists("%s.noarch.rpm" % clientRpmName):
raise GenCaCertRpmException("CA public SSL certificate RPM generation "
"failed:\n%s\n%s" % (out, err))
if verbosity > 2:
if out:
print "STDOUT:", out
if err:
print "STDERR:", err
os.chmod('%s.noarch.rpm' % clientRpmName, 0644)
# write-out latest.txt information
latest_txt = os.path.join(d['--dir'], 'latest.txt')
fo = open(latest_txt, 'wb')
fo.write('%s\n' % ca_cert_name)
fo.write('%s.noarch.rpm\n' % os.path.basename(clientRpmName))
fo.write('%s.src.rpm\n' % os.path.basename(clientRpmName))
fo.close()
os.chmod(latest_txt, 0644)
if verbosity >= 0:
print """
Make the public CA certficate publically available:
(NOTE: the Red Hat Satellite or Proxy installers may do this step for you.)
The "noarch" RPM and raw CA certificate can be made publically accessible
by copying it to the /var/www/html/pub directory of your Red Hat Satellite or
Proxy server."""
return '%s.noarch.rpm' % clientRpmName
def process_package_data():
if debug:
log = rhnLog('/var/log/rhn/update-packages.log', 5)
_get_path_sql = rhnSQL.prepare(_get_path_query)
_update_package_path = rhnSQL.prepare(_update_pkg_path_query)
_get_path_sql.execute()
paths = _get_path_sql.fetchall_dict()
if not paths:
# Nothing to change
return
if verbose:
print "Processing %s packages" % len(paths)
pb = ProgressBar(prompt='standby: ', endTag=' - Complete!', \
finalSize=len(paths), finalBarLength=40, stream=sys.stdout)
pb.printAll(1)
skip_list = []
new_ok_list = []
i = 0
for path in paths:
pb.addTo(1)
pb.printIncrement()
old_path_nvrea = path['path'].split('/')
org_id = old_path_nvrea[1]
# pylint: disable=W0703
try:
nevra = parseRPMFilename(old_path_nvrea[-1])
if nevra[1] in [None, '']:
nevra[1] = path['epoch']
except Exception:
# probably not an rpm skip
if debug:
log.writeMessage("Skipping: %s Not a valid rpm" \
% old_path_nvrea[-1])
continue
old_abs_path = os.path.join(CFG.MOUNT_POINT, path['path'])
checksum_type = path['checksum_type']
checksum = path['checksum']
new_path = get_package_path(nevra,
org_id,
prepend=old_path_nvrea[0],
checksum=checksum)
new_abs_path = os.path.join(CFG.MOUNT_POINT, new_path)
bad_abs_path = os.path.join(CFG.MOUNT_POINT, \
get_package_path(nevra, org_id, prepend=old_path_nvrea[0],
omit_epoch = True, checksum=checksum))
if not os.path.exists(old_abs_path):
if os.path.exists(new_abs_path):
new_ok_list.append(new_abs_path)
if debug:
log.writeMessage("File %s already on final path %s" %
(path['path'], new_abs_path))
old_abs_path = new_abs_path
elif os.path.exists(bad_abs_path):
log.writeMessage("File %s found on %s" %
(path['path'], bad_abs_path))
old_abs_path = bad_abs_path
else:
skip_list.append(old_abs_path)
if debug:
log.writeMessage("Missing path %s for package %d" %
(old_abs_path, path['id']))
continue
# pylint: disable=W0703
try:
hdr = rhn_rpm.get_package_header(filename=old_abs_path)
except Exception, e:
msg = "Exception occurred when reading package header %s: %s" % \
(old_abs_path, str(e))
print msg
if debug:
log.writeMessage(msg)
rhnSQL.commit()
sys.exit(1)
if old_abs_path != new_abs_path:
new_abs_dir = os.path.dirname(new_abs_path)
# relocate the package on the filer
if debug:
log.writeMessage("Relocating %s to %s on filer" \
% (old_abs_path, new_abs_path))
if not os.path.isdir(new_abs_dir):
os.makedirs(new_abs_dir)
shutil.move(old_abs_path, new_abs_path)
# Clean up left overs
os.removedirs(os.path.dirname(old_abs_path))
# make the path readable
os.chmod(new_abs_path, 0644)
# Update the db paths
_update_package_path.execute(the_id= path['id'], \
new_path = new_path )
if debug:
log.writeMessage("query Executed: update rhnPackage %d to %s" \
% ( path['id'], new_path ))
# Process gpg key ids
server_packages.processPackageKeyAssociations(hdr, checksum_type,
checksum)
if debug:
log.writeMessage("gpg key info updated from %s" % new_abs_path)
i = i + 1
# we need to break the transaction to smaller pieces
if i % 1000 == 0:
rhnSQL.commit()
def process_package_files():
def parse_header(header):
checksum_type = rhn_rpm.RPM_Header(header).checksum_type()
return mpmSource.create_package(header,
size=0,
checksum_type=checksum_type,
checksum=None,
relpath=None,
org_id=None,
header_start=None,
header_end=None,
channels=[])
package_name_h = rhnSQL.prepare(package_name_query)
def package_name(pid):
package_name_h.execute(pid=pid)
r = package_name_h.fetchall_dict()[0]
return "%s-%s.%s" % (r['name'], r['vre'], r['arch'])
package_repodata_h = rhnSQL.prepare(package_repodata_delete)
def delete_package_repodata(pid):
package_repodata_h.execute(pid=pid)
log = rhnLog('/var/log/rhn/update-packages.log', 5)
package_query_h = rhnSQL.prepare(package_query)
package_query_h.execute()
package_capabilities_h = rhnSQL.prepare(package_capabilities)
update_packagefile_checksum_h = rhnSQL.prepare(update_packagefile_checksum)
insert_packagefile_h = rhnSQL.prepare(insert_packagefile)
while (True):
row = package_query_h.fetchone_dict()
if not row: # No more packages in DB to process
break
package_path = os.path.join(CFG.MOUNT_POINT, row['path'])
if not os.path.exists(package_path):
if debug:
log.writeMessage("Package path '%s' does not exist." %
package_path)
continue
# pylint: disable=W0703
try:
hdr = rhn_rpm.get_package_header(filename=package_path)
except Exception, e:
message = "Error when reading package %s header: %s" % (
package_path, e)
if debug:
log.writeMessage(message)
continue
pkg_updates = 0
if row['filecount'] != len(hdr['filenames']):
# Number of package files on disk and in the DB do not match
# (possibly a bug #652852). We have to correct them one by one.
package_capabilities_h.execute(pid=row['id'])
pkg_caps = {} # file-name : capabilities dictionary
for cap in package_capabilities_h.fetchall_dict() or []:
pkg_caps[cap['name']] = cap
for f in parse_header(hdr)['files']:
if pkg_caps.has_key(f['name']):
continue # The package files exists in the DB
# Insert the missing package file into DB
insert_packagefile_h.execute(pid=row['id'],
name=f['name'],
ctype=f['checksum_type'],
csum=f['checksum'],
device=f['device'],
inode=f['inode'],
file_mode=f['file_mode'],
username=f['username'],
groupname=f['groupname'],
rdev=f['rdev'],
file_size=f['file_size'],
mtime=f['mtime'],
linkto=f['linkto'],
flags=f['flags'],
verifyflags=f['verifyflags'],
lang=f['lang'])
pkg_updates += 1
if debug and pkg_updates:
log.writeMessage("Package id: %s, name: %s, %s files inserted" % \
(row['id'], package_name(row['id']), pkg_updates))
elif row['nonnullcsums'] == 0:
# All package files in the DB have null checksum (possibly a bug #659348)
package_capabilities_h.execute(pid=row['id'])
pkg_caps = {} # file-name : capabilities dictionary
for cap in package_capabilities_h.fetchall_dict() or []:
pkg_caps[cap['name']] = cap
for f in parse_header(hdr)['files']:
if f['checksum'] == '': # Convert empty string (symlinks) to None to match w/ Oracle returns
f['checksum'] = None
caps = pkg_caps[f['name']]
if not caps['checksum'] == f['checksum']:
# Package file exists, but its checksum in the DB is incorrect
update_packagefile_checksum_h.execute(
ctype=f['checksum_type'],
csum=f['checksum'],
pid=caps['package_id'],
cid=caps['capability_id'])
pkg_updates += 1
if debug and pkg_updates:
log.writeMessage("Package id: %s, name: %s, %s checksums updated" % \
(row['id'], package_name(row['id']), pkg_updates))
if pkg_updates:
log.writeMessage("Package id: %s, purging rhnPackageRepoData" %
row['id'])
delete_package_repodata(row['id'])
rhnSQL.commit() # End of a package
def genCaRpm(d, verbosity=0):
""" generates ssl cert RPM. """
ca_cert_name = os.path.basename(d['--ca-cert'])
ca_cert = os.path.join(d['--dir'], ca_cert_name)
ca_cert_rpm_name = os.path.basename(d['--ca-cert-rpm'])
ca_cert_rpm = os.path.join(d['--dir'], ca_cert_rpm_name)
genCaRpm_dependencies(d)
if verbosity>=0:
sys.stderr.write("\n...working...")
# Work out the release number.
hdr = getInstalledHeader(ca_cert_rpm)
#find RPMs in the directory
filenames = glob.glob("%s-*.noarch.rpm" % ca_cert_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h
epo, ver, rel = None, '1.0', '0'
if hdr is not None:
epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release']
# bump the release - and let's not be too smart about it
# assume the release is a number.
if rel:
rel = str(int(rel)+1)
update_trust_script = os.path.join(CERT_PATH, 'update-ca-cert-trust.sh')
# build the CA certificate RPM
args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
"--name %s --version %s --release %s --packager %s --vendor %s "
"--group 'RHN/Security' --summary %s --description %s "
"--post %s --postun %s "
"/usr/share/rhn/%s=%s"
% (repr(ca_cert_rpm_name), ver, rel, repr(d['--rpm-packager']),
repr(d['--rpm-vendor']), repr(CA_CERT_RPM_SUMMARY),
repr(CA_CERT_RPM_SUMMARY),
repr(update_trust_script), repr(update_trust_script),
repr(ca_cert_name), repr(cleanupAbsPath(ca_cert))))
clientRpmName = '%s-%s-%s' % (ca_cert_rpm, ver, rel)
if verbosity >= 0:
print("""
Generating CA public certificate RPM:
%s.src.rpm
%s.noarch.rpm""" % (clientRpmName, clientRpmName))
if verbosity > 1:
print("Commandline:", args)
_disableRpmMacros()
cwd = chdir(d['--dir'])
try:
ret, out_stream, err_stream = rhn_popen(args)
except Exception:
chdir(cwd)
_reenableRpmMacros()
raise
chdir(cwd)
_reenableRpmMacros()
out = out_stream.read(); out_stream.close()
err = err_stream.read(); err_stream.close()
if ret or not os.path.exists("%s.noarch.rpm" % clientRpmName):
raise GenCaCertRpmException("CA public SSL certificate RPM generation "
"failed:\n%s\n%s" % (out, err))
if verbosity > 2:
if out:
print("STDOUT:", out)
if err:
print("STDERR:", err)
os.chmod('%s.noarch.rpm' % clientRpmName, int('0644',8))
# write-out latest.txt information
latest_txt = os.path.join(d['--dir'], 'latest.txt')
fo = open(latest_txt, 'wb')
fo.write(bstr('%s\n' % ca_cert_name))
fo.write(bstr('%s.noarch.rpm\n' % os.path.basename(clientRpmName)))
fo.write(bstr('%s.src.rpm\n' % os.path.basename(clientRpmName)))
fo.close()
os.chmod(latest_txt, int('0644',8))
if verbosity >= 0:
print("""
Make the public CA certficate publically available:
(NOTE: the Red Hat Satellite or Proxy installers may do this step for you.)
The "noarch" RPM and raw CA certificate can be made publically accessible
by copying it to the /var/www/html/pub directory of your Red Hat Satellite or
Proxy server.""")
return '%s.noarch.rpm' % clientRpmName
def process_package_files():
def parse_header(header):
checksum_type = rhn_rpm.RPM_Header(header).checksum_type()
return mpmSource.create_package(header, size=0,
checksum_type=checksum_type, checksum=None, relpath=None,
org_id=None, header_start=None, header_end=None, channels=[])
package_name_h = rhnSQL.prepare(package_name_query)
def package_name(pid):
package_name_h.execute(pid=pid)
r = package_name_h.fetchall_dict()[0]
return "%s-%s.%s" % (r['name'], r['vre'], r['arch'])
package_repodata_h = rhnSQL.prepare(package_repodata_delete)
def delete_package_repodata(pid):
package_repodata_h.execute(pid=pid)
log = rhnLog('/var/log/rhn/update-packages.log', 5)
package_query_h = rhnSQL.prepare(package_query)
package_query_h.execute()
package_capabilities_h = rhnSQL.prepare(package_capabilities)
update_packagefile_checksum_h = rhnSQL.prepare(update_packagefile_checksum)
insert_packagefile_h = rhnSQL.prepare(insert_packagefile)
while (True):
row = package_query_h.fetchone_dict()
if not row: # No more packages in DB to process
break
package_path = os.path.join(CFG.MOUNT_POINT, row['path'])
if not os.path.exists(package_path):
if debug:
log.writeMessage("Package path '%s' does not exist." % package_path)
continue
# pylint: disable=W0703
try:
hdr = rhn_rpm.get_package_header(filename=package_path)
except Exception:
e = sys.exc_info()[1]
message = "Error when reading package %s header: %s" % (package_path, e)
if debug:
log.writeMessage(message)
continue
pkg_updates = 0
if row['filecount'] != len(hdr['filenames']):
# Number of package files on disk and in the DB do not match
# (possibly a bug #652852). We have to correct them one by one.
package_capabilities_h.execute(pid=row['id'])
pkg_caps = {} # file-name : capabilities dictionary
for cap in package_capabilities_h.fetchall_dict() or []:
pkg_caps[cap['name']] = cap
for f in parse_header(hdr)['files']:
if f['name'] in pkg_caps:
continue # The package files exists in the DB
# Insert the missing package file into DB
insert_packagefile_h.execute(pid=row['id'], name=f['name'],
ctype=f['checksum_type'], csum=f['checksum'], device=f['device'],
inode=f['inode'], file_mode=f['file_mode'], username=f['username'],
groupname=f['groupname'], rdev=f['rdev'], file_size=f['file_size'],
mtime=f['mtime'], linkto=f['linkto'], flags=f['flags'],
verifyflags=f['verifyflags'], lang=f['lang'])
pkg_updates += 1
if debug and pkg_updates:
log.writeMessage("Package id: %s, name: %s, %s files inserted" %
(row['id'], package_name(row['id']), pkg_updates))
elif row['nonnullcsums'] == 0:
# All package files in the DB have null checksum (possibly a bug #659348)
package_capabilities_h.execute(pid=row['id'])
pkg_caps = {} # file-name : capabilities dictionary
for cap in package_capabilities_h.fetchall_dict() or []:
pkg_caps[cap['name']] = cap
for f in parse_header(hdr)['files']:
if f['checksum'] == '': # Convert empty string (symlinks) to None to match w/ Oracle returns
f['checksum'] = None
caps = pkg_caps[f['name']]
if not caps['checksum'] == f['checksum']:
# Package file exists, but its checksum in the DB is incorrect
update_packagefile_checksum_h.execute(ctype=f['checksum_type'], csum=f['checksum'],
pid=caps['package_id'], cid=caps['capability_id'])
pkg_updates += 1
if debug and pkg_updates:
log.writeMessage("Package id: %s, name: %s, %s checksums updated" %
(row['id'], package_name(row['id']), pkg_updates))
if pkg_updates:
log.writeMessage("Package id: %s, purging rhnPackageRepoData" % row['id'])
delete_package_repodata(row['id'])
rhnSQL.commit() # End of a package
def legacyTreeFixup(d):
""" move old server.* files to and "unknown" machinename directory
Most of this is Red Hat Satellite 2.* and 3.* changes. Near the end
we get to 3.6 changes.
"""
topdir = cleanupAbsPath(d['--dir'])
oldTree = '/etc/sysconfig/rhn/ssl'
if topdir != oldTree and os.path.exists(oldTree):
sys.stderr.write("""\
WARNING: %s
still exists even though
%s
is the currently configured build tree. You may wish to either
(a) move %s to
%s, or
(b) point directly at the old tree by via the --dir option.
""" % (oldTree, topdir, oldTree, topdir))
sys.stderr.write("Pausing for 5 secs")
for i in range(5):
sys.stderr.write("."); time.sleep(1)
sys.stderr.write("\n")
unknown = os.path.join(topdir, 'unknown')
server_rpm_name = os.path.basename(d.get('--server-rpm', ''))
serverKeyPairDir = None
if '--set-hostname' in d:
serverKeyPairDir = os.path.join(d['--dir'],
getMachineName(d['--set-hostname']))
while os.path.exists(unknown):
# to avoid clashing with a possible "unknown" machinename
unknown = unknown + '_'
old_server_splat = os.path.join(topdir, 'server.')
moveMessage = ""
for ext in ('key', 'csr', 'crt'):
if os.path.exists(old_server_splat+ext):
gendir(unknown)
files = glob.glob(old_server_splat+ext+'*')
moved = []
for f in files:
# move the files to the "unknown" directory
new_server_splat = os.path.join(unknown, os.path.basename(f))
if not os.path.exists(new_server_splat):
shutil.copy2(f, new_server_splat)
os.unlink(f)
moved.append(f)
#if files and verbosity:
if moved:
s = 'server.' + ext + '*'
moveMessage = moveMessage + (
' <BUILD_DIR>/%s --> <BUILD_DIR>/%s/%s\n'
% (s, os.path.basename(unknown), s))
# move legacy server SSL RPMs. But if server_rpm_name is the same name
# as the target RPM name, then we move the RPMs into the appropriate
# machine name directory.
for name in [LEGACY_SERVER_RPM_NAME1, LEGACY_SERVER_RPM_NAME2]:
old_server_rpms = glob.glob(os.path.join(topdir, name+'-*-*.*.rpm'))
movedYN = 0
for old_rpm in old_server_rpms:
targetDir = unknown
old_hdr = get_package_header(old_rpm)
if old_hdr and old_hdr['name'] == server_rpm_name and serverKeyPairDir:
targetDir = serverKeyPairDir
gendir(targetDir)
# move the files to the targetDir directory
new_rpm = os.path.join(targetDir, os.path.basename(old_rpm))
if not os.path.exists(new_rpm):
shutil.copy2(old_rpm, new_rpm)
os.unlink(old_rpm)
movedYN = 1
if movedYN:
s = name+'-*-*.{noarch,src}.rpm'
moveMessage = moveMessage + """\
<BUILD_DIR>/%s
--> <BUILD_DIR>/%s/%s\n""" % (s, os.path.basename(targetDir), s)
# I move the first 100 .pem files I find
# if there is more than that... oh well
movedYN = 0
for i in range(100):
serial = fixSerial(hex(i))
oldPemPath = os.path.join(topdir, serial+'.pem')
newPemPath = os.path.join(unknown, serial+'.pem')
if os.path.exists(oldPemPath) and not os.path.exists(newPemPath):
gendir(unknown)
shutil.copy2(oldPemPath, newPemPath)
os.unlink(oldPemPath)
movedYN = 1
if movedYN:
moveMessage = moveMessage + (
' <BUILD_DIR>/HEX*.pem --> <BUILD_DIR>/%s/HEX*.pem\n'
% os.path.basename(unknown))
if moveMessage:
sys.stdout.write('\nLegacy tree structured file(s) moved:\n%s'
% moveMessage)
# move rhn-org-httpd-ssl-MACHINENAME-VERSION.*.rpm files to the
# MACHINENAME directory! (an RHN 3.6.0 change)
rootFilename = pathJoin(topdir, 'rhn-org-httpd-ssl-key-pair-')
filenames = glob.glob(rootFilename+'*')
for filename in filenames:
# note: assuming version-rel is of that form.
machinename = filename[len(rootFilename):]
machinename = '-'.join(machinename.split('-')[:-2])
serverKeySetDir = pathJoin(topdir, machinename)
gendir(serverKeySetDir)
fileto = pathJoin(serverKeySetDir, filename)
if os.path.exists(fileto):
rotateFile(filepath=fileto, verbosity=0)
shutil.copy2(filename, fileto)
os.unlink(filename)
print("""\
Moved (legacy tree cleanup):
%s
...moved to...
%s""" % (filename, fileto))
def genServerRpm(d, verbosity=0):
""" generates server's SSL key set RPM """
serverKeyPairDir = os.path.join(d['--dir'],
getMachineName(d['--set-hostname']))
server_key_name = os.path.basename(d['--server-key'])
server_key = os.path.join(serverKeyPairDir, server_key_name)
server_cert_name = os.path.basename(d['--server-cert'])
server_cert = os.path.join(serverKeyPairDir, server_cert_name)
server_cert_req_name = os.path.basename(d['--server-cert-req'])
server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name)
jabberd_ssl_cert_name = os.path.basename(d['--jabberd-ssl-cert'])
jabberd_ssl_cert = os.path.join(serverKeyPairDir, jabberd_ssl_cert_name )
server_rpm_name = os.path.basename(d['--server-rpm'])
server_rpm = os.path.join(serverKeyPairDir, server_rpm_name)
postun_scriptlet = os.path.join(d['--dir'], 'postun.scriptlet')
genServerRpm_dependencies(d)
if verbosity>=0:
sys.stderr.write("\n...working...\n")
# check for old installed RPM.
oldHdr = getInstalledHeader(LEGACY_SERVER_RPM_NAME1)
if oldHdr and LEGACY_SERVER_RPM_NAME1 != server_rpm_name:
sys.stderr.write("""
** NOTE ** older-styled RPM installed (%s),
it needs to be removed before installing the web server's RPM that
is about to generated.
""" % LEGACY_SERVER_RPM_NAME1)
if not oldHdr:
oldHdr = getInstalledHeader(LEGACY_SERVER_RPM_NAME2)
if oldHdr and LEGACY_SERVER_RPM_NAME2 != server_rpm_name:
sys.stderr.write("""
** NOTE ** older-styled RPM installed (%s),
it needs to be removed before installing the web server's RPM that
is about to generated.
""" % LEGACY_SERVER_RPM_NAME2)
# check for new installed RPM.
# Work out the release number.
hdr = getInstalledHeader(server_rpm_name)
#find RPMs in the directory as well.
filenames = glob.glob("%s-*.noarch.rpm" % server_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h
epo, ver, rel = None, '1.0', '0'
if hdr is not None:
epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release']
# bump the release - and let's not be too smart about it
# assume the release is a number.
if rel:
rel = str(int(rel)+1)
description = SERVER_RPM_SUMMARY + """
Best practices suggests that this RPM should only be installed on the web
server with this hostname: %s
""" % d['--set-hostname']
# Determine which jabberd user exists:
jabberd_user = None
possible_jabberd_users = ['jabberd', 'jabber']
for juser_attempt in possible_jabberd_users:
try:
pwd.getpwnam(juser_attempt)
jabberd_user = juser_attempt
except:
# user doesn't exist, try the next
pass
if jabberd_user is None:
print("WARNING: No jabber/jabberd user on system, skipping " +
"jabberd.pem generation.")
jabberd_cert_string = ""
if jabberd_user is not None:
jabberd_cert_string = \
"/etc/pki/spacewalk/jabberd/server.pem:0600,%s,%s=%s" % \
(jabberd_user, jabberd_user, repr(cleanupAbsPath(jabberd_ssl_cert)))
## build the server RPM
args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
"--name %s --version %s --release %s --packager %s --vendor %s "
"--group 'RHN/Security' --summary %s --description %s --postun %s "
"/etc/httpd/conf/ssl.key/server.key:0600=%s "
"/etc/httpd/conf/ssl.csr/server.csr=%s "
"/etc/httpd/conf/ssl.crt/server.crt=%s "
"%s"
% (repr(server_rpm_name), ver, rel, repr(d['--rpm-packager']),
repr(d['--rpm-vendor']),
repr(SERVER_RPM_SUMMARY), repr(description),
repr(cleanupAbsPath(postun_scriptlet)),
repr(cleanupAbsPath(server_key)),
repr(cleanupAbsPath(server_cert_req)),
repr(cleanupAbsPath(server_cert)),
jabberd_cert_string
))
serverRpmName = "%s-%s-%s" % (server_rpm, ver, rel)
if verbosity >= 0:
print("""
Generating web server's SSL key pair/set RPM:
%s.src.rpm
%s.noarch.rpm""" % (serverRpmName, serverRpmName))
if verbosity > 1:
print("Commandline:", args)
if verbosity >= 4:
print('Current working directory:', os.getcwd())
print("Writing postun_scriptlet:", postun_scriptlet)
open(postun_scriptlet, 'w').write(POST_UNINSTALL_SCRIPT)
_disableRpmMacros()
cwd = chdir(serverKeyPairDir)
try:
ret, out_stream, err_stream = rhn_popen(args)
finally:
chdir(cwd)
_reenableRpmMacros()
os.unlink(postun_scriptlet)
out = out_stream.read(); out_stream.close()
err = err_stream.read(); err_stream.close()
if ret or not os.path.exists("%s.noarch.rpm" % serverRpmName):
raise GenServerRpmException("web server's SSL key set RPM generation "
"failed:\n%s\n%s" % (out, err))
if verbosity > 2:
if out:
print("STDOUT:", out)
if err:
print("STDERR:", err)
os.chmod('%s.noarch.rpm' % serverRpmName, int('0600',8))
# generic the tarball necessary for Spacewalk Proxy against hosted installations
tarballFilepath = genProxyServerTarball(d, version=ver, release=rel,
verbosity=verbosity)
# write-out latest.txt information
latest_txt = os.path.join(serverKeyPairDir, 'latest.txt')
fo = open(latest_txt, 'wb')
fo.write(bstr('%s.noarch.rpm\n' % os.path.basename(serverRpmName)))
fo.write(bstr('%s.src.rpm\n' % os.path.basename(serverRpmName)))
fo.write(bstr('%s\n' % os.path.basename(tarballFilepath)))
fo.close()
os.chmod(latest_txt, int('0600',8))
if verbosity >= 0:
print("""
Deploy the server's SSL key pair/set RPM:
(NOTE: the Red Hat Satellite or Proxy installers may do this step for you.)
The "noarch" RPM needs to be deployed to the machine working as a
web server, or Red Hat Satellite, or Spacewalk Proxy.
Presumably %s.""" % repr(d['--set-hostname']))
return "%s.noarch.rpm" % serverRpmName
def writeClientConfigOverrides(options):
""" write our "overrides" configuration file
This generated file is a configuration mapping file that is used
to map settings in up2date and rhn_register when run through a
seperate script.
"""
up2dateConfMap = {
# some are directly mapped, others are handled more delicately
'http_proxy': 'httpProxy',
'http_proxy_username': '******',
'http_proxy_password': '******',
'hostname': 'serverURL',
'ssl_cert': 'sslCACert',
'no_gpg': 'useGPG',
}
_bootstrapDir = cleanupAbsPath(os.path.join(options.pub_tree, 'bootstrap'))
if not os.path.exists(_bootstrapDir):
print("* creating '%s'" % _bootstrapDir)
os.makedirs(_bootstrapDir) # permissions should be fine
d = {}
if options.hostname:
scheme = 'https'
if options.no_ssl:
scheme = 'http'
d['serverURL'] = scheme + '://' + options.hostname + '/XMLRPC'
d['noSSLServerURL'] = 'http://' + options.hostname + '/XMLRPC'
# if proxy, enable it
# if "", disable it
if options.http_proxy:
d['enableProxy'] = '1'
d[up2dateConfMap['http_proxy']] = options.http_proxy
else:
d['enableProxy'] = '0'
d[up2dateConfMap['http_proxy']] = ""
# if proxy username, enable auth proxy
# if "", disable it
if options.http_proxy_username:
d['enableProxyAuth'] = '1'
d[up2dateConfMap['http_proxy_username']] = options.http_proxy_username
d[up2dateConfMap['http_proxy_password']] = options.http_proxy_password
else:
d['enableProxyAuth'] = '0'
d[up2dateConfMap['http_proxy_username']] = ""
d[up2dateConfMap['http_proxy_password']] = ""
# CA SSL certificate is a bit complicated. options.ssl_cert may be a file
# or it may be an RPM or it may be "", which means "try to figure it out
# by searching through the --pub-tree on your own.
_isRpmYN = processCACertPath(options)
if not options.ssl_cert:
sys.stderr.write("WARNING: no SSL CA certificate or RPM found in %s\n" % options.pub_tree)
if not options.no_ssl:
sys.stderr.write(" Fix it by hand or turn off SSL in the clients (--no-ssl)\n")
_certname = os.path.basename(options.ssl_cert) or CA_CRT_NAME
_certdir = os.path.dirname(DEFAULT_CA_CERT_PATH)
if _isRpmYN:
hdr = rhn_rpm.get_package_header(options.ssl_cert)
# Grab the first file out of the rpm
d[up2dateConfMap['ssl_cert']] = hdr[rhn_rpm.rpm.RPMTAG_FILENAMES][0] # UGLY!
else:
d[up2dateConfMap['ssl_cert']] = os.path.join(_certdir, _certname)
d[up2dateConfMap['no_gpg']] = int(operator.truth(not options.no_gpg))
writeYN = 1
_overrides = cleanupAbsPath(os.path.join(_bootstrapDir, options.overrides))
if os.path.exists(_overrides):
if readConfigFile(_overrides) != d:
# only back it up if different
backup = rotateFile(_overrides, depth=5, verbosity=options.verbose)
if backup and options.verbose>=0:
print("""\
* WARNING: if there were hand edits to the rotated (backed up) file,
some settings may need to be migrated.""")
else:
# exactly the same... no need to write
writeYN = 0
print("""\
* client configuration overrides (old and new are identical; not written):
'%s'\n""" % _overrides)
if writeYN:
fout = open(_overrides, 'w')
# header
fout.write("""\
# RHN Client (rhn_register/up2date) config-overrides file v4.0
#
# To be used only in conjuction with client_config_update.py
#
# This file was autogenerated.
#
# The simple rules:
# - a setting explicitely overwrites the setting in
# /etc/syconfig/rhn/{rhn_register,up2date} on the client system.
# - if a setting is removed, the client's state for that setting remains
# unchanged.
""")
keys = list(d.keys())
keys.sort()
for key in keys:
if d[key] is not None:
fout.write("%s=%s\n" % (key, d[key]))
fout.close()
print("""\
* bootstrap overrides (written):
'%s'\n""" % _overrides)
if options.verbose>=0:
print("Values written:")
for k, v in list(d.items()):
print(k + ' '*(25-len(k)) + repr(v))
