def __init__(self, cmd, environment_vars=None): tmpdir = munkicommon.tmpdir() labelprefix = 'com.googlecode.munki.' # create a unique id for this job jobid = str(uuid.uuid1()) self.label = labelprefix + jobid self.stdout_path = os.path.join(tmpdir, self.label + '.stdout') self.stderr_path = os.path.join(tmpdir, self.label + '.stderr') self.plist_path = os.path.join(tmpdir, self.label + '.plist') self.stdout = None self.stderr = None self.plist = {} self.plist['Label'] = self.label self.plist['ProgramArguments'] = cmd self.plist['StandardOutPath'] = self.stdout_path self.plist['StandardErrorPath'] = self.stderr_path if environment_vars: self.plist['EnvironmentVariables'] = environment_vars # write out launchd plist FoundationPlist.writePlist(self.plist, self.plist_path) # set owner, group and mode to those required # by launchd os.chown(self.plist_path, 0, 0) os.chmod(self.plist_path, int('644', 8)) launchctl_cmd = ['/bin/launchctl', 'load', self.plist_path] proc = subprocess.Popen(launchctl_cmd, shell=False, bufsize=-1, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) err = proc.communicate()[1] if proc.returncode: raise LaunchdJobException(err)
def config_profile_info(ignore_cache=False): '''Returns a dictionary representing the output of `profiles -C -o`''' global CONFIG_PROFILE_INFO if not profiles_supported(): CONFIG_PROFILE_INFO = {} return CONFIG_PROFILE_INFO if not ignore_cache and CONFIG_PROFILE_INFO is not None: return CONFIG_PROFILE_INFO output_plist = os.path.join(tempfile.mkdtemp(dir=munkicommon.tmpdir()), 'profiles') cmd = ['/usr/bin/profiles', '-C', '-o', output_plist] proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) proc.communicate() if proc.returncode != 0: munkicommon.display_error( 'Could not obtain configuration profile info: %s' % proc.stderr) CONFIG_PROFILE_INFO = {} else: try: CONFIG_PROFILE_INFO = FoundationPlist.readPlist(output_plist + '.plist') except BaseException, err: munkicommon.display_error( 'Could not read configuration profile info: %s' % err) CONFIG_PROFILE_INFO = {} finally:
def config_profile_info(ignore_cache=False): '''Returns a dictionary representing the output of `profiles -C -o`''' global CONFIG_PROFILE_INFO if not profiles_supported(): CONFIG_PROFILE_INFO = {} return CONFIG_PROFILE_INFO if not ignore_cache and CONFIG_PROFILE_INFO is not None: return CONFIG_PROFILE_INFO output_plist = os.path.join( tempfile.mkdtemp(dir=munkicommon.tmpdir()), 'profiles') cmd = ['/usr/bin/profiles', '-C', '-o', output_plist] proc = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) proc.communicate() if proc.returncode != 0: munkicommon.display_error( 'Could not obtain configuration profile info: %s' % proc.stderr) CONFIG_PROFILE_INFO = {} else: try: CONFIG_PROFILE_INFO = FoundationPlist.readPlist( output_plist + '.plist') except BaseException, err: munkicommon.display_error( 'Could not read configuration profile info: %s' % err) CONFIG_PROFILE_INFO = {} finally:
def __init__(self, repo, repo_path, mode): self.repo = repo self.repo_path = repo_path self.repo_mode = mode self.file = tempfile.NamedTemporaryFile(dir=munkicommon.tmpdir(), mode=mode, delete=False, suffix=os.path.splitext(repo_path)[1]) self.local_path = self.file.name if mode[0] == 'r': returncode = self.repo.get(self.repo_path, self.local_path) if returncode != 0: raise IOError
os.environ['HOME'] = original_home return # Ensure the keychain is in the search path and unlocked added_keychain = add_to_keychain_list(abs_keychain_path) unlock_and_set_nonlocking(abs_keychain_path) # Add client cert (and optionally key) client_cert_file = None combined_pem = None if client_key_path: # combine client cert and private key before we import cert_data = read_file(client_cert_path) key_data = read_file(client_key_path) # write the combined data combined_pem = os.path.join(munkicommon.tmpdir(), 'combined.pem') if write_file(cert_data + key_data, combined_pem): client_cert_file = combined_pem else: munkicommon.display_error( 'Could not combine client cert and key for import!') else: client_cert_file = client_cert_path if client_cert_file: # client_cert_file is combined_pem or client_cert_file munkicommon.display_debug2('Importing client cert and key...') try: output = security( 'import', client_cert_file, '-A', '-k', abs_keychain_path) if output: munkicommon.display_debug2(output)
if original_home: # switch it back os.environ['HOME'] = original_home return # Ensure the keychain is in the search path and unlocked added_keychain = add_to_keychain_list(abs_keychain_path) unlock_and_set_nonlocking(abs_keychain_path) # Add client cert (and optionally key) if client_key_path: # combine client cert and private key before we import cert_data = read_file(client_cert_path) key_data = read_file(client_key_path) # write the combined data combined_pem = os.path.join(munkicommon.tmpdir(), 'combined.pem') if write_file(cert_data + key_data, combined_pem): munkicommon.display_debug1('Importing client cert and key...') try: output = security('import', combined_pem, '-A', '-k', abs_keychain_path) if output: munkicommon.display_debug2(output) except SecurityError, err: munkicommon.display_error('Could not import %s: %s', combined_pem, err) os.unlink(combined_pem) else: munkicommon.display_error( 'Could not combine client cert and key for import!') else: