def genServerRpm(d, verbosity=0): """ generates server's SSL key set RPM """ serverKeyPairDir = os.path.join(d['--dir'], d['--set-hostname']) server_key_name = os.path.basename(d['--server-key']) server_key = os.path.join(serverKeyPairDir, server_key_name) server_cert_name = os.path.basename(d['--server-cert']) server_cert = os.path.join(serverKeyPairDir, server_cert_name) server_cert_req_name = os.path.basename(d['--server-cert-req']) server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name) server_rpm_name = os.path.basename(d['--server-rpm']) server_rpm = os.path.join(serverKeyPairDir, server_rpm_name) server_cert_dir = d['--server-cert-dir'] postun_scriptlet = os.path.join(d['--dir'], 'postun.scriptlet') genServerRpm_dependencies(d) if verbosity >= 0: sys.stderr.write("\n...working...\n") # check for new installed RPM. # Work out the release number. hdr = getInstalledHeader(server_rpm_name) #find RPMs in the directory as well. filenames = glob.glob("%s-*.noarch.rpm" % server_rpm) if filenames: filename = sortRPMs(filenames)[-1] h = get_package_header(filename) if hdr is None: hdr = h else: comp = hdrLabelCompare(h, hdr) if comp > 0: hdr = h ver, rel = '1.0', '0' if hdr is not None: ver, rel = hdr['version'], hdr['release'] # bump the release - and let's not be too smart about it # assume the release is a number. if rel: rel = str(int(rel) + 1) description = SERVER_RPM_SUMMARY + """ Best practices suggests that this RPM should only be installed on the web server with this hostname: %s """ % d['--set-hostname'] ## build the server RPM args = [ 'katello-certs-gen-rpm', "--name %s --version %s --release %s --packager %s --vendor %s ", "--group 'Applications/System' --summary %s --description %s --postun %s ", server_cert_dir + "/private/%s:0600=%s ", server_cert_dir + "/certs/%s=%s ", server_cert_dir + "/certs/%s=%s " ] args = " ".join(args) args = args % (repr(server_rpm_name), ver, rel, repr(d['--rpm-packager']), repr(d['--rpm-vendor']), repr(SERVER_RPM_SUMMARY), repr(description), repr(cleanupAbsPath(postun_scriptlet)), repr(server_key_name), repr( cleanupAbsPath(server_key)), repr(server_cert_req_name), repr(cleanupAbsPath(server_cert_req)), repr(server_cert_name), repr(cleanupAbsPath(server_cert))) serverRpmName = "%s-%s-%s" % (server_rpm, ver, rel) if verbosity >= 0: print """ Generating web server's SSL key pair/set RPM: %s.src.rpm %s.noarch.rpm""" % (serverRpmName, serverRpmName) if verbosity > 1: print "Commandline:", args if verbosity >= 4: print 'Current working directory:', os.getcwd() print "Writing postun_scriptlet:", postun_scriptlet open(postun_scriptlet, 'w').write(POST_UNINSTALL_SCRIPT) _disableRpmMacros() cwd = chdir(serverKeyPairDir) try: ret, out_stream, err_stream = rhn_popen(args) finally: chdir(cwd) _reenableRpmMacros() os.unlink(postun_scriptlet) out = out_stream.read() out_stream.close() err = err_stream.read() err_stream.close() if ret or not os.path.exists("%s.noarch.rpm" % serverRpmName): raise GenServerRpmException("web server's SSL key set RPM generation " "failed:\n%s\n%s" % (out, err)) if verbosity > 2: if out: print "STDOUT:", out if err: print "STDERR:", err os.chmod('%s.noarch.rpm' % serverRpmName, 0600) # generic the tarball necessary for RHN Proxy against hosted installations tarballFilepath = genProxyServerTarball(d, version=ver, release=rel, verbosity=verbosity) # write-out latest.txt information latest_txt = os.path.join(serverKeyPairDir, 'latest.txt') fo = open(latest_txt, 'wb') fo.write('%s.noarch.rpm\n' % os.path.basename(serverRpmName)) fo.write('%s.src.rpm\n' % os.path.basename(serverRpmName)) fo.write('%s\n' % os.path.basename(tarballFilepath)) fo.close() os.chmod(latest_txt, 0600) if verbosity >= 0: print """ Deploy the server's SSL key pair/set RPM: (NOTE: the Katello installer may do this step for you.) The "noarch" RPM needs to be deployed to the machine working as a web server, or RHN Satellite, or RHN Proxy. Presumably %s.""" % repr(d['--set-hostname']) return "%s.noarch.rpm" % serverRpmName
def genServerRpm(d, verbosity=0): """ generates server's SSL key set RPM """ serverKeyPairDir = os.path.join(d['--dir'], getMachineName(d['--set-hostname'])) server_key_name = os.path.basename(d['--server-key']) server_key = os.path.join(serverKeyPairDir, server_key_name) server_cert_name = os.path.basename(d['--server-cert']) server_cert = os.path.join(serverKeyPairDir, server_cert_name) server_cert_req_name = os.path.basename(d['--server-cert-req']) server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name) jabberd_ssl_cert_name = os.path.basename(d['--jabberd-ssl-cert']) jabberd_ssl_cert = os.path.join(serverKeyPairDir, jabberd_ssl_cert_name ) server_rpm_name = os.path.basename(d['--server-rpm']) server_rpm = os.path.join(serverKeyPairDir, server_rpm_name) postun_scriptlet = os.path.join(d['--dir'], 'postun.scriptlet') genServerRpm_dependencies(d) if verbosity>=0: sys.stderr.write("\n...working...\n") # check for new installed RPM. # Work out the release number. hdr = getInstalledHeader(server_rpm_name) #find RPMs in the directory as well. filenames = glob.glob("%s-*.noarch.rpm" % server_rpm) if filenames: filename = sortRPMs(filenames)[-1] h = get_package_header(filename) if hdr is None: hdr = h else: comp = hdrLabelCompare(h, hdr) if comp > 0: hdr = h epo, ver, rel = None, '1.0', '0' if hdr is not None: epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release'] # bump the release - and let's not be too smart about it # assume the release is a number. if rel: rel = str(int(rel)+1) description = SERVER_RPM_SUMMARY + """ Best practices suggests that this RPM should only be installed on the web server with this hostname: %s """ % d['--set-hostname'] # Determine which jabberd user exists: jabberd_user = None possible_jabberd_users = ['jabberd', 'jabber'] for juser_attempt in possible_jabberd_users: try: pwd.getpwnam(juser_attempt) jabberd_user = juser_attempt except: # user doesn't exist, try the next pass if jabberd_user is None: print ("WARNING: No jabber/jabberd user on system, skipping " + "jabberd.pem generation.") jabberd_cert_string = "" if jabberd_user is not None: jabberd_cert_string = \ "/etc/pki/spacewalk/jabberd/server.pem:0600,%s,%s=%s" % \ (jabberd_user, jabberd_user, repr(cleanupAbsPath(jabberd_ssl_cert))) ## build the server RPM args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " " "--name %s --version %s --release %s --packager %s --vendor %s " "--group 'Applications/System' --summary %s --description %s --postun %s " "/etc/pki/tls/private/%s:0600=%s " "/etc/pki/tls/certs/%s=%s " "/etc/pki/tls/certs/%s=%s " "%s" % (repr(server_rpm_name), ver, rel, repr(d['--rpm-packager']), repr(d['--rpm-vendor']), repr(SERVER_RPM_SUMMARY), repr(description), repr(cleanupAbsPath(postun_scriptlet)), repr(server_key_name), repr(cleanupAbsPath(server_key)), repr(server_cert_req_name), repr(cleanupAbsPath(server_cert_req)), repr(server_cert_name), repr(cleanupAbsPath(server_cert)), jabberd_cert_string )) serverRpmName = "%s-%s-%s" % (server_rpm, ver, rel) if verbosity >= 0: print """ Generating web server's SSL key pair/set RPM: %s.src.rpm %s.noarch.rpm""" % (serverRpmName, serverRpmName) if verbosity > 1: print "Commandline:", args if verbosity >= 4: print 'Current working directory:', os.getcwd() print "Writing postun_scriptlet:", postun_scriptlet open(postun_scriptlet, 'w').write(POST_UNINSTALL_SCRIPT) _disableRpmMacros() cwd = chdir(serverKeyPairDir) try: ret, out_stream, err_stream = rhn_popen(args) finally: chdir(cwd) _reenableRpmMacros() os.unlink(postun_scriptlet) out = out_stream.read(); out_stream.close() err = err_stream.read(); err_stream.close() if ret or not os.path.exists("%s.noarch.rpm" % serverRpmName): raise GenServerRpmException("web server's SSL key set RPM generation " "failed:\n%s\n%s" % (out, err)) if verbosity > 2: if out: print "STDOUT:", out if err: print "STDERR:", err os.chmod('%s.noarch.rpm' % serverRpmName, 0600) # generic the tarball necessary for RHN Proxy against hosted installations tarballFilepath = genProxyServerTarball(d, version=ver, release=rel, verbosity=verbosity) # write-out latest.txt information latest_txt = os.path.join(serverKeyPairDir, 'latest.txt') fo = open(latest_txt, 'wb') fo.write('%s.noarch.rpm\n' % os.path.basename(serverRpmName)) fo.write('%s.src.rpm\n' % os.path.basename(serverRpmName)) fo.write('%s\n' % os.path.basename(tarballFilepath)) fo.close() os.chmod(latest_txt, 0600) if verbosity >= 0: print """ Deploy the server's SSL key pair/set RPM: (NOTE: the Katello installer may do this step for you.) The "noarch" RPM needs to be deployed to the machine working as a web server, or RHN Satellite, or RHN Proxy. Presumably %s.""" % repr(d['--set-hostname']) return "%s.noarch.rpm" % serverRpmName
def genCaRpm(d, verbosity=0): """ generates ssl cert RPM. """ ca_cert_path = d['--ca-cert-dir'] ca_cert_name = os.path.basename(d['--ca-cert']) ca_cert = os.path.join(d['--dir'], ca_cert_name) ca_cert_rpm_name = os.path.basename(d['--ca-cert-rpm']) ca_cert_rpm = os.path.join(d['--dir'], ca_cert_rpm_name) genCaRpm_dependencies(d) if verbosity >= 0: sys.stderr.write("\n...working...") # Work out the release number. hdr = getInstalledHeader(ca_cert_rpm) #find RPMs in the directory filenames = glob.glob("%s-*.noarch.rpm" % ca_cert_rpm) if filenames: filename = sortRPMs(filenames)[-1] h = get_package_header(filename) if hdr is None: hdr = h else: comp = hdrLabelCompare(h, hdr) if comp > 0: hdr = h ver, rel = '1.0', '0' if hdr is not None: ver, rel = hdr['version'], hdr['release'] # bump the release - and let's not be too smart about it # assume the release is a number. if rel: rel = str(int(rel) + 1) # build the CA certificate RPM args = [ 'katello-certs-gen-rpm', "--name %s", "--version %s", "--release %s", "--packager %s", "--vendor %s", "--group 'Applications/System'", "--summary %s", "--description %s", os.path.join(ca_cert_path, "%s=%s") ] args = " ".join(args) args = args % ((repr(ca_cert_rpm_name), ver, rel, repr( d['--rpm-packager']), repr(d['--rpm-vendor']), repr(CA_CERT_RPM_SUMMARY), repr(CA_CERT_RPM_SUMMARY), repr(ca_cert_name), repr(cleanupAbsPath(ca_cert)))) clientRpmName = '%s-%s-%s' % (ca_cert_rpm, ver, rel) if verbosity >= 0: print """ Generating CA public certificate RPM: %s.src.rpm %s.noarch.rpm""" % (clientRpmName, clientRpmName) if verbosity > 1: print "Commandline:", args _disableRpmMacros() cwd = chdir(d['--dir']) try: ret, out_stream, err_stream = rhn_popen(args) except Exception: chdir(cwd) _reenableRpmMacros() raise chdir(cwd) _reenableRpmMacros() out = out_stream.read() out_stream.close() err = err_stream.read() err_stream.close() if ret or not os.path.exists("%s.noarch.rpm" % clientRpmName): raise GenCaCertRpmException("CA public SSL certificate RPM generation " "failed:\n%s\n%s" % (out, err)) if verbosity > 2: if out: print "STDOUT:", out if err: print "STDERR:", err os.chmod('%s.noarch.rpm' % clientRpmName, 0644) # write-out latest.txt information latest_txt = os.path.join(d['--dir'], 'latest.txt') fo = open(latest_txt, 'wb') fo.write('%s\n' % ca_cert_name) fo.write('%s.noarch.rpm\n' % os.path.basename(clientRpmName)) fo.write('%s.src.rpm\n' % os.path.basename(clientRpmName)) fo.close() os.chmod(latest_txt, 0644) if verbosity >= 0: print """ Make the public CA certficate publically available: (NOTE: the Katello installer may do this step for you.) The "noarch" RPM and raw CA certificate can be made publically accessible by copying it to the /var/www/html/pub directory of your Katello server.""" return '%s.noarch.rpm' % clientRpmName
def genCaRpm(d, verbosity=0): """ generates ssl cert RPM. """ ca_cert_name = os.path.basename(d['--ca-cert']) ca_cert = os.path.join(d['--dir'], ca_cert_name) ca_cert_rpm_name = os.path.basename(d['--ca-cert-rpm']) ca_cert_rpm = os.path.join(d['--dir'], ca_cert_rpm_name) genCaRpm_dependencies(d) if verbosity>=0: sys.stderr.write("\n...working...") # Work out the release number. hdr = getInstalledHeader(ca_cert_rpm) #find RPMs in the directory filenames = glob.glob("%s-*.noarch.rpm" % ca_cert_rpm) if filenames: filename = sortRPMs(filenames)[-1] h = get_package_header(filename) if hdr is None: hdr = h else: comp = hdrLabelCompare(h, hdr) if comp > 0: hdr = h epo, ver, rel = None, '1.0', '0' if hdr is not None: epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release'] # bump the release - and let's not be too smart about it # assume the release is a number. if rel: rel = str(int(rel)+1) # build the CA certificate RPM args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " " "--name %s --version %s --release %s --packager %s --vendor %s " "--group 'Applications/System' --summary %s --description %s " "/usr/share/katello/%s=%s" % (repr(ca_cert_rpm_name), ver, rel, repr(d['--rpm-packager']), repr(d['--rpm-vendor']), repr(CA_CERT_RPM_SUMMARY), repr(CA_CERT_RPM_SUMMARY), repr(ca_cert_name), repr(cleanupAbsPath(ca_cert)))) clientRpmName = '%s-%s-%s' % (ca_cert_rpm, ver, rel) if verbosity >= 0: print """ Generating CA public certificate RPM: %s.src.rpm %s.noarch.rpm""" % (clientRpmName, clientRpmName) if verbosity > 1: print "Commandline:", args _disableRpmMacros() cwd = chdir(d['--dir']) try: ret, out_stream, err_stream = rhn_popen(args) except Exception: chdir(cwd) _reenableRpmMacros() raise chdir(cwd) _reenableRpmMacros() out = out_stream.read(); out_stream.close() err = err_stream.read(); err_stream.close() if ret or not os.path.exists("%s.noarch.rpm" % clientRpmName): raise GenCaCertRpmException("CA public SSL certificate RPM generation " "failed:\n%s\n%s" % (out, err)) if verbosity > 2: if out: print "STDOUT:", out if err: print "STDERR:", err os.chmod('%s.noarch.rpm' % clientRpmName, 0644) # write-out latest.txt information latest_txt = os.path.join(d['--dir'], 'latest.txt') fo = open(latest_txt, 'wb') fo.write('%s\n' % ca_cert_name) fo.write('%s.noarch.rpm\n' % os.path.basename(clientRpmName)) fo.write('%s.src.rpm\n' % os.path.basename(clientRpmName)) fo.close() os.chmod(latest_txt, 0644) if verbosity >= 0: print """ Make the public CA certficate publically available: (NOTE: the Katello installer may do this step for you.) The "noarch" RPM and raw CA certificate can be made publically accessible by copying it to the /var/www/html/pub directory of your Katello server.""" return '%s.noarch.rpm' % clientRpmName