def enableSatelliteRepo(rhn_cert): args = ['rpm', '-q', '--qf', '\'%{version}\'', '-f', '/etc/redhat-release'] ret, out, err = fileutils.rhn_popen(args) # Read from stdout, strip quotes if any and extract first number version = re.search(r'\d+', out.read().strip("'")).group() if version not in SUPPORTED_RHEL_VERSIONS: msg = "WARNING: No Satellite repository available for RHEL version: %s.\n" % version sys.stderr.write(msg) return sat_cert = satellite_cert.SatelliteCert() sat_cert.load(rhn_cert) sat_version = getattr(sat_cert, 'satellite-version') repo = "rhel-%s-server-satellite-%s-rpms" % (version, sat_version) args = ['/usr/bin/subscription-manager', 'repos', '--enable', repo] ret, out, err = fileutils.rhn_popen(args) if ret: msg_ = "Enabling of Satellite repository failed." msg = ("%s\nReturn value: %s\nStandard-out: %s\n\n" "Standard-error: %s\n\n" % (msg_, ret, out.read(), err.read())) sys.stderr.write(msg) raise EnableSatelliteRepositoryException("Enabling of Satellite repository failed. Is there Satellite " "subscription attached to this system? Is the version of " "RHEL and Satellite certificate correct?")
def expiredYN(cert): """ dead simple check to see if our RHN cert is not expired returns either "" or the date of expiration. """ # parse it and snag "expires" sc = satellite_cert.SatelliteCert() sc.load(cert) # note the correction for timezone # pylint: disable=E1101 try: expires = time.mktime(time.strptime( sc.expires, sc.datesFormat_cert)) - time.timezone except ValueError: writeError( "Can't seem to parse the expires field in the RHN Certificate. " "RHN Certificate's version is incorrect?") # a cop-out FIXME: not elegant sys.exit(11) now = time.time() if expires < now: return sc.expires else: return ''
def expiredYN(certPath): """ dead simple check to see if our RHN cert is not expired returns either "" or the date of expiration. """ # open cert try: fo = open(certPath, 'rb') except IOError: sys.stderr.write("ERROR: unable to open the cert: %s\n" % certPath) sys.exit(1) cert = fo.read().strip() fo.close() # parse it and snag "expires" sc = satellite_cert.SatelliteCert() sc.load(cert) # note the correction for timezone # pylint: disable=E1101 try: expires = time.mktime(time.strptime( sc.expires, sc.datesFormat_cert)) - time.timezone except ValueError: sys.stderr.write("""\ ERROR: can't seem to parse the expires field in the RHN Certificate. RHN Certificate's version is incorrect?\n""") # a cop-out FIXME: not elegant sys.exit(11) now = time.time() if expires < now: return sc.expires else: return ''
def localUpdateChannels(): cert = open(DEFAULT_RHN_CERT_LOCATION).read() sat_cert = satellite_cert.SatelliteCert() sat_cert.load(cert) sync_handlers.populate_channel_family_permissions(sat_cert) sync_handlers.purge_extra_channel_families() sync_handlers.update_channel_family_counts()
def validateSatCert(cert, verbosity=0): """ validating (i.e., verifing sanity of) this product. I.e., makes sure the product Certificate is a sane certificate """ sat_cert = satellite_cert.SatelliteCert() sat_cert.load(cert) for key in ['generation', 'product', 'owner', 'issued', 'expires', 'slots']: if not getattr(sat_cert, key): sys.stderr.write("Error: Your satellite certificate is not valid. Field %s is not defined.\n" "Please contact your support representative.\n" % key) raise RHNCertGeneralSanityException("RHN Entitlement Certificate failed " "to validate.") signature = sat_cert.signature # copy cert to temp location (it may be gzipped). fd, certTmpFile = tempfile.mkstemp(prefix="/tmp/cert-") fo = os.fdopen(fd, 'wb') fo.write(getCertChecksumString(sat_cert)) fo.flush() fo.close() fd, signatureTmpFile = tempfile.mkstemp(prefix="/tmp/cert-signature-") fo = os.fdopen(fd, 'wb') fo.write(signature) fo.flush() fo.close() args = ['gpg', '--verify', '-q', '--keyring', DEFAULT_WEBAPP_GPG_KEY_RING, signatureTmpFile, certTmpFile] if verbosity: print "Checking cert XML sanity and GPG signature:", repr(' '.join(args)) ret, out, err = fileutils.rhn_popen(args) err = err.read() out = out.read() # nuke temp cert os.unlink(certTmpFile) os.unlink(signatureTmpFile) if err.find('Ohhhh jeeee: ... this is a bug') != -1 or err.find('verify err') != -1 or ret: msg = "%s Entitlement Certificate failed to validate.\n" % PRODUCT_NAME msg = msg + "MORE INFORMATION:\n" msg = msg + " Return value: %s\n" % ret +\ " Standard-out: %s\n" % out +\ " Standard-error: %s\n" % err sys.stderr.write(msg) raise RHNCertGeneralSanityException("RHN Entitlement Certificate failed " "to validate.") return 0
def enableSatelliteRepo(rhn_cert): args = [ 'rpm', '-q', '--qf', '\'%{version} %{arch}\'', '-f', '/etc/redhat-release' ] ret, out, err = fileutils.rhn_popen(args) data = out.read().strip("'") version, arch = data.split() # Read from stdout, strip quotes if any and extract first number version = re.search(r'\d+', version).group() if version not in SUPPORTED_RHEL_VERSIONS: log( 0, "WARNING: No Satellite repository available for RHEL version: %s." % version) return arch_str = "server" if arch == "s390x": arch_str = "system-z" sat_cert = satellite_cert.SatelliteCert() sat_cert.load(rhn_cert) sat_version = getattr(sat_cert, 'satellite-version') repo = "rhel-%s-%s-satellite-%s-rpms" % (version, arch_str, sat_version) args = ['/usr/bin/subscription-manager', 'repos', '--enable', repo] ret, out, err = fileutils.rhn_popen(args) if ret: msg_ = "Enabling of Satellite repository failed." msg = ("%s\nReturn value: %s\nStandard-out: %s\n\n" "Standard-error: %s\n" % (msg_, ret, out.read(), err.read())) writeError(msg) raise EnableSatelliteRepositoryException( "Enabling of Satellite repository failed. Make sure Satellite " "subscription is attached to this system, both versions of RHEL and " "Satellite are supported or run activation with --disconnected " "option.")
def test(): c = satellite_cert.SatelliteCert() c.load(CERT)
# # Copyright (c) 2008--2010 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # import sys from spacewalk.server.rhnServer import satellite_cert if len(sys.argv) != 2: print "Usage: %s <cert-file>" % sys.argv[0] sys.exit(1) c = satellite_cert.SatelliteCert() c.load(open(sys.argv[1]).read()) print c, dir(c) print getattr(c, "provisioning-slots")
def storeRhnCert(cert, check_generation=0, check_version=0): """ Pushes an RHN cert into the database, in rhnSatelliteCert "cert" is the raw RHN Certificate as a string. """ label = 'rhn-satellite-cert' cert = cert.strip() # sanity check # satellite_cert.ParseException can be thrown sc = satellite_cert.SatelliteCert() sc.load(cert) # pylint: disable=E1101 # gotta make sure there is a first org_id create_first_org(owner=sc.owner) # dates: formatted for DB expires = strftime(sc.datesFormat_db, strptime(sc.expires, sc.datesFormat_cert)) issued = strftime(sc.datesFormat_db, strptime(sc.issued, sc.datesFormat_cert)) version = 0 certAlreadyUploadedYN = 0 # First, find out the right next version for this cert row = retrieve_db_cert() if row: db_cert = row['cert'] db_issued = row['issued'] db_expires = row['expires'] version = row['version'] if db_cert == cert and issued == db_issued and expires == db_expires: # cert is already uploaded and the expiration dates match certAlreadyUploadedYN = 1 else: # cert is not uploaded *or* the expirations are out of whack version = version + 1 if check_generation or check_version: # Load the stored cert stored_sc = satellite_cert.SatelliteCert() stored_sc.load(db_cert) if check_generation and stored_sc.generation != sc.generation: raise CertGenerationMismatchError() if check_version: old_version = getattr(stored_sc, 'satellite-version') new_version = getattr(sc, 'satellite-version') if old_version != new_version: raise CertVersionMismatchError(old_version, new_version) if not certAlreadyUploadedYN: # bug 145491 update the cunstomer's name (should be harmless) wc_up = rhnSQL.prepare(_query_update_web_customer) wc_up.execute(owner=sc.owner) wu_up = rhnSQL.prepare(_query_update_web_user) wu_up.execute(owner=sc.owner) # XXX bug 145491, there may be further work here for rhnchannelfamily, # but only if it actually affects rhn's behaviour (because it's a real # bitch to fix because the channel family's name column is *based* on # the certificate owner h = rhnSQL.prepare(_query_insert_cert) h.execute(label=label, version=version, expires=expires, issued=issued) # Oracle aparently needs a separate query to update the cert blob: h.update_blob("rhnSatelliteCert", "cert", "WHERE label = :label AND version = :version", cert, label=label, version=version) # always reset the slots set_slots_from_cert(sc) cfg = RHNOptions('web') cfg.parse() rhnSQL.commit()