def create_cert(cfg, domain_name, force=False):
""" Create a new certificate for domain name. """
repl = {"t": cfg.get("CA_TOP"), "d": domain_name}
repl["cd"] = '%(t)s/certs/%(d)s' % repl
if os.path.exists(repl["cd"]) and not force:
print('%s already exists. Exiting.' % domain_name)
return
if os.path.exists(repl["cd"]) and force:
shutil.rmtree(repl["cd"])
os.mkdir(repl["cd"])
config_file = cfg.create_config_file(domain_name)
if cfg.get("CAKEY_PASSPHRASE") == "stdin":
password = input("Enter CAKEY_PASSPHRASE: ")
print(openssl(['req', '-new', '-nodes', '-keyout',
'%(cd)s/%(d)s.key' % repl,
'-out %(cd)s/%(d)s.req' % repl,
'-days %(CRT_DAYS)s' % cfg.map, '-config %s' % config_file.name],
write=password))
print(openssl(['ca', '-batch', '-passin %(CAKEY_PASSPHRASE)s' % cfg.map,
'-policy policy_anything',
'-notext', '-days %(CRT_DAYS)s' % cfg.map,
'-out %(cd)s/%(d)s.crt' % repl,
'-infiles %(cd)s/%(d)s.req' % repl], write=password))
call('cat %(cd)s/%(d)s.crt %(t)s/cacert.pem > %(cd)s/%(d)s-fullchain.pem' %
repl)
# chmod go= $1.crt $1.key $1.req
os.unlink(config_file.name)
return domain_name
def clone(repourl, reponame):
'''
clone the mozilla/planet-content repo
'''
if os.path.isdir(reponame):
if 0 == call(
fmt('cd {reponame} && git rev-parse --is-inside-work-tree')
)[0]:
return
call(fmt('rm -rf {reponame}'))
call(fmt('git clone {repourl}'))
def task_pull():
'''
do a safe git pull
'''
submods = call("git submodule status | awk '{print $2}'")[1].split()
test = '`git diff-index --quiet HEAD --`'
pull = 'git pull --rebase'
update = 'git submodule update --remote'
dirty = 'echo "refusing to \'{cmd}\' because the tree is dirty"'
dirty_pull = dirty.format(cmd=pull)
dirty_update = dirty.format(cmd=update)
yield {
'name': 'mozilla-it/autocert',
'actions': [
f'if {test}; then {pull}; else {dirty_pull}; exit 1; fi',
],
}
for submod in submods:
yield {
'name':
submod,
'actions': [
f'cd {submod} && if {test}; then {update}; else {dirty_update}; exit 1; fi',
],
}
def check_docker_compose():
import re
from subprocess import check_output
from packaging.version import parse as version_parse
pattern = '(docker-compose version) ([0-9.]+(-rc[0-9])?)(, build [a-z0-9]+)'
output = call('docker-compose --version')[1].strip()
regex = re.compile(pattern)
match = regex.search(output)
version = match.groups()[1]
assert version_parse(version) >= version_parse(
MINIMUM_DOCKER_COMPOSE_VERSION)
def is_initd():
return all([
call('git config --get submodule.%s.url' % submod, throw=False)[1]
for submod in SUBMODS
])
from utils.globalslocals import gl
from doit.task import clean_targets
DOIT_CONFIG = {
'verbosity': 2,
'default_tasks': ['success'],
}
REPO = os.path.dirname(__file__)
SUBMODS = subs2shas().keys()
DODO = 'dodo.py'
COLM = 'bin/colm'
RAGEL = 'bin/ragel'
TARGETDIR = 'src'
TARGETSRC = 'targetsota.py'
PYTHON = 'python' if call('which pypy', throw=False)[0] else 'pypy'
PYTHON = 'python' # FIXME: its slower; doing this for now ... -sai pylint: disable=fixme
RPYTHON = 'src/pypy/rpython/bin/rpython'
ROOTDIR = 'root'
BINDIR = '%(ROOTDIR)s/bin' % gl()
LIBDIR = '%(ROOTDIR)s/lib' % gl()
PREDIR = 'tests/pre'
POSTDIR = 'tests/post'
VERSION_JSON = 'src/version.json'
CC = os.getenv('CXX', 'g++')
CXXFLAGS = '-Wall -Werror -fPIC -O2 -std=c++11 -g -I../ -I../docopt'
ENVS = [
'PYTHONPATH=.:src:src/pypy:$PYTHONPATH',
def openssl(args, write=None):
""" Call openssl with given arguments."""
return call("openssl " + ' '.join(args), write)
def format_date(date):
""" Formats date to iso-8601 using the date unix command. """
return call("date --date='%s' --iso-8601" % date).rstrip()
def subs2shas(path='.'):
lines = call('cd %s && git submodule' % path)[1].strip().split('\n')
return dict([(item[1], item[0])
for item in [line.split() for line in lines]])
def check_docker_ps():
cmd = 'docker ps --format "{{.Names}}" | grep ' + PROJNAME + ' | { grep -v grep || true; }'
out = call(cmd, throw=True)[1]
return out.split('\n') if out else []
def checkout(reponame, revision):
'''
checkout the appropriate revision
'''
call(fmt('cd {reponame} && git checkout {revision}'))
from ruamel import yaml
from doit.task import clean_targets
from utils.fmt import fmt, pfmt
from utils.shell import call, rglob, globs, which
import requests
import pkg_resources
from bs4 import BeautifulSoup
DOIT_CONFIG = {
'verbosity': 2,
'default_tasks': ['test'],
}
try:
J = call('nproc')[1].strip()
except:
J = 1
REPOROOT = os.path.dirname(os.path.abspath(__file__))
REPONAME = 'planet-content'
REPOURL = 'https://github.com/mozilla/planet-content'
REVISION = os.environ.get('PLANET_CONTENT_REVISION', 'master')
REQS = [
'git',
'pip',
]
def check_hash(program):