def genServerRpm(d, verbosity=0):
""" generates server's SSL key set RPM """
serverKeyPairDir = os.path.join(d['--dir'], d['--set-hostname'])
server_key_name = os.path.basename(d['--server-key'])
server_key = os.path.join(serverKeyPairDir, server_key_name)
server_cert_name = os.path.basename(d['--server-cert'])
server_cert = os.path.join(serverKeyPairDir, server_cert_name)
server_cert_req_name = os.path.basename(d['--server-cert-req'])
server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name)
server_rpm_name = os.path.basename(d['--server-rpm'])
server_rpm = os.path.join(serverKeyPairDir, server_rpm_name)
server_cert_dir = d['--server-cert-dir']
postun_scriptlet = os.path.join(d['--dir'], 'postun.scriptlet')
genServerRpm_dependencies(d)
if verbosity >= 0:
sys.stderr.write("\n...working...\n")
# check for new installed RPM.
# Work out the release number.
hdr = getInstalledHeader(server_rpm_name)
# find RPMs in the directory as well.
filenames = glob.glob("%s-[0-9]*.noarch.rpm" % server_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h
ver, rel = '1.0', '0'
if hdr is not None:
ver = str(hdr['version'].decode('utf-8'))
rel = str(hdr['release'].decode('utf-8'))
# bump the release - and let's not be too smart about it
# assume the release is a number.
if rel:
rel = str(int(rel) + 1)
description = SERVER_RPM_SUMMARY + """
Best practices suggests that this RPM should only be installed on the web
server with this hostname: %s
""" % d['--set-hostname']
# build the server RPM
args = [
'katello-certs-gen-rpm',
"--name %s --version %s --release %s --packager %s --vendor %s ",
"--group 'Applications/System' --summary %s --description %s --postun %s ",
server_cert_dir + "/private/%s:0600=%s ",
server_cert_dir + "/certs/%s=%s ", server_cert_dir + "/certs/%s=%s "
]
args = " ".join(args)
args = args % (repr(server_rpm_name), ver, rel, repr(d['--rpm-packager']),
repr(d['--rpm-vendor']), repr(SERVER_RPM_SUMMARY),
repr(description), repr(cleanupAbsPath(postun_scriptlet)),
repr(server_key_name), repr(
cleanupAbsPath(server_key)), repr(server_cert_req_name),
repr(cleanupAbsPath(server_cert_req)),
repr(server_cert_name), repr(cleanupAbsPath(server_cert)))
serverRpmName = "%s-%s-%s" % (server_rpm, ver, rel)
if verbosity >= 0:
print("""
Generating web server's SSL key pair/set RPM:
%s.src.rpm
%s.noarch.rpm""" % (serverRpmName, serverRpmName))
if verbosity > 1:
print("Commandline:", args)
if verbosity >= 4:
print('Current working directory:', os.getcwd())
print("Writing postun_scriptlet:", postun_scriptlet)
with open(postun_scriptlet, 'w') as scriptlet_fp:
scriptlet_fp.write(POST_UNINSTALL_SCRIPT)
_disableRpmMacros()
cwd = chdir(serverKeyPairDir)
try:
ret, out_stream, err_stream = rhn_popen(args)
finally:
chdir(cwd)
_reenableRpmMacros()
os.unlink(postun_scriptlet)
out = out_stream.read().decode('utf-8')
out_stream.close()
err = err_stream.read().decode('utf-8')
err_stream.close()
if ret or not os.path.exists("%s.noarch.rpm" % serverRpmName):
raise GenServerRpmException("web server's SSL key set RPM generation "
"failed:\n%s\n%s" % (out, err))
if verbosity > 2:
if out:
print("STDOUT:", out)
if err:
print("STDERR:", err)
os.chmod('%s.noarch.rpm' % serverRpmName, 0o600)
# write-out latest.txt information
latest_txt = os.path.join(serverKeyPairDir, 'latest.txt')
with open(latest_txt, 'w') as latest_fp:
latest_fp.write('%s.noarch.rpm\n' % os.path.basename(serverRpmName))
latest_fp.write('%s.src.rpm\n' % os.path.basename(serverRpmName))
os.chmod(latest_txt, 0o600)
if verbosity >= 0:
print("""
Deploy the server's SSL key pair/set RPM:
(NOTE: the Katello installer may do this step for you.)
The "noarch" RPM needs to be deployed to the machine working as a
web server, or RHN Satellite, or RHN Proxy.
Presumably %s.""" % repr(d['--set-hostname']))
return "%s.noarch.rpm" % serverRpmName
def genCaRpm(d, verbosity=0):
""" generates ssl cert RPM. """
ca_cert_path = d['--ca-cert-dir']
ca_cert_name = os.path.basename(d['--ca-cert'])
ca_cert = os.path.join(d['--dir'], ca_cert_name)
ca_cert_rpm_name = os.path.basename(d['--ca-cert-rpm'])
ca_cert_rpm = os.path.join(d['--dir'], ca_cert_rpm_name)
genCaRpm_dependencies(d)
appendOtherCACerts(d, ca_cert)
if verbosity >= 0:
sys.stderr.write("\n...working...")
# Work out the release number.
hdr = getInstalledHeader(ca_cert_rpm)
# find RPMs in the directory
filenames = glob.glob("%s-[0-9]*.noarch.rpm" % ca_cert_rpm)
if filenames:
filename = sortRPMs(filenames)[-1]
h = get_package_header(filename)
if hdr is None:
hdr = h
else:
comp = hdrLabelCompare(h, hdr)
if comp > 0:
hdr = h
ver, rel = '1.0', '0'
if hdr is not None:
ver = str(hdr['version'].decode('utf-8'))
rel = str(hdr['release'].decode('utf-8'))
# bump the release - and let's not be too smart about it
# assume the release is a number.
if rel:
rel = str(int(rel) + 1)
# build the CA certificate RPM
args = [
'katello-certs-gen-rpm', "--name %s", "--version %s", "--release %s",
"--packager %s", "--vendor %s", "--group 'Applications/System'",
"--summary %s", "--description %s",
os.path.join(ca_cert_path, "%s=%s")
]
args = " ".join(args)
args = args % ((repr(ca_cert_rpm_name), ver, rel, repr(
d['--rpm-packager']), repr(d['--rpm-vendor']),
repr(CA_CERT_RPM_SUMMARY), repr(CA_CERT_RPM_SUMMARY),
repr(ca_cert_name), repr(cleanupAbsPath(ca_cert))))
clientRpmName = '%s-%s-%s' % (ca_cert_rpm, ver, rel)
if verbosity >= 0:
print("""
Generating CA public certificate RPM:
%s.src.rpm
%s.noarch.rpm""" % (clientRpmName, clientRpmName))
if verbosity > 1:
print("Commandline:", args)
_disableRpmMacros()
cwd = chdir(d['--dir'])
try:
ret, out_stream, err_stream = rhn_popen(args)
except Exception:
chdir(cwd)
_reenableRpmMacros()
raise
chdir(cwd)
_reenableRpmMacros()
out = out_stream.read().decode('utf-8')
out_stream.close()
err = err_stream.read().decode('utf-8')
err_stream.close()
if ret or not os.path.exists("%s.noarch.rpm" % clientRpmName):
raise GenCaCertRpmException("CA public SSL certificate RPM generation "
"failed:\n%s\n%s" % (out, err))
if verbosity > 2:
if out:
print("STDOUT:", out)
if err:
print("STDERR:", err)
os.chmod('%s.noarch.rpm' % clientRpmName, 0o644)
# write-out latest.txt information
latest_txt = os.path.join(d['--dir'], 'latest.txt')
with open(latest_txt, 'w') as latest_fp:
latest_fp.write('%s\n' % ca_cert_name)
latest_fp.write('%s.noarch.rpm\n' % os.path.basename(clientRpmName))
latest_fp.write('%s.src.rpm\n' % os.path.basename(clientRpmName))
os.chmod(latest_txt, 0o644)
if verbosity >= 0:
print("""
Make the public CA certficate publically available:
(NOTE: the Katello installer may do this step for you.)
The "noarch" RPM and raw CA certificate can be made publically accessible
by copying it to the /var/www/html/pub directory of your Katello server."""
)
return '%s.noarch.rpm' % clientRpmName