Alon Bar-Lev has uploaded a new change for review.
Change subject: pki: process template files not in-place
......................................................................
pki: process template files not in-place
Change-Id: Iaba7b66633eb92b0b6602fb17218d5e844256dd3
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M Makefile
R backend/manager/conf/ca/cacert.template.in
R backend/manager/conf/ca/cert.template.in
M packaging/fedora/setup/common_utils.py
M packaging/fedora/setup/engine-setup.py
M packaging/fedora/spec/ovirt-engine.spec.in
6 files changed, 25 insertions(+), 11 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/77/11577/1
diff --git a/Makefile b/Makefile
index e486e40..0a0dfb0 100644
--- a/Makefile
+++ b/Makefile
@@ -341,8 +341,8 @@
# Configuration files:
install -m 644 backend/manager/conf/ca/openssl.conf
$(DESTDIR)$(PKG_PKI_DIR)
- install -m 644 backend/manager/conf/ca/cacert.template
$(DESTDIR)$(PKG_PKI_DIR)
- install -m 644 backend/manager/conf/ca/cert.template
$(DESTDIR)$(PKG_PKI_DIR)
+ install -m 644 backend/manager/conf/ca/cacert.template.in
$(DESTDIR)$(PKG_PKI_DIR)
+ install -m 644 backend/manager/conf/ca/cert.template.in
$(DESTDIR)$(PKG_PKI_DIR)
# Certificate database:
install -m 644 backend/manager/conf/ca/database.txt
$(DESTDIR)$(PKG_PKI_DIR)
diff --git a/backend/manager/conf/ca/cacert.template
b/backend/manager/conf/ca/cacert.template.in
similarity index 87%
rename from backend/manager/conf/ca/cacert.template
rename to backend/manager/conf/ca/cacert.template.in
index e37fb81..d1856ff 100644
--- a/backend/manager/conf/ca/cacert.template
+++ b/backend/manager/conf/ca/cacert.template.in
@@ -13,7 +13,7 @@
[ v3_ca ]
subjectKeyIdentifier=hash
-authorityInfoAccess = caIssuers;URI:http://my.ca/ca.crt
+authorityInfoAccess = caIssuers;URI:@AIA@
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
keyUsage = critical,cRLSign, keyCertSign
diff --git a/backend/manager/conf/ca/cert.template
b/backend/manager/conf/ca/cert.template.in
similarity index 89%
rename from backend/manager/conf/ca/cert.template
rename to backend/manager/conf/ca/cert.template.in
index 09787aa..3ddeac5 100644
--- a/backend/manager/conf/ca/cert.template
+++ b/backend/manager/conf/ca/cert.template.in
@@ -13,7 +13,7 @@
[ v3_ca ]
subjectKeyIdentifier=hash
-authorityInfoAccess = caIssuers;URI:http://my.ca/ca.crt
+authorityInfoAccess = caIssuers;URI:@AIA@
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:false
keyUsage=critical,digitalSignature,keyEncipherment
diff --git a/packaging/fedora/setup/common_utils.py
b/packaging/fedora/setup/common_utils.py
index 0d1e17d..7f37d64 100755
--- a/packaging/fedora/setup/common_utils.py
+++ b/packaging/fedora/setup/common_utils.py
@@ -78,6 +78,15 @@
#Enum doesn't know this value
raise ValueError(output_messages.ERR_EXP_VALUE_ERR%(value))
+def processTemplate(template, name, subst):
+ content = ''
+ with open(template, 'r') as f:
+ content = f.read()
+ for k, v in subst.items():
+ content = content.replace(k, v)
+ with open(name, 'w') as f:
+ f.write(content)
+
class ConfigFileHandler:
def __init__(self, filepath):
self.filepath = filepath
diff --git a/packaging/fedora/setup/engine-setup.py
b/packaging/fedora/setup/engine-setup.py
index 0a82fec..42e9a72 100755
--- a/packaging/fedora/setup/engine-setup.py
+++ b/packaging/fedora/setup/engine-setup.py
@@ -920,11 +920,16 @@
def _updateCaCrtTemplate():
for file in [basedefs.FILE_CA_CRT_TEMPLATE, basedefs.FILE_CERT_TEMPLATE]:
- logging.debug("updating %s" % (file))
- fileHandler = utils.TextConfigFileHandler(file)
- fileHandler.open()
- fileHandler.editParam("authorityInfoAccess", "
caIssuers;URI:http://%s:%s/ca.crt"; % (controller.CONF["HOST_FQDN"],
controller.CONF["HTTP_PORT"]))
- fileHandler.close()
+ utils.processTemplate(
+ file + '.in',
+ file,
+ {
+ '@AIA@': 'http://%s:%s/ca.crt' % (
+ controller.CONF["HOST_FQDN"],
+ controller.CONF["HTTP_PORT"],
+ )
+ }
+ )
def getFirewalls():
firewalls = ["None"]
diff --git a/packaging/fedora/spec/ovirt-engine.spec.in
b/packaging/fedora/spec/ovirt-engine.spec.in
index bc2301e..a76530c 100644
--- a/packaging/fedora/spec/ovirt-engine.spec.in
+++ b/packaging/fedora/spec/ovirt-engine.spec.in
@@ -680,8 +680,8 @@
# PKI configuration files:
%config(noreplace) %{engine_pki}/openssl.conf
-%config(noreplace) %{engine_pki}/cacert.template
-%config(noreplace) %{engine_pki}/cert.template
+%config(noreplace) %{engine_pki}/cacert.template.in
+%config(noreplace) %{engine_pki}/cert.template.in
# The certificate database files:
%config(noreplace) %attr(-, %{engine_user}, %{engine_group})
%{engine_pki}/database.txt
--
To view, visit http://gerrit.ovirt.org/11577
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iaba7b66633eb92b0b6602fb17218d5e844256dd3
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
