Alon Bar-Lev has uploaded a new change for review.
Change subject: packaging: setup: remove usage of openssl utility
......................................................................
packaging: setup: remove usage of openssl utility
we have M2Crypto as API.
we have pki scripts as command-line.
Change-Id: Ic01dfd61815d15e0395889015d0a8dbda4fa5fe7
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M ovirt-engine.spec.in
M packaging/setup/plugins/ovirt-engine-rename/core/pki.py
M packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
M packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
4 files changed, 27 insertions(+), 51 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/14/18514/1
diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in
index 30ab293..18570c1 100644
--- a/ovirt-engine.spec.in
+++ b/ovirt-engine.spec.in
@@ -281,7 +281,6 @@
Requires: m2crypto
Requires: nfs-utils
Requires: openssh
-Requires: openssl
Requires: otopi >= 1.1.0
Requires: policycoreutils-python
Requires: python-psycopg2
diff --git a/packaging/setup/plugins/ovirt-engine-rename/core/pki.py
b/packaging/setup/plugins/ovirt-engine-rename/core/pki.py
index 7a4b752..3896134 100644
--- a/packaging/setup/plugins/ovirt-engine-rename/core/pki.py
+++ b/packaging/setup/plugins/ovirt-engine-rename/core/pki.py
@@ -71,7 +71,6 @@
stage=plugin.Stages.STAGE_SETUP,
)
def _setup(self):
- self.command.detect('openssl')
self.environment[
osetupcons.RenameEnv.FILES_TO_BE_MODIFIED
].extend(
@@ -82,18 +81,6 @@
)
)
- def _cert_fingerprint(self, certfile):
- rc, stdout, stder = self.execute(
- args=(
- self.command.get('openssl'),
- 'x509',
- '-in', certfile,
- '-noout',
- '-fingerprint',
- ),
- )
- return stdout[0]
-
@plugin.event(
stage=plugin.Stages.STAGE_LATE_SETUP,
condition=lambda self: os.path.exists(
@@ -101,15 +88,15 @@
)
)
def _late_setup(self):
- apache_ca_fp = self._cert_fingerprint(
- osetupcons.FileLocations.
- OVIRT_ENGINE_PKI_APACHE_CA_CERT
- )
- ca_fp = self._cert_fingerprint(
- osetupcons.FileLocations.
- OVIRT_ENGINE_PKI_ENGINE_CA_CERT
- )
- if (apache_ca_fp != ca_fp):
+ if (
+ X509.load_cert(
+ file=osetupcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_CA_CERT,
+ format=X509.FORMAT_PEM,
+ ).get_pubkey().get_rsa().pub() != X509.load_cert(
+ file=osetupcons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CA_CERT,
+ format=X509.FORMAT_PEM,
+ ).get_pubkey().get_rsa().pub()
+ ):
self.logger.warning(_('The CA certificate of Apache is changed'))
self.dialog.note(
text=_(
@@ -252,18 +239,14 @@
# this implementation is not transactional
# too many issues with legacy ca implementation
# need to work this out to allow transactional
- rc, stdout, stder = self.execute(
+ rc, stdout, stderr = self.execute(
args=(
- self.command.get('openssl'),
- 'pkcs12',
- '-in', (
- osetupcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_STORE
+ osetupcons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT,
+ '--name=%s' % 'apache',
+ '--passin=%s' % (
+ self.environment[osetupcons.PKIEnv.STORE_PASS],
),
- '-passin', 'pass:%s' % self.environment[
- osetupcons.PKIEnv.STORE_PASS
- ],
- '-nodes',
- '-nokeys',
+ '--cert=-',
),
)
diff --git
a/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
b/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
index 0676ec9..92f0774 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
@@ -57,12 +57,6 @@
)
@plugin.event(
- stage=plugin.Stages.STAGE_SETUP,
- )
- def _setup(self):
- self.command.detect('openssl')
-
- @plugin.event(
stage=plugin.Stages.STAGE_LATE_SETUP,
)
def _late_setup(self):
diff --git a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
index 83c40f7..1bf4df7 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
@@ -20,9 +20,13 @@
import os
+import re
import random
import gettext
_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from M2Crypto import X509
from otopi import util
@@ -98,7 +102,6 @@
)
)
def _setup(self):
- self.command.detect('openssl')
self._enabled = True
@plugin.event(
@@ -332,20 +335,17 @@
),
)
def _closeup(self):
- rc, stdout, stderr = self.execute(
- (
- self.command.get('openssl'),
- 'x509',
- '-in',
- osetupcons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CA_CERT,
- '-fingerprint',
- '-noout',
- '-sha1',
- ),
+ x509 = X509.load_cert(
+ file=osetupcons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CA_CERT,
+ format=X509.FORMAT_PEM,
)
self.dialog.note(
text=_('Internal CA {fingerprint}').format(
- fingerprint='\n'.join(stdout),
+ fingerprint=re.sub(
+ r'(..)',
+ r':\1',
+ x509.get_fingerprint(md='sha1'),
+ )[1:],
)
)
--
To view, visit http://gerrit.ovirt.org/18514
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic01dfd61815d15e0395889015d0a8dbda4fa5fe7
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.3
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
