diff --git a/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py b/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py index fcf7f93d..2f28476f 100644 --- a/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py +++ b/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py @@ -242,8 +242,10 @@ class OnieSysinfoApp(SubprocessMixin, object): with InitrdContext(initrd=initrd, log=self.log) as ctx: cmd = ['onie-sysinfo',] cmd.extend(self.args) + self.log.info("foo!") + cmd = 'IFS=;' + " ".join(cmd) cmd = ('chroot', ctx.dir, - '/bin/sh', '-c', 'IFS=;' + " ".join(cmd)) + '/bin/sh', '-c', cmd,) try: self.output = self.check_output(cmd) ret = 0 diff --git a/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py b/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py index eec0f7fc..35c891bc 100755 --- a/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py +++ b/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py @@ -8,11 +8,8 @@ import sys import os import argparse import logging -import tempfile import shutil -import subprocess import tempfile -import yaml from onl.mounts import OnlMountManager, OnlMountContextReadOnly, OnlMountContextReadWrite from onl.sysconfig import sysconfig from onl.util import * @@ -50,39 +47,70 @@ class OnlPki(OnlServiceMixin): self.init_cert(force=force) def init_key(self, force=False): - with OnlPkiContextReadOnly(self.logger): - if not os.path.exists(self.kpath) or force: - self.logger.info("Generating private key...") - cmd = "openssl genrsa -out %s %s" % (self.kpath, sysconfig.pki.key.len) - with OnlPkiContextReadWrite(self.logger): - if not os.path.isdir(self.CONFIG_PKI_DIR): - os.makedirs(self.CONFIG_PKI_DIR) - self._execute(cmd) - self.init_cert(force=True) - else: - self.logger.info("Using existing private key.") + need_key = False + need_cert = False + + if force: + need_key = True + else: + with OnlPkiContextReadOnly(self.logger): + if not os.path.exists(self.kpath): + need_key = True + + if need_key: + self.logger.info("Generating private key...") + cmd = ('openssl', 'genrsa', + '-out', self.kpath, + str(sysconfig.pki.key.len),) + with OnlPkiContextReadWrite(self.logger): + if not os.path.isdir(self.CONFIG_PKI_DIR): + os.makedirs(self.CONFIG_PKI_DIR) + self._execute(cmd, logLevel=logging.INFO) + need_cert = True + else: + self.logger.info("Using existing private key.") + + if need_cert: + self.init_cert(force=True) def init_cert(self, force=False): - with OnlPkiContextReadOnly(self.logger): - if not os.path.exists(self.cpath) or force: - self.logger.info("Generating self-signed certificate...") - csr = tempfile.NamedTemporaryFile(prefix="pki-", suffix=".csr", delete=False) - csr.close() - fields = [ "%s=%s" % (k, v) for k,v in sysconfig.pki.cert.csr.fields.iteritems() ] - subject = "/" + "/".join(fields) - self.logger.debug("Subject: '%s'", subject) - self.logger.debug("CSR: %s", csr.name) - with OnlPkiContextReadWrite(self.logger): - if not os.path.isdir(self.CONFIG_PKI_DIR): - os.makedirs(self.CONFIG_PKI_DIR) - self._execute("""openssl req -new -batch -subj "%s" -key %s -out %s""" % ( - subject, self.kpath, csr.name)) - self._execute("""openssl x509 -req -days %s -sha256 -in %s -signkey %s -out %s""" % ( - sysconfig.pki.cert.csr.cdays, - csr.name, self.kpath, self.cpath)) - os.unlink(csr.name) - else: - self.logger.info("Using existing certificate.") + need_cert = False + + if force: + need_cert = True + else: + with OnlPkiContextReadOnly(self.logger): + if not os.path.exists(self.cpath): + need_cert = True + + if need_cert: + self.logger.info("Generating self-signed certificate...") + csr = tempfile.NamedTemporaryFile(prefix="pki-", suffix=".csr", delete=False) + csr.close() + fields = [ "%s=%s" % (k, v) for k,v in sysconfig.pki.cert.csr.fields.iteritems() ] + subject = "/" + "/".join(fields) + self.logger.debug("Subject: '%s'", subject) + self.logger.debug("CSR: %s", csr.name) + with OnlPkiContextReadWrite(self.logger): + if not os.path.isdir(self.CONFIG_PKI_DIR): + os.makedirs(self.CONFIG_PKI_DIR) + self._execute(('openssl', 'req', + '-new', '-batch', + '-subj', subject, + '-key', self.kpath, + '-out', csr.name,), + logLevel=logging.INFO) + self._execute(('openssl', 'x509', + '-req', + '-days', str(sysconfig.pki.cert.csr.cdays), + '-sha256', + '-in', csr.name, + '-signkey', self.kpath, + '-out', self.cpath,), + logLevel=logging.INFO) + os.unlink(csr.name) + else: + self.logger.info("Using existing certificate.") @staticmethod def main(): diff --git a/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py b/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py index c085b3f2..f625f2b5 100644 --- a/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py +++ b/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py @@ -1,18 +1,49 @@ import subprocess +import logging class OnlServiceMixin(object): - def _execute(self, cmd, root=False, ex=True): - self.logger.debug("Executing: %s" % cmd) + + def _execute(self, cmd, + root=False, ex=True, + logLevel=logging.DEBUG): + self.logger.log(logLevel, "Executing: %s", cmd) + + if isinstance(cmd, basestring): + shell = True + else: + shell = False + if root is True and os.getuid() != 0: - cmd = "sudo " + cmd + if isinstance(cmd, basestring): + cmd = "sudo " + cmd + else: + cmd = ['sudo',] + list(cmd) + try: - subprocess.check_call(cmd, shell=True) - except Exception, e: + pipe = subprocess.Popen(cmd, shell=shell, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + except OSError as e: if ex: - self.logger.error("Command failed: %s" % e) + self.logger.error("Command did not start: %s (%s)", + str(e), str(e.child_traceback),) raise else: - return e.returncode + return -1 + + out, _ = pipe.communicate() + code = pipe.wait() + + lvl = logging.WARN if code else logLevel + out = (out or "").rstrip() + for line in out.splitlines(False): + self.logger.log(lvl, ">>> %s", line) + + if ex and code: + self.logger.error("Command failed with code %s", code) + raise subprocess.CalledProcessError(code, cmd) + + return code def _raise(self, msg, klass): self.logger.critical(msg)