From 4f5655060df6fce2c9ded4160a5717a4663d492d Mon Sep 17 00:00:00 2001 From: "Carl D. Roth" Date: Thu, 20 Sep 2018 18:14:08 -0700 Subject: [PATCH 1/3] Fixed shell invocation bug in onie-sysinfo --- .../all/vendor-config-onl/src/python/onl/install/ShellApp.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py b/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py index fcf7f93d..2f28476f 100644 --- a/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py +++ b/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py @@ -242,8 +242,10 @@ class OnieSysinfoApp(SubprocessMixin, object): with InitrdContext(initrd=initrd, log=self.log) as ctx: cmd = ['onie-sysinfo',] cmd.extend(self.args) + self.log.info("foo!") + cmd = 'IFS=;' + " ".join(cmd) cmd = ('chroot', ctx.dir, - '/bin/sh', '-c', 'IFS=;' + " ".join(cmd)) + '/bin/sh', '-c', cmd,) try: self.output = self.check_output(cmd) ret = 0 From 2cd5d8afe2deae8847a10c3cac2b3c023024f0fe Mon Sep 17 00:00:00 2001 From: "Carl D. Roth" Date: Thu, 20 Sep 2018 18:15:07 -0700 Subject: [PATCH 2/3] Cleanups for execute method - support tuple arguments - send stdout/stderr output to the logger --- .../src/python/onl/util/__init__.py | 45 ++++++++++++++++--- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py b/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py index c085b3f2..f625f2b5 100644 --- a/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py +++ b/packages/base/all/vendor-config-onl/src/python/onl/util/__init__.py @@ -1,18 +1,49 @@ import subprocess +import logging class OnlServiceMixin(object): - def _execute(self, cmd, root=False, ex=True): - self.logger.debug("Executing: %s" % cmd) + + def _execute(self, cmd, + root=False, ex=True, + logLevel=logging.DEBUG): + self.logger.log(logLevel, "Executing: %s", cmd) + + if isinstance(cmd, basestring): + shell = True + else: + shell = False + if root is True and os.getuid() != 0: - cmd = "sudo " + cmd + if isinstance(cmd, basestring): + cmd = "sudo " + cmd + else: + cmd = ['sudo',] + list(cmd) + try: - subprocess.check_call(cmd, shell=True) - except Exception, e: + pipe = subprocess.Popen(cmd, shell=shell, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + except OSError as e: if ex: - self.logger.error("Command failed: %s" % e) + self.logger.error("Command did not start: %s (%s)", + str(e), str(e.child_traceback),) raise else: - return e.returncode + return -1 + + out, _ = pipe.communicate() + code = pipe.wait() + + lvl = logging.WARN if code else logLevel + out = (out or "").rstrip() + for line in out.splitlines(False): + self.logger.log(lvl, ">>> %s", line) + + if ex and code: + self.logger.error("Command failed with code %s", code) + raise subprocess.CalledProcessError(code, cmd) + + return code def _raise(self, msg, klass): self.logger.critical(msg) From 8ac2f0330bd59164fba4b4fd7c5dc088eb6b2ecf Mon Sep 17 00:00:00 2001 From: "Carl D. Roth" Date: Thu, 20 Sep 2018 18:15:35 -0700 Subject: [PATCH 3/3] Cleanup mount point usage - cut down on nested mount invocations --- .../src/python/onl/pki/__init__.py | 96 ++++++++++++------- 1 file changed, 62 insertions(+), 34 deletions(-) diff --git a/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py b/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py index eec0f7fc..35c891bc 100755 --- a/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py +++ b/packages/base/all/vendor-config-onl/src/python/onl/pki/__init__.py @@ -8,11 +8,8 @@ import sys import os import argparse import logging -import tempfile import shutil -import subprocess import tempfile -import yaml from onl.mounts import OnlMountManager, OnlMountContextReadOnly, OnlMountContextReadWrite from onl.sysconfig import sysconfig from onl.util import * @@ -50,39 +47,70 @@ class OnlPki(OnlServiceMixin): self.init_cert(force=force) def init_key(self, force=False): - with OnlPkiContextReadOnly(self.logger): - if not os.path.exists(self.kpath) or force: - self.logger.info("Generating private key...") - cmd = "openssl genrsa -out %s %s" % (self.kpath, sysconfig.pki.key.len) - with OnlPkiContextReadWrite(self.logger): - if not os.path.isdir(self.CONFIG_PKI_DIR): - os.makedirs(self.CONFIG_PKI_DIR) - self._execute(cmd) - self.init_cert(force=True) - else: - self.logger.info("Using existing private key.") + need_key = False + need_cert = False + + if force: + need_key = True + else: + with OnlPkiContextReadOnly(self.logger): + if not os.path.exists(self.kpath): + need_key = True + + if need_key: + self.logger.info("Generating private key...") + cmd = ('openssl', 'genrsa', + '-out', self.kpath, + str(sysconfig.pki.key.len),) + with OnlPkiContextReadWrite(self.logger): + if not os.path.isdir(self.CONFIG_PKI_DIR): + os.makedirs(self.CONFIG_PKI_DIR) + self._execute(cmd, logLevel=logging.INFO) + need_cert = True + else: + self.logger.info("Using existing private key.") + + if need_cert: + self.init_cert(force=True) def init_cert(self, force=False): - with OnlPkiContextReadOnly(self.logger): - if not os.path.exists(self.cpath) or force: - self.logger.info("Generating self-signed certificate...") - csr = tempfile.NamedTemporaryFile(prefix="pki-", suffix=".csr", delete=False) - csr.close() - fields = [ "%s=%s" % (k, v) for k,v in sysconfig.pki.cert.csr.fields.iteritems() ] - subject = "/" + "/".join(fields) - self.logger.debug("Subject: '%s'", subject) - self.logger.debug("CSR: %s", csr.name) - with OnlPkiContextReadWrite(self.logger): - if not os.path.isdir(self.CONFIG_PKI_DIR): - os.makedirs(self.CONFIG_PKI_DIR) - self._execute("""openssl req -new -batch -subj "%s" -key %s -out %s""" % ( - subject, self.kpath, csr.name)) - self._execute("""openssl x509 -req -days %s -sha256 -in %s -signkey %s -out %s""" % ( - sysconfig.pki.cert.csr.cdays, - csr.name, self.kpath, self.cpath)) - os.unlink(csr.name) - else: - self.logger.info("Using existing certificate.") + need_cert = False + + if force: + need_cert = True + else: + with OnlPkiContextReadOnly(self.logger): + if not os.path.exists(self.cpath): + need_cert = True + + if need_cert: + self.logger.info("Generating self-signed certificate...") + csr = tempfile.NamedTemporaryFile(prefix="pki-", suffix=".csr", delete=False) + csr.close() + fields = [ "%s=%s" % (k, v) for k,v in sysconfig.pki.cert.csr.fields.iteritems() ] + subject = "/" + "/".join(fields) + self.logger.debug("Subject: '%s'", subject) + self.logger.debug("CSR: %s", csr.name) + with OnlPkiContextReadWrite(self.logger): + if not os.path.isdir(self.CONFIG_PKI_DIR): + os.makedirs(self.CONFIG_PKI_DIR) + self._execute(('openssl', 'req', + '-new', '-batch', + '-subj', subject, + '-key', self.kpath, + '-out', csr.name,), + logLevel=logging.INFO) + self._execute(('openssl', 'x509', + '-req', + '-days', str(sysconfig.pki.cert.csr.cdays), + '-sha256', + '-in', csr.name, + '-signkey', self.kpath, + '-out', self.cpath,), + logLevel=logging.INFO) + os.unlink(csr.name) + else: + self.logger.info("Using existing certificate.") @staticmethod def main():