summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--Makefile.am9
-rw-r--r--NEWS3
-rw-r--r--README1
-rw-r--r--configure.ac2
-rwxr-xr-xsrc/fedora-cert.py77
-rw-r--r--src/lib/fedora-cert.py104
-rw-r--r--src/rpmbuild-md52
8 files changed, 175 insertions, 26 deletions
diff --git a/ChangeLog b/ChangeLog
index 9d38cfd..4109a14 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
-* Dennis Gilmore <dennis@ausil.us> - 0.4.0
+* Dennis Gilmore <dennis@ausil.us> - 0.3.5
- script for doing svn checkouts
+- add rpmbuild-md5
- download usercerts
* Dennis Gilmore <dennis@ausil.us> - 0.3.1
- allow annonymouse cvs checkouts
diff --git a/Makefile.am b/Makefile.am
index d068c70..f694402 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
-bin_SCRIPTS = fedora-cvs fedora-packager-setup fedoradev-pkgowners fedora-cert fedora-getsvn
+bin_SCRIPTS = fedora-cvs fedora-packager-setup fedoradev-pkgowners fedora-cert fedora-getsvn rpmbuild-md5
CLEANFILES = $(bin_SCRIPTS)
-EXTRA_DIST = src/fedora-cvs.py src/fedora-packager-setup.py src/fedoradev-pkgowners src/fedora-cert.py src/fedora-getsvn
+EXTRA_DIST = src/fedora-cvs.py src/fedora-packager-setup.py src/fedoradev-pkgowners src/fedora-cert.py src/fedora-getsvn src/rpmbuild-md5
fedora-cvs: $(srcdir)/src/fedora-cvs.py
rm -f fedora-cvs
@@ -26,3 +26,8 @@ fedora-getsvn: $(srcdir)/src/fedora-getsvn
rm -f fedora-getsvn
cp -p $(srcdir)/src/fedora-getsvn fedora-getsvn
chmod ugo+x fedora-getsvn
+
+rpmbuild-md5: $(srcdir)/src/rpmbuild-md5
+ rm -f rpmbuild-md5
+ cp -p $(srcdir)/src/rpmbuild-md5 rpmbuild-md5
+ chmod ugo+x rpmbuild-md5
diff --git a/NEWS b/NEWS
index 2b886b6..6dd9604 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Jul 13 2009
+add rpmbuild-md5 it creates rpms with old style hashes
+
Jun 21 2009
add hppa configs. fix bug in fedora-packager-setup trying to unlink non existant file
diff --git a/README b/README
index e69de29..6db691f 100644
--- a/README
+++ b/README
@@ -0,0 +1 @@
+Added a wrapper for old style hashes in rpm rpmbuild-md5
diff --git a/configure.ac b/configure.ac
index dad94fe..30cb903 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([fedora-packager], [0.3.4])
+AC_INIT([fedora-packager], [0.3.5])
AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip])
AC_PATH_PROGS(PYTHON, python)
AC_PATH_PROGS(BASH, sh bash)
diff --git a/src/fedora-cert.py b/src/fedora-cert.py
index 8d8223f..dc4b6d3 100755
--- a/src/fedora-cert.py
+++ b/src/fedora-cert.py
@@ -3,41 +3,72 @@ import optparse
import os
import sys
import getpass
-from fedora.accounts.fas2 import AccountSystem
-from fedora.accounts.fas2 import CLAError
-from fedora.tg.client import AuthError, ServerError
+from fedora.client.fas2 import AccountSystem
+from fedora.client.fas2 import CLAError
+from fedora.client import AuthError, ServerError
from OpenSSL import crypto
+import urlgrabber
-def read_cert_user():
- """
- Figure out the Fedora user name from ~/.fedora.cert
+def _open_cert():
+ """
+ Read in the certificate so we dont duplicate the code
"""
- # Make sure we can even read the thing.
+ # Make sure we can even read the thing.
cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
if not os.access(cert_file, os.R_OK):
print "!!! cannot read your ~/.fedora.cert file !!!"
print "!!! Ensure the file is readable and try again !!!"
sys.exit(1)
- FILE = open(cert_file)
- my_buf = FILE.read()
- FILE.close()
- my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, my_buf)
+ raw_cert = open(cert_file).read()
+ my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
+ return my_cert
+
+def verify_cert():
+ """
+ Check that the user cert is valid.
+ things to check/return
+ not revoked
+ Expiry time warn if less than 21 days
+ """
+ my_cert = _open_cert()
+ serial_no = my_cert.get_serial_number()
+ valid_until = my_cert.get_notAfter()
+ crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem")
+
+
+def certificate_expired():
+ """
+ Check to see if ~/.fedora.cert is expired
+ Returns True or False
+
+ """
+ my_cert = _open_cert()
+
+ if my_cert.has_expired():
+ return True
+ else:
+ return False
+
+def read_user_cert():
+ """
+ Figure out the Fedora user name from ~/.fedora.cert
+
+ """
+ my_cert = _open_cert()
subject = str(my_cert.get_subject())
subject_line = subject.split("CN=")
cn_parts = subject_line[1].split("/")
username = cn_parts[0]
-
- if my_cert.has_expired():
+ if certificate_expired():
print "Certificate expired; Lets get a new one."
create_user_cert(username)
return username
-
def create_user_cert(username):
- if not username is None:
+ if not username:
username = raw_input('FAS Username: ')
password = getpass.getpass('FAS Password: ')
try:
@@ -56,7 +87,9 @@ def create_user_cert(username):
sys.exit(1)
cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
if not os.access(cert_file, os.W_OK):
- print "Can not open cert file for writing"
+ print """Can not open cert file for writing.
+Please paste certificate into ~/.fedora.cert"""
+
print cert
sys.exit(1)
else:
@@ -77,7 +110,7 @@ def main(opts):
else:
username = opts.username
#has cert expired? do we force a new cert? get a new one
- if opts.new_cert:
+ if opts.newcert:
print "Getting a new User Certificate"
create_user_cert(username)
sys.exit(0)
@@ -85,19 +118,19 @@ def main(opts):
print "Certificate has expired, getting a new one"
create_user_cert(username)
sys.exit(0)
- if opts.verify-cert:
+ if opts.verifycert:
print "Verifying Certificate"
if __name__ == '__main__':
opt_p = optparse.OptionParser(usage="%prog [OPTIONS] ")
opt_p.add_option('-u', '--username', action='store_true', dest='username',
- help="FAS Username.")
+ default=False, help="FAS Username.")
opt_p.add_option('-n', '--new-cert', action='store_true', dest='newcert',
- help="Generate a new Fedora Certificate.")
+ default=False, help="Generate a new Fedora Certificate.")
opt_p.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
- help="Verify Certificate.")
+ default=False, help="Verify Certificate.")
- opts = opt_p.parse_args()
+ (opts, args) = opt_p.parse_args()
main(opts)
diff --git a/src/lib/fedora-cert.py b/src/lib/fedora-cert.py
new file mode 100644
index 0000000..21cea9d
--- /dev/null
+++ b/src/lib/fedora-cert.py
@@ -0,0 +1,104 @@
+#!/usr/bin/python
+import optparse
+import os
+import sys
+import getpass
+from fedora.client.fas2 import AccountSystem
+from fedora.client.fas2 import CLAError
+from fedora.client import AuthError, ServerError
+from OpenSSL import crypto
+
+def read_cert_user():
+ """
+ Figure out the Fedora user name from ~/.fedora.cert
+
+ """
+ # Make sure we can even read the thing.
+ cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
+ if not os.access(cert_file, os.R_OK):
+ print "!!! cannot read your ~/.fedora.cert file !!!"
+ print "!!! Ensure the file is readable and try again !!!"
+ sys.exit(1)
+ FILE = open(cert_file)
+ my_buf = FILE.read()
+ FILE.close()
+ my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, my_buf)
+
+ subject = str(my_cert.get_subject())
+ subject_line = subject.split("CN=")
+ cn_parts = subject_line[1].split("/")
+ username = cn_parts[0]
+
+ if my_cert.has_expired():
+ print "Certificate expired; Lets get a new one."
+ create_user_cert(username)
+
+ return username
+
+
+def create_user_cert(username):
+ if not username is None:
+ username = raw_input('FAS Username: ')
+ password = getpass.getpass('FAS Password: ')
+ try:
+ fas = AccountSystem('https://admin.fedoraproject.org/', username, password)
+ except AuthError:
+ print "Invalid username/password."
+ sys.exit(1)
+
+ try:
+ cert = fas.user_gencert()
+ fas.logout()
+ except CLAError:
+ print "You must sign the CLA before you can generate your certificate.\n" \
+ "To do this, go to https://admin.fedoraproject.org/accounts/cla/"
+ fas.logout()
+ sys.exit(1)
+ cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
+ if not os.access(cert_file, os.W_OK):
+ print "Can not open cert file for writing"
+ print cert
+ sys.exit(1)
+ else:
+ FILE = open(cert_file,"w")
+ FILE.write(cert)
+ FILE.close()
+
+def main(opts):
+ # lets read in the existing cert if it exists.
+ # gets us existing acc info
+ print opts
+ if not opts.username:
+ try:
+ username = read_user_cert()
+ except :
+ print "Can't determine fas name, lets get a new cert"
+ create_user_cert(None)
+ sys.exit(0)
+ else:
+ username = opts.username
+ #has cert expired? do we force a new cert? get a new one
+ if opts.new_cert:
+ print "Getting a new User Certificate"
+ create_user_cert(username)
+ sys.exit(0)
+ if certificate_expired():
+ print "Certificate has expired, getting a new one"
+ create_user_cert(username)
+ sys.exit(0)
+ if opts.verify-cert:
+ print "Verifying Certificate"
+
+
+if __name__ == '__main__':
+ opt_p = optparse.OptionParser(usage="%prog [OPTIONS] ")
+ opt_p.add_option('-u', '--username', action='store_true', dest='username',
+ default=False, help="FAS Username.")
+ opt_p.add_option('-n', '--new-cert', action='store_true', dest='newcert',
+ help="Generate a new Fedora Certificate.")
+ opt_p.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
+ help="Verify Certificate.")
+
+ opts = opt_p.parse_args()
+
+ main(opts)
diff --git a/src/rpmbuild-md5 b/src/rpmbuild-md5
new file mode 100644
index 0000000..11fdb21
--- /dev/null
+++ b/src/rpmbuild-md5
@@ -0,0 +1,2 @@
+#!/bin/bash
+rpmbuild --define "_source_filedigest_algorithm md5" --define "_binary_filedigest_algorithm md5" $@
generated by cgit (git 2.34.1) at 2024-04-19 10:21:57 +0000