diff options
author | Jan Cholasta <jcholast@redhat.com> | 2016-11-23 14:01:07 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-11-29 14:50:51 +0100 |
commit | 528012fe8a8976961203021ef36353b7a4c3b8a8 (patch) | |
tree | c208c28b82e1d5a3e4e8fd5bf064664cb8b32075 | |
parent | 6e50fae9ec6dea35e12a65dbc46228a1e6276e07 (diff) | |
download | freeipa-528012fe8a8976961203021ef36353b7a4c3b8a8.tar.gz freeipa-528012fe8a8976961203021ef36353b7a4c3b8a8.tar.xz freeipa-528012fe8a8976961203021ef36353b7a4c3b8a8.zip |
ipapython: remove hard dependency on ipaplatform
Use hard-coded paths to certutil, pk12util and openssl in certdb if
ipaplatform is not available.
Hard-coded the path to setpasswd in ipautil.run() doc string.
Remove ipaplatform dependency from ipapython's setup.py and add ipapython
dependency to ipaplatform's setup.py.
https://fedorahosted.org/freeipa/ticket/6474
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
-rw-r--r-- | ipaplatform/base/paths.py | 1 | ||||
-rw-r--r-- | ipaplatform/setup.py | 1 | ||||
-rw-r--r-- | ipapython/certdb.py | 21 | ||||
-rw-r--r-- | ipapython/ipautil.py | 2 | ||||
-rwxr-xr-x | ipapython/setup.py | 1 |
5 files changed, 17 insertions, 9 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 47f518577..ac22f3e97 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -172,7 +172,6 @@ class BasePathNamespace(object): ODS_SIGNER = "/usr/sbin/ods-signer" OPENSSL = "/usr/bin/openssl" PK12UTIL = "/usr/bin/pk12util" - SETPASSWD = "/usr/bin/setpasswd" SIGNTOOL = "/usr/bin/signtool" SOFTHSM2_UTIL = "/usr/bin/softhsm2-util" SSLGET = "/usr/bin/sslget" diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py index 97311de7f..b28ac8c65 100644 --- a/ipaplatform/setup.py +++ b/ipaplatform/setup.py @@ -42,6 +42,7 @@ if __name__ == '__main__': install_requires=[ "cffi", # "ipalib", # circular dependency + "ipapython", "pyasn1", "python-nss", "six", diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 464cc5b43..5344e37c5 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -26,12 +26,21 @@ from cryptography.hazmat.primitives import serialization from nss import nss from nss.error import NSPRError -from ipaplatform.paths import paths from ipapython.dn import DN from ipapython.ipa_log_manager import root_logger from ipapython import ipautil from ipalib import x509 +try: + from ipaplatform.paths import paths + CERTUTIL = paths.CERTUTIL + PK12UTIL = paths.PK12UTIL + OPENSSL = paths.OPENSSL +except ImportError: + CERTUTIL = '/usr/bin/certutil' + PK12UTIL = '/usr/bin/pk12util' + OPENSSL = '/usr/bin/openssl' + CA_NICKNAME_FMT = "%s IPA CA" @@ -91,7 +100,7 @@ class NSSDatabase(object): self.close() def run_certutil(self, args, stdin=None, **kwargs): - new_args = [paths.CERTUTIL, "-d", self.secdir] + new_args = [CERTUTIL, "-d", self.secdir] new_args = new_args + args return ipautil.run(new_args, stdin, **kwargs) @@ -152,7 +161,7 @@ class NSSDatabase(object): def import_pkcs12(self, pkcs12_filename, db_password_filename, pkcs12_passwd=None): - args = [paths.PK12UTIL, "-d", self.secdir, + args = [PK12UTIL, "-d", self.secdir, "-i", pkcs12_filename, "-k", db_password_filename, '-v'] pkcs12_password_file = None @@ -229,7 +238,7 @@ class NSSDatabase(object): if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'): args = [ - paths.OPENSSL, 'pkcs7', + OPENSSL, 'pkcs7', '-print_certs', ] try: @@ -262,7 +271,7 @@ class NSSDatabase(object): (key_file, filename)) args = [ - paths.OPENSSL, 'pkcs8', + OPENSSL, 'pkcs8', '-topk8', '-passout', 'file:' + db_password_filename, ] @@ -349,7 +358,7 @@ class NSSDatabase(object): out_password = ipautil.ipa_generate_password() out_pwdfile = ipautil.write_tmp_file(out_password) args = [ - paths.OPENSSL, 'pkcs12', + OPENSSL, 'pkcs12', '-export', '-in', in_file.name, '-out', out_file.name, diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 654fdd97e..1c95a81f6 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -314,7 +314,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None, Example: We have a command - [paths.SETPASSWD, '--password', 'Secret123', 'someuser'] + ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser'] and we don't want to log the password so nolog would be set to: ('Secret123',) The resulting log output would be: diff --git a/ipapython/setup.py b/ipapython/setup.py index 1abe7b067..c413ffa6e 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -43,7 +43,6 @@ if __name__ == '__main__': "dnspython", "gssapi", "jwcrypto", - "ipaplatform", # "ipalib", # circular dependency "pyldap", "netaddr", |