ipapython: remove hard dependency on ipaplatform

Use hard-coded paths to certutil, pk12util and openssl in certdb if
ipaplatform is not available.

Hard-coded the path to setpasswd in ipautil.run() doc string.

Remove ipaplatform dependency from ipapython's setup.py and add ipapython
dependency to ipaplatform's setup.py.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

5 files changed, 17 insertions, 9 deletions

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 47f518577..ac22f3e97 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -172,7 +172,6 @@ class BasePathNamespace(object):
     ODS_SIGNER = "/usr/sbin/ods-signer"
     OPENSSL = "/usr/bin/openssl"
     PK12UTIL = "/usr/bin/pk12util"
-    SETPASSWD = "/usr/bin/setpasswd"
     SIGNTOOL = "/usr/bin/signtool"
     SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
     SSLGET = "/usr/bin/sslget"
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 97311de7f..b28ac8c65 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -42,6 +42,7 @@ if __name__ == '__main__':
         install_requires=[
             "cffi",
             # "ipalib",  # circular dependency
+            "ipapython",
             "pyasn1",
             "python-nss",
             "six",
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 464cc5b43..5344e37c5 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -26,12 +26,21 @@ from cryptography.hazmat.primitives import serialization
 from nss import nss
 from nss.error import NSPRError
 
-from ipaplatform.paths import paths
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger
 from ipapython import ipautil
 from ipalib import x509
 
+try:
+    from ipaplatform.paths import paths
+    CERTUTIL = paths.CERTUTIL
+    PK12UTIL = paths.PK12UTIL
+    OPENSSL = paths.OPENSSL
+except ImportError:
+    CERTUTIL = '/usr/bin/certutil'
+    PK12UTIL = '/usr/bin/pk12util'
+    OPENSSL = '/usr/bin/openssl'
+
 CA_NICKNAME_FMT = "%s IPA CA"
 
 
@@ -91,7 +100,7 @@ class NSSDatabase(object):
         self.close()
 
     def run_certutil(self, args, stdin=None, **kwargs):
-        new_args = [paths.CERTUTIL, "-d", self.secdir]
+        new_args = [CERTUTIL, "-d", self.secdir]
         new_args = new_args + args
         return ipautil.run(new_args, stdin, **kwargs)
 
@@ -152,7 +161,7 @@ class NSSDatabase(object):
 
     def import_pkcs12(self, pkcs12_filename, db_password_filename,
                       pkcs12_passwd=None):
-        args = [paths.PK12UTIL, "-d", self.secdir,
+        args = [PK12UTIL, "-d", self.secdir,
                 "-i", pkcs12_filename,
                 "-k", db_password_filename, '-v']
         pkcs12_password_file = None
@@ -229,7 +238,7 @@ class NSSDatabase(object):
 
                     if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'):
                         args = [
-                            paths.OPENSSL, 'pkcs7',
+                            OPENSSL, 'pkcs7',
                             '-print_certs',
                         ]
                         try:
@@ -262,7 +271,7 @@ class NSSDatabase(object):
                                 (key_file, filename))
 
                         args = [
-                            paths.OPENSSL, 'pkcs8',
+                            OPENSSL, 'pkcs8',
                             '-topk8',
                             '-passout', 'file:' + db_password_filename,
                         ]
@@ -349,7 +358,7 @@ class NSSDatabase(object):
             out_password = ipautil.ipa_generate_password()
             out_pwdfile = ipautil.write_tmp_file(out_password)
             args = [
-                paths.OPENSSL, 'pkcs12',
+                OPENSSL, 'pkcs12',
                 '-export',
                 '-in', in_file.name,
                 '-out', out_file.name,
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 654fdd97e..1c95a81f6 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -314,7 +314,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None,
 
         Example:
         We have a command
-            [paths.SETPASSWD, '--password', 'Secret123', 'someuser']
+            ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
         and we don't want to log the password so nolog would be set to:
         ('Secret123',)
         The resulting log output would be:
diff --git a/ipapython/setup.py b/ipapython/setup.py
index 1abe7b067..c413ffa6e 100755
--- a/ipapython/setup.py
+++ b/ipapython/setup.py
@@ -43,7 +43,6 @@ if __name__ == '__main__':
             "dnspython",
             "gssapi",
             "jwcrypto",
-            "ipaplatform",
             # "ipalib",  # circular dependency
             "pyldap",
             "netaddr",