From ef65550328ced10be85da2370dfc64b46dfc6071 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 5 Nov 2012 12:49:29 -0500 Subject: monkeypatch cms Popen Bug 1074257 Change-Id: I1372204c1e128aa664840e09b76fe979064d9efb --- bin/keystone-all | 6 ++++++ keystone/common/cms.py | 40 ++++++++++++++++++++++------------------ 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/bin/keystone-all b/bin/keystone-all index 8867f455..a51bb2c6 100755 --- a/bin/keystone-all +++ b/bin/keystone-all @@ -3,6 +3,7 @@ import greenlet import eventlet +from eventlet.green import subprocess import logging import os import signal @@ -22,6 +23,7 @@ if os.path.exists(os.path.join(possible_topdir, from paste import deploy from keystone import config +from keystone.common import cms from keystone.common import wsgi from keystone.common import utils from keystone.openstack.common import importutils @@ -68,6 +70,9 @@ def serve(*servers): except greenlet.GreenletExit: pass +def monkeypatch_cms(): + cms.Popen = subprocess.Popen + if __name__ == '__main__': dev_conf = os.path.join(possible_topdir, @@ -93,6 +98,7 @@ if __name__ == '__main__': monkeypatch_thread = not CONF._cli_values['standard_threads'] eventlet.patcher.monkey_patch(all=False, socket=True, time=True, thread=monkeypatch_thread) + monkeypatch_cms() options = deploy.appconfig('config:%s' % CONF.config_file[0]) diff --git a/keystone/common/cms.py b/keystone/common/cms.py index 4340b897..68d3a230 100644 --- a/keystone/common/cms.py +++ b/keystone/common/cms.py @@ -1,5 +1,9 @@ import hashlib import subprocess +#Importing Popen directly knowingly goes against the coding standard +#It is required due to the need to Monkeypatch the cms use of Popen when +#running in eventlet. +from subprocess import Popen from keystone.common import logging @@ -12,15 +16,15 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name): """ verifies the signature of the contents IAW CMS syntax """ - process = subprocess.Popen(["openssl", "cms", "-verify", - "-certfile", signing_cert_file_name, - "-CAfile", ca_file_name, - "-inform", "PEM", - "-nosmimecap", "-nodetach", - "-nocerts", "-noattr"], - stdin=subprocess.PIPE, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + process = Popen(["openssl", "cms", "-verify", + "-certfile", signing_cert_file_name, + "-CAfile", ca_file_name, + "-inform", "PEM", + "-nosmimecap", "-nodetach", + "-nocerts", "-noattr"], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) output, err = process.communicate(formatted) retcode = process.poll() if retcode: @@ -102,15 +106,15 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name): http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax """ - process = subprocess.Popen(["openssl", "cms", "-sign", - "-signer", signing_cert_file_name, - "-inkey", signing_key_file_name, - "-outform", "PEM", - "-nosmimecap", "-nodetach", - "-nocerts", "-noattr"], - stdin=subprocess.PIPE, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + process = Popen(["openssl", "cms", "-sign", + "-signer", signing_cert_file_name, + "-inkey", signing_key_file_name, + "-outform", "PEM", + "-nosmimecap", "-nodetach", + "-nocerts", "-noattr"], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) output, err = process.communicate(text) retcode = process.poll() if retcode or "Error" in err: -- cgit