mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipapython: remove hard dependency on ipaplatform
Use hard-coded paths to certutil, pk12util and openssl in certdb if ipaplatform is not available. Hard-coded the path to setpasswd in ipautil.run() doc string. Remove ipaplatform dependency from ipapython's setup.py and add ipapython dependency to ipaplatform's setup.py. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
parent
6e50fae9ec
commit
528012fe8a
@ -172,7 +172,6 @@ class BasePathNamespace(object):
|
||||
ODS_SIGNER = "/usr/sbin/ods-signer"
|
||||
OPENSSL = "/usr/bin/openssl"
|
||||
PK12UTIL = "/usr/bin/pk12util"
|
||||
SETPASSWD = "/usr/bin/setpasswd"
|
||||
SIGNTOOL = "/usr/bin/signtool"
|
||||
SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
|
||||
SSLGET = "/usr/bin/sslget"
|
||||
|
@ -42,6 +42,7 @@ if __name__ == '__main__':
|
||||
install_requires=[
|
||||
"cffi",
|
||||
# "ipalib", # circular dependency
|
||||
"ipapython",
|
||||
"pyasn1",
|
||||
"python-nss",
|
||||
"six",
|
||||
|
@ -26,12 +26,21 @@ from cryptography.hazmat.primitives import serialization
|
||||
from nss import nss
|
||||
from nss.error import NSPRError
|
||||
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython.dn import DN
|
||||
from ipapython.ipa_log_manager import root_logger
|
||||
from ipapython import ipautil
|
||||
from ipalib import x509
|
||||
|
||||
try:
|
||||
from ipaplatform.paths import paths
|
||||
CERTUTIL = paths.CERTUTIL
|
||||
PK12UTIL = paths.PK12UTIL
|
||||
OPENSSL = paths.OPENSSL
|
||||
except ImportError:
|
||||
CERTUTIL = '/usr/bin/certutil'
|
||||
PK12UTIL = '/usr/bin/pk12util'
|
||||
OPENSSL = '/usr/bin/openssl'
|
||||
|
||||
CA_NICKNAME_FMT = "%s IPA CA"
|
||||
|
||||
|
||||
@ -91,7 +100,7 @@ class NSSDatabase(object):
|
||||
self.close()
|
||||
|
||||
def run_certutil(self, args, stdin=None, **kwargs):
|
||||
new_args = [paths.CERTUTIL, "-d", self.secdir]
|
||||
new_args = [CERTUTIL, "-d", self.secdir]
|
||||
new_args = new_args + args
|
||||
return ipautil.run(new_args, stdin, **kwargs)
|
||||
|
||||
@ -152,7 +161,7 @@ class NSSDatabase(object):
|
||||
|
||||
def import_pkcs12(self, pkcs12_filename, db_password_filename,
|
||||
pkcs12_passwd=None):
|
||||
args = [paths.PK12UTIL, "-d", self.secdir,
|
||||
args = [PK12UTIL, "-d", self.secdir,
|
||||
"-i", pkcs12_filename,
|
||||
"-k", db_password_filename, '-v']
|
||||
pkcs12_password_file = None
|
||||
@ -229,7 +238,7 @@ class NSSDatabase(object):
|
||||
|
||||
if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'):
|
||||
args = [
|
||||
paths.OPENSSL, 'pkcs7',
|
||||
OPENSSL, 'pkcs7',
|
||||
'-print_certs',
|
||||
]
|
||||
try:
|
||||
@ -262,7 +271,7 @@ class NSSDatabase(object):
|
||||
(key_file, filename))
|
||||
|
||||
args = [
|
||||
paths.OPENSSL, 'pkcs8',
|
||||
OPENSSL, 'pkcs8',
|
||||
'-topk8',
|
||||
'-passout', 'file:' + db_password_filename,
|
||||
]
|
||||
@ -349,7 +358,7 @@ class NSSDatabase(object):
|
||||
out_password = ipautil.ipa_generate_password()
|
||||
out_pwdfile = ipautil.write_tmp_file(out_password)
|
||||
args = [
|
||||
paths.OPENSSL, 'pkcs12',
|
||||
OPENSSL, 'pkcs12',
|
||||
'-export',
|
||||
'-in', in_file.name,
|
||||
'-out', out_file.name,
|
||||
|
@ -314,7 +314,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None,
|
||||
|
||||
Example:
|
||||
We have a command
|
||||
[paths.SETPASSWD, '--password', 'Secret123', 'someuser']
|
||||
['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
|
||||
and we don't want to log the password so nolog would be set to:
|
||||
('Secret123',)
|
||||
The resulting log output would be:
|
||||
|
@ -43,7 +43,6 @@ if __name__ == '__main__':
|
||||
"dnspython",
|
||||
"gssapi",
|
||||
"jwcrypto",
|
||||
"ipaplatform",
|
||||
# "ipalib", # circular dependency
|
||||
"pyldap",
|
||||
"netaddr",
|
||||
|
Loading…
Reference in New Issue
Block a user