ipapython: remove hard dependency on ipaplatform

Use hard-coded paths to certutil, pk12util and openssl in certdb if
ipaplatform is not available.

Hard-coded the path to setpasswd in ipautil.run() doc string.

Remove ipaplatform dependency from ipapython's setup.py and add ipapython
dependency to ipaplatform's setup.py.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Jan Cholasta 2016-11-23 14:01:07 +01:00 committed by Martin Basti
parent 6e50fae9ec
commit 528012fe8a
5 changed files with 17 additions and 9 deletions

View File

@ -172,7 +172,6 @@ class BasePathNamespace(object):
ODS_SIGNER = "/usr/sbin/ods-signer"
OPENSSL = "/usr/bin/openssl"
PK12UTIL = "/usr/bin/pk12util"
SETPASSWD = "/usr/bin/setpasswd"
SIGNTOOL = "/usr/bin/signtool"
SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
SSLGET = "/usr/bin/sslget"

View File

@ -42,6 +42,7 @@ if __name__ == '__main__':
install_requires=[
"cffi",
# "ipalib", # circular dependency
"ipapython",
"pyasn1",
"python-nss",
"six",

View File

@ -26,12 +26,21 @@ from cryptography.hazmat.primitives import serialization
from nss import nss
from nss.error import NSPRError
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipapython.ipa_log_manager import root_logger
from ipapython import ipautil
from ipalib import x509
try:
from ipaplatform.paths import paths
CERTUTIL = paths.CERTUTIL
PK12UTIL = paths.PK12UTIL
OPENSSL = paths.OPENSSL
except ImportError:
CERTUTIL = '/usr/bin/certutil'
PK12UTIL = '/usr/bin/pk12util'
OPENSSL = '/usr/bin/openssl'
CA_NICKNAME_FMT = "%s IPA CA"
@ -91,7 +100,7 @@ class NSSDatabase(object):
self.close()
def run_certutil(self, args, stdin=None, **kwargs):
new_args = [paths.CERTUTIL, "-d", self.secdir]
new_args = [CERTUTIL, "-d", self.secdir]
new_args = new_args + args
return ipautil.run(new_args, stdin, **kwargs)
@ -152,7 +161,7 @@ class NSSDatabase(object):
def import_pkcs12(self, pkcs12_filename, db_password_filename,
pkcs12_passwd=None):
args = [paths.PK12UTIL, "-d", self.secdir,
args = [PK12UTIL, "-d", self.secdir,
"-i", pkcs12_filename,
"-k", db_password_filename, '-v']
pkcs12_password_file = None
@ -229,7 +238,7 @@ class NSSDatabase(object):
if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'):
args = [
paths.OPENSSL, 'pkcs7',
OPENSSL, 'pkcs7',
'-print_certs',
]
try:
@ -262,7 +271,7 @@ class NSSDatabase(object):
(key_file, filename))
args = [
paths.OPENSSL, 'pkcs8',
OPENSSL, 'pkcs8',
'-topk8',
'-passout', 'file:' + db_password_filename,
]
@ -349,7 +358,7 @@ class NSSDatabase(object):
out_password = ipautil.ipa_generate_password()
out_pwdfile = ipautil.write_tmp_file(out_password)
args = [
paths.OPENSSL, 'pkcs12',
OPENSSL, 'pkcs12',
'-export',
'-in', in_file.name,
'-out', out_file.name,

View File

@ -314,7 +314,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None,
Example:
We have a command
[paths.SETPASSWD, '--password', 'Secret123', 'someuser']
['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
and we don't want to log the password so nolog would be set to:
('Secret123',)
The resulting log output would be:

View File

@ -43,7 +43,6 @@ if __name__ == '__main__':
"dnspython",
"gssapi",
"jwcrypto",
"ipaplatform",
# "ipalib", # circular dependency
"pyldap",
"netaddr",