PR#1: Use python API to write yubikey - fedora-packager

fedora-packager

#1 Use python API to write yubikey

Merged 8 years ago by ausil. Opened 8 years ago by puiterwijk.

puiterwijk/fedora-packager master into master

Use python API to write yubikey

Patrick Uiterwijk • 8 years ago

07ef31b

fedora-packager.spec

file modified

+5 -2

		`@@ -3,7 +3,7 @@`
		`%endif`

		`Name: fedora-packager`
		`- Version: 0.5.10.5`
		`+ Version: 0.5.10.6`
		`Release: 1%{?dist}`
		`Summary: Tools for setting up a fedora maintainer environment`

		`@@ -21,7 +21,7 @@`
		`Requires: redhat-rpm-config`
		`Requires: fedpkg >= 1.0`
		`Requires: fedora-cert = %{version}-%{release}`
		`- Requires: ykpers`
		`+ Requires: python-yubico`

		`BuildArch: noarch`

		`@@ -76,6 +76,9 @@`


		`%changelog`
		`+ * Tue Aug 11 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.5.10.6-1`
		`+ - Reworked yubikey code to use python-yubico rather than subprocess (puiterwijk)`
		`+`
		`* Mon Nov 24 2014 Dennis Gilmore <dennis@ausil.us> - 0.5.10.5-1`
		`- bump to 0.5.10.5 to match pkgs git repo release`

src/fedora-burn-yubikey.py

file modified

+24 -28

		`@@ -11,13 +11,21 @@`

		`# ykpersonalize -ofixed=ccccccccccci -afcaa0c5bf2e83ec040e4aeb7f8565293 -ouid=1e7f1da7d6d1`
		`from fedora.client import AccountSystem, AuthError`
		`- from getpass import getpass, getuser`
		`- import subprocess, sys, gettext`
		`+ from getpass import getpass`
		`+ import sys`
		`+ import gettext`
		`from optparse import OptionParser`
		`+ import yubico`

		`t = gettext.translation('fas', '/usr/share/locale', fallback = True)`
		`_ = t.gettext`

		`+ try:`
		`+ ykey = yubico.find_yubikey(False)`
		`+ except yubico.yubikey.YubiKeyError, ex:`
		`+ print 'Unable to get access to a yubikey: %s' % ex`
		`+ sys.exit(1)`
		`+`
		`parser = OptionParser(version = "0.1")`
		`parser.add_option('-u', '--username',`
		`dest = 'username',`
		`@@ -43,11 +51,6 @@`
		`parser.print_help()`
		`sys.exit(0)`

		`- if not getuser() == 'root':`
		`- print _('''Please run this program as root as it will need to write`
		`- directly to the yubikey usb''')`
		`- sys.exit(5)`
		`-`
		`print _(`
		`'''`
		`Attention: You are about to reprogram your yubikey! Please ensure it is`
		`@@ -73,25 +76,18 @@`
		`opts = new_key['key'].split()`

		`try:`
		`- retcode = subprocess.call(['/usr/bin/ykpersonalize',`
		`- '-%s' % slot,`
		`- '-ofixed=%s' % opts[0],`
		`- '-a%s' % opts[2],`
		`- '-ouid=%s' % opts[1],`
		`- '-o-static-ticket',`
		`- '-o-strong-pw1',`
		`- '-o-strong-pw2',`
		`- '-oserial-api-visible',`
		`- '-o-man-update'])`
		`- except KeyboardInterrupt:`
		`- print _('''`
		`- Burn attempt cancelled by user! Note: Even though the key did not get burned`
		`- onto your key, FAS did generate a new one. This just means that if you did`
		`- previously burn a different key, it will no longer work.`
		`- ''')`
		`- retcode=1`
		`-`
		`- if retcode:`
		`- print "There was an error writing to your yubi key"`
		`- else:`
		`+ ykconfig = ykey.init_config()`
		`+ ykconfig.mode_yubikey_otp('h:%s' % opts[1], 'h:%s' % opts[2])`
		`+ ykconfig.fixed_string(str('m:%s' % opts[0]))`
		`+ ykconfig.ticket_flag('APPEND_CR', True)`
		`+ ykconfig.config_flag('STATIC_TICKET', False)`
		`+ if ykey.version_num() >= (2, 1):`
		`+ ykconfig.config_flag('STRONG_PW1', False)`
		`+ ykconfig.config_flag('STRONG_PW2', False)`
		`+ ykconfig.config_flag('MAN_UPDATE', False)`
		`+ if ykey.version_num() >= (2, 2):`
		`+ ykconfig.extended_flag('SERIAL_API_VISIBLE', True)`
		`+ ykey.write_config(ykconfig, slot=int(slot))`
		`print "Success! Your Yubikey ID is %s" % opts[0]`
		`+ except yubico.yubikey.YubiKeyError, ex:`
		`+ print 'Yubikey error: %s' % ex`