From 528012fe8a8976961203021ef36353b7a4c3b8a8 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Nov 29 2016 13:50:51 +0000 Subject: ipapython: remove hard dependency on ipaplatform Use hard-coded paths to certutil, pk12util and openssl in certdb if ipaplatform is not available. Hard-coded the path to setpasswd in ipautil.run() doc string. Remove ipaplatform dependency from ipapython's setup.py and add ipapython dependency to ipaplatform's setup.py. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka --- diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 47f5185..ac22f3e 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -172,7 +172,6 @@ class BasePathNamespace(object): ODS_SIGNER = "/usr/sbin/ods-signer" OPENSSL = "/usr/bin/openssl" PK12UTIL = "/usr/bin/pk12util" - SETPASSWD = "/usr/bin/setpasswd" SIGNTOOL = "/usr/bin/signtool" SOFTHSM2_UTIL = "/usr/bin/softhsm2-util" SSLGET = "/usr/bin/sslget" diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py index 97311de..b28ac8c 100644 --- a/ipaplatform/setup.py +++ b/ipaplatform/setup.py @@ -42,6 +42,7 @@ if __name__ == '__main__': install_requires=[ "cffi", # "ipalib", # circular dependency + "ipapython", "pyasn1", "python-nss", "six", diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 464cc5b..5344e37 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -26,12 +26,21 @@ from cryptography.hazmat.primitives import serialization from nss import nss from nss.error import NSPRError -from ipaplatform.paths import paths from ipapython.dn import DN from ipapython.ipa_log_manager import root_logger from ipapython import ipautil from ipalib import x509 +try: + from ipaplatform.paths import paths + CERTUTIL = paths.CERTUTIL + PK12UTIL = paths.PK12UTIL + OPENSSL = paths.OPENSSL +except ImportError: + CERTUTIL = '/usr/bin/certutil' + PK12UTIL = '/usr/bin/pk12util' + OPENSSL = '/usr/bin/openssl' + CA_NICKNAME_FMT = "%s IPA CA" @@ -91,7 +100,7 @@ class NSSDatabase(object): self.close() def run_certutil(self, args, stdin=None, **kwargs): - new_args = [paths.CERTUTIL, "-d", self.secdir] + new_args = [CERTUTIL, "-d", self.secdir] new_args = new_args + args return ipautil.run(new_args, stdin, **kwargs) @@ -152,7 +161,7 @@ class NSSDatabase(object): def import_pkcs12(self, pkcs12_filename, db_password_filename, pkcs12_passwd=None): - args = [paths.PK12UTIL, "-d", self.secdir, + args = [PK12UTIL, "-d", self.secdir, "-i", pkcs12_filename, "-k", db_password_filename, '-v'] pkcs12_password_file = None @@ -229,7 +238,7 @@ class NSSDatabase(object): if label in ('PKCS7', 'PKCS #7 SIGNED DATA', 'CERTIFICATE'): args = [ - paths.OPENSSL, 'pkcs7', + OPENSSL, 'pkcs7', '-print_certs', ] try: @@ -262,7 +271,7 @@ class NSSDatabase(object): (key_file, filename)) args = [ - paths.OPENSSL, 'pkcs8', + OPENSSL, 'pkcs8', '-topk8', '-passout', 'file:' + db_password_filename, ] @@ -349,7 +358,7 @@ class NSSDatabase(object): out_password = ipautil.ipa_generate_password() out_pwdfile = ipautil.write_tmp_file(out_password) args = [ - paths.OPENSSL, 'pkcs12', + OPENSSL, 'pkcs12', '-export', '-in', in_file.name, '-out', out_file.name, diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 654fdd9..1c95a81 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -314,7 +314,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None, Example: We have a command - [paths.SETPASSWD, '--password', 'Secret123', 'someuser'] + ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser'] and we don't want to log the password so nolog would be set to: ('Secret123',) The resulting log output would be: diff --git a/ipapython/setup.py b/ipapython/setup.py index 1abe7b0..c413ffa 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -43,7 +43,6 @@ if __name__ == '__main__': "dnspython", "gssapi", "jwcrypto", - "ipaplatform", # "ipalib", # circular dependency "pyldap", "netaddr",