Jude Nagurney [Fri, 16 Oct 2015 05:21:43 +0000 (01:21 -0400)]
bumping version to 0.29-1
Jude Nagurney [Fri, 16 Oct 2015 05:04:40 +0000 (01:04 -0400)]
github-1: support for hashing functions other than sha1
Jude Nagurney [Sun, 11 Oct 2015 20:28:06 +0000 (16:28 -0400)]
sha1 supprt checkpoint
Jude Nagurney [Sun, 17 May 2015 11:57:54 +0000 (07:57 -0400)]
fixing some typos / removing comments
Jude N [Sat, 28 Mar 2015 14:59:53 +0000 (10:59 -0400)]
Mention tests in the README.md
Jude N [Sat, 28 Mar 2015 14:45:51 +0000 (10:45 -0400)]
(messing with post-receive hook)
Jude N [Sat, 28 Mar 2015 14:44:24 +0000 (10:44 -0400)]
(messing with READE.md markdown)
Jude N [Sat, 28 Mar 2015 14:38:40 +0000 (10:38 -0400)]
(messing with post-receive hook)
Jude N [Sat, 28 Mar 2015 14:36:28 +0000 (10:36 -0400)]
Fleshing out README.md
Jude N [Sun, 22 Mar 2015 16:07:45 +0000 (12:07 -0400)]
Adding unknown ca tests
Jude N [Sun, 22 Mar 2015 15:47:07 +0000 (11:47 -0400)]
BATS fell down pushing a process into the background, so I switched to shunit2 / lots of refactoring
Jude N [Wed, 11 Mar 2015 04:27:23 +0000 (00:27 -0400)]
BATS is pretty sweet. Fixes for autoloading / unexpected ca string are on deck
Jude Nagurney [Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)]
Looks like certmaster-request and certmaster-ca are working with the new --ca flag.
Jude Nagurney [Mon, 2 Mar 2015 02:41:08 +0000 (21:41 -0500)]
(Not working yet, but the changeset was getting too big: The service starts, but certmaster-request still giving an error)
Greg Swift [Mon, 5 Sep 2011 19:09:24 +0000 (14:09 -0500)]
Consolidated definitions in logrotate file using glob.
Added sharedscripts directive so that HUP of running certmaster happens only once
Todd Zullinger [Thu, 2 Jun 2011 18:31:28 +0000 (14:31 -0400)]
turn off auto-starting certmaster
Hans Lellelid [Mon, 23 May 2011 19:34:35 +0000 (15:34 -0400)]
add --hostname option to certmaster-request to allow specifying the CN for the cert
Greg Swift [Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)]
Added setting of ciphersuite with only high and better SSLv3 certs. This should keep nessus and its ilk quiet as we only use 2048bit encryption anyways.
Seth Vidal [Thu, 7 Apr 2011 17:39:36 +0000 (13:39 -0400)]
and versionfile
Seth Vidal [Thu, 7 Apr 2011 17:39:20 +0000 (13:39 -0400)]
bump version to 0.28
Felix Kaechele [Fri, 25 Feb 2011 20:30:09 +0000 (15:30 -0500)]
fix certmaster/func connections out for fedora 14/python 2.7
S.Çağlar Onur [Fri, 15 Oct 2010 19:01:23 +0000 (15:01 -0400)]
Whitespace cleanup which includes;
* Change files to use 4-space indents and no hard tab characters.
* Trim excess spaces and tabs from ends of lines.
* Remove empty lines at the end of files and ensure the last line ends with a newline.
Generated by http://svn.python.org/projects/python/trunk/Tools/scripts/reindent.py
Seth Vidal [Fri, 15 Oct 2010 17:54:37 +0000 (13:54 -0400)]
catch syntax/logic issue correctly -> thanks to greg
Seth Vidal [Fri, 24 Sep 2010 16:02:35 +0000 (12:02 -0400)]
fix the version in the makefile :(
Seth Vidal [Mon, 20 Sep 2010 18:39:44 +0000 (14:39 -0400)]
jump to 0.27
Seth Vidal [Wed, 8 Sep 2010 19:03:48 +0000 (15:03 -0400)]
in python 2.7 - the things we are sending can also be a 'memoryview' object
so if we get one of those -convert it using tobytes() as its internal object
Daniel Lowe [Wed, 25 Aug 2010 20:40:35 +0000 (16:40 -0400)]
cut and paste error making cers not include right CA info
S.Çağlar Onur [Mon, 16 Aug 2010 18:55:38 +0000 (14:55 -0400)]
handle all socket errors (socket-related/address-related and timeout related)
S.Çağlar Onur [Mon, 16 Aug 2010 16:08:03 +0000 (12:08 -0400)]
don't raise the exception if certmaster is down or not available
S.Çağlar Onur [Tue, 10 Aug 2010 17:59:26 +0000 (13:59 -0400)]
Force create_minion_keys function to use all lowercase hostnames
S.Çağlar Onur [Wed, 4 Aug 2010 18:25:35 +0000 (14:25 -0400)]
return None for minion only setups to solve following exception;
2010-07-19 18:21:24,406 - ERROR - Exception occured: <type 'exceptions.IOError'>
Traceback (most recent call last):
File "/usr/lib/python2.5/site-packages/func/minion/server.py", line 196, in __call__
rc = self.__method(*args)
File "/usr/lib/python2.5/site-packages/func/minion/modules/func_module.py", line 43, in wrapper
return fn(*args)
File "/usr/lib/python2.5/site-packages/func/minion/modules/overlord.py", line 36, in map_minions
cm = certmaster.CertMaster()
File "/usr/lib/python2.5/site-packages/certmaster/certmaster.py", line 79, in __init__
self.cacert = certs.retrieve_cert_from_file(self.ca_cert_file)
File "/usr/lib/python2.5/site-packages/certmaster/certs.py", line 86, in retrieve_cert_from_file
fo = open(certfile, 'r')
IOError: [Errno 2] No such file or directory: '/etc/pki/certmaster/ca/certmaster.crt'
Seth Vidal [Mon, 14 Jun 2010 19:22:56 +0000 (15:22 -0400)]
change False to FALSE - from Adrian
Seth Vidal [Wed, 5 May 2010 04:14:31 +0000 (00:14 -0400)]
add emailaddr option to the make_csr routine so we can identify a cert/key via
email - not just assuming a hostname.
default still works the same as before root@cn
Seth Vidal [Thu, 22 Apr 2010 21:07:59 +0000 (17:07 -0400)]
- add BasicConstraints CA:TRUE for a ca cert, false for the others
- make signature digest sha - instead of md5
- make certs ver 3 not ver 1
- closes rh bug: https://bugzilla.redhat.com/show_bug.cgi?id=583047
Seth Vidal [Thu, 22 Apr 2010 21:07:13 +0000 (17:07 -0400)]
make the sha import use hashlib and make the hashlib import work sanely
on versions of python that don't have a hashlib (python < 2.5)
Seth Vidal [Thu, 22 Apr 2010 21:06:20 +0000 (17:06 -0400)]
optionally allow a passwd callback for opening the ssl keys
Nima Talebi [Wed, 10 Mar 2010 15:11:26 +0000 (10:11 -0500)]
spelling fixes for synchronize
Seth Vidal [Tue, 16 Feb 2010 18:12:49 +0000 (13:12 -0500)]
sort the output of certmaster-ca before displaying them
Adrian Likins [Wed, 6 Jan 2010 19:58:42 +0000 (14:58 -0500)]
fix type in certmaster-request.pod
Adrian Likins [Thu, 20 Aug 2009 16:16:47 +0000 (12:16 -0400)]
add etc/version
Adrian Likins [Thu, 11 Jun 2009 20:37:51 +0000 (16:37 -0400)]
add /etc/func/version to setup.py for --version support
Adrian Likins [Thu, 11 Jun 2009 20:37:04 +0000 (16:37 -0400)]
add support for --version to certmaster-ca
Add a CertmasterCAOptionParser that adds "get_version" method
to make --version work
Adrian Likins [Thu, 11 Jun 2009 20:36:39 +0000 (16:36 -0400)]
add support for --version to certmaster daemon
Adrian Likins [Thu, 11 Jun 2009 20:36:18 +0000 (16:36 -0400)]
add /etc/func/version to spec file
Adrian Likins [Thu, 11 Jun 2009 20:35:45 +0000 (16:35 -0400)]
add "versionfile" target to create etc/version for --version support
Adrian Likins [Wed, 10 Jun 2009 17:40:44 +0000 (13:40 -0400)]
rev to 0.25-1
Adrian Likins [Wed, 3 Jun 2009 20:42:35 +0000 (16:42 -0400)]
rev to 0.24.9 for a test release
Adrian Likins [Wed, 27 May 2009 20:19:32 +0000 (16:19 -0400)]
- add /var/lib/certmaster/certmaster* to spec and set perms
- add /var/log/certmaster/certmaster.log,audit.log to spec
and set perms
- add a chmod in the %post to reset any bogus perms on the log files
(kind of ugly, but it works)
Adrian Likins [Wed, 27 May 2009 20:19:01 +0000 (16:19 -0400)]
rev version to 0.25-1
Adrian Likins [Wed, 27 May 2009 20:18:24 +0000 (16:18 -0400)]
add certmaster cert dirs to the setup.py so the spec file sees them
rev version to 0.25
Adrian Likins [Tue, 19 May 2009 16:29:32 +0000 (12:29 -0400)]
Make status in lsb init script more return useful exit status
Reported by Darryl Dixon <darryl.dixon@winterhouseconsulting.com>
Adrian Likins [Tue, 28 Apr 2009 17:03:36 +0000 (13:03 -0400)]
Changes to allow us to specify the hostname we want to use for cert creation,
instead of grabbing it deep down in the code. This change is mostly to allow
us to use the get_hostname_by_route function from func in funcd.
Adrian Likins [Fri, 24 Apr 2009 17:02:49 +0000 (13:02 -0400)]
Set default umask to 077 intead of 0. Before files could be created
as world writeable.
John Eckersberg [Tue, 14 Apr 2009 13:16:23 +0000 (09:16 -0400)]
Do not accept certificates that do not match our key.
Usually this happens when a host is re-provisioned and you forget to
run certmaster-ca --clean afterwards to remove the old cert on the
certmaster.
Instead of accepting the cert and throwing a key-mismatch exception,
we log a useful hint to the log and to stderr.
John Eckersberg [Wed, 18 Mar 2009 17:30:31 +0000 (13:30 -0400)]
[certmaster] Documentation and cleanup for minion-to-minion
* Add man page for certmaster-sync
* Symlink certmaster-sync into triggers for post-sign and post-clean
(doesn't execute by default)
* Add sync_certs setting to default certmaster.conf
* Create the empty /var/lib/certmaster/peers directory
John Eckersberg [Fri, 13 Mar 2009 19:39:37 +0000 (15:39 -0400)]
Minion-to-minion support, certmaster half.
Phil [Thu, 5 Mar 2009 20:28:44 +0000 (15:28 -0500)]
add a monit configuration file
Adrian Likins [Tue, 3 Mar 2009 22:41:12 +0000 (17:41 -0500)]
change utils.get_hostname to just do the basic thing. Move the bits
that do all the config checking and route lookup and other madness
to func.utils.get_hostname_by_route
Adrian Likins [Sat, 21 Feb 2009 05:39:32 +0000 (00:39 -0500)]
Merge branch 'master' of ssh://alikins@git.fedorahosted.org/git/certmaster
Conflicts:
Makefile
Adrian Likins [Sat, 21 Feb 2009 00:12:14 +0000 (19:12 -0500)]
there was a trailing space on the version
Adrian Likins [Thu, 19 Feb 2009 16:36:15 +0000 (11:36 -0500)]
rev to release 5 for rebuild
Adrian Likins [Thu, 19 Feb 2009 00:47:15 +0000 (19:47 -0500)]
remove "version" file and updated spec/makefile/setup.py to not need it
Adrian Likins [Thu, 12 Feb 2009 20:08:59 +0000 (15:08 -0500)]
add a excepthook handler for uncaught exceptions, so they get written to the log
https://fedorahosted.org/func/ticket/70
Adrian Likins [Thu, 22 Jan 2009 16:55:11 +0000 (11:55 -0500)]
change old urls to new urls
Adrian Likins [Wed, 21 Jan 2009 19:58:45 +0000 (14:58 -0500)]
make the python executable we use a makefile variable
Adrian Likins [Mon, 19 Jan 2009 21:45:22 +0000 (16:45 -0500)]
certspec: Try to simplify the support for rhel3+python2.3 a little bit.
We let distutils do the /usr/bin/python path munging for the files that need
it (aka, everything in "scripts"). So we can get rid of the patch for this
(we also cleaned up all the files that had a #! set that didn't need it)
Some minor spec file formatting changes as well
Adrian Likins [Mon, 19 Jan 2009 19:47:45 +0000 (14:47 -0500)]
permissions cleanup on source files
Adrian Likins [Tue, 13 Jan 2009 22:33:15 +0000 (17:33 -0500)]
fix up some docs bugs. Looks like they were introduced in the certmaster/func split.
fix https://fedorahosted.org/certmaster/ticket/5 (certmaster-request man page
was getting created incorrectly)
Adrian Likins [Wed, 17 Dec 2008 20:30:08 +0000 (15:30 -0500)]
0.24
Tim Bielawa [Mon, 15 Dec 2008 19:00:37 +0000 (14:00 -0500)]
Patch from Tim Bielawa <timbielawa@gmail.com> to make init scripts work
on debian/ubuntu
Adrian Likins [Mon, 8 Dec 2008 19:30:42 +0000 (14:30 -0500)]
add missing dirs to spec file (trigger dirs)
fix for bugzilla #473633
Adrian Likins [Tue, 18 Nov 2008 15:56:37 +0000 (10:56 -0500)]
removed unneed line that reset the requesting_host
Adrian Likins [Wed, 12 Nov 2008 16:53:59 +0000 (11:53 -0500)]
Make the port that certmaster listens on and funcd connects to configurable.
add listen_port to /etc/certmaster/certmaster.conf to configure which
port certmaster runs on.
add certmaster_port to /etc/certmaster/minion.conf so funcd knows which
port to talk to certmaster on.
Adrian Likins [Wed, 15 Oct 2008 20:12:07 +0000 (16:12 -0400)]
change triggers so we pass in the name of the machine the request/sign/remove is for
and pass it to the triggers
This could potentially break some existing triggers if they dont expect
and argument. However, it's documented that they should expect a
name argument, they just weren't ever getting one until now.
Adrian Likins [Fri, 19 Sep 2008 18:52:32 +0000 (14:52 -0400)]
fix for utils.daemonize() as reported in https://fedorahosted.org/func/ticket/58
by goozbach
Couple of things wrong, fd's were getting closed in wrong place, the
call to os.cwd('/') was supposed to be os.chdir('/')
Also try duping the fd's just in case
Adrian Likins [Fri, 5 Sep 2008 18:15:52 +0000 (14:15 -0400)]
Merge branch 'master' of ssh://alikins@git.fedoraproject.org/git/hosted/certmaster
Adrian Likins [Fri, 5 Sep 2008 18:10:39 +0000 (14:10 -0400)]
credit for patch for Jonathan Barber <j.barber@dundee.ac.uk>
Jonathan Barber [Fri, 5 Sep 2008 18:09:35 +0000 (14:09 -0400)]
close stdin/stdout/stderr on daemonize
patch from Jonathan Barber <j.barber@dundee.ac.uk>
Adrian Likins [Fri, 5 Sep 2008 17:15:59 +0000 (13:15 -0400)]
rev to 0.23-1
Adrian Likins [Thu, 24 Jul 2008 19:28:14 +0000 (15:28 -0400)]
add #*# files correctly to .gitignore
Adrian Likins [Thu, 24 Jul 2008 19:26:25 +0000 (15:26 -0400)]
add more stuff to shut up git
Adrian Likins [Thu, 24 Jul 2008 19:25:23 +0000 (15:25 -0400)]
add .gitignore
Adrian Likins [Thu, 24 Jul 2008 16:42:04 +0000 (12:42 -0400)]
merge with the code from func
remove a spurious debug line
Adrian Likins [Mon, 30 Jun 2008 16:59:21 +0000 (12:59 -0400)]
/s/June/Jun (incorrect changelog entry)
Adrian Likins [Mon, 30 Jun 2008 16:40:29 +0000 (12:40 -0400)]
fix fedora bug #441283 - typo in postinstall scriptlet
(the init.d symlinks for runlevels 1 and 6 were created wrong)
rev releae
Michael DeHaan [Mon, 30 Jun 2008 16:31:45 +0000 (12:31 -0400)]
Updating AUTHORS
Michael DeHaan [Mon, 30 Jun 2008 16:25:01 +0000 (12:25 -0400)]
Bump version for release, clean up wrong versions in changelog.
Michael DeHaan [Mon, 30 Jun 2008 16:19:20 +0000 (12:19 -0400)]
Remove stray print
TANABE Ken-ichi [Sat, 28 Jun 2008 06:48:19 +0000 (15:48 +0900)]
Add default value of 'cert_extension' in certconf
TANABE Ken-ichi [Sat, 28 Jun 2008 06:47:30 +0000 (15:47 +0900)]
Add cert_extension option
Adrian Likins [Thu, 1 May 2008 02:37:07 +0000 (22:37 -0400)]
add two new options to "certmaster-ca"
-list-signed shows a list of certs the certmaster has already signed
--list-cert-hashes returns the list of signed certs in the CN-hash format that
the acls files expects. Should make it a little easier to use the acls.
Both options take optional hostnames or hostname globs
Adrian Likins [Tue, 22 Apr 2008 18:36:37 +0000 (14:36 -0400)]
apply triggers patch from Steve Salevan <ssalevan@redhat.com>
Steves comments:
Adding in triggering functionality, changed specfile and
MANIFEST.in to reflect changes. Added sub_process.py file to
facilitate the subprocesses necessary for triggering to work.
Modified certmaster.py to add trigger points.
Adrian Likins [Tue, 22 Apr 2008 18:36:17 +0000 (14:36 -0400)]
apply triggers patch from Steve Salevan <ssalevan@redhat.com>
Steves comments:
Adding in triggering functionality, changed specfile and
MANIFEST.in to reflect changes. Added sub_process.py file to
facilitate the subprocesses necessary for triggering to work.
Modified certmaster.py to add trigger points.
Adrian Likins [Tue, 18 Mar 2008 20:06:43 +0000 (16:06 -0400)]
more logging info. log info for sign_this_csr()
Adrian Likins [Tue, 18 Mar 2008 20:06:01 +0000 (16:06 -0400)]
be a bit more verbose in the logging here, add file location info to logs
Adrian Likins [Tue, 18 Mar 2008 19:24:11 +0000 (15:24 -0400)]
fix a bug where certmaster was writing out the client csr file over and over if it had been
created, but not signed.
Also, add some debug logging.
Adrian Likins [Mon, 17 Mar 2008 22:16:19 +0000 (18:16 -0400)]
certmaster logging cleanups
- use unique name for the certmaster logs
- some not quite working code for passing down client info so we can log
Adrian Likins [Mon, 17 Mar 2008 21:10:32 +0000 (17:10 -0400)]
remove unused certmaster/minion/ and certmaster/overlord/ dirs
update spec and setup accordingly
Adrian Likins [Mon, 17 Mar 2008 21:09:36 +0000 (17:09 -0400)]
add some basic logging output to certmaster
Michael DeHaan [Thu, 6 Mar 2008 19:02:15 +0000 (14:02 -0500)]
Do not move versions backward