summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
John Eckersberg [Tue, 14 Apr 2009 13:16:23 +0000 (09:16 -0400)]
Do not accept certificates that do not match our key.
Usually this happens when a host is re-provisioned and you forget to
run certmaster-ca --clean afterwards to remove the old cert on the
certmaster.
Instead of accepting the cert and throwing a key-mismatch exception,
we log a useful hint to the log and to stderr.
John Eckersberg [Wed, 18 Mar 2009 17:30:31 +0000 (13:30 -0400)]
[certmaster] Documentation and cleanup for minion-to-minion
* Add man page for certmaster-sync
* Symlink certmaster-sync into triggers for post-sign and post-clean
(doesn't execute by default)
* Add sync_certs setting to default certmaster.conf
* Create the empty /var/lib/certmaster/peers directory
John Eckersberg [Fri, 13 Mar 2009 19:39:37 +0000 (15:39 -0400)]
Minion-to-minion support, certmaster half.
Phil [Thu, 5 Mar 2009 20:28:44 +0000 (15:28 -0500)]
add a monit configuration file
Adrian Likins [Tue, 3 Mar 2009 22:41:12 +0000 (17:41 -0500)]
change utils.get_hostname to just do the basic thing. Move the bits
that do all the config checking and route lookup and other madness
to func.utils.get_hostname_by_route
Adrian Likins [Sat, 21 Feb 2009 05:39:32 +0000 (00:39 -0500)]
Merge branch 'master' of ssh://alikins@git.fedorahosted.org/git/certmaster
Conflicts:
Makefile
Adrian Likins [Sat, 21 Feb 2009 00:12:14 +0000 (19:12 -0500)]
there was a trailing space on the version
Adrian Likins [Thu, 19 Feb 2009 16:36:15 +0000 (11:36 -0500)]
rev to release 5 for rebuild
Adrian Likins [Thu, 19 Feb 2009 00:47:15 +0000 (19:47 -0500)]
remove "version" file and updated spec/makefile/setup.py to not need it
Adrian Likins [Thu, 12 Feb 2009 20:08:59 +0000 (15:08 -0500)]
add a excepthook handler for uncaught exceptions, so they get written to the log
https://fedorahosted.org/func/ticket/70
Adrian Likins [Thu, 22 Jan 2009 16:55:11 +0000 (11:55 -0500)]
change old urls to new urls
Adrian Likins [Wed, 21 Jan 2009 19:58:45 +0000 (14:58 -0500)]
make the python executable we use a makefile variable
Adrian Likins [Mon, 19 Jan 2009 21:45:22 +0000 (16:45 -0500)]
certspec: Try to simplify the support for rhel3+python2.3 a little bit.
We let distutils do the /usr/bin/python path munging for the files that need
it (aka, everything in "scripts"). So we can get rid of the patch for this
(we also cleaned up all the files that had a #! set that didn't need it)
Some minor spec file formatting changes as well
Adrian Likins [Mon, 19 Jan 2009 19:47:45 +0000 (14:47 -0500)]
permissions cleanup on source files
Adrian Likins [Tue, 13 Jan 2009 22:33:15 +0000 (17:33 -0500)]
fix up some docs bugs. Looks like they were introduced in the certmaster/func split.
fix https://fedorahosted.org/certmaster/ticket/5 (certmaster-request man page
was getting created incorrectly)
Adrian Likins [Wed, 17 Dec 2008 20:30:08 +0000 (15:30 -0500)]
0.24
Tim Bielawa [Mon, 15 Dec 2008 19:00:37 +0000 (14:00 -0500)]
Patch from Tim Bielawa <timbielawa@gmail.com> to make init scripts work
on debian/ubuntu
Adrian Likins [Mon, 8 Dec 2008 19:30:42 +0000 (14:30 -0500)]
add missing dirs to spec file (trigger dirs)
fix for bugzilla #473633
Adrian Likins [Tue, 18 Nov 2008 15:56:37 +0000 (10:56 -0500)]
removed unneed line that reset the requesting_host
Adrian Likins [Wed, 12 Nov 2008 16:53:59 +0000 (11:53 -0500)]
Make the port that certmaster listens on and funcd connects to configurable.
add listen_port to /etc/certmaster/certmaster.conf to configure which
port certmaster runs on.
add certmaster_port to /etc/certmaster/minion.conf so funcd knows which
port to talk to certmaster on.
Adrian Likins [Wed, 15 Oct 2008 20:12:07 +0000 (16:12 -0400)]
change triggers so we pass in the name of the machine the request/sign/remove is for
and pass it to the triggers
This could potentially break some existing triggers if they dont expect
and argument. However, it's documented that they should expect a
name argument, they just weren't ever getting one until now.
Adrian Likins [Fri, 19 Sep 2008 18:52:32 +0000 (14:52 -0400)]
fix for utils.daemonize() as reported in https://fedorahosted.org/func/ticket/58
by goozbach
Couple of things wrong, fd's were getting closed in wrong place, the
call to os.cwd('/') was supposed to be os.chdir('/')
Also try duping the fd's just in case
Adrian Likins [Fri, 5 Sep 2008 18:15:52 +0000 (14:15 -0400)]
Merge branch 'master' of ssh://alikins@git.fedoraproject.org/git/hosted/certmaster
Adrian Likins [Fri, 5 Sep 2008 18:10:39 +0000 (14:10 -0400)]
credit for patch for Jonathan Barber <j.barber@dundee.ac.uk>
Jonathan Barber [Fri, 5 Sep 2008 18:09:35 +0000 (14:09 -0400)]
close stdin/stdout/stderr on daemonize
patch from Jonathan Barber <j.barber@dundee.ac.uk>
Adrian Likins [Fri, 5 Sep 2008 17:15:59 +0000 (13:15 -0400)]
rev to 0.23-1
Adrian Likins [Thu, 24 Jul 2008 19:28:14 +0000 (15:28 -0400)]
add #*# files correctly to .gitignore
Adrian Likins [Thu, 24 Jul 2008 19:26:25 +0000 (15:26 -0400)]
add more stuff to shut up git
Adrian Likins [Thu, 24 Jul 2008 19:25:23 +0000 (15:25 -0400)]
add .gitignore
Adrian Likins [Thu, 24 Jul 2008 16:42:04 +0000 (12:42 -0400)]
merge with the code from func
remove a spurious debug line
Adrian Likins [Mon, 30 Jun 2008 16:59:21 +0000 (12:59 -0400)]
/s/June/Jun (incorrect changelog entry)
Adrian Likins [Mon, 30 Jun 2008 16:40:29 +0000 (12:40 -0400)]
fix fedora bug #441283 - typo in postinstall scriptlet
(the init.d symlinks for runlevels 1 and 6 were created wrong)
rev releae
Michael DeHaan [Mon, 30 Jun 2008 16:31:45 +0000 (12:31 -0400)]
Updating AUTHORS
Michael DeHaan [Mon, 30 Jun 2008 16:25:01 +0000 (12:25 -0400)]
Bump version for release, clean up wrong versions in changelog.
Michael DeHaan [Mon, 30 Jun 2008 16:19:20 +0000 (12:19 -0400)]
Remove stray print
TANABE Ken-ichi [Sat, 28 Jun 2008 06:48:19 +0000 (15:48 +0900)]
Add default value of 'cert_extension' in certconf
TANABE Ken-ichi [Sat, 28 Jun 2008 06:47:30 +0000 (15:47 +0900)]
Add cert_extension option
Adrian Likins [Thu, 1 May 2008 02:37:07 +0000 (22:37 -0400)]
add two new options to "certmaster-ca"
-list-signed shows a list of certs the certmaster has already signed
--list-cert-hashes returns the list of signed certs in the CN-hash format that
the acls files expects. Should make it a little easier to use the acls.
Both options take optional hostnames or hostname globs
Adrian Likins [Tue, 22 Apr 2008 18:36:37 +0000 (14:36 -0400)]
apply triggers patch from Steve Salevan <ssalevan@redhat.com>
Steves comments:
Adding in triggering functionality, changed specfile and
MANIFEST.in to reflect changes. Added sub_process.py file to
facilitate the subprocesses necessary for triggering to work.
Modified certmaster.py to add trigger points.
Adrian Likins [Tue, 22 Apr 2008 18:36:17 +0000 (14:36 -0400)]
apply triggers patch from Steve Salevan <ssalevan@redhat.com>
Steves comments:
Adding in triggering functionality, changed specfile and
MANIFEST.in to reflect changes. Added sub_process.py file to
facilitate the subprocesses necessary for triggering to work.
Modified certmaster.py to add trigger points.
Adrian Likins [Tue, 18 Mar 2008 20:06:43 +0000 (16:06 -0400)]
more logging info. log info for sign_this_csr()
Adrian Likins [Tue, 18 Mar 2008 20:06:01 +0000 (16:06 -0400)]
be a bit more verbose in the logging here, add file location info to logs
Adrian Likins [Tue, 18 Mar 2008 19:24:11 +0000 (15:24 -0400)]
fix a bug where certmaster was writing out the client csr file over and over if it had been
created, but not signed.
Also, add some debug logging.
Adrian Likins [Mon, 17 Mar 2008 22:16:19 +0000 (18:16 -0400)]
certmaster logging cleanups
- use unique name for the certmaster logs
- some not quite working code for passing down client info so we can log
Adrian Likins [Mon, 17 Mar 2008 21:10:32 +0000 (17:10 -0400)]
remove unused certmaster/minion/ and certmaster/overlord/ dirs
update spec and setup accordingly
Adrian Likins [Mon, 17 Mar 2008 21:09:36 +0000 (17:09 -0400)]
add some basic logging output to certmaster
Michael DeHaan [Thu, 6 Mar 2008 19:02:15 +0000 (14:02 -0500)]
Do not move versions backward
Adrian Likins [Wed, 5 Mar 2008 20:53:37 +0000 (15:53 -0500)]
lame build fix. Messages/gettext stuff needs to be sorted out. We done
seem to find any messages to translate,so po/messages.pot isnt created.
So for now, create it with a touch.
Adrian Likins [Mon, 25 Feb 2008 22:56:31 +0000 (17:56 -0500)]
remove references to certmasterd
Michael DeHaan [Mon, 25 Feb 2008 22:54:03 +0000 (17:54 -0500)]
Config file tweaks
Michael DeHaan [Mon, 25 Feb 2008 22:46:52 +0000 (17:46 -0500)]
Make hostname checking smarter.
Michael DeHaan [Mon, 25 Feb 2008 22:03:10 +0000 (17:03 -0500)]
Add missing file
Michael DeHaan [Mon, 25 Feb 2008 21:59:13 +0000 (16:59 -0500)]
Find and replace
Michael DeHaan [Mon, 25 Feb 2008 21:53:08 +0000 (16:53 -0500)]
Certmaster hostname check is different than minion check
Michael DeHaan [Mon, 25 Feb 2008 21:48:47 +0000 (16:48 -0500)]
Pushing changes as part of certmaster split
Adrian Likins [Mon, 25 Feb 2008 18:59:54 +0000 (13:59 -0500)]
some certmaster fixes, mostly path stuff
Adrian Likins [Wed, 13 Feb 2008 19:10:30 +0000 (14:10 -0500)]
duplicate fix from func tree over here
Adrian Likins [Wed, 13 Feb 2008 17:56:43 +0000 (12:56 -0500)]
message building fixes in the Makefile
Michael DeHaan [Wed, 13 Feb 2008 18:11:20 +0000 (13:11 -0500)]
Add missing file
Michael DeHaan [Thu, 7 Feb 2008 19:47:50 +0000 (14:47 -0500)]
Make things build (not to be confused with "work")
Michael DeHaan [Thu, 7 Feb 2008 19:17:45 +0000 (14:17 -0500)]
Makefile from func.
Michael DeHaan [Thu, 7 Feb 2008 19:15:25 +0000 (14:15 -0500)]
Trimming more stuff out.
Michael DeHaan [Thu, 7 Feb 2008 18:30:51 +0000 (13:30 -0500)]
Misc s/func/certmaster/ replacements
Michael DeHaan [Thu, 7 Feb 2008 18:21:17 +0000 (13:21 -0500)]
Fix paths in logs
Michael DeHaan [Thu, 7 Feb 2008 18:13:24 +0000 (13:13 -0500)]
Carving away at func some more to just get down to cert items, still lots
more to do.
Michael DeHaan [Thu, 7 Feb 2008 17:52:44 +0000 (12:52 -0500)]
Changing func to certmaster in top level directories, also covered
certs directory, lots more to do.
Michael DeHaan [Thu, 7 Feb 2008 17:08:55 +0000 (12:08 -0500)]
Starting off the certmaster tree with most of the func code, shortly non-certmaster related parts will be removed, and other small parts added/tweaked
Michael DeHaan [Thu, 7 Feb 2008 14:42:45 +0000 (09:42 -0500)]
Test test
Seth Vidal [Tue, 5 Feb 2008 15:57:39 +0000 (08:57 -0700)]
lalala