certmaster.git
14 years agoForce create_minion_keys function to use all lowercase hostnames
S.Çağlar Onur [Tue, 10 Aug 2010 17:59:26 +0000 (13:59 -0400)]
Force create_minion_keys function to use all lowercase hostnames

14 years agoreturn None for minion only setups to solve following exception;
S.Çağlar Onur [Wed, 4 Aug 2010 18:25:35 +0000 (14:25 -0400)]
return None for minion only setups to solve following exception;

2010-07-19 18:21:24,406 - ERROR - Exception occured: <type 'exceptions.IOError'>
Traceback (most recent call last):
 File "/usr/lib/python2.5/site-packages/func/minion/server.py", line 196, in __call__
   rc = self.__method(*args)
 File "/usr/lib/python2.5/site-packages/func/minion/modules/func_module.py", line 43, in wrapper
   return fn(*args)
 File "/usr/lib/python2.5/site-packages/func/minion/modules/overlord.py", line 36, in map_minions
   cm = certmaster.CertMaster()
 File "/usr/lib/python2.5/site-packages/certmaster/certmaster.py", line 79, in __init__
   self.cacert = certs.retrieve_cert_from_file(self.ca_cert_file)
 File "/usr/lib/python2.5/site-packages/certmaster/certs.py", line 86, in retrieve_cert_from_file
   fo = open(certfile, 'r')
IOError: [Errno 2] No such file or directory: '/etc/pki/certmaster/ca/certmaster.crt'

14 years agochange False to FALSE - from Adrian
Seth Vidal [Mon, 14 Jun 2010 19:22:56 +0000 (15:22 -0400)]
change False to FALSE - from Adrian

14 years agoadd emailaddr option to the make_csr routine so we can identify a cert/key via
Seth Vidal [Wed, 5 May 2010 04:14:31 +0000 (00:14 -0400)]
add emailaddr option to the make_csr routine so we can identify a cert/key via
email - not just assuming a hostname.

default still works the same as before root@cn

14 years ago- add BasicConstraints CA:TRUE for a ca cert, false for the others
Seth Vidal [Thu, 22 Apr 2010 21:07:59 +0000 (17:07 -0400)]
- add BasicConstraints CA:TRUE for a ca cert, false for the others
- make signature digest sha - instead of md5
- make certs ver 3 not ver 1
- closes rh bug: https://bugzilla.redhat.com/show_bug.cgi?id=583047

14 years agomake the sha import use hashlib and make the hashlib import work sanely
Seth Vidal [Thu, 22 Apr 2010 21:07:13 +0000 (17:07 -0400)]
make the sha import use hashlib and make the hashlib import work sanely
on versions of python that don't have a hashlib (python < 2.5)

14 years agooptionally allow a passwd callback for opening the ssl keys
Seth Vidal [Thu, 22 Apr 2010 21:06:20 +0000 (17:06 -0400)]
optionally allow a passwd callback for opening the ssl keys

14 years agospelling fixes for synchronize
Nima Talebi [Wed, 10 Mar 2010 15:11:26 +0000 (10:11 -0500)]
spelling fixes for synchronize

14 years agosort the output of certmaster-ca before displaying them
Seth Vidal [Tue, 16 Feb 2010 18:12:49 +0000 (13:12 -0500)]
sort the output of certmaster-ca before displaying them

14 years agofix type in certmaster-request.pod
Adrian Likins [Wed, 6 Jan 2010 19:58:42 +0000 (14:58 -0500)]
fix type in certmaster-request.pod

15 years agoadd etc/version
Adrian Likins [Thu, 20 Aug 2009 16:16:47 +0000 (12:16 -0400)]
add etc/version

15 years agoadd /etc/func/version to setup.py for --version support
Adrian Likins [Thu, 11 Jun 2009 20:37:51 +0000 (16:37 -0400)]
add /etc/func/version to setup.py for --version support

15 years agoadd support for --version to certmaster-ca
Adrian Likins [Thu, 11 Jun 2009 20:37:04 +0000 (16:37 -0400)]
add support for --version to certmaster-ca

Add a CertmasterCAOptionParser that adds "get_version" method
to make --version work

15 years agoadd support for --version to certmaster daemon
Adrian Likins [Thu, 11 Jun 2009 20:36:39 +0000 (16:36 -0400)]
add support for --version to certmaster daemon

15 years agoadd /etc/func/version to spec file
Adrian Likins [Thu, 11 Jun 2009 20:36:18 +0000 (16:36 -0400)]
add /etc/func/version to spec file

15 years agoadd "versionfile" target to create etc/version for --version support
Adrian Likins [Thu, 11 Jun 2009 20:35:45 +0000 (16:35 -0400)]
add "versionfile" target to create etc/version for --version support

15 years agorev to 0.25-1 v0.25
Adrian Likins [Wed, 10 Jun 2009 17:40:44 +0000 (13:40 -0400)]
rev to 0.25-1

15 years agorev to 0.24.9 for a test release
Adrian Likins [Wed, 3 Jun 2009 20:42:35 +0000 (16:42 -0400)]
rev to 0.24.9 for a test release

15 years ago- add /var/lib/certmaster/certmaster* to spec and set perms
Adrian Likins [Wed, 27 May 2009 20:19:32 +0000 (16:19 -0400)]
- add /var/lib/certmaster/certmaster* to spec and set perms
- add /var/log/certmaster/certmaster.log,audit.log to spec
  and set perms
- add a chmod in the %post to reset any bogus perms on the log files
  (kind of ugly, but it works)

15 years agorev version to 0.25-1
Adrian Likins [Wed, 27 May 2009 20:19:01 +0000 (16:19 -0400)]
rev version to 0.25-1

15 years agoadd certmaster cert dirs to the setup.py so the spec file sees them
Adrian Likins [Wed, 27 May 2009 20:18:24 +0000 (16:18 -0400)]
add certmaster cert dirs to the setup.py so the spec file sees them

rev version to 0.25

15 years agoMake status in lsb init script more return useful exit status
Adrian Likins [Tue, 19 May 2009 16:29:32 +0000 (12:29 -0400)]
Make status in lsb init script more return useful exit status

Reported by Darryl Dixon <darryl.dixon@winterhouseconsulting.com>

15 years agoChanges to allow us to specify the hostname we want to use for cert creation,
Adrian Likins [Tue, 28 Apr 2009 17:03:36 +0000 (13:03 -0400)]
Changes to allow us to specify the hostname we want to use for cert creation,
instead of grabbing it deep down in the code. This change is mostly to allow
us to use the get_hostname_by_route function from func in funcd.

15 years agoSet default umask to 077 intead of 0. Before files could be created
Adrian Likins [Fri, 24 Apr 2009 17:02:49 +0000 (13:02 -0400)]
Set default umask to 077 intead of 0. Before files could be created
as world writeable.

15 years agoDo not accept certificates that do not match our key.
John Eckersberg [Tue, 14 Apr 2009 13:16:23 +0000 (09:16 -0400)]
Do not accept certificates that do not match our key.

Usually this happens when a host is re-provisioned and you forget to
run certmaster-ca --clean afterwards to remove the old cert on the
certmaster.

Instead of accepting the cert and throwing a key-mismatch exception,
we log a useful hint to the log and to stderr.

15 years ago[certmaster] Documentation and cleanup for minion-to-minion
John Eckersberg [Wed, 18 Mar 2009 17:30:31 +0000 (13:30 -0400)]
[certmaster] Documentation and cleanup for minion-to-minion

* Add man page for certmaster-sync
* Symlink certmaster-sync into triggers for post-sign and post-clean
  (doesn't execute by default)
* Add sync_certs setting to default certmaster.conf
* Create the empty /var/lib/certmaster/peers directory

15 years agoMinion-to-minion support, certmaster half.
John Eckersberg [Fri, 13 Mar 2009 19:39:37 +0000 (15:39 -0400)]
Minion-to-minion support, certmaster half.

15 years agoadd a monit configuration file
Phil [Thu, 5 Mar 2009 20:28:44 +0000 (15:28 -0500)]
add a monit configuration file

15 years agochange utils.get_hostname to just do the basic thing. Move the bits
Adrian Likins [Tue, 3 Mar 2009 22:41:12 +0000 (17:41 -0500)]
change utils.get_hostname to just do the basic thing. Move the bits
that do all the config checking and route lookup and other madness
to func.utils.get_hostname_by_route

15 years agoMerge branch 'master' of ssh://alikins@git.fedorahosted.org/git/certmaster
Adrian Likins [Sat, 21 Feb 2009 05:39:32 +0000 (00:39 -0500)]
Merge branch 'master' of ssh://alikins@git.fedorahosted.org/git/certmaster

Conflicts:
Makefile

15 years agothere was a trailing space on the version
Adrian Likins [Sat, 21 Feb 2009 00:12:14 +0000 (19:12 -0500)]
there was a trailing space on the version

15 years agorev to release 5 for rebuild
Adrian Likins [Thu, 19 Feb 2009 16:36:15 +0000 (11:36 -0500)]
rev to release 5 for rebuild

15 years agoremove "version" file and updated spec/makefile/setup.py to not need it
Adrian Likins [Thu, 19 Feb 2009 00:47:15 +0000 (19:47 -0500)]
remove "version" file and updated spec/makefile/setup.py to not need it

15 years agoadd a excepthook handler for uncaught exceptions, so they get written to the log
Adrian Likins [Thu, 12 Feb 2009 20:08:59 +0000 (15:08 -0500)]
add a excepthook handler for uncaught exceptions, so they get written to the log

https://fedorahosted.org/func/ticket/70

15 years agochange old urls to new urls
Adrian Likins [Thu, 22 Jan 2009 16:55:11 +0000 (11:55 -0500)]
change old urls to new urls

15 years agomake the python executable we use a makefile variable
Adrian Likins [Wed, 21 Jan 2009 19:58:45 +0000 (14:58 -0500)]
make the python executable we use a makefile variable

15 years agocertmaster.spec: Try to simplify the support for rhel3+python2.3 a little bit.
Adrian Likins [Mon, 19 Jan 2009 21:45:22 +0000 (16:45 -0500)]
certspec: Try to simplify the support for rhel3+python2.3 a little bit.

We let distutils do the /usr/bin/python path munging for the files that need
it (aka, everything in "scripts"). So we can get rid of the patch for this
(we also cleaned up all the files that had a #! set that didn't need it)

Some minor spec file formatting changes as well

15 years agopermissions cleanup on source files
Adrian Likins [Mon, 19 Jan 2009 19:47:45 +0000 (14:47 -0500)]
permissions cleanup on source files

15 years agofix up some docs bugs. Looks like they were introduced in the certmaster/func split.
Adrian Likins [Tue, 13 Jan 2009 22:33:15 +0000 (17:33 -0500)]
fix up some docs bugs. Looks like they were introduced in the certmaster/func split.

fix https://fedorahosted.org/certmaster/ticket/5  (certmaster-request man page
was getting created incorrectly)

15 years ago0.24
Adrian Likins [Wed, 17 Dec 2008 20:30:08 +0000 (15:30 -0500)]
0.24

15 years agoPatch from Tim Bielawa <timbielawa@gmail.com> to make init scripts work v0.24
Tim Bielawa [Mon, 15 Dec 2008 19:00:37 +0000 (14:00 -0500)]
Patch from Tim Bielawa <timbielawa@gmail.com> to make init scripts work
on debian/ubuntu

16 years agoadd missing dirs to spec file (trigger dirs)
Adrian Likins [Mon, 8 Dec 2008 19:30:42 +0000 (14:30 -0500)]
add missing dirs to spec file (trigger dirs)
fix for bugzilla #473633

16 years agoremoved unneed line that reset the requesting_host
Adrian Likins [Tue, 18 Nov 2008 15:56:37 +0000 (10:56 -0500)]
removed unneed line that reset the requesting_host

16 years agoMake the port that certmaster listens on and funcd connects to configurable.
Adrian Likins [Wed, 12 Nov 2008 16:53:59 +0000 (11:53 -0500)]
Make the port that certmaster listens on and funcd connects to configurable.

add listen_port to /etc/certmaster/certmaster.conf to configure which
port certmaster runs on.

add certmaster_port to /etc/certmaster/minion.conf so funcd knows which
port to talk to certmaster on.

16 years agochange triggers so we pass in the name of the machine the request/sign/remove is for
Adrian Likins [Wed, 15 Oct 2008 20:12:07 +0000 (16:12 -0400)]
change triggers so we pass in the name of the machine the request/sign/remove is for
and pass it to the triggers

This could potentially break some existing triggers if they dont expect
and argument. However, it's documented that they should expect a
name argument, they just weren't ever getting one until now.

16 years agofix for utils.daemonize() as reported in https://fedorahosted.org/func/ticket/58
Adrian Likins [Fri, 19 Sep 2008 18:52:32 +0000 (14:52 -0400)]
fix for utils.daemonize() as reported in https://fedorahosted.org/func/ticket/58
by goozbach

Couple of things wrong, fd's were getting closed in wrong place, the
call to os.cwd('/') was supposed to be os.chdir('/')

Also try duping the fd's just in case

16 years agoMerge branch 'master' of ssh://alikins@git.fedoraproject.org/git/hosted/certmaster
Adrian Likins [Fri, 5 Sep 2008 18:15:52 +0000 (14:15 -0400)]
Merge branch 'master' of ssh://alikins@git.fedoraproject.org/git/hosted/certmaster

16 years agocredit for patch for Jonathan Barber <j.barber@dundee.ac.uk>
Adrian Likins [Fri, 5 Sep 2008 18:10:39 +0000 (14:10 -0400)]
credit for patch for Jonathan Barber <j.barber@dundee.ac.uk>

16 years agoclose stdin/stdout/stderr on daemonize
Jonathan Barber [Fri, 5 Sep 2008 18:09:35 +0000 (14:09 -0400)]
close stdin/stdout/stderr on daemonize

patch from Jonathan Barber <j.barber@dundee.ac.uk>

16 years agorev to 0.23-1
Adrian Likins [Fri, 5 Sep 2008 17:15:59 +0000 (13:15 -0400)]
rev to 0.23-1

16 years agoadd #*# files correctly to .gitignore
Adrian Likins [Thu, 24 Jul 2008 19:28:14 +0000 (15:28 -0400)]
add #*# files correctly to .gitignore

16 years agoadd more stuff to shut up git
Adrian Likins [Thu, 24 Jul 2008 19:26:25 +0000 (15:26 -0400)]
add more stuff to shut up git

16 years agoadd .gitignore
Adrian Likins [Thu, 24 Jul 2008 19:25:23 +0000 (15:25 -0400)]
add .gitignore

16 years agomerge with the code from func
Adrian Likins [Thu, 24 Jul 2008 16:42:04 +0000 (12:42 -0400)]
merge with the code from func
remove a spurious debug line

16 years ago/s/June/Jun (incorrect changelog entry)
Adrian Likins [Mon, 30 Jun 2008 16:59:21 +0000 (12:59 -0400)]
/s/June/Jun (incorrect changelog entry)

16 years agofix fedora bug #441283 - typo in postinstall scriptlet
Adrian Likins [Mon, 30 Jun 2008 16:40:29 +0000 (12:40 -0400)]
fix fedora bug #441283 - typo in postinstall scriptlet
  (the init.d symlinks for runlevels 1 and 6 were created wrong)

rev releae

16 years agoUpdating AUTHORS
Michael DeHaan [Mon, 30 Jun 2008 16:31:45 +0000 (12:31 -0400)]
Updating AUTHORS

16 years agoBump version for release, clean up wrong versions in changelog. v0.20
Michael DeHaan [Mon, 30 Jun 2008 16:25:01 +0000 (12:25 -0400)]
Bump version for release, clean up wrong versions in changelog.

16 years agoRemove stray print
Michael DeHaan [Mon, 30 Jun 2008 16:19:20 +0000 (12:19 -0400)]
Remove stray print

16 years agoAdd default value of 'cert_extension' in certmaster.conf
TANABE Ken-ichi [Sat, 28 Jun 2008 06:48:19 +0000 (15:48 +0900)]
Add default value of 'cert_extension' in certconf

16 years agoAdd cert_extension option
TANABE Ken-ichi [Sat, 28 Jun 2008 06:47:30 +0000 (15:47 +0900)]
Add cert_extension option

16 years agoadd two new options to "certmaster-ca"
Adrian Likins [Thu, 1 May 2008 02:37:07 +0000 (22:37 -0400)]
add two new options to "certmaster-ca"

-list-signed shows a list of certs the certmaster has already signed

--list-cert-hashes returns the list of signed certs in the CN-hash format that
the acls files expects. Should make it a little easier to use the acls.

Both options take optional hostnames or hostname globs

16 years agoapply triggers patch from Steve Salevan <ssalevan@redhat.com>
Adrian Likins [Tue, 22 Apr 2008 18:36:37 +0000 (14:36 -0400)]
apply triggers patch from Steve Salevan <ssalevan@redhat.com>

Steves comments:
Adding in triggering functionality, changed specfile and
MANIFEST.in to reflect changes.  Added sub_process.py file to
facilitate the subprocesses necessary for triggering to work.
Modified certmaster.py to add trigger points.

16 years agoapply triggers patch from Steve Salevan <ssalevan@redhat.com>
Adrian Likins [Tue, 22 Apr 2008 18:36:17 +0000 (14:36 -0400)]
apply triggers patch from Steve Salevan <ssalevan@redhat.com>

Steves comments:
Adding in triggering functionality, changed specfile and
MANIFEST.in to reflect changes.  Added sub_process.py file to
facilitate the subprocesses necessary for triggering to work.
Modified certmaster.py to add trigger points.

16 years agomore logging info. log info for sign_this_csr()
Adrian Likins [Tue, 18 Mar 2008 20:06:43 +0000 (16:06 -0400)]
more logging info. log info for sign_this_csr()

16 years agobe a bit more verbose in the logging here, add file location info to logs
Adrian Likins [Tue, 18 Mar 2008 20:06:01 +0000 (16:06 -0400)]
be a bit more verbose in the logging here, add file location info to logs

16 years agofix a bug where certmaster was writing out the client csr file over and over if it...
Adrian Likins [Tue, 18 Mar 2008 19:24:11 +0000 (15:24 -0400)]
fix a bug where certmaster was writing out the client csr file over and over if it had been
created, but not signed.

Also, add some debug logging.

16 years agocertmaster logging cleanups
Adrian Likins [Mon, 17 Mar 2008 22:16:19 +0000 (18:16 -0400)]
certmaster logging cleanups

- use unique name for the certmaster logs
- some not quite working code for passing down client info so we can log

16 years agoremove unused certmaster/minion/ and certmaster/overlord/ dirs
Adrian Likins [Mon, 17 Mar 2008 21:10:32 +0000 (17:10 -0400)]
remove unused certmaster/minion/ and certmaster/overlord/ dirs

update spec and setup accordingly

16 years agoadd some basic logging output to certmaster
Adrian Likins [Mon, 17 Mar 2008 21:09:36 +0000 (17:09 -0400)]
add some basic logging output to certmaster

16 years agoDo not move versions backward v0.19
Michael DeHaan [Thu, 6 Mar 2008 19:02:15 +0000 (14:02 -0500)]
Do not move versions backward

16 years agolame build fix. Messages/gettext stuff needs to be sorted out. We done
Adrian Likins [Wed, 5 Mar 2008 20:53:37 +0000 (15:53 -0500)]
lame build fix. Messages/gettext stuff needs to be sorted out. We done
seem to find any messages to translate,so po/messages.pot isnt created.
So for now, create it with a touch.

16 years agoremove references to certmasterd
Adrian Likins [Mon, 25 Feb 2008 22:56:31 +0000 (17:56 -0500)]
remove references to certmasterd

16 years agoConfig file tweaks
Michael DeHaan [Mon, 25 Feb 2008 22:54:03 +0000 (17:54 -0500)]
Config file tweaks

16 years agoMake hostname checking smarter.
Michael DeHaan [Mon, 25 Feb 2008 22:46:52 +0000 (17:46 -0500)]
Make hostname checking smarter.

16 years agoAdd missing file
Michael DeHaan [Mon, 25 Feb 2008 22:03:10 +0000 (17:03 -0500)]
Add missing file

16 years agoFind and replace
Michael DeHaan [Mon, 25 Feb 2008 21:59:13 +0000 (16:59 -0500)]
Find and replace

16 years agoCertmaster hostname check is different than minion check
Michael DeHaan [Mon, 25 Feb 2008 21:53:08 +0000 (16:53 -0500)]
Certmaster hostname check is different than minion check

16 years agoPushing changes as part of certmaster split
Michael DeHaan [Mon, 25 Feb 2008 21:48:47 +0000 (16:48 -0500)]
Pushing changes as part of certmaster split

16 years agosome certmaster fixes, mostly path stuff
Adrian Likins [Mon, 25 Feb 2008 18:59:54 +0000 (13:59 -0500)]
some certmaster fixes, mostly path stuff

16 years agoduplicate fix from func tree over here
Adrian Likins [Wed, 13 Feb 2008 19:10:30 +0000 (14:10 -0500)]
duplicate fix from func tree over here

16 years agomessage building fixes in the Makefile
Adrian Likins [Wed, 13 Feb 2008 17:56:43 +0000 (12:56 -0500)]
message building fixes in the Makefile

16 years agoAdd missing file
Michael DeHaan [Wed, 13 Feb 2008 18:11:20 +0000 (13:11 -0500)]
Add missing file

16 years agoMake things build (not to be confused with "work")
Michael DeHaan [Thu, 7 Feb 2008 19:47:50 +0000 (14:47 -0500)]
Make things build (not to be confused with "work")

16 years agoMakefile from func.
Michael DeHaan [Thu, 7 Feb 2008 19:17:45 +0000 (14:17 -0500)]
Makefile from func.

16 years agoTrimming more stuff out.
Michael DeHaan [Thu, 7 Feb 2008 19:15:25 +0000 (14:15 -0500)]
Trimming more stuff out.

16 years agoMisc s/func/certmaster/ replacements
Michael DeHaan [Thu, 7 Feb 2008 18:30:51 +0000 (13:30 -0500)]
Misc s/func/certmaster/ replacements

16 years agoFix paths in logs
Michael DeHaan [Thu, 7 Feb 2008 18:21:17 +0000 (13:21 -0500)]
Fix paths in logs

16 years agoCarving away at func some more to just get down to cert items, still lots
Michael DeHaan [Thu, 7 Feb 2008 18:13:24 +0000 (13:13 -0500)]
Carving away at func some more to just get down to cert items, still lots
more to do.

16 years agoChanging func to certmaster in top level directories, also covered
Michael DeHaan [Thu, 7 Feb 2008 17:52:44 +0000 (12:52 -0500)]
Changing func to certmaster in top level directories, also covered
certs directory, lots more to do.

16 years agoStarting off the certmaster tree with most of the func code, shortly non-certmaster...
Michael DeHaan [Thu, 7 Feb 2008 17:08:55 +0000 (12:08 -0500)]
Starting off the certmaster tree with most of the func code, shortly non-certmaster related parts will be removed, and other small parts added/tweaked

16 years agoTest test
Michael DeHaan [Thu, 7 Feb 2008 14:42:45 +0000 (09:42 -0500)]
Test test

16 years agolalala
Seth Vidal [Tue, 5 Feb 2008 15:57:39 +0000 (08:57 -0700)]
lalala