diff options
| author | Rob Austein <sra@hactrn.net> | 2010-03-04 16:28:08 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-03-04 16:28:08 +0000 |
| commit | 370760ec0b4bac001281a6cf5b3ec0de1c116cff (patch) | |
| tree | e3ff1027a3addc8b329b97e7a3bd8d36bc061f58 | |
| parent | 0de867475c62b8bf95181c14f302108562f5c376 (diff) | |
Rename BPKI directories and associated config and Python variables to
something a bit less obscure.
svn path=/myrpki.rototill/examples/myrpki.conf; revision=3022
| -rw-r--r-- | myrpki.rototill/examples/myrpki.conf | 58 | ||||
| -rw-r--r-- | myrpki.rototill/examples/pubclients.csv | 2 | ||||
| -rw-r--r-- | myrpki.rototill/myirbe.py | 2 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.py | 2 | ||||
| -rw-r--r-- | myrpki.rototill/setup.py | 4 | ||||
| -rw-r--r-- | myrpki.rototill/yamltest.py | 26 |
6 files changed, 45 insertions, 49 deletions
diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf index b54b8066..d06c6e58 100644 --- a/myrpki.rototill/examples/myrpki.conf +++ b/myrpki.rototill/examples/myrpki.conf @@ -49,7 +49,7 @@ prefix_csv = prefixes.csv asn_csv = asns.csv xml_filename = myrpki.xml -myrpki_bpki_directory = bpki/myrpki +bpki_resources_directory = bpki/resources # Whether you want to run your own copy of rpkid (and irdbd). In # general, if you're running myirbe.py at all, you want this on. @@ -110,7 +110,7 @@ rootd_resource_class_name = Me # Where to put BPKI stuff for the IRBE operator (entity that operates # rpkid etc). Don't change this without a reason. -myirbe_bpki_directory = bpki/myirbe +bpki_servers_directory = bpki/servers # Root of local directory tree where pubd (and rootd, sigh) should # write out published data. You need to configure this, and the @@ -157,11 +157,11 @@ irdb-url = https://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_ # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::myirbe_bpki_directory}/ca.cer -rpkid-key = ${myrpki::myirbe_bpki_directory}/rpkid.key -rpkid-cert = ${myrpki::myirbe_bpki_directory}/rpkid.cer -irdb-cert = ${myrpki::myirbe_bpki_directory}/irdbd.cer -irbe-cert = ${myrpki::myirbe_bpki_directory}/irbe.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer +irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer +irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer ################################################################# @@ -183,10 +183,10 @@ https-url = https://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::myirbe_bpki_directory}/ca.cer -rpkid-cert = ${myrpki::myirbe_bpki_directory}/rpkid.cer -irdbd-cert = ${myrpki::myirbe_bpki_directory}/irdbd.cer -irdbd-key = ${myrpki::myirbe_bpki_directory}/irdbd.key +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer +irdbd-cert = ${myrpki::bpki_servers_directory}/irdbd.cer +irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key ################################################################# @@ -220,10 +220,10 @@ server-port = ${myrpki::pubd_server_port} # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::myirbe_bpki_directory}/ca.cer -pubd-cert = ${myrpki::myirbe_bpki_directory}/pubd.cer -pubd-key = ${myrpki::myirbe_bpki_directory}/pubd.key -irbe-cert = ${myrpki::myirbe_bpki_directory}/irbe.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer +pubd-key = ${myrpki::bpki_servers_directory}/pubd.key +irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer ################################################################# @@ -235,10 +235,10 @@ rpkid-url = https://${myrpki::rpkid_server_host}:${myrpki: # BPKI certificates and keys for talking to rpkid -rpkid-bpki-ta = ${myrpki::myirbe_bpki_directory}/ca.cer -rpkid-irbe-key = ${myrpki::myirbe_bpki_directory}/irbe.key -rpkid-irbe-cert = ${myrpki::myirbe_bpki_directory}/irbe.cer -rpkid-cert = ${myrpki::myirbe_bpki_directory}/rpkid.cer +rpkid-bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-irbe-key = ${myrpki::bpki_servers_directory}/irbe.key +rpkid-irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer # HTTPS service URL for pubd @@ -246,10 +246,10 @@ pubd-url = https://${myrpki::pubd_server_host}:${myrpki:: # BPKI certificates and keys for talking to pubd -pubd-bpki-ta = ${myrpki::myirbe_bpki_directory}/ca.cer -pubd-irbe-key = ${myrpki::myirbe_bpki_directory}/irbe.key -pubd-irbe-cert = ${myrpki::myirbe_bpki_directory}/irbe.cer -pubd-cert = ${myrpki::myirbe_bpki_directory}/pubd.cer +pubd-bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +pubd-irbe-key = ${myrpki::bpki_servers_directory}/irbe.key +pubd-irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer +pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer ################################################################# @@ -266,11 +266,11 @@ pubd-cert = ${myrpki::myirbe_bpki_directory}/pubd.cer # BPKI certificates and keys for rootd -bpki-ta = ${myrpki::myirbe_bpki_directory}/ca.cer -rootd-bpki-crl = ${myrpki::myirbe_bpki_directory}/ca.crl -rootd-bpki-cert = ${myrpki::myirbe_bpki_directory}/rootd.cer -rootd-bpki-key = ${myrpki::myirbe_bpki_directory}/rootd.key -child-bpki-cert = ${myrpki::myirbe_bpki_directory}/child.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl +rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer +rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key +child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer # Server port on which rootd should listen. @@ -291,7 +291,7 @@ rpki-root-cert-uri = rsync://${myrpki::pubd_server_host}/${myrpki::rootd_r # Private key corresponding to rootd's root RPKI certificate -rpki-root-key = ${myrpki::myirbe_bpki_directory}/ca.key +rpki-root-key = ${myrpki::bpki_servers_directory}/ca.key # Filename (as opposed to rsync URI) of rootd's root RPKI certificate diff --git a/myrpki.rototill/examples/pubclients.csv b/myrpki.rototill/examples/pubclients.csv index 190cf0a3..dcba14e7 100644 --- a/myrpki.rototill/examples/pubclients.csv +++ b/myrpki.rototill/examples/pubclients.csv @@ -5,6 +5,6 @@ # NB: Comment lines are not allowed in these files, this one is only # present to explain the example # -Me bpki/myrpki/ca.cer rsync://rpki.example.org/Me/ +Me bpki/resources/ca.cer rsync://rpki.example.org/Me/ Me/Alice pubd-client-certs/Alice.cer rsync://rpki.example.org/Me/Alice/ Me/Bob pubd-client-certs/Bob.cer rsync://rpki.example.org/Me/Bob/ diff --git a/myrpki.rototill/myirbe.py b/myrpki.rototill/myirbe.py index 2f87ac50..6321ef35 100644 --- a/myrpki.rototill/myirbe.py +++ b/myrpki.rototill/myirbe.py @@ -101,7 +101,7 @@ handle = cfg.get("handle", cfg.get("handle", "Amnesiac", "myrpki")) run_pubd = cfg.getboolean("run_pubd", False) run_rootd = cfg.getboolean("run_rootd", False) -bpki = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory")) +bpki = myrpki.CA(cfg_file, cfg.get("bpki_servers_directory")) # Default values for CRL parameters are very low, for testing. diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index 1a55d755..f87a9273 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -642,7 +642,7 @@ def main(argv = ()): parents_csv_file = cfg.get(section, "parents_csv") prefix_csv_file = cfg.get(section, "prefix_csv") asn_csv_file = cfg.get(section, "asn_csv") - bpki_dir = cfg.get(section, "myrpki_bpki_directory") + bpki_dir = cfg.get(section, "bpki_resources_directory") xml_filename = cfg.get(section, "xml_filename") repository_bpki_certificate = cfg.get(section, "repository_bpki_certificate") repository_handle = cfg.get(section, "repository_handle") diff --git a/myrpki.rototill/setup.py b/myrpki.rototill/setup.py index 0c26be60..a6975858 100644 --- a/myrpki.rototill/setup.py +++ b/myrpki.rototill/setup.py @@ -60,9 +60,9 @@ class main(rpki.cli.Cmd): if self.run_rootd and (not self.run_pubd or not self.run_rpkid): raise RuntimeError, "Can't run rootd unless also running rpkid and pubd" - self.bpki_myrpki = myrpki.CA(self.cfg_file, self.cfg.get("myrpki_bpki_directory")) + self.bpki_myrpki = myrpki.CA(self.cfg_file, self.cfg.get("bpki_resources_directory")) if self.run_rpkid or self.run_pubd or self.run_rootd: - self.bpki_myirbe = myrpki.CA(self.cfg_file, self.cfg.get("myirbe_bpki_directory")) + self.bpki_myirbe = myrpki.CA(self.cfg_file, self.cfg.get("bpki_servers_directory")) rpki.cli.Cmd.__init__(self, argv) diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py index ef148f0d..bb95d074 100644 --- a/myrpki.rototill/yamltest.py +++ b/myrpki.rototill/yamltest.py @@ -161,7 +161,7 @@ class allocation_db(list): this for the root node. """ env = { "PATH" : os.environ["PATH"], - "BPKI_DIRECTORY" : self.root.path("bpki/myirbe"), + "BPKI_DIRECTORY" : self.root.path("bpki/servers"), "OPENSSL_CONF" : "/dev/null", "RANDFILE" : ".OpenSSL.whines.unless.I.set.this" } cwd = self.root.path() @@ -326,7 +326,7 @@ class allocation(object): """ Write children CSV file. """ - self.csvout(fn).writerows((k.name, k.resources.valid_until, k.path("bpki/myrpki/ca.cer")) + self.csvout(fn).writerows((k.name, k.resources.valid_until, k.path("bpki/resources/ca.cer")) for k in self.kids) def dump_parents(self, fn): @@ -336,16 +336,16 @@ class allocation(object): if self.is_root(): self.csvout(fn).writerow(("rootd", "https://localhost:%d/" % self.rootd_port, - self.path("bpki/myirbe/ca.cer"), - self.path("bpki/myirbe/ca.cer"), + self.path("bpki/servers/ca.cer"), + self.path("bpki/servers/ca.cer"), self.name, self.sia_base)) else: parent_host = self.parent.hosted_by if self.parent.is_hosted() else self.parent self.csvout(fn).writerow((self.parent.name, self.up_down_url(), - self.parent.path("bpki/myrpki/ca.cer"), - parent_host.path("bpki/myirbe/ca.cer"), + self.parent.path("bpki/resources/ca.cer"), + parent_host.path("bpki/servers/ca.cer"), self.name, self.sia_base)) @@ -373,7 +373,7 @@ class allocation(object): """ if self.runs_pubd(): f = self.csvout(fn) - f.writerows((s.client_handle, s.path("bpki/myrpki/ca.cer"), s.sia_base) + f.writerows((s.client_handle, s.path("bpki/resources/ca.cer"), s.sia_base) for s in (db if only_one_pubd else [self] + self.kids)) def dump_conf(self, fn): @@ -407,7 +407,7 @@ class allocation(object): s = s.parent r["myrpki", "pubd_server_host"] = "localhost" r["myrpki", "pubd_server_port"] = str(s.pubd_port) - r["myrpki", "repository_bpki_certificate"] = s.path("bpki/myirbe/ca.cer") + r["myrpki", "repository_bpki_certificate"] = s.path("bpki/servers/ca.cer") r["myrpki", "repository_handle"] = self.client_handle if rpkid_password: @@ -484,7 +484,7 @@ class allocation(object): """ Run setup.py for this entity. """ - print "Running setup.py for", self.name, "with arguments", repr(args) + print 'Running "%s" for %s' % (" ".join(("setup.py",) + args), self.name) subprocess.check_call(("python", prog_setup) + args, cwd = self.path()) def run_python_daemon(self, prog): @@ -607,13 +607,9 @@ for d in db: # Initialize BPKI and generate self-descriptor for each entity. -print 'Running "setup initialize" for each entity' - for d in db: d.run_setup("initialize") -print 'Done running "setup initialize"' - # This is where we need to get clever about running setup.py in its # various modes to do the service URL and BPKI cross-certification # setup. @@ -648,8 +644,8 @@ rootd_openssl = db.make_rootd_openssl() print "Creating rootd RPKI root certificate" rootd_openssl("x509", "-req", "-sha256", "-outform", "DER", - "-signkey", "bpki/myirbe/ca.key", - "-in", "bpki/myirbe/ca.req", + "-signkey", "bpki/servers/ca.key", + "-in", "bpki/servers/ca.req", "-out", "publication/root.cer", "-extfile", "myrpki.conf", "-extensions", "rootd_x509_extensions") |