diff options
| author | Rob Austein <sra@hactrn.net> | 2014-04-02 16:35:50 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-04-02 16:35:50 +0000 |
| commit | 1a720c640df6d2a5f2d4b06a7a0444c53f8ded13 (patch) | |
| tree | 6d671f2ece24c0e7e50cb4da84760871459e2d85 /rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py | |
| parent | 1dad057e03cb694ee1dc0bb726035fec1cec976a (diff) | |
Better version of cleanup script, although we might be able to do
better if there turns out to be a sane way for rpkid to notice that it
wants a different SIA value than previously and therefore request the
new certificate automatically.
svn path=/branches/tk671/; revision=5734
Diffstat (limited to 'rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py')
| -rw-r--r-- | rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py b/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py index ad9cf370..c074ed94 100644 --- a/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py +++ b/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py @@ -34,8 +34,33 @@ print """ properly again. Attempting to do this automatically... """ +# General plan here: +# +# - Force parent to reissue, to whack SIA in cert issued to us. Only +# mechanism available to us that will force this is an up-down +# rekey/revoke cycle, although it certainly seems that parent should +# reissue if we issue a new request with a different SIA. Hmm. +# Investigate, but carry on for now. +# +# - Force reissuance of everything we've issued, to whack SIA and AIA +# of everything we're producing. +# +# - Do the revoke portion of the up-down rekey/revoke separately, to +# isolate the rest of this from errors caused by attmepting to +# withdraw certificates that might have already been withdrawn. +# +# - "Manually" (ie, Python code here) whack any all-numeric +# directories in our publication tree, as those are the ones that +# [5678] removed. +# +# - Force (re)publication of everything, just in case we accidently +# - whacked something we still cared about. +# +# We include the occasional pause to let things settle between steps. + +import os import time -import os.path +import shutil import subprocess import rpki.autoconf @@ -63,4 +88,17 @@ for handle in handles: argv.extend(("self", "--self_handle", handle, "--action", "set", "--revoke")) subprocess.check_call(argv) +deletions = [] + +for root, dirs, files in os.walk(os.path.join(rpki.autoconf.datarootdir, "rpki", "publication")): + deletions.extend(os.path.join(root, d) for d in dirs if d.isdigit()) + +for d in deletions: + shutil.rmtree(d, ignore_errors = True) + +argv = [irbe_cli] +for handle in handles: + argv.extend(("self", "--self_handle", handle, "--action", "set", "--publish_world_now")) +subprocess.check_call(argv) + ''') |