diff options
| author | Rob Austein <sra@hactrn.net> | 2014-04-03 01:11:02 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-04-03 01:11:02 +0000 |
| commit | 9fdf7e694f5994e297080b1696b5d54952b3b20a (patch) | |
| tree | ec19c9ccdf9f5bf64bab125d66f527de3825e757 /rpkid | |
| parent | 5f35f237da61f96416c6065ec28c35cd0fc31211 (diff) | |
Helps to fix the code as well as the comments.
svn path=/branches/tk671/; revision=5742
Diffstat (limited to 'rpkid')
| -rw-r--r-- | rpkid/rpki/rpkid.py | 2 | ||||
| -rw-r--r-- | rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py | 35 |
2 files changed, 5 insertions, 32 deletions
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py index 155f440c..d6163bee 100644 --- a/rpkid/rpki/rpkid.py +++ b/rpkid/rpki/rpkid.py @@ -565,7 +565,7 @@ class ca_obj(rpki.sql.sql_persistent): if ca_detail.state == "active" and ca_detail.ca_cert_uri != rc_cert.cert_url.rsync(): rpki.log.debug("AIA changed: was %s now %s" % (ca_detail.ca_cert_uri, rc_cert.cert_url.rsync())) - ca_detail.ca_cert_uri = rc.cert_url.rsync() + ca_detail.ca_cert_uri = rc_cert.cert_url.rsync() ca_detail.sql_mark_dirty() if ca_detail.state in ("pending", "active"): diff --git a/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py b/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py index b9a4111c..e14510c8 100644 --- a/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py +++ b/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py @@ -36,19 +36,9 @@ print """ # General plan here: # -# - Force parent to reissue, to whack SIA in cert issued to us. Only -# mechanism available to us that will force this is an up-down -# rekey/revoke cycle, although it certainly seems that parent should -# reissue if we issue a new request with a different SIA. Hmm. -# Investigate, but carry on for now. -# # - Force reissuance of everything we've issued, to whack SIA and AIA # of everything we're producing. # -# - Do the revoke portion of the up-down rekey/revoke separately, to -# isolate the rest of this from errors caused by attmepting to -# withdraw certificates that might have already been withdrawn. -# # - "Manually" (ie, Python code here) whack any all-numeric # directories in our publication tree, as those are the ones that # [5678] removed. @@ -73,32 +63,15 @@ handles = subprocess.check_output((rpkic, "list_self_handles")).splitlines() argv = [irbe_cli] for handle in handles: - argv.extend(("self", "--self_handle", handle, "--action", "set", "--rekey")) -subprocess.check_call(argv) - -time.sleep(10) - -argv = [irbe_cli] -for handle in handles: argv.extend(("self", "--self_handle", handle, "--action", "set", "--reissue")) # Run this twice subprocess.check_call(argv) subprocess.check_call(argv) -time.sleep(5) - -# Revoke can return failure when certificate being revoked has already -# been withdrawn for other reasons. This is harmless, except that it -# causes batch mode irbe_cli to blow out without processing any other -# revocations. So we don't try to batch revocations. - -for handle in handles: - subprocess.check_call((irbe_cli, "self", "--self_handle", handle, "--action", "set", "--revoke")) - -deletions = [] -for top, dirs, files in os.walk(os.path.join(rpki.autoconf.datarootdir, "rpki", "publication")): - deletions.extend(os.path.join(top, d) for d in dirs if d.isdigit()) -for d in deletions: +for d in [os.path.join(top, d) + for top, dirs, files in os.walk(os.path.join(rpki.autoconf.datarootdir, "rpki", "publication")) + for d in dirs + if d.isdigit()]: shutil.rmtree(d, ignore_errors = True) argv = [irbe_cli] |