diff options
| -rw-r--r-- | buildtools/make-rcynic-script.py | 12 | ||||
| -rwxr-xr-x | configure | 391 | ||||
| -rw-r--r-- | configure.ac | 26 | ||||
| -rw-r--r-- | rcynic/Makefile.in | 42 | ||||
| -rw-r--r-- | rcynic/rcynic-cron.py | 86 |
5 files changed, 445 insertions, 112 deletions
diff --git a/buildtools/make-rcynic-script.py b/buildtools/make-rcynic-script.py index 1bdd7960..472faa98 100644 --- a/buildtools/make-rcynic-script.py +++ b/buildtools/make-rcynic-script.py @@ -1,7 +1,7 @@ """ $Id$ -Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") +Copyright (C) 2011-2013 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -23,10 +23,16 @@ sys.stdout.write('''\ #!%(AC_PYTHON_INTERPRETER)s # Automatically constructed script header -ac_rrdtool_binary = "%(AC_RRDTOOL_BINARY)s" +''' % os.environ) + +for k, v in os.environ.iteritems(): + if k.startswith("AC_") and k != "AC_PYTHON_INTERPRETER": + sys.stdout.write("%s = '''%s'''\n" % (k.lower(), v)) + +sys.stdout.write('''\ # Original script starts here -''' % os.environ) +''') sys.stdout.write(sys.stdin.read()) @@ -631,7 +631,7 @@ OPENSSL_SO_GLOB OPENSSL_CONFIG_COMMAND TOP_LEVEL_SUBDIRS SETUP_PY_INSTALL_LAYOUT -PYTHON +RCYNIC_HTML_DIR RCYNIC_STATIC_RSYNC RCYNIC_CONF_TA_DIR RCYNIC_CONF_DATA @@ -639,12 +639,17 @@ RCYNIC_CONF_RSYNC RCYNIC_TA_DIR RCYNIC_CONF_FILE RCYNIC_JAIL_DIRS +CHROOTUID +CHROOT +SUDO +SU RSYNC TRANG RRDTOOL SORT AWK XSLTPROC +PYTHON POW_LDFLAGS LD_STATIC_FLAG EGREP @@ -3843,6 +3848,109 @@ then fi unset old_LDFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +# Extract the first word of "python", so it can be a program name with args. +set dummy python; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PYTHON+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PYTHON=$ac_cv_path_PYTHON +if test -n "$PYTHON"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +$as_echo "$PYTHON" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + # Extract the first word of "xsltproc", so it can be a program name with args. set dummy xsltproc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -4003,69 +4111,6 @@ $as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - # Extract the first word of "trang", so it can be a program name with args. set dummy trang; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -4147,6 +4192,166 @@ $as_echo "no" >&6; } fi +# Extract the first word of "su", so it can be a program name with args. +set dummy su; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SU+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SU in + [\\/]* | ?:[\\/]*) + ac_cv_path_SU="$SU" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SU="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SU=$ac_cv_path_SU +if test -n "$SU"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SU" >&5 +$as_echo "$SU" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "sudo", so it can be a program name with args. +set dummy sudo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SUDO+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SUDO in + [\\/]* | ?:[\\/]*) + ac_cv_path_SUDO="$SUDO" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SUDO="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SUDO=$ac_cv_path_SUDO +if test -n "$SUDO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SUDO" >&5 +$as_echo "$SUDO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "chroot", so it can be a program name with args. +set dummy chroot; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_CHROOT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $CHROOT in + [\\/]* | ?:[\\/]*) + ac_cv_path_CHROOT="$CHROOT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_CHROOT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CHROOT=$ac_cv_path_CHROOT +if test -n "$CHROOT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CHROOT" >&5 +$as_echo "$CHROOT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "chrootuid", so it can be a program name with args. +set dummy chrootuid; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_CHROOTUID+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $CHROOTUID in + [\\/]* | ?:[\\/]*) + ac_cv_path_CHROOTUID="$CHROOTUID" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_CHROOTUID="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CHROOTUID=$ac_cv_path_CHROOTUID +if test -n "$CHROOTUID"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CHROOTUID" >&5 +$as_echo "$CHROOTUID" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + # Figure out whether we need to build our own OpenSSL library or can # use the system libraries. We're looking for two recent features: @@ -4440,52 +4645,28 @@ esac -# Now a bunch of checks to figure out what we can do with Python. If -# we don't have Python at all, none of the rest of this matters. If -# we do have Python, we need to check for required packages and -# versions. +# Where to put HTML files is similarly platform dependent, we have to know. +# rcynic-cron will skip generating HTML files if it has no place to put them. -# Extract the first word of "python", so it can be a program name with args. -set dummy python; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PYTHON in - [\\/]* | ?:[\\/]*) - ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; +case $host_os in + freebsd*) + RCYNIC_HTML_DIR='/usr/local/www/data/rcynic' + ;; + linux*) + RCYNIC_HTML_DIR='/var/www/rcynic' + ;; + *) + RCYNIC_HTML_DIR='' + ;; esac -fi -PYTHON=$ac_cv_path_PYTHON -if test -n "$PYTHON"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 -$as_echo "$PYTHON" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi +# Now a bunch of checks to figure out what we can do with Python. If +# we don't have Python at all, none of the rest of this matters. If +# we do have Python, we need to check for required packages and +# versions. + have_python=no have_acceptable_python=no have_python_h=no diff --git a/configure.ac b/configure.ac index 050fb07a..37d280e7 100644 --- a/configure.ac +++ b/configure.ac @@ -118,13 +118,18 @@ then fi unset old_LDFLAGS +AC_PROG_GREP +AC_PATH_PROG([PYTHON], [python]) AC_PATH_PROG([XSLTPROC], [xsltproc]) AC_PATH_PROG([AWK], [awk]) AC_PATH_PROG([SORT], [sort]) AC_PATH_PROG([RRDTOOL], [rrdtool]) -AC_PROG_GREP AC_PATH_PROG([TRANG], [trang], [\${abs_top_srcdir}/buildtools/trang-not-found]) AC_PATH_PROG([RSYNC], [rsync]) +AC_PATH_PROG([SU], [su]) +AC_PATH_PROG([SUDO], [sudo]) +AC_PATH_PROG([CHROOT], [chroot]) +AC_PATH_PROG([CHROOTUID], [chrootuid]) # Figure out whether we need to build our own OpenSSL library or can # use the system libraries. We're looking for two recent features: @@ -336,13 +341,28 @@ esac AC_SUBST_FILE(RCYNIC_MAKE_RULES) +# Where to put HTML files is similarly platform dependent, we have to know. +# rcynic-cron will skip generating HTML files if it has no place to put them. + +case $host_os in + freebsd*) + RCYNIC_HTML_DIR='/usr/local/www/data/rcynic' + ;; + linux*) + RCYNIC_HTML_DIR='/var/www/rcynic' + ;; + *) + RCYNIC_HTML_DIR='' + ;; +esac + +AC_SUBST(RCYNIC_HTML_DIR) + # Now a bunch of checks to figure out what we can do with Python. If # we don't have Python at all, none of the rest of this matters. If # we do have Python, we need to check for required packages and # versions. -AC_PATH_PROG([PYTHON], [python]) - have_python=no have_acceptable_python=no have_python_h=no diff --git a/rcynic/Makefile.in b/rcynic/Makefile.in index d8b5ec75..1e15f5bf 100644 --- a/rcynic/Makefile.in +++ b/rcynic/Makefile.in @@ -19,10 +19,31 @@ SORT = @SORT@ PYTHON = @PYTHON@ RRDTOOL = @RRDTOOL@ INSTALL = @INSTALL@ +SU = @SU@ +SUDO = @SUDO@ +CHROOT = @CHROOT@ +CHROOTUID = @CHROOTUID@ abs_top_srcdir = @abs_top_srcdir@ abs_top_builddir = @abs_top_builddir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ +datarootdir = @datarootdir@ +datadir = @datadir@ +localstatedir = @localstatedir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ + +abs_builddir = @abs_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +abs_top_builddir = @abs_top_builddir@ +srcdir = @srcdir@ + RCYNIC_INSTALL_TARGETS = @RCYNIC_INSTALL_TARGETS@ RCYNIC_DIR = @RCYNIC_DIR@ RCYNIC_JAIL_DIRS = @RCYNIC_JAIL_DIRS@ @@ -39,8 +60,9 @@ RCYNIC_USER = rcynic RCYNIC_GROUP = rcynic RCYNIC_GECOS = RPKI Validation System RCYNIC_STATIC_RSYNC = @RCYNIC_STATIC_RSYNC@ +RCYNIC_HTML_DIR = @RCYNIC_HTML_DIR@ -SCRIPTS = rcynic-text rcynic-html rcynic-svn validation_status +SCRIPTS = rcynic-text rcynic-html rcynic-svn validation_status rcynic-cron all: ${BIN} ${SCRIPTS} ${RCYNIC_STATIC_RSYNC} @@ -63,6 +85,21 @@ COMPILE_PYTHON = \ ${PYTHON} ${abs_top_srcdir}/buildtools/make-rcynic-script.py <$? >$@; \ chmod 755 $@ +COMPILE_PYTHON_CRON = \ + AC_PYTHON_INTERPRETER='${PYTHON}' \ + AC_RCYNIC_USER='${RCYNIC_USER}' \ + AC_RCYNIC_GROUP='${RCYNIC_GROUP}' \ + AC_RCYNIC_DIR='${RCYNIC_DIR}' \ + AC_bindir='${bindir}' \ + AC_sysconfdir='${sysconfdir}' \ + AC_RCYNIC_HTML_DIR='${RCYNIC_HTML_DIR}' \ + AC_SU='${SU}' \ + AC_SUDO='${SUDO}' \ + AC_CHROOT='${CHROOT}' \ + AC_CHROOTUID='${CHROOTUID}' \ + ${PYTHON} ${abs_top_srcdir}/buildtools/make-rcynic-script.py <$? >$@; \ + chmod 755 $@ + rcynic-text: rcynic-text.py ${COMPILE_PYTHON} @@ -75,6 +112,9 @@ rcynic-svn: rcynic-svn.py validation_status: validation_status.py ${COMPILE_PYTHON} +rcynic-cron: rcynic-cron.py + ${COMPILE_PYTHON_CRON} + tags: TAGS TAGS: ${SRC} ${GEN} diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py new file mode 100644 index 00000000..fff921b0 --- /dev/null +++ b/rcynic/rcynic-cron.py @@ -0,0 +1,86 @@ +""" +Cron job for rcynic and rtr-origin in stock configuration. + +$Id$ + +Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +""" + +# Locking code here works like FreeBSD's lockf(1) utility given -k and +# -t 0 options, which is both the sanest and simplest combination for +# our purposes. In theory this is portable to any Unix-like system. + +import subprocess +import sys +import fcntl +import os + +# Stuff we need from autoconf: +# +# AC_RCYNIC_USER +# AC_RCYNIC_GROUP +# AC_RCYNIC_DIR +# AC_bindir +# AC_sysconfdir +# AC_RCYNIC_HTML_DIR +# AC_SU +# AC_SUDO +# AC_CHROOT +# AC_CHROOTUID + +we_are_root = os.getuid() == 0 + +beastie = sys.platform.startswith("freebsd") or sys.platform.startswith("darwin") + +def bin(name, chroot = False): + return os.path.join("/bin" if chroot and we_are_root else AC_bindir, name) + +def etc(name, chroot = False): + return os.path.join("/etc" if chroot and we_are_root else AC_sysconfdir, name) + +def rcy(name): + return os.path.join(AC_RCYNIC_DIR, name) + +jail_dirs = { AC_bindir : "/bin", AC_sysconfdir : "/etc" } + +def run(*cmd, **kwargs): + chroot = kwargs.pop("chroot", False) and we_are_root + if we_are_root: + if chroot and beastie: + cmd = (AC_CHROOT, "-u", AC_RCYNIC_USER, "-g", AC_RCYNIC_GROUP, AC_RCYNIC_DIR) + cmd + elif chroot and not beastie: + cmd = (AC_CHROOTUID, AC_RCYNIC_DIR, AC_RCYNIC_USER) + cmd + elif not chroot and beastie: + cmd = (AC_SU, "-m", AC_RCYNIC_USER, "-c", " ".join(cmd)) + elif not chroot and not beastie: + cmd = (AC_SUDO, "-u", AC_RCYNIC_USER) + cmd + else: + raise RuntimeError("How the frell did I get here?") + try: + subprocess.check_call(cmd, **kwargs) + except subprocess.CalledProcessError, e: + sys.exit("Error %r running command: %s" % (e.strerror, " ".join(repr(c) for c in cmd))) + +try: + lock = os.open(os.path.join(AC_RCYNIC_DIR, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666) + fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB) +except (IOError, OSError), e: + sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(AC_RCYNIC_DIR, "data/lock"))) + +run(bin("rcynic", chroot = True), "-c", etc("rcynic.conf", chroot = True), chroot = True) + +run(bin("rcynic-html"), rcy("data/rcynic.xml"), AC_RCYNIC_HTML_DIR) + +run(bin("rtr-origin"), "--cronjob", rcy("data/authenticated"), cwd = rcy("rpki-rtr")) |