diff options
| -rw-r--r-- | myrpki.rototill/cherrypy-example.py | 12 | ||||
| -rw-r--r-- | myrpki.rototill/initialize.py | 154 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.py | 5 | ||||
| -rw-r--r-- | myrpki.rototill/setup-rootd.sh | 36 | ||||
| -rw-r--r-- | myrpki.rototill/setup.py | 188 | ||||
| -rw-r--r-- | myrpki.rototill/setup_child.py | 108 | ||||
| -rw-r--r-- | myrpki.rototill/sql-setup.py (renamed from myrpki.rototill/setup-sql.py) | 0 | ||||
| -rwxr-xr-x | myrpki.rototill/verify-bpki.sh | 6 | ||||
| -rw-r--r-- | myrpki.rototill/wsgi-example.py | 27 |
9 files changed, 194 insertions, 342 deletions
diff --git a/myrpki.rototill/cherrypy-example.py b/myrpki.rototill/cherrypy-example.py deleted file mode 100644 index c5c97fef..00000000 --- a/myrpki.rototill/cherrypy-example.py +++ /dev/null @@ -1,12 +0,0 @@ -# $Id$ - -import cherrypy - -class HelloWorld(object): - - @cherrypy.expose - def index(self): - return "Hello world!" - -if __name__ == "__main__": - cherrypy.quickstart(HelloWorld()) diff --git a/myrpki.rototill/initialize.py b/myrpki.rototill/initialize.py deleted file mode 100644 index 6e1b3ee9..00000000 --- a/myrpki.rototill/initialize.py +++ /dev/null @@ -1,154 +0,0 @@ -""" -Step 1: User runs a new "initialize" script. This reads the .conf file - and creates the resource-holding "self" BPKI identity (what - we've been calling bpki.myrpki/ca.cer, although that name - should change and the user shouldn't need to know it anymore). - If the .conf file says that this user will be running any - servers at all (rpkid, irdbd, pubd, rootd), this script also - creates what we've been calling bpki.myirbe/ca.cer and issues - bpki ee certificates for all the servers we will be running. - It bundles up the "self" identity (bpki.myrpki/ca.cer and the - "handle" value from the [myrpki] section of the .conf file) as - an xml blob, which it writes out to some filename (call it - me.xml for now). - - The general idea here is to start with all the setup that we - can do based just on the .conf file without talking to anybody - else. - - rootd is a special case, in this as in all else. when we're - running rootd, the initalize script should probably just - create everything needed for rootd and for rpkid to know about - rootd as its parent. rootd is always operated by the same - entity as the rpkid that uses this rootd as its parent, so - this is a bit tedious but should be straightforward. - similarly, i think it's ok for us to insist that the operator - running rootd must also run its own pubd. - -$Id$ - -Copyright (C) 2010 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import subprocess, csv, re, os, getopt, sys, base64, time, myrpki, rpki.config - -from xml.etree.ElementTree import Element, SubElement, ElementTree - -os.environ["TZ"] = "UTC" -time.tzset() - -cfg_file = "myrpki.conf" - -opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"]) -for o, a in opts: - if o in ("-c", "--config"): - cfg_file = a - elif o in ("-h", "--help", "-?"): - print __doc__ - sys.exit(0) -if argv: - print __doc__ - sys.exit(1) - -cfg = rpki.config.parser(cfg_file, "myrpki") - -handle = cfg.get("handle") -run_rpkid = cfg.getboolean("run_rpkid") -run_pubd = cfg.getboolean("run_pubd") -run_rootd = cfg.getboolean("run_rootd") - -if run_rootd and (not run_pubd or not run_rpkid): - raise RuntimeError, "Can't run rootd unless also running rpkid and pubd" - -myrpki.openssl = cfg.get("openssl", "openssl") - -# Create directories for parents, children, and repositories. -# Directory names should become configurable (later). - -for i in ("parents", "children", "repositories"): - if not os.path.exists(i): - print "Creating %s/" % i - os.makedirs(i) - else: - print "%s/ already exists" % i - -# First create the "myrpki" (resource holding) BPKI and trust anchor - -bpki_myrpki = myrpki.CA(cfg_file, cfg.get("myrpki_bpki_directory")) - -bpki_myrpki.setup(cfg.get("bpki_myrpki_ta_dn", - "/CN=%s BPKI Resource Trust Anchor" % handle)) - -# If we're running any daemons at all, we also need to set up the -# "myirbe" (server-operating) BPKI, its trust anchor, and EE certs for -# each program we need to run. - -if run_rpkid or run_pubd or run_rootd: - - bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory")) - - bpki_myirbe.setup(cfg.get("bpki_myirbe_ta_dn", - "/CN=%s BPKI Server Trust Anchor" % handle)) - - if run_rpkid: - - bpki_myirbe.ee(cfg.get("bpki_rpkid_ee_dn", - "/CN=%s rpkid server certificate" % handle), "rpkid") - - # rpkid implies irdbd - - bpki_myirbe.ee(cfg.get("bpki_irdbd_ee_dn", - "/CN=%s irdbd server certificate" % handle), "irdbd") - - if run_pubd: - bpki_myirbe.ee(cfg.get("bpki_pubd_ee_dn", - "/CN=%s pubd server certificate" % handle), "pubd") - - if run_rpkid or run_pubd: - - # Client cert for myirbe and irbe_cli - - bpki_myirbe.ee(cfg.get("bpki_irbe_ee_dn", - "/CN=%s irbe client certificate" % handle), "irbe") - - if run_rootd: - - bpki_myirbe.ee(cfg.get("bpki_rootd_ee_dn", - "/CN=%s rootd server certificate" % handle), "rootd") - -# Build the me.xml file. Need to check for existing file so we don't -# overwrite? Worry about that later. - -e = Element("me", xmlns = myrpki.namespace, version = "1", handle = handle) -myrpki.PEMElement(e, "bpki_ca_certificate", bpki_myrpki.cer) -myrpki.etree_write(e, handle + ".xml") - -# If we're running rootd, construct a fake parent to go with it. - -if run_rootd: - - e = Element("parent", xmlns = myrpki.namespace, version = "1", - parent_handle = "rootd", child_handle = handle, - service_url = "https://localhost:%s/" % cfg.get("rootd_server_port")) - - myrpki.PEMElement(e, "bpki_resource_ca", bpki_myirbe.cer) - myrpki.PEMElement(e, "bpki_server_ca", bpki_myirbe.cer) - - SubElement(e, "repository", type = "offer", - service_url = "https://%s:%d/" % (cfg.get("pubd_server_host"), - cfg.get("pubd_server_port"))) - rootd_filename = "parents/rootd.xml" - print "Writing", rootd_filename - myrpki.etree_write(e, rootd_filename) diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index 6ea1a6c4..aaf5c53d 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -374,7 +374,7 @@ def csv_open(filename): """ return csv.reader(open(filename, "rb"), dialect = csv_dialect) -def PEMElement(e, tag, filename): +def PEMElement(e, tag, filename, **kwargs): """ Create an XML element containing Base64 encoded data taken from a PEM file. @@ -388,9 +388,10 @@ def PEMElement(e, tag, filename): break if e.text is None: e.text = "\n" - se = SubElement(e, tag) + se = SubElement(e, tag, **kwargs) se.text = "\n" + "".join(lines) se.tail = "\n" + return se class CA(object): """ diff --git a/myrpki.rototill/setup-rootd.sh b/myrpki.rototill/setup-rootd.sh deleted file mode 100644 index be7d9368..00000000 --- a/myrpki.rototill/setup-rootd.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -# -# $Id$ -# -# Copyright (C) 2010 Internet Systems Consortium ("ISC") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Setting up rootd requires cross-certifying rpkid's resource-holding -# BPKI trust anchor under the BPKI trust anchor that rootd uses. This -# script handles that, albiet in a very ugly way. -# -# Filenames are wired in, you might need to change these if you've -# done something more complicated. - -export RANDFILE=.OpenSSL.whines.unless.I.set.this -export BPKI_DIRECTORY=`pwd`/bpki.myirbe - -openssl=../openssl/openssl/apps/openssl - -$openssl ca -notext -batch -config myrpki.conf \ - -ss_cert bpki.myrpki/ca.cer \ - -out bpki.myirbe/child.cer \ - -extensions ca_x509_ext_xcert0 - -$openssl x509 -noout -text -in bpki.myirbe/child.cer diff --git a/myrpki.rototill/setup.py b/myrpki.rototill/setup.py new file mode 100644 index 00000000..9112b9a1 --- /dev/null +++ b/myrpki.rototill/setup.py @@ -0,0 +1,188 @@ +""" +$Id$ + +Copyright (C) 2010 Internet Systems Consortium ("ISC") + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +""" + +import subprocess, csv, re, os, getopt, sys, base64, time, myrpki, rpki.config + +from xml.etree.ElementTree import Element, SubElement, ElementTree + +def usage(code = 1): + print __doc__ + sys.exit(code) + +class main(object): + + def __init__(self): + + os.environ["TZ"] = "UTC" + time.tzset() + + self.cfg_file = "myrpki.conf" + + opts, self.argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"]) + for o, a in opts: + if o in ("-c", "--config"): + self.cfg_file = a + elif o in ("-h", "--help", "-?"): + print __doc__ + sys.exit(0) + + self.cfg = rpki.config.parser(self.cfg_file, "myrpki") + myrpki.openssl = self.cfg.get("openssl", "openssl") + + getattr(self, self.argv.pop(0) + "_main")() + + def common(self, initialize_bpki = False): + + self.handle = self.cfg.get("handle") + self.run_rpkid = self.cfg.getboolean("run_rpkid") + self.run_pubd = self.cfg.getboolean("run_pubd") + self.run_rootd = self.cfg.getboolean("run_rootd") + + if self.run_rootd and (not self.run_pubd or not self.run_rpkid): + raise RuntimeError, "Can't run rootd unless also running rpkid and pubd" + + self.bpki_myrpki = myrpki.CA(self.cfg_file, self.cfg.get("myrpki_bpki_directory")) + + if initialize_bpki: + self.bpki_myrpki.setup(self.cfg.get("bpki_myrpki_ta_dn", + "/CN=%s BPKI Resource Trust Anchor" % self.handle)) + + if self.run_rpkid or self.run_pubd or self.run_rootd: + + self.bpki_myirbe = myrpki.CA(self.cfg_file, self.cfg.get("myirbe_bpki_directory")) + + if initialize_bpki: + self.bpki_myirbe.setup(self.cfg.get("bpki_myirbe_ta_dn", + "/CN=%s BPKI Server Trust Anchor" % self.handle)) + + def initialize_main(self): + + self.common(initialize_bpki = True) + + # Create directories for parents, children, and repositories. + # Directory names should become configurable (later). + + for i in ("parents", "children", "repositories"): + if not os.path.exists(i): + print "Creating %s/" % i + os.makedirs(i) + else: + print "%s/ already exists" % i + + if self.run_rpkid or self.run_pubd or self.run_rootd: + + xcert = self.bpki_myirbe.xcert(self.bpki_myrpki.cer, path_restriction = 1) + + if self.run_rpkid: + self.bpki_myirbe.ee(self.cfg.get("bpki_rpkid_ee_dn", + "/CN=%s rpkid server certificate" % self.handle), "rpkid") + self.bpki_myirbe.ee(self.cfg.get("bpki_irdbd_ee_dn", + "/CN=%s irdbd server certificate" % self.handle), "irdbd") + + if self.run_pubd: + self.bpki_myirbe.ee(self.cfg.get("bpki_pubd_ee_dn", + "/CN=%s pubd server certificate" % self.handle), "pubd") + + if self.run_rpkid or self.run_pubd: + self.bpki_myirbe.ee(self.cfg.get("bpki_irbe_ee_dn", + "/CN=%s irbe client certificate" % self.handle), "irbe") + + if self.run_rootd: + self.bpki_myirbe.ee(self.cfg.get("bpki_rootd_ee_dn", + "/CN=%s rootd server certificate" % self.handle), "rootd") + + # Build the me.xml file. Need to check for existing file so we don't + # overwrite? Worry about that later. + + e = Element("me", xmlns = myrpki.namespace, version = "1", handle = self.handle) + myrpki.PEMElement(e, "bpki_ca_certificate", self.bpki_myrpki.cer) + myrpki.etree_write(e, self.handle + ".xml") + + # If we're running rootd, construct a fake parent to go with it, + # and link cross-certified resource-holding BPKI cert to where + # rootd expects to find it. + + if self.run_rootd: + + e = Element("parent", xmlns = myrpki.namespace, version = "1", + parent_handle = "rootd", child_handle = self.handle, + service_url = "https://localhost:%s/" % self.cfg.get("rootd_server_port")) + + myrpki.PEMElement(e, "bpki_resource_ca", self.bpki_myirbe.cer) + myrpki.PEMElement(e, "bpki_server_ca", self.bpki_myirbe.cer) + + SubElement(e, "repository", type = "offer", + service_url = "https://%s:%s/" % (self.cfg.get("pubd_server_host"), + self.cfg.get("pubd_server_port"))) + rootd_filename = "parents/rootd.xml" + print "Writing", rootd_filename + myrpki.etree_write(e, rootd_filename) + + rootd_child_fn = self.cfg.get("child-bpki-cert", None, "rootd") + if not os.path.exists(rootd_child_fn): + os.link(xcert, rootd_child_fn) + + def from_child_main(self): + + self.common() + + child_handle = None + + opts, self.argv = getopt.getopt(self.argv, "", ["child_handle="]) + for o, a in opts: + if o == "--child_handle": + child_handle = a + + if len(self.argv) != 1 or not os.path.exists(self.argv[0]): + raise RuntimeError, "Need to specify filename for child.xml on command line" + + if not self.run_rpkid: + raise RuntimeError, "Don't (yet) know how to set up child unless we run rpkid" + + c = ElementTree(file = self.argv[0]).getroot() + + if child_handle is None: + child_handle = c["handle"] + + print "Child calls itself %r, we call it %r" % (c["handle"], child_handle) + + myrpki.fxcert(pem = c.findtext(myrpki.tag("bpki_ca_certificate")), path_restriction = 1) + + e = Element("parent", xmlns = myrpki.namespace, version = "1", + parent_handle = self.handle, child_handle = child_handle, + service_url = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), + self.cfg.get("rpkid_server_port"), + self.handle, child_handle)) + + myrpki.PEMElement(e, "bpki_resource_ca", self.bpki_myrpki.cer) + myrpki.PEMElement(e, "bpki_server_ca", self.bpki_myirbe.cer) + + if self.run_pubd: + SubElement(e, "repository", type = "offer", + service_url = "https://%s:%d/" % (self.cfg.get("pubd_server_host"), + self.cfg.get("pubd_server_port"))) + else: + print "Warning: I don't yet know how to do publication hints, only offers" + + child_filename = "children/%s.xml" % child_handle + print "Writing", child_filename + myrpki.etree_write(e, child_filename) + + +if __name__ == "__main__": + main() diff --git a/myrpki.rototill/setup_child.py b/myrpki.rototill/setup_child.py deleted file mode 100644 index 21d87ed4..00000000 --- a/myrpki.rototill/setup_child.py +++ /dev/null @@ -1,108 +0,0 @@ -""" -Step 2: User sends me.xml to parent, who saves it in a file - children/foo.xml (where foo is the parent's name for this - child). Parent also feeds this file and and parent's own - me.xml into another new script (call it"setup_child" for now, - since the parent uses it to set up its child). This script - writes out a customized parent record (another XML blob) - tailored to this particular child (service url including - parent's and child's names, parent's rpkid server bpki cert, - etc -- most of the data that goes into a line in parents.csv - now). This XML blob can (and usually does) also include - either an offer of publication service (if the parent runs - pubd and is willing to act as repository for this child) or a - hint pointing to some other repository (probably the one the - parent itself uses). The distinction between offer and hint - here is that the parent can only offer a pubd server it runs; - for anything else it can only hint. Parent sends this xml - result blob back to child, who stores at in a parents/ - directory with a name corresponding to the current - parent_handle (ie, the filename is the child's name for the - parent, eg, arin.xml). - -$Id$ - -Copyright (C) 2010 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import subprocess, csv, re, os, getopt, sys, base64, time, myrpki, rpki.config - -from xml.etree.ElementTree import Element, SubElement, ElementTree - -os.environ["TZ"] = "UTC" -time.tzset() - -cfg_file = "myrpki.conf" - -child_handle = None - -opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help", "--child_handle="]) -for o, a in opts: - if o == "--child_handle": - child_handle = a - elif o in ("-c", "--config"): - cfg_file = a - elif o in ("-h", "--help", "-?"): - print __doc__ - sys.exit(0) - -if len(argv) != 1 or not os.path.exists(argv[0]): - raise RuntimeError, "Need to specify filename for child.xml on command line" - -cfg = rpki.config.parser(cfg_file, "myrpki") - -if not cfg.getboolean("run_rpkid"): - raise RuntimeError, "Don't (yet) know how to set up child unless we run rpkid" - -my_handle = cfg.get("handle") -run_pubd = cfg.getboolean("run_pubd") - -myrpki.openssl = cfg.get("openssl", "openssl") - -bpki_myrpki = myrpki.CA(cfg_file, cfg.get("myrpki_bpki_directory")) -bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory")) - -e = ElementTree(file = argv[0]).getroot() - -if child_handle is None: - child_handle = e["handle"] - -print "Child calls itself %r, we call it %r" % (e["handle"], child_handle) - -# Cross certify child's cert - -myrpki.fxcert(pem = e.findtext(myrpki.tag("bpki_ca_certificate")), path_restriction = 1) - -# Build result - -e = Element("parent", xmlns = myrpki.namespace, version = "1", - parent_handle = handle, child_handle = child_handle, - service_url = "https://%s:%s/up-down/%s/%s" % (cfg.get("rpkid_server_host"), - cfg.get("rpkid_server_port"), - handle, child_handle)) - -myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer) -myrpki.PEMElement(e, "bpki_server_ca", bpki_myirbe.cer) - -if run_pubd: - SubElement(e, "repository", type = "offer", - service_url = "https://%s:%d/" % (cfg.get("pubd_server_host"), - cfg.get("pubd_server_port"))) -else: - print "Warning: I don't yet know how to do publication hints, only offers" - -child_filename = "children/%s.xml" % child_handle -print "Writing", child_filename -myrpki.etree_write(e, child_filename) diff --git a/myrpki.rototill/setup-sql.py b/myrpki.rototill/sql-setup.py index eeddcff4..eeddcff4 100644 --- a/myrpki.rototill/setup-sql.py +++ b/myrpki.rototill/sql-setup.py diff --git a/myrpki.rototill/verify-bpki.sh b/myrpki.rototill/verify-bpki.sh index 9bcf42e6..e7915602 100755 --- a/myrpki.rototill/verify-bpki.sh +++ b/myrpki.rototill/verify-bpki.sh @@ -20,7 +20,7 @@ exec 2>&1 -for bpki in bpki.* +for bpki in bpki/* do crls=$(find $bpki -name '*.crl') @@ -37,7 +37,7 @@ do done # Check that cross-certified BSC certificates verify properly -if test -d bpki.myirbe +if test -d bpki/myirbe then - cat bpki.myirbe/xcert.*.cer | openssl verify -verbose -CAfile bpki.myirbe/ca.cer -untrusted /dev/stdin bpki.myrpki/bsc.*.cer + cat bpki/myirbe/xcert.*.cer | openssl verify -verbose -CAfile bpki/myirbe/ca.cer -untrusted /dev/stdin bpki/myrpki/bsc.*.cer fi diff --git a/myrpki.rototill/wsgi-example.py b/myrpki.rototill/wsgi-example.py deleted file mode 100644 index 5ae8ad13..00000000 --- a/myrpki.rototill/wsgi-example.py +++ /dev/null @@ -1,27 +0,0 @@ -# $Id$ - -# Every WSGI application must have an application object - a callable -# object that accepts two arguments. For that purpose, we're going to -# use a function (note that you're not limited to a function, you can -# use a class for example). The first argument passed to the function -# is a dictionary containing CGI-style envrironment variables and the -# second variable is the callable object (see PEP333) - -# See http://pythonpaste.org/do-it-yourself-framework.html for a -# somewhat more complete introduction, although it's a lead-in to the -# Paste package which we might not want to use. - -def hello_world_app(environ, start_response): - status = '200 OK' # HTTP Status - headers = [('Content-type', 'text/plain')] # HTTP Headers - start_response(status, headers) - - # The returned object is going to be printed - return ["Hello World"] - -# Run server with this app on port 8000 if invoked as a script - -if __name__ == "__main__": - from wsgiref.simple_server import make_server - print "Serving on port 8000..." - make_server('', 8000, hello_world_app).serve_forever() |