From 4b44a71ad897d0e4aa4a602a11cf55cba6a1c5c0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 17 Mar 2016 12:59:34 +0000 Subject: Synchronize script naming with tk705. svn merge tossed its cookies again. svn path=/trunk/; revision=6311 --- buildtools/build-debian-packages.py | 70 ++++++++++++++++++++++++++++++++++++ buildtools/build-ubuntu-ports.py | 71 +------------------------------------ 2 files changed, 71 insertions(+), 70 deletions(-) create mode 100644 buildtools/build-debian-packages.py mode change 100644 => 120000 buildtools/build-ubuntu-ports.py diff --git a/buildtools/build-debian-packages.py b/buildtools/build-debian-packages.py new file mode 100644 index 00000000..0a326da8 --- /dev/null +++ b/buildtools/build-debian-packages.py @@ -0,0 +1,70 @@ +# $Id$ +# +# Copyright (C) 2014 Dragon Research Labs ("DRL") +# Portions copyright (C) 2013 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notices and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL +# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR +# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA +# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +""" +Set up for a Debian or Ubuntu package build. + +This is a script because we need to create the changelog. Other than +that, we just copy the Debian skeleton and optionally run the programs +necessary to produce a test build (production builds are happened +elsewhere, under pbuilder). +""" + +import subprocess +import platform +import argparse +import shutil +import sys +import os + +parser = argparse.ArgumentParser(description = __doc__) +parser.add_argument("-b", "--debuild", action = "store_true", help = "run debuild") +parser.add_argument("-i", "--debi", action = "store_true", help = "run debi") +parser.add_argument("-s", "--version-suffix", nargs = "?", const = platform.linux_distribution()[2], + help = "suffix to add to version string") +args = parser.parse_args() + +version = "0." + subprocess.check_output(("svnversion", "-c")).strip().split(":")[-1] + +if os.path.exists("debian"): + shutil.rmtree("debian") + +def ignore_dot_svn(src, names): + return [name for name in names if name == ".svn"] + +shutil.copytree("buildtools/debian-skeleton", "debian", ignore = ignore_dot_svn) + +os.chmod("debian/rules", 0755) + +msg = "Version %s of https://subvert-rpki.hactrn.net/trunk/" % version + +if args.version_suffix: + version += "~" + args.version_suffix + +subprocess.check_call(("dch", "--create", "--package", "rpki", "--newversion", version, msg), + env = dict(os.environ, + EDITOR = "true", + VISUAL = "true", + TZ = "UTC", + DEBEMAIL = "APT Builder Robot ")) + +if args.debuild or args.debi: + subprocess.check_call(("debuild", "-us", "-uc")) + +if args.debi: + subprocess.check_call(("sudo", "debi", "--with-depends")) diff --git a/buildtools/build-ubuntu-ports.py b/buildtools/build-ubuntu-ports.py deleted file mode 100644 index 0a326da8..00000000 --- a/buildtools/build-ubuntu-ports.py +++ /dev/null @@ -1,70 +0,0 @@ -# $Id$ -# -# Copyright (C) 2014 Dragon Research Labs ("DRL") -# Portions copyright (C) 2013 Internet Systems Consortium ("ISC") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notices and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL -# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR -# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA -# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER -# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -""" -Set up for a Debian or Ubuntu package build. - -This is a script because we need to create the changelog. Other than -that, we just copy the Debian skeleton and optionally run the programs -necessary to produce a test build (production builds are happened -elsewhere, under pbuilder). -""" - -import subprocess -import platform -import argparse -import shutil -import sys -import os - -parser = argparse.ArgumentParser(description = __doc__) -parser.add_argument("-b", "--debuild", action = "store_true", help = "run debuild") -parser.add_argument("-i", "--debi", action = "store_true", help = "run debi") -parser.add_argument("-s", "--version-suffix", nargs = "?", const = platform.linux_distribution()[2], - help = "suffix to add to version string") -args = parser.parse_args() - -version = "0." + subprocess.check_output(("svnversion", "-c")).strip().split(":")[-1] - -if os.path.exists("debian"): - shutil.rmtree("debian") - -def ignore_dot_svn(src, names): - return [name for name in names if name == ".svn"] - -shutil.copytree("buildtools/debian-skeleton", "debian", ignore = ignore_dot_svn) - -os.chmod("debian/rules", 0755) - -msg = "Version %s of https://subvert-rpki.hactrn.net/trunk/" % version - -if args.version_suffix: - version += "~" + args.version_suffix - -subprocess.check_call(("dch", "--create", "--package", "rpki", "--newversion", version, msg), - env = dict(os.environ, - EDITOR = "true", - VISUAL = "true", - TZ = "UTC", - DEBEMAIL = "APT Builder Robot ")) - -if args.debuild or args.debi: - subprocess.check_call(("debuild", "-us", "-uc")) - -if args.debi: - subprocess.check_call(("sudo", "debi", "--with-depends")) diff --git a/buildtools/build-ubuntu-ports.py b/buildtools/build-ubuntu-ports.py new file mode 120000 index 00000000..26a3dba7 --- /dev/null +++ b/buildtools/build-ubuntu-ports.py @@ -0,0 +1 @@ +build-debian-packages.py \ No newline at end of file -- cgit v1.2.3 From 13fad97a4ffb2f74aff6ab8918f89d283edf3d4a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sat, 19 Mar 2016 17:08:38 +0000 Subject: Update rpki-rtr port to what the RFC says. See #784. svn path=/trunk/; revision=6315 --- buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in | 2 +- rp/rpki-rtr/Makefile.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in b/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in index 4c687f38..25a3d1ce 100644 --- a/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in +++ b/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in @@ -79,7 +79,7 @@ POST-INSTALL) if /usr/bin/egrep -q '^rpki-rtr' /etc/services then echo "You already have a /etc/services entry for rpki-rtr, so I will use it." - elif echo >>/etc/services "rpki-rtr 43779/tcp #RFC 6810" + elif echo >>/etc/services "rpki-rtr 323/tcp then echo "Added rpki-rtr to /etc/services." else diff --git a/rp/rpki-rtr/Makefile.in b/rp/rpki-rtr/Makefile.in index 4df3a119..ab00f668 100644 --- a/rp/rpki-rtr/Makefile.in +++ b/rp/rpki-rtr/Makefile.in @@ -23,7 +23,7 @@ abs_top_builddir = @abs_top_builddir@ RTR_ORIGIN_INSTALL_TARGETS = @RCYNIC_INSTALL_TARGETS@ -RPKI_RTR_PORT = 43779 +RPKI_RTR_PORT = 323 all clean test deinstall uninstall:: @true -- cgit v1.2.3 From 8226027450118a25412b1e2042519a8ea76c2982 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 25 Mar 2016 22:51:53 +0000 Subject: Now that the real version of rpki-pbuilder has moved into apt-tools, remove all the other copies to prevent confusion. svn path=/trunk/; revision=6329 --- buildtools/rpki-pbuilder.crontab | 1 - buildtools/rpki-pbuilder.logrotate | 12 -- buildtools/rpki-pbuilder.py | 319 ------------------------------------- 3 files changed, 332 deletions(-) delete mode 100644 buildtools/rpki-pbuilder.crontab delete mode 100644 buildtools/rpki-pbuilder.logrotate delete mode 100644 buildtools/rpki-pbuilder.py diff --git a/buildtools/rpki-pbuilder.crontab b/buildtools/rpki-pbuilder.crontab deleted file mode 100644 index 6a26d3a9..00000000 --- a/buildtools/rpki-pbuilder.crontab +++ /dev/null @@ -1 +0,0 @@ -*/10 * * * * /usr/sbin/logrotate -s /home/sra/logrotate.state /home/sra/logrotate.conf; /usr/bin/python $HOME/builder.py >> $HOME/builder.log 2>&1 diff --git a/buildtools/rpki-pbuilder.logrotate b/buildtools/rpki-pbuilder.logrotate deleted file mode 100644 index a7df6d48..00000000 --- a/buildtools/rpki-pbuilder.logrotate +++ /dev/null @@ -1,12 +0,0 @@ -/home/sra/builder.log -{ - rotate 30 - daily - missingok - notifempty - dateext - compress - compresscmd /usr/bin/xz - uncompresscmd /usr/bin/unxz - compressext .xz -} diff --git a/buildtools/rpki-pbuilder.py b/buildtools/rpki-pbuilder.py deleted file mode 100644 index 5043c60e..00000000 --- a/buildtools/rpki-pbuilder.py +++ /dev/null @@ -1,319 +0,0 @@ -#!/usr/bin/python -# -# $Id$ -# -# Copyright (C) 2014 Dragon Research Labs ("DRL") -# Portions copyright (C) 2013 Internet Systems Consortium ("ISC") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notices and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL -# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR -# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA -# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER -# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -""" -Debian/Ubuntu package build tool, based on pbuilder-dist and reprepro. -""" - -import os -import sys -import time -import fcntl -import errno -import socket -import logging -import argparse -import subprocess - -from textwrap import dedent - -rpki_packages = ("rpki-rp", "rpki-ca") -rpki_source_package = "rpki" - -parser = argparse.ArgumentParser(description = __doc__, - formatter_class = argparse.ArgumentDefaultsHelpFormatter) -parser.add_argument("--debug", action = "store_true", - help = "enable debugging code") -parser.add_argument("--update-build-after", type = int, default = 7 * 24 * 60 * 60, - help = "interval (in seconds) after which we should update the pbuilder environment") -parser.add_argument("--lockfile", default = os.path.expanduser("~/builder.lock"), - help = "avoid collisions between multiple instances of this script") -parser.add_argument("--keyring", default = os.path.expanduser("~/.gnupg/pubring.gpg"), - help = "PGP keyring") -parser.add_argument("--svn-tree", default = os.path.expanduser("~/source/trunk/"), - help = "subversion tree") -parser.add_argument("--apt-tree", default = os.path.expanduser("~/repository/"), - help = "reprepro repository") -parser.add_argument("--srv-path", default = "aptbot@download.rpki.net:/usr/local/www/data/download.rpki.net/APT/", - help = "upload destination") -parser.add_argument("--source-format", default = "http://download.rpki.net/APT/%(distribution)s %(release)s main", - help = "source.list format string") -args = parser.parse_args() - -# Maybe logging should be conigurable too. Later. - -logging.basicConfig(level = logging.INFO, timefmt = "%Y-%m-%dT%H:%M:%S", - format = "%(asctime)s [%(process)d] %(levelname)s %(message)s") - -upload = socket.getfqdn() == "build-u.rpki.net" - -def run(*cmd, **kwargs): - if args.debug: - #logging.info("Running %r %r", cmd, kwargs) - logging.info("Running %s", " ".join(cmd)) - subprocess.check_call(cmd, **kwargs) - -# Getting this to work right also required adding: -# -# DEBBUILDOPTS="-b" -# -# to /etc/pbuilderrc; without this, reprepro (eventually, a year after -# we set this up) started failing to incorporate some of the built -# packages, because the regenerated source packages had different -# checksums than the ones loaded initially. See: -# -# http://stackoverflow.com/questions/21563872/reprepro-complains-about-the-generated-pbuilder-debian-tar-gz-archive-md5 -# -# Putting stuff in ~/.pbuilderrc didn't work with pbuilder-dist when I -# tried it last year, this may just be that sudo isn't configured to -# pass HOME through, thus pbuilder is looking for ~root/.pbuilderrc. -# Worth trying again at some point but not all that critical. - -logging.info("Starting") - -try: - lock = os.open(args.lockfile, os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666) - fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB) -except (IOError, OSError), e: - sys.exit(0 if e.errno == errno.EAGAIN else "Error %r opening lock %r" % args.lockfile) - -run("svn", "--quiet", "update", cwd = args.svn_tree) - -source_version = subprocess.check_output(("svnversion", "-c"), cwd = args.svn_tree).strip().split(":")[-1] - -if not source_version.isdigit() and not args.debug: - sys.exit("Sources don't look pristine, not building (%r)" % source_version) - -source_version = "0." + source_version -search_version = "_" + source_version + "~" - -dsc_dir = os.path.abspath(os.path.join(args.svn_tree, "..")) - -if not os.path.isdir(args.apt_tree): - logging.info("Creating %s", args.apt_tree) - os.makedirs(args.apt_tree) - -fn = os.path.join(args.apt_tree, "apt-gpg-key.asc") -if not os.path.exists(fn): - logging.info("Creating %s", fn) - run("gpg", "--export", "--armor", "--keyring", args.keyring, stdout = open(fn, "w")) - -class Release(object): - - architectures = dict(amd64 = "", i386 = "-i386") - - releases = [] - packages = {} - - def __init__(self, release, distribution, *backports): - self.release = release - self.distribution = distribution - self.backports = backports - if backports: - self.env = dict(os.environ, - OTHERMIRROR = "deb " + args.source_format % dict(distribution = distribution, release = release)) - else: - self.env = os.environ - self.releases.append(self) - - @classmethod - def do_all_releases(cls): - for release in cls.releases: - release.setup_reprepro() - for release in cls.releases: - release.list_repository() - for release in cls.releases: - for release.arch, release.tag in cls.architectures.iteritems(): - release.do_one_architecture() - del release.arch, release.tag - - @staticmethod - def repokey(release, architecture, package): - return (release, architecture, package) - - def list_repository(self): - cmd = ("reprepro", "list", self.release) - logging.info("Running %s", " ".join(cmd)) - listing = subprocess.check_output(cmd, cwd = self.tree) - for line in listing.replace(":", " ").replace("|", " ").splitlines(): - rel, comp, arch, pkg, ver = line.split() - key = (rel, arch, pkg) - assert key not in self.packages - self.packages[key] = ver - - @property - def deb_in_repository(self): - return all(self.packages.get((self.release, self.arch, package)) == self.version - for package in rpki_packages) - - @property - def src_in_repository(self): - return self.packages.get((self.release, "source", rpki_source_package)) == self.version - - @property - def version(self): - return source_version + "~" + self.release - - @property - def dsc(self): - return os.path.join(dsc_dir, "rpki_%s.dsc" % self.version) - - @property - def tree(self): - return os.path.join(args.apt_tree, self.distribution, "") - - @property - def basefile(self): - return os.path.expanduser("~/pbuilder/%s%s-base.tgz" % (self.release, self.tag)) - - @property - def result(self): - return os.path.expanduser("~/pbuilder/%s%s_result" % (self.release, self.tag)) - - @property - def changes(self): - return os.path.join(self.result, "rpki_%s_%s.changes" % (self.version, self.arch)) - - def do_one_architecture(self): - logging.info("Running build for %s %s %s", self.distribution, self.release, self.arch) - - if not os.path.exists(self.dsc): - logging.info("Building source package %s", self.version) - for fn in os.listdir(dsc_dir): - if fn != "trunk" and search_version not in fn: - os.unlink(os.path.join(dsc_dir, fn)) - run("rm", "-rf", "debian", cwd = args.svn_tree) - run(sys.executable, "buildtools/make-version.py", cwd = args.svn_tree) - run(sys.executable, "buildtools/build-ubuntu-ports.py", "--version-suffix", self.release, cwd = args.svn_tree) - run("dpkg-buildpackage", "-S", "-us", "-uc", "-rfakeroot", cwd = args.svn_tree) - - if not os.path.exists(self.basefile): - logging.info("Creating build environment %s %s", self.release, self.arch) - run("pbuilder-dist", self.release, self.arch, "create", env = self.env) - - elif time.time() > os.stat(self.basefile).st_mtime + args.update_build_after: - logging.info("Updating build environment %s %s", self.release, self.arch) - run("pbuilder-dist", self.release, self.arch, "update", env = self.env) - - if not os.path.exists(self.changes): - logging.info("Building binary packages %s %s %s", self.release, self.arch, self.version) - for fn in os.listdir(self.result): - os.unlink(os.path.join(self.result, fn)) - run("pbuilder-dist", self.release, self.arch, "build", "--keyring", args.keyring, self.dsc, env = self.env) - - if not self.deb_in_repository: - logging.info("Updating repository for %s %s %s", self.release, self.arch, self.version) - run("reprepro", "--ignore=wrongdistribution", "include", self.release, self.changes, cwd = self.tree) - - if not self.src_in_repository: - logging.info("Updating repository for %s source %s", self.release, self.version) - run("reprepro", "--ignore=wrongdistribution", "includedsc", self.release, self.dsc, cwd = self.tree) - - def setup_reprepro(self): - - logging.info("Configuring reprepro for %s/%s", self.distribution, self.release) - - dn = os.path.join(self.tree, "conf") - if not os.path.isdir(dn): - logging.info("Creating %s", dn) - os.makedirs(dn) - - fn = os.path.join(self.tree, "conf", "distributions") - distributions = open(fn, "r").read() if os.path.exists(fn) else "" - if ("Codename: %s\n" % self.release) not in distributions: - logging.info("%s %s", "Editing" if distributions else "Creating", fn) - with open(fn, "w") as f: - if distributions: - f.write(distributions) - f.write("\n") - f.write(dedent("""\ - Origin: rpki.net - Label: rpki.net %(distribution)s repository - Codename: %(release)s - Architectures: %(architectures)s source - Components: main - Description: rpki.net %(Distribution)s APT Repository - SignWith: yes - DebOverride: override.%(release)s - DscOverride: override.%(release)s - """ % dict( - distribution = self.distribution, - Distribution = self.distribution.capitalize(), - architectures = " ".join(self.architectures), - release = self.release))) - - fn = os.path.join(self.tree, "conf", "options") - if not os.path.exists(fn): - logging.info("Creating %s", fn) - with open(fn, "w") as f: - f.write(dedent("""\ - verbose - ask-passphrase - basedir . - """)) - - fn = os.path.join(self.tree, "conf", "override." + self.release) - if not os.path.exists(fn): - logging.info("Creating %s", fn) - with open(fn, "w") as f: - for pkg in self.backports: - f.write(dedent("""\ - %-30s Priority optional - %-30s Section python - """ % (pkg, pkg))) - f.write(dedent("""\ - rpki-ca Priority extra - rpki-ca Section net - rpki-rp Priority extra - rpki-rp Section net - """)) - - fn = os.path.join(args.apt_tree, "rpki.%s.list" % self.release) - if not os.path.exists(fn): - logging.info("Creating %s", fn) - source = args.source_format % dict(distribution = self.distribution, release = self.release) - with open(fn, "w") as f: - f.write("deb %s\n" % source) - f.write("deb-src %s\n" % source) - -# Finally, here's where we specify the distributions for which we're building. - -Release("trusty", "ubuntu", "python-django-south") -Release("wheezy", "debian", "python-django", "python-django-south") -Release("precise", "ubuntu", "python-django", "python-django-south") - -# Do all the real work. - -Release.do_all_releases() - -# Upload results, maybe. - -if upload: - logging.info("Synching repository to server") - run("rsync", "-ai4", - "--ignore-existing", - args.apt_tree, args.srv_path) - run("rsync", "-ai4", - "--exclude", "HEADER.html", - "--exclude", "HEADER.css", - "--delete", "--delete-delay", - args.apt_tree, args.srv_path) - -logging.info("Done") -- cgit v1.2.3 From 774a6d9502e20400745fd8c245e062d0e63503e2 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sat, 26 Mar 2016 01:09:19 +0000 Subject: Relatively gratuitous commit to force regeneration of all binary packages. svn path=/trunk/; revision=6330 --- buildtools/rpki-pbuilder.README | 1 + 1 file changed, 1 insertion(+) create mode 100644 buildtools/rpki-pbuilder.README diff --git a/buildtools/rpki-pbuilder.README b/buildtools/rpki-pbuilder.README new file mode 100644 index 00000000..fad8d4a0 --- /dev/null +++ b/buildtools/rpki-pbuilder.README @@ -0,0 +1 @@ +rpki-pbuilder has moved to /apt-tools. -- cgit v1.2.3 From b0bafd42f83c29e8f8fb51388810637e0488c2e2 Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Sun, 27 Mar 2016 18:00:58 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=6331 --- doc/doc.RPKI.Installation | 12 +++++++++++- doc/doc.RPKI.RP.rcynic | 2 +- doc/manual.pdf | Bin 760086 -> 344052 bytes 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/doc/doc.RPKI.Installation b/doc/doc.RPKI.Installation index 67746d55..dc671dd1 100644 --- a/doc/doc.RPKI.Installation +++ b/doc/doc.RPKI.Installation @@ -7,7 +7,17 @@ platform on which you're trying to install. Debian 7 ("Wheezy"), you can use Debian binary packages. At present we only generate binary packages for Precise Pangolin and - Wheezy. This may change in the future. + Wheezy. This may change in the future. They work on Trusty Tahir as + well. + +* if you want to install a simple RPKI cache to feed routers from a Ubuntu + 14.04 system, here is a one page ten minute recipe. + +* If you want to install a CA and a cache on a Ubuntu 14.04 with a rootd CA, + here is a one page hack. It will take less than an hour. + +* If you are feeling dangerous and want to try the rrdp testbed CA and RP, here + is a one page hack. It does not support rootd. * On FreeBSD, you can use FreeBSD ports. diff --git a/doc/doc.RPKI.RP.rcynic b/doc/doc.RPKI.RP.rcynic index 4bd95ae1..f3ba5e4c 100644 --- a/doc/doc.RPKI.RP.rcynic +++ b/doc/doc.RPKI.RP.rcynic @@ -447,7 +447,7 @@ except when building complex topologies where rcynic running on one set of machines acts as aggregators for another set of validators. A large ISP might want to build such a topology so that they could have a local validation cache in each POP while minimizing load on the global repository system and -maintaining some degree of internal consistancy between POPs. In such cases, +maintaining some degree of internal consistency between POPs. In such cases, one might want the rcynic instances in the POPs to validate data fetched from the aggregators via an external process, without the POP rcynic instances attempting to fetch anything themselves. diff --git a/doc/manual.pdf b/doc/manual.pdf index bd98c08b..627d79f0 100644 Binary files a/doc/manual.pdf and b/doc/manual.pdf differ -- cgit v1.2.3 From 29544eca48483a4724317f3d874cd3ce52882c18 Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Mon, 28 Mar 2016 14:00:26 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=6332 --- doc/doc.RPKI.Installation | 4 ---- doc/manual.pdf | Bin 344052 -> 344052 bytes 2 files changed, 4 deletions(-) diff --git a/doc/doc.RPKI.Installation b/doc/doc.RPKI.Installation index dc671dd1..0acd33c1 100644 --- a/doc/doc.RPKI.Installation +++ b/doc/doc.RPKI.Installation @@ -6,10 +6,6 @@ platform on which you're trying to install. * On Ubuntu 12.04 LTS ("Precise Pangolin"), Ubuntu 14.04 ("Trusty Tahir"), or Debian 7 ("Wheezy"), you can use Debian binary packages. - At present we only generate binary packages for Precise Pangolin and - Wheezy. This may change in the future. They work on Trusty Tahir as - well. - * if you want to install a simple RPKI cache to feed routers from a Ubuntu 14.04 system, here is a one page ten minute recipe. diff --git a/doc/manual.pdf b/doc/manual.pdf index 627d79f0..40c53761 100644 Binary files a/doc/manual.pdf and b/doc/manual.pdf differ -- cgit v1.2.3 From 6968a4fee072d04782252a35d5b3f1418bbc827f Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Tue, 29 Mar 2016 06:01:12 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=6336 --- doc/doc.RPKI.Utils | 174 ----------------------------------------------------- doc/manual.pdf | Bin 344052 -> 344052 bytes 2 files changed, 174 deletions(-) diff --git a/doc/doc.RPKI.Utils b/doc/doc.RPKI.Utils index ce36dcbd..e69de29b 100644 --- a/doc/doc.RPKI.Utils +++ b/doc/doc.RPKI.Utils @@ -1,174 +0,0 @@ -****** RPKI utility programs ****** - -The distribution contains a few small utility programs. Most of these are -nominally relying party tools, but work at a low enough level that they may -also be useful in diagnosing CA problems. - -Unless otherwise specified, all of these tools expect RPKI objects -(certificates, CRLs, CMS signed objects) to be in DER format. - -Several of these tools accept an rcynic_directory argument. Which directory to -specify here depends on what you're trying to do, but if you're just trying to -look at authenticated data in your RP cache, and assuming you've installed -everything in the default locations, the directory you want is probably /var/ -rcynic/data/authenticated. - -***** uri ***** - -uri is a utility program to extract URIs from the SIA, AIA, and CRLDP -extensions of one or more X.509v3 certificates, either specified directly or as -CMS objects containing X.509v3 certificates within the CMS wrapper. - -Usage: - - $ uri [-h | --help] [-s | --single-line] cert [cert...] - - -h --help - Show help - - -s --single-line - Single output line per input file - - cert - Object(s) to examine - -***** hashdir ***** - -hashdir copies an authenticated result tree from an rcynic run into the format -expected by most OpenSSL-based programs: a collection of "PEM" format files -with names in the form that OpenSSL's -CApath lookup routines expect. This can -be useful for validating RPKI objects which are not distributed as part of the -repository system. - -Usage: - - $ hashdir [-h | --help] [-v | --verbose] rcynic_directory output_directory - - -h --help - Show help - - -v --verbose - Whistle while you work - - rcynic_directory - rcynic authenticated output tree - - output_directory - Output directory to create - -***** print_rpki_manifest ***** - -print_rpki_manifest pretty-prints the content of a manifest. It does NOT -attempt to verify the signature. - -Usage: - - $ print_rpki_manifest [-h | --help] [-c | --cms] manifest [manifest...] - - -h --help - Show help - - -c --cms - Print text representation of entire CMS blob - - manifest - Manifest(s) to print - -***** print_roa ***** - -print_roa pretty-prints the content of a ROA. It does NOT attempt to verify the -signature. - -Usage: - - $ print_roa [-h | --help] [-b | --brief] [-c | --cms] [-s | --signing-time] - ROA [ROA...] - - -h --help - Show help - - -b --brief - Brief mode (only show ASN and prefix) - - -c --cms - Print text representation of entire CMS blob - - -s --signing-time - Show CMS signingTime - - ROA - ROA object(s) to print - -***** find_roa ***** - -find_roa searches the authenticated result tree from an rcynic run for ROAs -matching specified prefixes. - -Usage: - - $ find_roa [-h | --help] [-a | --all] - [-m | --match-maxlength ] [-f | --show-filenames] - [-i | --show-inception] [-e | --show-expiration] - authtree [prefix...] - - -h --help - Show help - - -a --all - Show all ROAs, do no prefix matching at all - - -e --show-expiration - Show ROA chain expiration dates - - -f --show-filenames - Show filenames instead of URIs - - -i --show-inception - Show inception dates - - -m -match-maxlength - Pay attention to maxLength values - - authtree - rcynic authenticated output tree - - prefix - ROA prefix(es) to on which to match - -***** scan_roas ***** - -scan_roas searchs the authenticated result tree from an rcynic run for ROAs, -and prints out the signing time, ASN, and prefixes for each ROA, one ROA per -line. - -Other programs such as the rpki-rtr client use scan_roas to extract the -validated ROA payload after an rcynic validation run. - -Usage: - - $ scan_roas [-h | --help] rcynic_directory [rcynic_directory...] - - -h --help - Show help - - rcynic_directory - rcynic authenticated output tree - -***** scan_routercerts ***** - -scan_routercerts searchs the authenticated result tree from an rcynic run for -BGPSEC router certificates, and prints out data of interest to the rpki-rtr -code. - -Other programs such as the rpki-rtr client use scan_routercerts to extract the -validated ROA payload after an rcynic validation run. - -Usage: - - $ scan_routercerts [-h | --help] rcynic_directory [rcynic_directory...] - - -h --help - Show help - - rcynic_directory - rcynic authenticated output tree diff --git a/doc/manual.pdf b/doc/manual.pdf index 40c53761..bdd20a10 100644 Binary files a/doc/manual.pdf and b/doc/manual.pdf differ -- cgit v1.2.3 From a4cc47088b7b266c78780c65aa26e5b5873e9c7c Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Tue, 29 Mar 2016 07:00:29 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=6337 --- doc/doc.RPKI.Utils | 174 +++++++++++++++++++++++++++++++++++++++++++++++++++++ doc/manual.pdf | Bin 344052 -> 344052 bytes 2 files changed, 174 insertions(+) diff --git a/doc/doc.RPKI.Utils b/doc/doc.RPKI.Utils index e69de29b..ce36dcbd 100644 --- a/doc/doc.RPKI.Utils +++ b/doc/doc.RPKI.Utils @@ -0,0 +1,174 @@ +****** RPKI utility programs ****** + +The distribution contains a few small utility programs. Most of these are +nominally relying party tools, but work at a low enough level that they may +also be useful in diagnosing CA problems. + +Unless otherwise specified, all of these tools expect RPKI objects +(certificates, CRLs, CMS signed objects) to be in DER format. + +Several of these tools accept an rcynic_directory argument. Which directory to +specify here depends on what you're trying to do, but if you're just trying to +look at authenticated data in your RP cache, and assuming you've installed +everything in the default locations, the directory you want is probably /var/ +rcynic/data/authenticated. + +***** uri ***** + +uri is a utility program to extract URIs from the SIA, AIA, and CRLDP +extensions of one or more X.509v3 certificates, either specified directly or as +CMS objects containing X.509v3 certificates within the CMS wrapper. + +Usage: + + $ uri [-h | --help] [-s | --single-line] cert [cert...] + + -h --help + Show help + + -s --single-line + Single output line per input file + + cert + Object(s) to examine + +***** hashdir ***** + +hashdir copies an authenticated result tree from an rcynic run into the format +expected by most OpenSSL-based programs: a collection of "PEM" format files +with names in the form that OpenSSL's -CApath lookup routines expect. This can +be useful for validating RPKI objects which are not distributed as part of the +repository system. + +Usage: + + $ hashdir [-h | --help] [-v | --verbose] rcynic_directory output_directory + + -h --help + Show help + + -v --verbose + Whistle while you work + + rcynic_directory + rcynic authenticated output tree + + output_directory + Output directory to create + +***** print_rpki_manifest ***** + +print_rpki_manifest pretty-prints the content of a manifest. It does NOT +attempt to verify the signature. + +Usage: + + $ print_rpki_manifest [-h | --help] [-c | --cms] manifest [manifest...] + + -h --help + Show help + + -c --cms + Print text representation of entire CMS blob + + manifest + Manifest(s) to print + +***** print_roa ***** + +print_roa pretty-prints the content of a ROA. It does NOT attempt to verify the +signature. + +Usage: + + $ print_roa [-h | --help] [-b | --brief] [-c | --cms] [-s | --signing-time] + ROA [ROA...] + + -h --help + Show help + + -b --brief + Brief mode (only show ASN and prefix) + + -c --cms + Print text representation of entire CMS blob + + -s --signing-time + Show CMS signingTime + + ROA + ROA object(s) to print + +***** find_roa ***** + +find_roa searches the authenticated result tree from an rcynic run for ROAs +matching specified prefixes. + +Usage: + + $ find_roa [-h | --help] [-a | --all] + [-m | --match-maxlength ] [-f | --show-filenames] + [-i | --show-inception] [-e | --show-expiration] + authtree [prefix...] + + -h --help + Show help + + -a --all + Show all ROAs, do no prefix matching at all + + -e --show-expiration + Show ROA chain expiration dates + + -f --show-filenames + Show filenames instead of URIs + + -i --show-inception + Show inception dates + + -m -match-maxlength + Pay attention to maxLength values + + authtree + rcynic authenticated output tree + + prefix + ROA prefix(es) to on which to match + +***** scan_roas ***** + +scan_roas searchs the authenticated result tree from an rcynic run for ROAs, +and prints out the signing time, ASN, and prefixes for each ROA, one ROA per +line. + +Other programs such as the rpki-rtr client use scan_roas to extract the +validated ROA payload after an rcynic validation run. + +Usage: + + $ scan_roas [-h | --help] rcynic_directory [rcynic_directory...] + + -h --help + Show help + + rcynic_directory + rcynic authenticated output tree + +***** scan_routercerts ***** + +scan_routercerts searchs the authenticated result tree from an rcynic run for +BGPSEC router certificates, and prints out data of interest to the rpki-rtr +code. + +Other programs such as the rpki-rtr client use scan_routercerts to extract the +validated ROA payload after an rcynic validation run. + +Usage: + + $ scan_routercerts [-h | --help] rcynic_directory [rcynic_directory...] + + -h --help + Show help + + rcynic_directory + rcynic authenticated output tree diff --git a/doc/manual.pdf b/doc/manual.pdf index bdd20a10..aa737cde 100644 Binary files a/doc/manual.pdf and b/doc/manual.pdf differ -- cgit v1.2.3 From 8f1c98c3e2b0199a0af00d95c46c890df10082e3 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 31 Mar 2016 03:38:26 +0000 Subject: Preliminary fix for #799. I no longer have a proper test environment for this, will take a little while to rebuild one, but the affected code is already broken and I doubt this will make it any worse, so committing it now to see if it solves Randy's immediate problem. svn path=/trunk/; revision=6341 --- rpki/gui/cacheview/util.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/rpki/gui/cacheview/util.py b/rpki/gui/cacheview/util.py index 9e8748bf..47425c8c 100644 --- a/rpki/gui/cacheview/util.py +++ b/rpki/gui/cacheview/util.py @@ -42,7 +42,14 @@ from rpki.irdb.zookeeper import Zookeeper logger = logging.getLogger(__name__) +class SomeoneShowMeAWayToGetOuttaHere(Exception): + "'Cause I constantly pray I'll get outta here." + + def rcynic_cert(cert, obj): + if not cert.sia_directory_uri: + raise SomeoneShowMeAWayToGetOuttaHere + obj.sia = cert.sia_directory_uri # object must be saved for the related manager methods below to work @@ -234,6 +241,10 @@ def save_status(repo, vs): try: # do object-specific tasks dispatch[vs.file_class.__name__](obj, inst) + except SomeoneShowMeAWayToGetOuttaHere: + logger.error("something wrong with %s, skipping", vs.filename) + inst_qs.delete() + return except: logger.error('caught exception while processing rcynic_object:\n' 'vs=' + repr(vs) + '\nobj=' + repr(obj)) -- cgit v1.2.3 From 7d673267f2d00090fefd8fe646010c385fa2b58a Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Fri, 1 Apr 2016 00:01:05 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=6342 --- doc/doc.RPKI.CA.Configuration.web_portal | 7 +++++++ doc/manual.pdf | Bin 344052 -> 344052 bytes 2 files changed, 7 insertions(+) diff --git a/doc/doc.RPKI.CA.Configuration.web_portal b/doc/doc.RPKI.CA.Configuration.web_portal index 096f5101..3c3ddb09 100644 --- a/doc/doc.RPKI.CA.Configuration.web_portal +++ b/doc/doc.RPKI.CA.Configuration.web_portal @@ -38,3 +38,10 @@ If you get an error like "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS)", you will need to set this option. No default value. + +***** download-directory ***** + +A directory large enough to hold the RouteViews?.org routing table dump fetched +by the rpkigui-import-routes script. + + download-directory = /var/tmp diff --git a/doc/manual.pdf b/doc/manual.pdf index aa737cde..0b480c9c 100644 Binary files a/doc/manual.pdf and b/doc/manual.pdf differ -- cgit v1.2.3 From 8bed5e77b17ad8548aa1c5ea82212c3882945f7d Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 1 Apr 2016 01:36:54 +0000 Subject: Log image generation, since htmldoc occasionally barfs on image files. svn path=/trunk/; revision=6343 --- buildtools/pull-doc-from-wiki.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildtools/pull-doc-from-wiki.py b/buildtools/pull-doc-from-wiki.py index e3b61b53..7acc82a8 100644 --- a/buildtools/pull-doc-from-wiki.py +++ b/buildtools/pull-doc-from-wiki.py @@ -90,9 +90,10 @@ def main(): for img in page.xpath("//img | //object | //embed"): attr = "data" if img.tag == "object" else "src" img_url = img.get(attr) + sys.stderr.write("Image URL: {}\n".format(img_url)) if img_url.endswith(".svg"): - #sys.stderr.write("Converting %s to PNG\n" % img_url) png_fd, png_fn = tempfile.mkstemp(suffix = ".png") + sys.stderr.write("Converting {} to {}\n".format(img_url, png_fn)) subprocess.Popen(("svg2png", "-h", "700", "-w", "600", "-", "-"), stdout = png_fd, stdin = subprocess.PIPE).communicate(urllib.urlopen(img_url).read()) -- cgit v1.2.3 From 4b94df2ba249f2766d10a2e900ffdeb12ca42a18 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 1 Apr 2016 18:22:02 +0000 Subject: Unterminated quoted string in FreeBSD installation script. svn path=/trunk/; revision=6344 --- buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in b/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in index 25a3d1ce..0ba70633 100644 --- a/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in +++ b/buildtools/freebsd-skeleton/rpki-rp/files/pkg-install.in @@ -79,7 +79,7 @@ POST-INSTALL) if /usr/bin/egrep -q '^rpki-rtr' /etc/services then echo "You already have a /etc/services entry for rpki-rtr, so I will use it." - elif echo >>/etc/services "rpki-rtr 323/tcp + elif echo >>/etc/services "rpki-rtr" 323/tcp then echo "Added rpki-rtr to /etc/services." else -- cgit v1.2.3 From 3f6960a9e36e2be697a1d4311186bb11e5edca97 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 8 Apr 2016 18:44:10 +0000 Subject: Bump OpenSSL to 1.0.2g. svn path=/trunk/; revision=6350 --- openssl/Makefile.in | 2 +- openssl/openssl-1.0.2e.tar.gz | Bin 5256555 -> 0 bytes openssl/openssl-1.0.2g.tar.gz | Bin 0 -> 5266102 bytes openssl/update-snapshot.sh | 2 +- 4 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 openssl/openssl-1.0.2e.tar.gz create mode 100644 openssl/openssl-1.0.2g.tar.gz diff --git a/openssl/Makefile.in b/openssl/Makefile.in index 9e269abc..9468c8c5 100644 --- a/openssl/Makefile.in +++ b/openssl/Makefile.in @@ -1,6 +1,6 @@ # $Id$ -VERSION = 1.0.2e +VERSION = 1.0.2g OPENSSL_CONFIG_COMMAND = @OPENSSL_CONFIG_COMMAND@ OPENSSL_BUILD_DIRECTORY = ${abs_builddir}/openssl diff --git a/openssl/openssl-1.0.2e.tar.gz b/openssl/openssl-1.0.2e.tar.gz deleted file mode 100644 index 4b180f15..00000000 Binary files a/openssl/openssl-1.0.2e.tar.gz and /dev/null differ diff --git a/openssl/openssl-1.0.2g.tar.gz b/openssl/openssl-1.0.2g.tar.gz new file mode 100644 index 00000000..315ad62c Binary files /dev/null and b/openssl/openssl-1.0.2g.tar.gz differ diff --git a/openssl/update-snapshot.sh b/openssl/update-snapshot.sh index b7dc43cf..9f7bf62f 100755 --- a/openssl/update-snapshot.sh +++ b/openssl/update-snapshot.sh @@ -6,7 +6,7 @@ #version="1.0.0-stable-SNAP-$(date +%Y%m%d)" -version="1.0.2e" +version="1.0.2g" tarball="openssl-${version}.tar.gz" -- cgit v1.2.3 From e785735a8792ccbc3ef65cc57e41cffaaeec3be1 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 12 Apr 2016 19:24:25 +0000 Subject: Change default handling of when parsing ROA requests from CSV: if column is omitted, we now use the value as the , in effect requesting a separate ROA for each ROA request, which is almost certainly what the user wanted. Explictly specifying the value should still work, in case anybody still needs multi-prefix ROAs for testing or other purposes. svn path=/trunk/; revision=6359 --- ca/tests/smoketest.1.yaml | 4 ++++ ca/tests/yamltest.py | 6 +++--- rpki/irdb/zookeeper.py | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ca/tests/smoketest.1.yaml b/ca/tests/smoketest.1.yaml index edcf42a9..ddb45705 100644 --- a/ca/tests/smoketest.1.yaml +++ b/ca/tests/smoketest.1.yaml @@ -49,6 +49,10 @@ kids: roa_request: - asn: 666 ipv4: 10.3.0.44/32 + - asn: 666 + ipv4: 10.3.0.6/32 + - asn: 666 + ipv4: 10.3.0.77/32 --- - shell set -x; diff --git a/ca/tests/yamltest.py b/ca/tests/yamltest.py index 0932049b..7de7b675 100644 --- a/ca/tests/yamltest.py +++ b/ca/tests/yamltest.py @@ -380,9 +380,9 @@ class allocation(object): fn = "%s.roas.csv" % d.name if not args.skip_config: f = self.csvout(fn) - for g1, r in enumerate(self.roa_requests): - f.writerows((p, r.asn, "G%08d%08d" % (g1, g2)) - for g2, p in enumerate((r.v4 + r.v6 if r.v4 and r.v6 else r.v4 or r.v6 or ()))) + for r in self.roa_requests: + f.writerows((p, r.asn) + for p in (r.v4 + r.v6 if r.v4 and r.v6 else r.v4 or r.v6 or ())) f.close() if not args.stop_after_config: self.run_rpkic("load_roa_requests", fn) diff --git a/rpki/irdb/zookeeper.py b/rpki/irdb/zookeeper.py index 3fba99f9..c7038889 100644 --- a/rpki/irdb/zookeeper.py +++ b/rpki/irdb/zookeeper.py @@ -985,8 +985,8 @@ class Zookeeper(object): grouped = {} # format: p/n-m asn group - for pnm, asn, group in csv_reader(filename, columns = 3): - key = (asn, group) + for pnm, asn, group in csv_reader(filename, columns = 3, min_columns = 2): + key = (asn, group or pnm) if key not in grouped: grouped[key] = [] grouped[key].append(pnm) -- cgit v1.2.3 From 3719c05b36bae6673be2ee1ca56d3f5f6c524f5b Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 15 Apr 2016 12:14:47 +0000 Subject: Use logger rather than stderr if rpki-rtr server mode tries and fails to chdir(), to avoid confusing clients if inetd decides to merge stderr into stdout (text error messages don't parse well as PDUs). svn path=/trunk/; revision=6362 --- rpki/rtr/server.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rpki/rtr/server.py b/rpki/rtr/server.py index 1c7a5e78..2ea3a040 100644 --- a/rpki/rtr/server.py +++ b/rpki/rtr/server.py @@ -484,7 +484,8 @@ def server_main(args): try: os.chdir(args.rpki_rtr_dir) except OSError, e: - sys.exit(e) + logger.error("[Couldn't chdir(%r), exiting: %s]", args.rpki_rtr_dir, e) + sys.exit(1) kickme = None try: -- cgit v1.2.3 From 3503ee53e0ef4092a393a606c18a6b6b3e17e3a9 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 26 Apr 2016 13:13:25 +0000 Subject: Update trunk/FreeBSD port from django14 to django16. svn path=/trunk/; revision=6389 --- buildtools/freebsd-skeleton/rpki-ca/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildtools/freebsd-skeleton/rpki-ca/Makefile b/buildtools/freebsd-skeleton/rpki-ca/Makefile index 1bbc1355..1edb962d 100644 --- a/buildtools/freebsd-skeleton/rpki-ca/Makefile +++ b/buildtools/freebsd-skeleton/rpki-ca/Makefile @@ -32,7 +32,7 @@ BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend RPKID_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>0:${PORTSDIR}/devel/py-lxml \ ${PYTHON_PKGNAMEPREFIX}MySQLdb>0:${PORTSDIR}/databases/py-MySQLdb \ - ${PYTHON_PKGNAMEPREFIX}django14>=1.4:${PORTSDIR}/www/py-django14 \ + ${PYTHON_PKGNAMEPREFIX}django16>=1.6:${PORTSDIR}/www/py-django16 \ ${PYTHON_PKGNAMEPREFIX}vobject>0:${PORTSDIR}/deskutils/py-vobject \ ${PYTHON_PKGNAMEPREFIX}yaml>0:${PORTSDIR}/devel/py-yaml \ ${PYTHON_PKGNAMEPREFIX}netifaces>0:${PORTSDIR}/net/py-netifaces \ -- cgit v1.2.3 From 319916e90e1b1f6328effbc7cd9acf74c38c1842 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 27 Apr 2016 22:20:19 +0000 Subject: First step of transition mechanism from trunk/ to tk705/: script to encapsulate all (well, we hope) relevant configuration and state from a trunk/ CA in a form we can easily load on another machine, or on the same machine after a software upgrade, or .... Transfer format is an ad hoc Python dictionary, encoded in Python's native "Pickle" format, compressed by "xz" with SHA-256 integrity checking enabled. See #807. svn path=/trunk/; revision=6395 --- potpourri/ca-pickle.py | 95 ++++++++++++++++++++++++++++++++++++++++++++++++ potpourri/ca-unpickle.py | 26 +++++++++++++ 2 files changed, 121 insertions(+) create mode 100755 potpourri/ca-pickle.py create mode 100755 potpourri/ca-unpickle.py diff --git a/potpourri/ca-pickle.py b/potpourri/ca-pickle.py new file mode 100755 index 00000000..92741853 --- /dev/null +++ b/potpourri/ca-pickle.py @@ -0,0 +1,95 @@ +#!/usr/bin/env python + +# $Id$ + +""" +Package up state of an old (pre-rpkidb, pre-pubdb, pre-Django 1.8) +RPKI CA installation as a Python pickle database, for later re-loading +into a more recent version of the code using a companion script. +""" + +import os +import sys +import cPickle +import argparse +import subprocess +import rpki.config +import rpki.version +import rpki.autoconf + +from rpki.mysql_import import MySQLdb, _mysql_exceptions + +parser = argparse.ArgumentParser(description = __doc__) +parser.add_argument("-c", "--config", + help = "specify alternate location for rpki.conf") +parser.add_argument("-p", "--protocol", + choices = (0, 1, 2), type = int, default = 2, + help = "pickling protocol to use") +parser.add_argument("output", + help = "output file") +args = parser.parse_args() + +cfg = rpki.config.parser(args.config) + +databases = {} + +for section in ("rpkid", "irdbd", "pubd"): + db = MySQLdb.connect(db = cfg.get(section = section, option = "sql-database"), + user = cfg.get(section = section, option = "sql-username"), + passwd = cfg.get(section = section, option = "sql-password")) + tables = {} + + cur = db.cursor() + cur.execute("SHOW TABLES") + table_names = tuple(row[0] for row in cur.fetchall()) + cur.close() + + cur = db.cursor(MySQLdb.cursors.DictCursor) + for name in table_names: + cur.execute("SELECT * FROM " + name) + tables[name] = cur.fetchall() + cur.close() + + db.close() + + databases[section] = tables + +filenames = [cfg.filename] +raw_config = {} +cooked_config = {} + +for section in cfg.cfg.sections(): + for option in cfg.cfg.options(section): + raw_config[section, option] = cfg.cfg.get(section = section, option = option) + cooked_config[section, option] = cfg.get(section = section, option = option) + if os.path.isfile(cooked_config[section, option]): + filenames.append(cooked_config[section, option]) + +for i, fn in enumerate(filenames): + filenames[i] = os.path.abspath(fn) + +files = {} + +for filename in filenames: + with open(filename, "rb") as f: + files[filename] = f.read() + +world = dict( + version = rpki.version.VERSION, + rpki_conf = filenames[0], + databases = databases, + files = files, + raw_config = raw_config, + cooked_config = cooked_config) + +xz = subprocess.Popen( + ("xz", "-C", "sha256"), + stdin = subprocess.PIPE, + stdout = os.open(args.output, os.O_WRONLY | os.O_CREAT, 0600)) + +cPickle.dump(world, xz.stdin, args.protocol) + +xz.stdin.close() + +if xz.wait() != 0: + sys.exit("XZ pickling failed with code {}".format(xz.returncode)) diff --git a/potpourri/ca-unpickle.py b/potpourri/ca-unpickle.py new file mode 100755 index 00000000..dbbe3e8a --- /dev/null +++ b/potpourri/ca-unpickle.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python + +# $Id$ + +""" +Unpickle CA state packaged by ca-pickle. + +This version is a stub, and exists only to test ca-pickle. +""" + +import sys +import cPickle +import argparse +import subprocess + +parser = argparse.ArgumentParser(description = __doc__) +parser.add_argument("input", help = "input file") +args = parser.parse_args() + +xzcat = subprocess.Popen(("xzcat", args.input), stdout = subprocess.PIPE) +world = cPickle.load(xzcat.stdout) +if xzcat.wait() != 0: + sys.exit("XZ unpickling failed with code {}".format(xz.returncode)) + +print "import datetime" +print "world =", repr(world) -- cgit v1.2.3