From 1750b16a9ab7b208de25a1deafbd610dfd38e7f5 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 1 Feb 2013 03:17:34 +0000
Subject: Add rcynic-cron.

svn path=/branches/tk377/; revision=4998
---
 rcynic/rcynic-cron.py | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 rcynic/rcynic-cron.py

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
new file mode 100644
index 00000000..fff921b0
--- /dev/null
+++ b/rcynic/rcynic-cron.py
@@ -0,0 +1,86 @@
+"""
+Cron job for rcynic and rtr-origin in stock configuration.
+
+$Id$
+
+Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+"""
+
+# Locking code here works like FreeBSD's lockf(1) utility given -k and
+# -t 0 options, which is both the sanest and simplest combination for
+# our purposes.  In theory this is portable to any Unix-like system.
+
+import subprocess
+import sys
+import fcntl
+import os
+
+# Stuff we need from autoconf:
+#
+#  AC_RCYNIC_USER
+#  AC_RCYNIC_GROUP
+#  AC_RCYNIC_DIR
+#  AC_bindir
+#  AC_sysconfdir
+#  AC_RCYNIC_HTML_DIR
+#  AC_SU
+#  AC_SUDO
+#  AC_CHROOT
+#  AC_CHROOTUID
+
+we_are_root = os.getuid() == 0
+
+beastie = sys.platform.startswith("freebsd") or sys.platform.startswith("darwin")
+
+def bin(name, chroot = False):
+  return os.path.join("/bin" if chroot and we_are_root else AC_bindir, name)
+
+def etc(name, chroot = False):
+  return os.path.join("/etc" if chroot and we_are_root else AC_sysconfdir, name)
+
+def rcy(name):
+  return os.path.join(AC_RCYNIC_DIR, name)
+
+jail_dirs = { AC_bindir : "/bin", AC_sysconfdir : "/etc" }
+
+def run(*cmd, **kwargs):
+  chroot = kwargs.pop("chroot", False) and we_are_root
+  if we_are_root:
+    if chroot and beastie:
+      cmd = (AC_CHROOT, "-u", AC_RCYNIC_USER, "-g", AC_RCYNIC_GROUP, AC_RCYNIC_DIR) + cmd
+    elif chroot and not beastie:
+      cmd = (AC_CHROOTUID, AC_RCYNIC_DIR, AC_RCYNIC_USER) + cmd
+    elif not chroot and beastie:
+      cmd = (AC_SU, "-m", AC_RCYNIC_USER, "-c", " ".join(cmd))
+    elif not chroot and not beastie:
+      cmd = (AC_SUDO, "-u", AC_RCYNIC_USER) + cmd
+    else:
+      raise RuntimeError("How the frell did I get here?")
+  try:
+    subprocess.check_call(cmd, **kwargs)
+  except subprocess.CalledProcessError, e:
+    sys.exit("Error %r running command: %s" % (e.strerror, " ".join(repr(c) for c in cmd)))
+
+try:
+  lock = os.open(os.path.join(AC_RCYNIC_DIR, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666)
+  fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB)
+except (IOError, OSError), e:
+  sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(AC_RCYNIC_DIR, "data/lock")))
+
+run(bin("rcynic", chroot = True), "-c", etc("rcynic.conf", chroot = True), chroot = True)
+
+run(bin("rcynic-html"), rcy("data/rcynic.xml"), AC_RCYNIC_HTML_DIR)
+
+run(bin("rtr-origin"), "--cronjob", rcy("data/authenticated"), cwd = rcy("rpki-rtr"))
-- 
cgit v1.2.3


From 2f9828622d5ba395a0666dea34fb6cf48ab0b406 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 1 Feb 2013 05:08:08 +0000
Subject: chown() lock file to rcynic user when creating it as root.

svn path=/branches/tk377/; revision=4999
---
 rcynic/rcynic-cron.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index fff921b0..ba96ec6b 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -26,6 +26,7 @@ import subprocess
 import sys
 import fcntl
 import os
+import pwd
 
 # Stuff we need from autoconf:
 #
@@ -76,6 +77,9 @@ def run(*cmd, **kwargs):
 try:
   lock = os.open(os.path.join(AC_RCYNIC_DIR, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666)
   fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB)
+  if we_are_root:
+    pw = pwd.getpwnam(AC_RCYNIC_USER)
+    os.fchown(lock, pw.pw_uid, pw.pw_gid)
 except (IOError, OSError), e:
   sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(AC_RCYNIC_DIR, "data/lock")))
 
-- 
cgit v1.2.3


From 93a3dbf7830cc81ff1a62eb73d02aaeec1e949e5 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 1 Feb 2013 13:22:19 +0000
Subject: Cleanup.

svn path=/branches/tk377/; revision=5000
---
 rcynic/rcynic-cron.py | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index ba96ec6b..b3b1c4b2 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -21,6 +21,11 @@ PERFORMANCE OF THIS SOFTWARE.
 # Locking code here works like FreeBSD's lockf(1) utility given -k and
 # -t 0 options, which is both the sanest and simplest combination for
 # our purposes.  In theory this is portable to any Unix-like system.
+#
+# At some point we might want to implement the chroot() and setuid()
+# functionality here rather than using this mess of platform-specific
+# external programs.  I don't have time to write and debug that today,
+# but it might well be simpler and more portable.
 
 import subprocess
 import sys
@@ -28,19 +33,6 @@ import fcntl
 import os
 import pwd
 
-# Stuff we need from autoconf:
-#
-#  AC_RCYNIC_USER
-#  AC_RCYNIC_GROUP
-#  AC_RCYNIC_DIR
-#  AC_bindir
-#  AC_sysconfdir
-#  AC_RCYNIC_HTML_DIR
-#  AC_SU
-#  AC_SUDO
-#  AC_CHROOT
-#  AC_CHROOTUID
-
 we_are_root = os.getuid() == 0
 
 beastie = sys.platform.startswith("freebsd") or sys.platform.startswith("darwin")
-- 
cgit v1.2.3


From 27d85628a8ebe96c3adc2dbeac0e58160c727071 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 1 Feb 2013 18:38:48 +0000
Subject: Checkpoint

svn path=/branches/tk377/; revision=5001
---
 rcynic/rcynic-cron.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index b3b1c4b2..31dd6c3d 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -77,6 +77,7 @@ except (IOError, OSError), e:
 
 run(bin("rcynic", chroot = True), "-c", etc("rcynic.conf", chroot = True), chroot = True)
 
-run(bin("rcynic-html"), rcy("data/rcynic.xml"), AC_RCYNIC_HTML_DIR)
+if AC_RCYNIC_HTML_DIR:
+  run(bin("rcynic-html"), rcy("data/rcynic.xml"), AC_RCYNIC_HTML_DIR)
 
 run(bin("rtr-origin"), "--cronjob", rcy("data/authenticated"), cwd = rcy("rpki-rtr"))
-- 
cgit v1.2.3


From d652d8faba52e6b23b075bb778e8e536ed74a0ff Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 2 Feb 2013 06:58:27 +0000
Subject: Whoops, ac_* variables are lowercase this week.

svn path=/branches/tk377/; revision=5007
---
 rcynic/rcynic-cron.py | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index 31dd6c3d..700d00d4 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -38,27 +38,25 @@ we_are_root = os.getuid() == 0
 beastie = sys.platform.startswith("freebsd") or sys.platform.startswith("darwin")
 
 def bin(name, chroot = False):
-  return os.path.join("/bin" if chroot and we_are_root else AC_bindir, name)
+  return os.path.join("/bin" if chroot and we_are_root else ac_bindir, name)
 
 def etc(name, chroot = False):
-  return os.path.join("/etc" if chroot and we_are_root else AC_sysconfdir, name)
+  return os.path.join("/etc" if chroot and we_are_root else ac_sysconfdir, name)
 
 def rcy(name):
-  return os.path.join(AC_RCYNIC_DIR, name)
-
-jail_dirs = { AC_bindir : "/bin", AC_sysconfdir : "/etc" }
+  return os.path.join(ac_rcynic_dir, name)
 
 def run(*cmd, **kwargs):
   chroot = kwargs.pop("chroot", False) and we_are_root
   if we_are_root:
     if chroot and beastie:
-      cmd = (AC_CHROOT, "-u", AC_RCYNIC_USER, "-g", AC_RCYNIC_GROUP, AC_RCYNIC_DIR) + cmd
+      cmd = (ac_chroot, "-u", ac_rcynic_user, "-g", ac_rcynic_group, ac_rcynic_dir) + cmd
     elif chroot and not beastie:
-      cmd = (AC_CHROOTUID, AC_RCYNIC_DIR, AC_RCYNIC_USER) + cmd
+      cmd = (ac_chrootuid, ac_rcynic_dir, ac_rcynic_user) + cmd
     elif not chroot and beastie:
-      cmd = (AC_SU, "-m", AC_RCYNIC_USER, "-c", " ".join(cmd))
+      cmd = (ac_su, "-m", ac_rcynic_user, "-c", " ".join(cmd))
     elif not chroot and not beastie:
-      cmd = (AC_SUDO, "-u", AC_RCYNIC_USER) + cmd
+      cmd = (ac_sudo, "-u", ac_rcynic_user) + cmd
     else:
       raise RuntimeError("How the frell did I get here?")
   try:
@@ -67,17 +65,17 @@ def run(*cmd, **kwargs):
     sys.exit("Error %r running command: %s" % (e.strerror, " ".join(repr(c) for c in cmd)))
 
 try:
-  lock = os.open(os.path.join(AC_RCYNIC_DIR, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666)
+  lock = os.open(os.path.join(ac_rcynic_dir, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666)
   fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB)
   if we_are_root:
-    pw = pwd.getpwnam(AC_RCYNIC_USER)
+    pw = pwd.getpwnam(ac_rcynic_user)
     os.fchown(lock, pw.pw_uid, pw.pw_gid)
 except (IOError, OSError), e:
-  sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(AC_RCYNIC_DIR, "data/lock")))
+  sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(ac_rcynic_dir, "data/lock")))
 
 run(bin("rcynic", chroot = True), "-c", etc("rcynic.conf", chroot = True), chroot = True)
 
-if AC_RCYNIC_HTML_DIR:
-  run(bin("rcynic-html"), rcy("data/rcynic.xml"), AC_RCYNIC_HTML_DIR)
+if ac_rcynic_html_dir:
+  run(bin("rcynic-html"), rcy("data/rcynic.xml"), ac_rcynic_html_dir)
 
 run(bin("rtr-origin"), "--cronjob", rcy("data/authenticated"), cwd = rcy("rpki-rtr"))
-- 
cgit v1.2.3


From c25b9c27bfb2dea4d68a9e9fee78e3a2d39e36c0 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 2 Feb 2013 07:56:31 +0000
Subject: rcynic requires rsync, doh.

svn path=/branches/tk377/; revision=5010
---
 rcynic/rcynic-cron.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index 700d00d4..a2875401 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -62,7 +62,7 @@ def run(*cmd, **kwargs):
   try:
     subprocess.check_call(cmd, **kwargs)
   except subprocess.CalledProcessError, e:
-    sys.exit("Error %r running command: %s" % (e.strerror, " ".join(repr(c) for c in cmd)))
+    sys.exit(str(e))
 
 try:
   lock = os.open(os.path.join(ac_rcynic_dir, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666)
-- 
cgit v1.2.3


From 61ecf6aea80a96e4008ea7fa73c5bb5fd0597bc1 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 2 Feb 2013 19:08:34 +0000
Subject: Exit without whining when another process holds the lock.

svn path=/branches/tk377/; revision=5014
---
 rcynic/rcynic-cron.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index a2875401..4687ff5b 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -32,6 +32,7 @@ import sys
 import fcntl
 import os
 import pwd
+import errno
 
 we_are_root = os.getuid() == 0
 
@@ -71,7 +72,10 @@ try:
     pw = pwd.getpwnam(ac_rcynic_user)
     os.fchown(lock, pw.pw_uid, pw.pw_gid)
 except (IOError, OSError), e:
-  sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(ac_rcynic_dir, "data/lock")))
+  if e.errno == errno.EAGAIN:
+    sys.exit(0)                         # Another instance of this script is already running, exit silently
+  else:
+    sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(ac_rcynic_dir, "data/lock")))
 
 run(bin("rcynic", chroot = True), "-c", etc("rcynic.conf", chroot = True), chroot = True)
 
-- 
cgit v1.2.3


From 7c51ba40e4e18405fbd271f0e6fbfa34b062b90f Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 3 Feb 2013 16:36:45 +0000
Subject: Don't try to run rcynic-html if parent output directory doesn't
 exist.

svn path=/branches/tk377/; revision=5019
---
 rcynic/rcynic-cron.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'rcynic/rcynic-cron.py')

diff --git a/rcynic/rcynic-cron.py b/rcynic/rcynic-cron.py
index 4687ff5b..d985d7e3 100644
--- a/rcynic/rcynic-cron.py
+++ b/rcynic/rcynic-cron.py
@@ -79,7 +79,7 @@ except (IOError, OSError), e:
 
 run(bin("rcynic", chroot = True), "-c", etc("rcynic.conf", chroot = True), chroot = True)
 
-if ac_rcynic_html_dir:
+if ac_rcynic_html_dir and os.path.exists(os.path.dirname(ac_rcynic_html_dir)):
   run(bin("rcynic-html"), rcy("data/rcynic.xml"), ac_rcynic_html_dir)
 
 run(bin("rtr-origin"), "--cronjob", rcy("data/authenticated"), cwd = rcy("rpki-rtr"))
-- 
cgit v1.2.3