diff options
| author | Magnus Ahltorp <map@kth.se> | 2017-02-02 16:08:24 +0100 |
|---|---|---|
| committer | Magnus Ahltorp <map@kth.se> | 2017-02-02 21:58:38 +0100 |
| commit | 8a1f3a5f5b1458aceb7567add95e7637e9c2e5fc (patch) | |
| tree | 188f039cce63266dbe0dcca0477ca63bc983e74d /tools/getconfig.py | |
| parent | f481bd4f30a00fa3d4a5b4aecd0f881b1f5b58f5 (diff) | |
Added tools for getting and generating global config
Diffstat (limited to 'tools/getconfig.py')
| -rwxr-xr-x | tools/getconfig.py | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/tools/getconfig.py b/tools/getconfig.py new file mode 100755 index 0000000..92cde1f --- /dev/null +++ b/tools/getconfig.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017, NORDUnet A/S. +# See LICENSE for licensing information. + +import sys +import argparse +import readconfig +from certtools import create_ssl_context, get_sth, mv_file +import os +import errno + +def get_file(configurl): + if configurl.startswith("https://") or configurl.startswith("http://"): + result = urlget(configurl) + result.raise_for_status() + return result + elif configurl.startswith("file:///"): + path = configurl[8:] + path = path.replace("CURRENTWORKINGDIRECTORY", os.getcwd()) + return open(path).read() + +def write_file(fn, data): + tempname = fn + ".new" + open(tempname, 'w').write(data) + mv_file(tempname, fn) + +def get_config_version(filename, logadminkey): + try: + config = readconfig.verify_and_read_config(filename, logadminkey) + return config["version"] + except IOError, e: + if e.errno == errno.ENOENT: + return -1 + raise e + +def main(): + parser = argparse.ArgumentParser(description="") + parser.add_argument('--dest', help="Where to write the verified system configuration", + required=True) + parser.add_argument('--localconfig', help="Local configuration", + required=True) + args = parser.parse_args() + + localconfig = readconfig.read_config(args.localconfig) + + old_config_version = get_config_version(args.dest, localconfig["logadminkey"]) + + configurl = localconfig["configurl"] + unverified_config = get_file(configurl) + unverified_config_sig = get_file(configurl + ".sig") + new_config = readconfig.verify_config(unverified_config, unverified_config_sig, localconfig["logadminkey"], configurl) + verified_config = unverified_config + verified_config_sig = unverified_config_sig + + new_config_version = new_config["version"] + + if new_config_version > old_config_version: + write_file(args.dest, verified_config) + write_file(args.dest + ".sig", verified_config_sig) + print "newconfig" + + elif new_config_version < old_config_version: + print >>sys.stderr, "The version of the configuration on the admin server is older than the version we have, refusing update" + sys.exit(1) + +main() |