Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.buildout
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
slapos.buildout
Commits
bb41ad24
Commit
bb41ad24
authored
Aug 25, 2011
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use static certificates.
parent
e2ca86a7
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
88 additions
and
54 deletions
+88
-54
src/zc/buildout/networkcache.txt
src/zc/buildout/networkcache.txt
+88
-54
No files found.
src/zc/buildout/networkcache.txt
View file @
bb41ad24
...
...
@@ -250,26 +250,84 @@ message not perfect error is shown like <urlopen...Connection Refused>)
Fail to upload file. ...111...
download: Downloaded http://localhost/hello.txt
Lets create the signature files:
>>> signature_data = tmpdir('signature_data')
>>> keydir = tmpdir('keydir')
>>> import os
>>> public_certificate_path = os.path.join(keydir, 'public.pem')
>>> private_key_path = os.path.join(keydir, 'private.pem')
>>> ignored = system(os.path.join(sample_buildout, 'bin', 'generate-signature-key') + ' --signature-certificate-file=' + public_certificate_path + ' --signature-private-key-file=' + private_key_path)
>>> ls(keydir)
- private.pem
- public.pem
Now it is time to have certificate as string like:
-----BEGIN CERTIFICATE-----
certificate.
-----END CERTIFICATE-----
With left side whitespaces, in order to use it in buildout profile.
>>> public_certificate = ''.join([' ' + q for q in open(public_certificate_path).readlines()])
Two paris of key certificate will be needed:
>>> main_key = """
... -----BEGIN RSA PRIVATE KEY-----
... MIICXQIBAAKBgQDHjK3vOwrStTuoxGcfPjQkNnpwyzNGuUqqKryt7/fBGiy3qRZa
... sjmW63jlx8MM7vCXhAWs1y4jtxcskN/UoAHtufMMaImpgGSePrKqtczDiPIUw49i
... Do7DOA5uSIDA0VocVWKMG1HT3oFff/1bvrJdxbUCt/q7Pb7pwnBujtcyNQIDAQAB
... AoGAFW6/s8U0qWL70Gmf5dQph4YuanT4weze3x4N++SdSKlGCkfn9b/Uvaf26T8m
... bPow7yUn8uN9uipNG+VHlS/GZRCWGIdw667fq2x5By3MO/DKVDC2ZNfDraMIFHQ0
... SG0QuonDtfkZLzw6FjOQ+VpfNioJ0rDe68io0pQmu/yL2qECQQDnZJj5wPRcExgf
... 2WNtK66GYRos3UlIkyW3rtGDOitjm13k49zFTlNmwBuATvygNtmYcvApup9N8Q0I
... 1ONlc2kNAkEA3MUuh9y0toIaEEjoL4UNHfqFlrX30UZNWuyGGj4o2usqJVkNgHNJ
... koK7aP+x9GIchECzR9FzkH7u6Q639TTTyQJBAII4WOblMh/HFyKFYrEDjjpN1z88
... YYuYU/elSH9DczuhKhwwKARZ6hG/NzrkOMOpWpeyx3mUbyab66v2supbItkCQEBR
... PeYc+ZT2QEugQeyeMZ0bQFIQ/3q7pYuovsTkeRiWTHgHArT6YWPKrHjBjYGqF667
... /r8cmTNul4HUZOmOE2kCQQDDbE9xkGsTcgFgtb646kgmrmXneNgGE5TGfF6Lfw8w
... r2qrA8qR1lkEBVvzMiDl5NHR+6Jo0irdqdKbUgocbYpi
... -----END RSA PRIVATE KEY-----
... """
>>> main_key_file = 'main.key'
>>> open(main_key_file, 'w').write(main_key)
>>> main_certificate = """
... -----BEGIN CERTIFICATE-----
... MIICkjCCAfsCADANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCRlIxDTALBgNV
... BAgTBE5vcmQxDzANBgNVBAoTBlNsYXBPUzEYMBYGA1UECxMPSG9uZXkgSGFydmVz
... dGVyMSAwHgYDVQQDExdTbGFwT1MgVGVzdCBDZXJ0aWZpY2F0ZTEmMCQGCSqGSIb3
... DQEJARYXU2xhcE9TIFRlc3QgQ2VydGlmaWNhdGUwHhcNMTEwODI0MDc1MzM2WhcN
... MTIwODI0MDc1MzM2WjCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxDzAN
... BgNVBAoTBlNsYXBPUzEYMBYGA1UECxMPSG9uZXkgSGFydmVzdGVyMSAwHgYDVQQD
... ExdTbGFwT1MgVGVzdCBDZXJ0aWZpY2F0ZTEmMCQGCSqGSIb3DQEJARYXU2xhcE9T
... IFRlc3QgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeM
... re87CtK1O6jEZx8+NCQ2enDLM0a5SqoqvK3v98EaLLepFlqyOZbreOXHwwzu8JeE
... BazXLiO3FyyQ39SgAe258wxoiamAZJ4+sqq1zMOI8hTDj2IOjsM4Dm5IgMDRWhxV
... YowbUdPegV9//Vu+sl3FtQK3+rs9vunCcG6O1zI1AgMBAAEwDQYJKoZIhvcNAQEL
... BQADgYEAoB8o6AdKLtMFGr9OLmdJMHQ1Aig/UMzTb4+Dqx59xpmf25tWeSNYuFv0
... Q6YD8Ijm2RlsPhv3crEalIY0xnEHBqdLFOnRlnivYX7hPol5xs/MKzMI3wA1Tj2f
... tjbUSd1TIX6NrmHU7zuh48XwneJoDwZyBHKKCQWE9YLjjdxj0No=
... -----END CERTIFICATE-----
... """
>>> main_certificate = '\n'.join([' ' + q for q in main_certificate.splitlines()])
>>> additional_key = """
... -----BEGIN RSA PRIVATE KEY-----
... MIICXQIBAAKBgQDDrOO87nSiDcXOf+xGc4Iqcdjfwd0RTOxEkO9z8mPZVg2bTPwt
... /GwtPgmIC4po3bJdsCpJH21ZJwfmUpaQWIApj3odDAbRXQHWhNiw9ZPMHTCmf8Zl
... yAJBxy9KI9M/fJ5RA67CJ6UYFbpF7+ZrXdkvG+0hdRX5ub0WyTPxc6kEIwIDAQAB
... AoGBAIgUj1jQGKqum1bt3dps8CQmgqWyA9TJQzK3/N8MveXik5niYypz9qNMFoLX
... S818CFRhdDbgNUKgAz1pSC5gbdfCDHYQTBrIt+LGpNSpdmQwReu3XoWOPZp4VWnO
... uCpAkDVt+88wbxtMbZ5/ExNFs2xTO66Aad1dG12tPWoyAf4pAkEA4tCLPFNxHGPx
... tluZXyWwJfVZEwLLzJ9gPkYtWrq843JuKlai2ziroubVLGSxeovBXvsjxBX95khn
... U6G9Nz5EzwJBANzal8zebFdFfiN1DAyGQ4QYsmz+NsRXDbHqFVepymUId1jAFAp8
... RqNt3Y78XlWOj8z5zMd4kWAR62p6LxJcyG0CQAjCaw4qXszs4zHaucKd7v6YShdc
... 3UgKw6nEBg5h9deG3NBPxjxXJPHGnmb3gI8uBIrJgikZfFO/ahYlwev3QKsCQGJ0
... kHekMGg3cqQb6eMrd63L1L8CFSgyJsjJsfoCl1ezDoFiH40NGfCBaeP0XZmGlFSs
... h73k4eoSEwDEt3dYJYECQQCBssN92KuYCOfPkJ+OV1tKdJdAsNwI13kA//A7s7qv
... wHQpWKk/PLmpICMBeIiE0xT+CmCfJVOlQrqDdujganZZ
... -----END RSA PRIVATE KEY-----
... """
>>> additional_key_file = 'additional.key'
>>> open(additional_key_file, 'w').write(additional_key)
>>> additional_certificate = """
... -----BEGIN CERTIFICATE-----
... MIICgDCCAekCADANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVUwxETAPBgNV
... BAgTCEJlZSBZYXJkMRgwFgYDVQQKEw9CZWUtS2VlcGVyIEx0ZC4xGDAWBgNVBAsT
... D0hvbmV5IEhhcnZlc3RlcjEVMBMGA1UEAxMMTWF5YSB0aGUgQmVlMRswGQYJKoZI
... hvcNAQkBFgxNYXlhIHRoZSBCZWUwHhcNMTEwODI0MDc1MTU2WhcNMTIwODI0MDc1
... MTU2WjCBiDELMAkGA1UEBhMCVUwxETAPBgNVBAgTCEJlZSBZYXJkMRgwFgYDVQQK
... Ew9CZWUtS2VlcGVyIEx0ZC4xGDAWBgNVBAsTD0hvbmV5IEhhcnZlc3RlcjEVMBMG
... A1UEAxMMTWF5YSB0aGUgQmVlMRswGQYJKoZIhvcNAQkBFgxNYXlhIHRoZSBCZWUw
... gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMOs47zudKINxc5/7EZzgipx2N/B
... 3RFM7ESQ73PyY9lWDZtM/C38bC0+CYgLimjdsl2wKkkfbVknB+ZSlpBYgCmPeh0M
... BtFdAdaE2LD1k8wdMKZ/xmXIAkHHL0oj0z98nlEDrsInpRgVukXv5mtd2S8b7SF1
... Ffm5vRbJM/FzqQQjAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAaT4yamJJowDKMSD2
... eshUW8pjctg6O3Ncm5XDIKd77sRf7RwPjFh+BR59lfFf9xvOu8WymhtUU7FoPDW3
... MYZmKV7A3nFehN9A+REz+WU3I7fE6vQRh9jKeuxnQLRv0TdP9CEdPcYcs/EQpIDb
... 8du+N7wcN1ZO8veWSafBzcqgCwg=
... -----END CERTIFICATE-----
... """
>>> additional_certificate = '\n'.join([' ' + q for q in additional_certificate.splitlines()])
First put not signed file in networkcache:
...
...
@@ -322,9 +380,8 @@ Now enable signature, so it should not download any content which is not trusted
... download-dir-url = %(nc_url)sshadir
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(private_key_path)s
... signature-certificate-list =
... %(public_certificate)s
... signature-private-key-file = %(main_key_file)s
... signature-certificate-list = %(main_certificate)s
... ''' % globals())
>>> print system(buildout)
Networkcache enabled.
...
...
@@ -350,26 +407,6 @@ Once it has a trusted content available into the server it should be abled to do
Downloading hello.txt from network cache.
download: Downloaded http://localhost:22168/hello.txt
Now lets create new signature files:
>>> new_keydir = tmpdir('newkeydir')
>>> new_public_certificate_path = os.path.join(new_keydir, 'public2.pem')
>>> new_private_key_path = os.path.join(new_keydir, 'private2.pem')
>>> ignored = system(os.path.join(sample_buildout, 'bin', 'generate-signature-key') + ' --signature-certificate-file=' + new_public_certificate_path + ' --signature-private-key-file=' + new_private_key_path)
>>> ls(new_keydir)
- private2.pem
- public2.pem
Now it is time to have certificate as string like:
-----BEGIN CERTIFICATE-----
certificate.
-----END CERTIFICATE-----
With left side whitespaces, in order to use it in buildout profile.
>>> new_public_certificate = ''.join([' ' + q for q in open(new_public_certificate_path).readlines()])
There is a new certificate file, so it should not download the old content:
>>> write(sample_buildout, 'buildout.cfg',
...
...
@@ -387,8 +424,8 @@ There is a new certificate file, so it should not download the old content:
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(
new_private_key_path
)s
... signature-certificate-list = %(
new_public
_certificate)s
... signature-private-key-file = %(
additional_key_file
)s
... signature-certificate-list = %(
additional
_certificate)s
... ''' % globals())
>>> print system(buildout)
Networkcache enabled.
...
...
@@ -419,9 +456,8 @@ If it can not find a trustable entry into server, it should upload the files usi
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(new_private_key_path)s
... signature-certificate-list =
... %(new_public_certificate)s
... signature-private-key-file = %(additional_key_file)s
... signature-certificate-list = %(additional_certificate)s
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... ''' % globals())
...
...
@@ -455,9 +491,8 @@ Buildout can download the content using the old certificatei, because it still a
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(private_key_path)s
... signature-certificate-list =
... %(public_certificate)s
... signature-private-key-file = %(main_key_file)s
... signature-certificate-list = %(main_certificate)s
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... ''' % globals())
...
...
@@ -488,9 +523,8 @@ Buildout can download the content using the new certificate, because it still av
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(private_key_path)s
... signature-certificate-list =
... %(public_certificate)s
... signature-private-key-file = %(main_key_file)s
... signature-certificate-list = %(main_certificate)s
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... ''' % globals())
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment