Alon Bar-Lev has uploaded a new change for review. Change subject: packaging: setup: remove dependency of openssh ......................................................................
packaging: setup: remove dependency of openssh openssh dependency was left only for getting public key fingerprint. as we have the logic of doing that anyway because of old rhel server, we can calc the fingerprint our own. the ssh-keygen -l is also ugly as it does not support piping the key and forcing use of temp file... so best manage without it. Change-Id: Ifa4893d8f9b034642d2428d926d41dd677a23565 Signed-off-by: Alon Bar-Lev <[email protected]> --- M ovirt-engine.spec.in M packaging/setup/plugins/ovirt-engine-setup/pki/ssh.py 2 files changed, 45 insertions(+), 38 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/98/18498/1 diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index 18570c1..55b9263 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -280,7 +280,6 @@ Requires: logrotate Requires: m2crypto Requires: nfs-utils -Requires: openssh Requires: otopi >= 1.1.0 Requires: policycoreutils-python Requires: python-psycopg2 diff --git a/packaging/setup/plugins/ovirt-engine-setup/pki/ssh.py b/packaging/setup/plugins/ovirt-engine-setup/pki/ssh.py index 35bf9c2..31b8cd7 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/pki/ssh.py +++ b/packaging/setup/plugins/ovirt-engine-setup/pki/ssh.py @@ -19,15 +19,15 @@ """ssh plugin.""" -import os +import re import base64 import struct -import tempfile import gettext _ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup') -from M2Crypto import RSA +from M2Crypto import X509 +from M2Crypto import EVP from otopi import util @@ -43,15 +43,44 @@ class Plugin(plugin.PluginBase): """CA plugin.""" - def _getSSHPublicKey(self, key): + def _getSSHPublicKeyRaw(self, key): ALGO = 'ssh-rsa' - key = RSA.load_key_string(key.encode('ascii')) - sshkey = ( - struct.pack('!l', len(ALGO)) + ALGO.encode('ascii') + - key.pub()[0] + - key.pub()[1] + return { + 'algo': ALGO, + 'blob': ( + struct.pack('!l', len(ALGO)) + ALGO.encode('ascii') + + key.pub()[0] + + key.pub()[1] + ), + } + + def _getSSHPublicKey(self, key): + sshkey = self._getSSHPublicKeyRaw(key) + return '%s %s' % (sshkey['algo'], base64.b64encode(sshkey['blob'])) + + def _getSSHPublicKeyFingerprint(self, key): + sshkey = self._getSSHPublicKeyRaw(key) + md5 = EVP.MessageDigest('md5') + md5.update(sshkey['blob']) + return re.sub(r'(..)', r':\1', base64.b16encode(md5.digest()))[1:] + + def _getEnginePublicKey(self): + rc, cert, stderr = self.execute( + ( + osetupcons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, + '--name=engine', + '--passin=%s' % self.environment[ + osetupcons.PKIEnv.STORE_PASS + ], + '--cert=-', + ), ) - return '%s %s' % (ALGO, base64.b64encode(sshkey)) + + x509 = X509.load_cert_string( + string='\n'.join(cert).encode('ascii'), + format=X509.FORMAT_PEM, + ) + return x509.get_pubkey().get_rsa() def __init__(self, context): super(Plugin, self).__init__(context=context) @@ -95,7 +124,7 @@ ) self.environment[ osetupcons.PKIEnv.ENGINE_SSH_PUBLIC_KEY - ] = self._getSSHPublicKey('\n'.join(privkey)) + ] = self._getSSHPublicKey(self._getEnginePublicKey()) @plugin.event( stage=plugin.Stages.STAGE_CLOSEUP, @@ -107,34 +136,13 @@ ), ) def _closeup(self): - temp = None - try: - fd, temp = tempfile.mkstemp(suffix='.pub') - os.close(fd) - with open(temp, "w") as f: - f.write( - self.environment[ - osetupcons.PKIEnv.ENGINE_SSH_PUBLIC_KEY - ] - ) - f.write('\n') - - rc, fingerprint, stderr = self.execute( - ( - self.command.get('ssh-keygen'), - '-l', - '-f', temp, + self.dialog.note( + text=_('SSH fingerprint: {fingerprint}').format( + fingerprint=self._getSSHPublicKeyFingerprint( + self._getEnginePublicKey() ), ) - - self.dialog.note( - text=_('SSH fingerprint: {fingerprint}').format( - fingerprint=fingerprint[0].split()[1], - ) - ) - finally: - if temp is not None and os.path.exists(temp): - os.unlink(temp) + ) # vim: expandtab tabstop=4 shiftwidth=4 -- To view, visit http://gerrit.ovirt.org/18498 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifa4893d8f9b034642d2428d926d41dd677a23565 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
