From 044b2406d3c1a0f11e246dc1f2827a91e8a77212 Mon Sep 17 00:00:00 2001
From: Laurent Peuch <cortex@worlddomination.be>
Date: Wed, 3 Jan 2018 18:45:18 +0100
Subject: [PATCH] [enh] better logging during key migration

---
 locales/en.json        |  4 ++++
 src/yunohost/dyndns.py | 11 ++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/locales/en.json b/locales/en.json
index 80ff22655..421a04f56 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -207,6 +207,10 @@
     "mailbox_used_space_dovecot_down": "Dovecot mailbox service need to be up, if you want to get mailbox used space",
     "maindomain_change_failed": "Unable to change the main domain",
     "maindomain_changed": "The main domain has been changed",
+    "migrate_tsig_end": "Migration to hmac-sha512 finished",
+    "migrate_tsig_failed": "Migrating the dyndns domain {domain} to hmac-sha512 failed, rolling back. Error: {error_code} - {error}",
+    "migrate_tsig_start": "Not secure enough key algorithm detected for TSIG signature of domain '{domain}', initiating migration to the more secure one hmac-sha512",
+    "migrate_tsig_wait": "Let's wait 3min for the dyndns server to take the new key into account...",
     "migrations_backward": "Migrating backward.",
     "migrations_bad_value_for_target": "Invalide number for target argument, available migrations numbers are 0 or {}",
     "migrations_cant_reach_migration_file": "Can't access migrations files at path %s",
diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py
index ccbfdaffb..459a1e04e 100644
--- a/src/yunohost/dyndns.py
+++ b/src/yunohost/dyndns.py
@@ -278,6 +278,7 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,
 
 
 def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
+    logger.warning(m18n.n('migrate_tsig_start', domain=domain))
     public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
     public_key_md5 = open(public_key_path).read().strip().split(' ')[-1]
 
@@ -299,19 +300,17 @@ def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
         raise MoulinetteError(errno.ENETUNREACH, m18n.n('no_internet_connection'))
 
     if r.status_code != 201:
-        print r.text
         try:
             error = json.loads(r.text)['error']
-            print "ERROR:", error
         except Exception as e:
             import traceback
             traceback.print_exc()
             print e
             error = r.text
 
-        # raise MoulinetteError(errno.EPERM,
-        #                       m18n.n('dyndns_registration_failed', error=error))
-        # XXX print warning
+        logger.warning(m18n.n('migrate_tsig_failed', domain=domain,
+                              error_code=str(r.status_code), error=error))
+
         os.system("mv /etc/yunohost/dyndns/*+165* /tmp")
         return public_key_path
 
@@ -319,8 +318,10 @@ def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
     os.system("mv /etc/yunohost/dyndns/*+157* /tmp")
 
     # sleep to wait for dyndns cache invalidation
+    logger.warning(m18n.n('migrate_tsig_wait'))
     time.sleep(180)
 
+    logger.warning(m18n.n('migrate_tsig_end'))
     return new_key_path.rsplit(".key", 1)[0] + ".private"