YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Call the new migration from dyndns.py when MD5 is detected

Browse source
This commit is contained in:
Alexandre Aubin 2018-01-06 21:01:10 +01:00
parent 465aff4581
commit 7e02e355d5
2 changed files with 19 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py
View file

@ -22,15 +22,15 @@ class MyMigration(Migration):
pass
def forward(self):
def forward(self, dyn_host="dyndns.yunohost.org", domain=None, private_key_path=None):
dyn_host="dyndns.yunohost.org"
try:
(domain, private_key_path) = _guess_current_dyndns_domain(dyn_host)
except MoulinetteError:
logger.warning("migrate_tsig_not_needed")
return
if domain in None or private_key_path is None:
try:
(domain, private_key_path) = _guess_current_dyndns_domain(dyn_host)
assert "+157" in private_key_path
except MoulinetteError:
logger.warning("migrate_tsig_not_needed")
return
logger.warning(m18n.n('migrate_tsig_start', domain=domain))
public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"

68
src/yunohost/dyndns.py
View file

@ -223,9 +223,18 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,
key = keys[0]
# this mean that hmac-md5 is used
# This mean that hmac-md5 is used
# (Re?)Trigger the migration to sha256 and return immediately.
# The actual update will be done in next run.
if "+157" in key:
key = _migrate_from_md5_tsig_to_sha512_tsig(key, domain, dyn_host)
from yunohost.tools import _get_migration_by_name
migration = _get_migration_by_name("migrate_to_tsig_sha256")
try:
migration["module"].MyMigration().migrate(dyn_host, domain, key)
except Exception as e:
logger.error(m18n.n('migrations_migration_has_failed', exception=e, **migration), exc_info=1)
return
# Extract 'host', e.g. 'nohost.me' from 'foo.nohost.me'
host = domain.split('.')[1:]
@ -292,61 +301,6 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,
write_to_file(OLD_IPV6_FILE, ipv6)
def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
logger.warning(m18n.n('migrate_tsig_start', domain=domain))
public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
public_key_md5 = open(public_key_path).read().strip().split(' ')[-1]
os.system('cd /etc/yunohost/dyndns && '
'dnssec-keygen -a hmac-sha512 -b 512 -r /dev/urandom -n USER %s' % domain)
os.system('chmod 600 /etc/yunohost/dyndns/*.key /etc/yunohost/dyndns/*.private')
# +165 means that this file store a hmac-sha512 key
new_key_path = glob.glob('/etc/yunohost/dyndns/*+165*.key')[0]
public_key_sha512 = open(new_key_path).read().strip().split(' ', 6)[-1]
try:
r = requests.put('https://%s/migrate_key_to_sha512/' % (dyn_host),
data={
'public_key_md5': base64.b64encode(public_key_md5),
'public_key_sha512': base64.b64encode(public_key_sha512),
}, timeout=30)
except requests.ConnectionError:
raise MoulinetteError(errno.ENETUNREACH, m18n.n('no_internet_connection'))
if r.status_code != 201:
try:
error = json.loads(r.text)['error']
show_traceback = 0
except Exception:
# failed to decode json
error = r.text
show_traceback = 1
logger.warning(m18n.n('migrate_tsig_failed', domain=domain,
error_code=str(r.status_code), error=error),
exc_info=show_traceback)
os.system("mv /etc/yunohost/dyndns/*+165* /tmp")
return public_key_path
# remove old certificates
os.system("mv /etc/yunohost/dyndns/*+157* /tmp")
# sleep to wait for dyndns cache invalidation
logger.warning(m18n.n('migrate_tsig_wait'))
time.sleep(60)
logger.warning(m18n.n('migrate_tsig_wait_2'))
time.sleep(60)
logger.warning(m18n.n('migrate_tsig_wait_3'))
time.sleep(30)
logger.warning(m18n.n('migrate_tsig_wait_4'))
time.sleep(30)
logger.warning(m18n.n('migrate_tsig_end'))
return new_key_path.rsplit(".key", 1)[0] + ".private"
def dyndns_installcron():
"""
Install IP update cron