diff --git a/src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py b/src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py index 26ea3a8b8..257f3525a 100644 --- a/src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py +++ b/src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py @@ -22,15 +22,15 @@ class MyMigration(Migration): pass - def forward(self): + def forward(self, dyn_host="dyndns.yunohost.org", domain=None, private_key_path=None): - dyn_host="dyndns.yunohost.org" - - try: - (domain, private_key_path) = _guess_current_dyndns_domain(dyn_host) - except MoulinetteError: - logger.warning("migrate_tsig_not_needed") - return + if domain in None or private_key_path is None: + try: + (domain, private_key_path) = _guess_current_dyndns_domain(dyn_host) + assert "+157" in private_key_path + except MoulinetteError: + logger.warning("migrate_tsig_not_needed") + return logger.warning(m18n.n('migrate_tsig_start', domain=domain)) public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key" diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py index 6ff73d1e2..851d04f45 100644 --- a/src/yunohost/dyndns.py +++ b/src/yunohost/dyndns.py @@ -223,9 +223,18 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None, key = keys[0] - # this mean that hmac-md5 is used + # This mean that hmac-md5 is used + # (Re?)Trigger the migration to sha256 and return immediately. + # The actual update will be done in next run. if "+157" in key: - key = _migrate_from_md5_tsig_to_sha512_tsig(key, domain, dyn_host) + from yunohost.tools import _get_migration_by_name + migration = _get_migration_by_name("migrate_to_tsig_sha256") + try: + migration["module"].MyMigration().migrate(dyn_host, domain, key) + except Exception as e: + logger.error(m18n.n('migrations_migration_has_failed', exception=e, **migration), exc_info=1) + + return # Extract 'host', e.g. 'nohost.me' from 'foo.nohost.me' host = domain.split('.')[1:] @@ -292,61 +301,6 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None, write_to_file(OLD_IPV6_FILE, ipv6) -def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host): - logger.warning(m18n.n('migrate_tsig_start', domain=domain)) - public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key" - public_key_md5 = open(public_key_path).read().strip().split(' ')[-1] - - os.system('cd /etc/yunohost/dyndns && ' - 'dnssec-keygen -a hmac-sha512 -b 512 -r /dev/urandom -n USER %s' % domain) - os.system('chmod 600 /etc/yunohost/dyndns/*.key /etc/yunohost/dyndns/*.private') - - # +165 means that this file store a hmac-sha512 key - new_key_path = glob.glob('/etc/yunohost/dyndns/*+165*.key')[0] - public_key_sha512 = open(new_key_path).read().strip().split(' ', 6)[-1] - - try: - r = requests.put('https://%s/migrate_key_to_sha512/' % (dyn_host), - data={ - 'public_key_md5': base64.b64encode(public_key_md5), - 'public_key_sha512': base64.b64encode(public_key_sha512), - }, timeout=30) - except requests.ConnectionError: - raise MoulinetteError(errno.ENETUNREACH, m18n.n('no_internet_connection')) - - if r.status_code != 201: - try: - error = json.loads(r.text)['error'] - show_traceback = 0 - except Exception: - # failed to decode json - error = r.text - show_traceback = 1 - - logger.warning(m18n.n('migrate_tsig_failed', domain=domain, - error_code=str(r.status_code), error=error), - exc_info=show_traceback) - - os.system("mv /etc/yunohost/dyndns/*+165* /tmp") - return public_key_path - - # remove old certificates - os.system("mv /etc/yunohost/dyndns/*+157* /tmp") - - # sleep to wait for dyndns cache invalidation - logger.warning(m18n.n('migrate_tsig_wait')) - time.sleep(60) - logger.warning(m18n.n('migrate_tsig_wait_2')) - time.sleep(60) - logger.warning(m18n.n('migrate_tsig_wait_3')) - time.sleep(30) - logger.warning(m18n.n('migrate_tsig_wait_4')) - time.sleep(30) - - logger.warning(m18n.n('migrate_tsig_end')) - return new_key_path.rsplit(".key", 1)[0] + ".private" - - def dyndns_installcron(): """ Install IP update cron