mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
Call the new migration from dyndns.py when MD5 is detected
This commit is contained in:
Alexandre Aubin
parent
465aff4581
commit
7e02e355d5
2 changed files with 19 additions and 65 deletions
|
|
@ -22,15 +22,15 @@ class MyMigration(Migration):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def forward(self):
|
def forward(self, dyn_host="dyndns.yunohost.org", domain=None, private_key_path=None):
|
||||||
|
|
||||||
dyn_host="dyndns.yunohost.org"
|
if domain in None or private_key_path is None:
|
||||||
|
try:
|
||||||
try:
|
(domain, private_key_path) = _guess_current_dyndns_domain(dyn_host)
|
||||||
(domain, private_key_path) = _guess_current_dyndns_domain(dyn_host)
|
assert "+157" in private_key_path
|
||||||
except MoulinetteError:
|
except MoulinetteError:
|
||||||
logger.warning("migrate_tsig_not_needed")
|
logger.warning("migrate_tsig_not_needed")
|
||||||
return
|
return
|
||||||
|
|
||||||
logger.warning(m18n.n('migrate_tsig_start', domain=domain))
|
logger.warning(m18n.n('migrate_tsig_start', domain=domain))
|
||||||
public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
|
public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
|
||||||
|
|
|
||||||
|
|
@ -223,9 +223,18 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,
|
||||||
|
|
||||||
key = keys[0]
|
key = keys[0]
|
||||||
|
|
||||||
# this mean that hmac-md5 is used
|
# This mean that hmac-md5 is used
|
||||||
|
# (Re?)Trigger the migration to sha256 and return immediately.
|
||||||
|
# The actual update will be done in next run.
|
||||||
if "+157" in key:
|
if "+157" in key:
|
||||||
key = _migrate_from_md5_tsig_to_sha512_tsig(key, domain, dyn_host)
|
from yunohost.tools import _get_migration_by_name
|
||||||
|
migration = _get_migration_by_name("migrate_to_tsig_sha256")
|
||||||
|
try:
|
||||||
|
migration["module"].MyMigration().migrate(dyn_host, domain, key)
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(m18n.n('migrations_migration_has_failed', exception=e, **migration), exc_info=1)
|
||||||
|
|
||||||
|
return
|
||||||
|
|
||||||
# Extract 'host', e.g. 'nohost.me' from 'foo.nohost.me'
|
# Extract 'host', e.g. 'nohost.me' from 'foo.nohost.me'
|
||||||
host = domain.split('.')[1:]
|
host = domain.split('.')[1:]
|
||||||
|
|
@ -292,61 +301,6 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,
|
||||||
write_to_file(OLD_IPV6_FILE, ipv6)
|
write_to_file(OLD_IPV6_FILE, ipv6)
|
||||||
|
|
||||||
|
|
||||||
def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
|
|
||||||
logger.warning(m18n.n('migrate_tsig_start', domain=domain))
|
|
||||||
public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
|
|
||||||
public_key_md5 = open(public_key_path).read().strip().split(' ')[-1]
|
|
||||||
|
|
||||||
os.system('cd /etc/yunohost/dyndns && '
|
|
||||||
'dnssec-keygen -a hmac-sha512 -b 512 -r /dev/urandom -n USER %s' % domain)
|
|
||||||
os.system('chmod 600 /etc/yunohost/dyndns/*.key /etc/yunohost/dyndns/*.private')
|
|
||||||
|
|
||||||
# +165 means that this file store a hmac-sha512 key
|
|
||||||
new_key_path = glob.glob('/etc/yunohost/dyndns/*+165*.key')[0]
|
|
||||||
public_key_sha512 = open(new_key_path).read().strip().split(' ', 6)[-1]
|
|
||||||
|
|
||||||
try:
|
|
||||||
r = requests.put('https://%s/migrate_key_to_sha512/' % (dyn_host),
|
|
||||||
data={
|
|
||||||
'public_key_md5': base64.b64encode(public_key_md5),
|
|
||||||
'public_key_sha512': base64.b64encode(public_key_sha512),
|
|
||||||
}, timeout=30)
|
|
||||||
except requests.ConnectionError:
|
|
||||||
raise MoulinetteError(errno.ENETUNREACH, m18n.n('no_internet_connection'))
|
|
||||||
|
|
||||||
if r.status_code != 201:
|
|
||||||
try:
|
|
||||||
error = json.loads(r.text)['error']
|
|
||||||
show_traceback = 0
|
|
||||||
except Exception:
|
|
||||||
# failed to decode json
|
|
||||||
error = r.text
|
|
||||||
show_traceback = 1
|
|
||||||
|
|
||||||
logger.warning(m18n.n('migrate_tsig_failed', domain=domain,
|
|
||||||
error_code=str(r.status_code), error=error),
|
|
||||||
exc_info=show_traceback)
|
|
||||||
|
|
||||||
os.system("mv /etc/yunohost/dyndns/*+165* /tmp")
|
|
||||||
return public_key_path
|
|
||||||
|
|
||||||
# remove old certificates
|
|
||||||
os.system("mv /etc/yunohost/dyndns/*+157* /tmp")
|
|
||||||
|
|
||||||
# sleep to wait for dyndns cache invalidation
|
|
||||||
logger.warning(m18n.n('migrate_tsig_wait'))
|
|
||||||
time.sleep(60)
|
|
||||||
logger.warning(m18n.n('migrate_tsig_wait_2'))
|
|
||||||
time.sleep(60)
|
|
||||||
logger.warning(m18n.n('migrate_tsig_wait_3'))
|
|
||||||
time.sleep(30)
|
|
||||||
logger.warning(m18n.n('migrate_tsig_wait_4'))
|
|
||||||
time.sleep(30)
|
|
||||||
|
|
||||||
logger.warning(m18n.n('migrate_tsig_end'))
|
|
||||||
return new_key_path.rsplit(".key", 1)[0] + ".private"
|
|
||||||
|
|
||||||
|
|
||||||
def dyndns_installcron():
|
def dyndns_installcron():
|
||||||
"""
|
"""
|
||||||
Install IP update cron
|
Install IP update cron
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue