Add a draft migration for tsig_sha256 based on existing stuff in dyndns.py

2024-09-03 20:06:10 +02:00 · 2018-01-06 18:05:01 +01:00 · 2018-01-06 18:05:01 +01:00 · beb432bc6f
commit beb432bc6f
parent 7c63c0a34d
1 changed files with 79 additions and 0 deletions
--- a/src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py
+++ b/src/yunohost/data_migrations/0002_migrate_to_tsig_sha256.py
@ -0,0 +1,79 @@
 import glob
 from yunohost.tools import Migration
 from moulinette.utils.log import getActionLogger
 logger = getActionLogger('yunohost.migration')
 class MigrateToTsigSha512(Migration):
    "Migrate Dyndns stuff from MD5 TSIG to SHA512 TSIG":
    def backward(self):
        # Not possible because that's a non-reversible operation ?
        pass
    def forward(self):
        dyn_host="dyndns.yunohost.org"
        try:
            (domain, private_key_path) = _guess_current_dyndns_domain(dyn_host)
        except MoulinetteError:
            logger.warning("migrate_tsig_not_needed")
        logger.warning(m18n.n('migrate_tsig_start', domain=domain))
        public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
        public_key_md5 = open(public_key_path).read().strip().split(' ')[-1]
        os.system('cd /etc/yunohost/dyndns && '
                  'dnssec-keygen -a hmac-sha512 -b 512 -r /dev/urandom -n USER %s' % domain)
        os.system('chmod 600 /etc/yunohost/dyndns/*.key /etc/yunohost/dyndns/*.private')
        # +165 means that this file store a hmac-sha512 key
        new_key_path = glob.glob('/etc/yunohost/dyndns/*+165*.key')[0]
        public_key_sha512 = open(new_key_path).read().strip().split(' ', 6)[-1]
        try:
            r = requests.put('https://%s/migrate_key_to_sha512/' % (dyn_host),
                             data={
                               'public_key_md5': base64.b64encode(public_key_md5),
                               'public_key_sha512': base64.b64encode(public_key_sha512),
                             }, timeout=30)
        except requests.ConnectionError:
            raise MoulinetteError(errno.ENETUNREACH, m18n.n('no_internet_connection'))
        if r.status_code != 201:
            try:
                error = json.loads(r.text)['error']
                show_traceback = 0
            except Exception:
                # failed to decode json
                error = r.text
                show_traceback = 1
            logger.warning(m18n.n('migrate_tsig_failed', domain=domain,
                                  error_code=str(r.status_code), error=error),
                           exc_info=show_traceback)
            os.system("mv /etc/yunohost/dyndns/*+165* /tmp")
            return public_key_path
        # remove old certificates
        os.system("mv /etc/yunohost/dyndns/*+157* /tmp")
        # sleep to wait for dyndns cache invalidation
        logger.warning(m18n.n('migrate_tsig_wait'))
        time.sleep(60)
        logger.warning(m18n.n('migrate_tsig_wait_2'))
        time.sleep(60)
        logger.warning(m18n.n('migrate_tsig_wait_3'))
        time.sleep(30)
        logger.warning(m18n.n('migrate_tsig_wait_4'))
        time.sleep(30)
        logger.warning(m18n.n('migrate_tsig_end'))
        return new_key_path.rsplit(".key", 1)[0] + ".private"