summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--test/catlfish-test-local-1.cfg5
-rw-r--r--test/catlfish-test-local-merge-2.cfg2
-rw-r--r--test/catlfish-test-local-merge.cfg2
-rw-r--r--test/catlfish-test-local-signing.cfg2
-rw-r--r--test/catlfish-test.cfg.in2
-rwxr-xr-xtest/scripts/light-system-test-prepare-redistribute-frontend.sh1
-rwxr-xr-xtest/scripts/light-system-test-prepare.sh30
-rwxr-xr-xtest/scripts/light-system-test-run-1.sh16
-rwxr-xr-xtest/scripts/light-system-test-run-2.sh2
-rwxr-xr-xtest/scripts/light-system-test-run-5.sh20
-rwxr-xr-xtest/scripts/light-system-test.sh14
-rw-r--r--test/scripts/testutils.sh4
-rwxr-xr-xtools/compileconfig.py13
-rwxr-xr-xtools/genconfig.sh43
-rwxr-xr-xtools/getconfig.py68
-rwxr-xr-xtools/getconfig.sh29
-rwxr-xr-xtools/loginfo.py1
-rw-r--r--tools/readconfig.py13
18 files changed, 234 insertions, 33 deletions
diff --git a/test/catlfish-test-local-1.cfg b/test/catlfish-test-local-1.cfg
index 1795649..21f8c17 100644
--- a/test/catlfish-test-local-1.cfg
+++ b/test/catlfish-test-local-1.cfg
@@ -1,6 +1,5 @@
localnodes:
- frontend-1
- - storage-1
frontendaddresses:
frontend-1: 127.0.0.1:8082
@@ -9,7 +8,7 @@ ctapiaddresses:
frontend-1: 127.0.0.1:8080
storageaddresses:
- storage-1: 127.0.0.1:8081
+ frontend-1: 127.0.0.1:8081
#publichttpaddresses:
@@ -34,5 +33,7 @@ logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ
Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+
0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ==
+configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg
+
#options:
# - sctcaching
diff --git a/test/catlfish-test-local-merge-2.cfg b/test/catlfish-test-local-merge-2.cfg
index b871313..e2baa01 100644
--- a/test/catlfish-test-local-merge-2.cfg
+++ b/test/catlfish-test-local-merge-2.cfg
@@ -22,3 +22,5 @@ paths:
logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ
Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+
0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ==
+
+configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg
diff --git a/test/catlfish-test-local-merge.cfg b/test/catlfish-test-local-merge.cfg
index 3b4d45f..89db886 100644
--- a/test/catlfish-test-local-merge.cfg
+++ b/test/catlfish-test-local-merge.cfg
@@ -12,3 +12,5 @@ paths:
logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ
Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+
0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ==
+
+configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg
diff --git a/test/catlfish-test-local-signing.cfg b/test/catlfish-test-local-signing.cfg
index df91bcd..0eccc94 100644
--- a/test/catlfish-test-local-signing.cfg
+++ b/test/catlfish-test-local-signing.cfg
@@ -23,3 +23,5 @@ paths:
logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ
Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+
0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ==
+
+configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg
diff --git a/test/catlfish-test.cfg.in b/test/catlfish-test.cfg.in
index 39288c7..86ba3be 100644
--- a/test/catlfish-test.cfg.in
+++ b/test/catlfish-test.cfg.in
@@ -6,7 +6,7 @@ frontendnodes:
address: localhost:8082
storagenodes:
- - name: storage-1
+ - name: frontend-1
address: localhost:8081
signingnodes:
diff --git a/test/scripts/light-system-test-prepare-redistribute-frontend.sh b/test/scripts/light-system-test-prepare-redistribute-frontend.sh
index cba93d4..7141ba5 100755
--- a/test/scripts/light-system-test-prepare-redistribute-frontend.sh
+++ b/test/scripts/light-system-test-prepare-redistribute-frontend.sh
@@ -11,3 +11,4 @@ mv machine/machine-1 machine/machine-1-down
mkdir -p machine/machine-1/db
touch machine/machine-1/db/index
touch machine/machine-1/db/newentries
+cp machine/machine-1-down/{catlfish-test-local-1.cfg,catlfish-test.cfg,catlfish-test.cfg.sig} machine/machine-1/
diff --git a/test/scripts/light-system-test-prepare.sh b/test/scripts/light-system-test-prepare.sh
index 84b06cd..847edd0 100755
--- a/test/scripts/light-system-test-prepare.sh
+++ b/test/scripts/light-system-test-prepare.sh
@@ -38,7 +38,6 @@ createcert () {
createca
createcert
-cafingerprint=$(openssl x509 -in httpsca/demoCA/cacert.pem -noout -sha256 -fingerprint | sed -e 's/.*=//' -e 's/://g')
mkdir keys
(cd keys ; ${top_srcdir}/tools/create-key.sh logkey)
openssl pkcs8 -topk8 -nocrypt -in keys/logkey-private.pem -out keys/logkey-private.pkcs8
@@ -50,28 +49,31 @@ printf 0 > mergedb-secondary/verifiedsize
mkdir known_roots
cp ${top_srcdir}/tools/testcerts/roots/* known_roots
mkdir privatekeys
-echo "apikeys:" > api-keys.cfg
+
for node in ${NODES}; do \
(cd privatekeys ; ${top_srcdir}/tools/create-key.sh ${node})
- apipk=$(grep -v '^-----' privatekeys/${node}.pem | tr '\n' ' ')
mkdir -p nodes/${node}/log
- echo " - nodename: ${node}" >> api-keys.cfg
- echo " publickey: ${apipk}" >> api-keys.cfg
done
-logpk=$(grep -v '^-----' keys/logkey.pem | tr '\n' ' ')
-echo "logpublickey: ${logpk}" >> api-keys.cfg
-echo "cafingerprint: ${cafingerprint}" >> api-keys.cfg
-
+${top_srcdir}/tools/genconfig.sh ${top_srcdir}/test/catlfish-test.cfg.in privatekeys keys/logkey.pem httpsca/demoCA/cacert.pem ${top_srcdir}/test/logadminkey-private.pem catlfish-test-generated.cfg
-cat ${top_srcdir}/test/catlfish-test.cfg.in api-keys.cfg > ${top_srcdir}/test/catlfish-test.cfg
-openssl dgst -sha256 -sign ${top_srcdir}/test/logadminkey-private.pem -out ${top_srcdir}/test/catlfish-test.cfg.sig ${top_srcdir}/test/catlfish-test.cfg
for machine in ${MACHINES}; do \
- ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-${machine}.cfg
mkdir -p machine/machine-${machine}/db
+ cp ${top_srcdir}/test/catlfish-test-local-${machine}.cfg machine/machine-${machine}/
+ ${top_srcdir}/tools/getconfig.py --localconfig machine/machine-${machine}/catlfish-test-local-${machine}.cfg --dest machine/machine-${machine}/catlfish-test.cfg
+ ${top_srcdir}/tools/compileconfig.py --config machine/machine-${machine}/catlfish-test.cfg --localconfig machine/machine-${machine}/catlfish-test-local-${machine}.cfg
touch machine/machine-${machine}/db/index && touch machine/machine-${machine}/db/newentries
done
-${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge-2.cfg
-${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-signing.cfg
+mkdir -p machine/merge
+cp ${top_srcdir}/test/catlfish-test-local-merge.cfg machine/merge/
+${top_srcdir}/tools/getconfig.py --localconfig machine/merge/catlfish-test-local-merge.cfg --dest machine/merge/catlfish-test.cfg
+mkdir -p machine/merge-2
+cp ${top_srcdir}/test/catlfish-test-local-merge-2.cfg machine/merge-2/
+${top_srcdir}/tools/getconfig.py --localconfig machine/merge-2/catlfish-test-local-merge-2.cfg --dest machine/merge-2/catlfish-test.cfg
+${top_srcdir}/tools/compileconfig.py --config machine/merge-2/catlfish-test.cfg --localconfig machine/merge-2/catlfish-test-local-merge-2.cfg
+mkdir -p machine/signing
+cp ${top_srcdir}/test/catlfish-test-local-signing.cfg machine/signing/
+${top_srcdir}/tools/getconfig.py --localconfig machine/signing/catlfish-test-local-signing.cfg --dest machine/signing/catlfish-test.cfg
+${top_srcdir}/tools/compileconfig.py --config machine/signing/catlfish-test.cfg --localconfig machine/signing/catlfish-test-local-signing.cfg
test -x ${SOFTHSM} && ${SOFTHSM} --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff || true
test -x ${SOFTHSM} && ${SOFTHSM} --import keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00 || true
diff --git a/test/scripts/light-system-test-run-1.sh b/test/scripts/light-system-test-run-1.sh
index 3b6266e..1ad56a8 100755
--- a/test/scripts/light-system-test-run-1.sh
+++ b/test/scripts/light-system-test-run-1.sh
@@ -7,14 +7,14 @@ top_srcdir=$(cd $(dirname $0)/../..; pwd)
. ${top_srcdir}/test/scripts/testutils.sh
-python ${top_srcdir}/tools/testcase1.py https://localhost:8080/ keys/logkey.pem httpsca/demoCA/cacert.pem ${top_srcdir}/test || fail "Tests failed"
+python ${top_srcdir}/tools/testcase1.py https://localhost:8080/ keys/logkey.pem httpsca/demoCA/cacert.pem machine/merge || fail "Tests failed"
check_sth
python ${top_srcdir}/tools/fetchallcerts.py ${BASEURL} --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem || fail "Verification failed"
-python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed"
+python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed"
for certfile in ${top_srcdir}/tools/testcerts/cert[1-5].txt ${top_srcdir}/tools/testcerts/pre[12].txt; do
python ${top_srcdir}/tools/submitcert.py --parallel=1 --store $certfile --check-sct --sct-file=submittedcerts ${BASEURL} --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem || fail "Submission failed"
done
-python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed"
+python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed"
do_merge
check_sth
@@ -30,16 +30,16 @@ python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/cert3.tx
python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/cert4.txt fetchcertstore/00000003 || fail "Verification failed"
python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/cert5.txt fetchcertstore/00000004 || fail "Verification failed"
python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/pre1.txt:${top_srcdir}/tools/testcerts/pre2.txt fetchcertstore/00000005:fetchcertstore/00000006 || fail"Verification failed"
-python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed"
+python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed"
${top_srcdir}/tools/to_catlfish.py to_erl nodes/merge-2/ "init:stop()"
python ${top_srcdir}/tools/submitcert.py --parallel=1 --store ${top_srcdir}/tools/testcerts/cert6.txt --check-sct --sct-file=submittedcerts ${BASEURL} --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem || fail "Submission failed"
echo NOTE: merge backup should fail with 111 Connection refused
-${top_srcdir}/tools/merge_fetch.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed"
-${top_srcdir}/tools/merge_backup.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg && fail "Merge backup should have failed"
-${top_srcdir}/tools/merge_sth.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed"
-${top_srcdir}/tools/merge_dist.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed"
+${top_srcdir}/tools/merge_fetch.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed"
+${top_srcdir}/tools/merge_backup.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg && fail "Merge backup should have failed"
+${top_srcdir}/tools/merge_sth.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed"
+${top_srcdir}/tools/merge_dist.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed"
assert_equal "Tree size" "$(get_treesize)" 7
diff --git a/test/scripts/light-system-test-run-2.sh b/test/scripts/light-system-test-run-2.sh
index 4c8bbdb..bf80c97 100755
--- a/test/scripts/light-system-test-run-2.sh
+++ b/test/scripts/light-system-test-run-2.sh
@@ -11,4 +11,4 @@ python ${top_srcdir}/tools/verifysct.py --sct-file=submittedcerts --parallel 1 $
check_sth
-python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed"
+python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed"
diff --git a/test/scripts/light-system-test-run-5.sh b/test/scripts/light-system-test-run-5.sh
new file mode 100755
index 0000000..355e179
--- /dev/null
+++ b/test/scripts/light-system-test-run-5.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -o nounset
+set -o errexit
+
+top_srcdir=$(cd $(dirname $0)/../..; pwd)
+
+. ${top_srcdir}/test/scripts/testutils.sh
+
+${top_srcdir}/tools/genconfig.sh ${top_srcdir}/test/catlfish-test.cfg.in privatekeys keys/logkey.pem httpsca/demoCA/cacert.pem ${top_srcdir}/test/logadminkey-private.pem catlfish-test-generated.cfg
+
+for machine in ${MACHINES}; do \
+ ${top_srcdir}/tools/getconfig.sh machine/machine-${machine}/catlfish-test-local-${machine}.cfg machine/machine-${machine}/catlfish-test.cfg frontend-${machine}.plopcontrol
+done
+
+
+do_merge
+check_sth
+
+assert_equal "Tree size" "$(get_treesize)" 9
diff --git a/test/scripts/light-system-test.sh b/test/scripts/light-system-test.sh
index eee1078..961520d 100755
--- a/test/scripts/light-system-test.sh
+++ b/test/scripts/light-system-test.sh
@@ -67,5 +67,19 @@ echo
${SCRIPTS}/light-system-test-prepare-redistribute-frontend.sh
tests_start
${SCRIPTS}/light-system-test-run-4.sh || (echo "Tests failed"; sleep 5; tests_stop; false)
+
+echo
+echo
+echo
+echo
+echo Test 5
+echo
+echo
+echo
+echo
+echo
+
+
+${SCRIPTS}/light-system-test-run-5.sh || (echo "Tests failed"; sleep 5; tests_stop; false)
sleep 5
tests_stop
diff --git a/test/scripts/testutils.sh b/test/scripts/testutils.sh
index e779e07..2e9d6a1 100644
--- a/test/scripts/testutils.sh
+++ b/test/scripts/testutils.sh
@@ -10,7 +10,7 @@ assert_equal() {
}
get_treesize() {
- ${top_srcdir}/tools/loginfo.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/
+ ${top_srcdir}/tools/loginfo.py --localconfig machine/merge/catlfish-test-local-merge.cfg --treesize https://localhost:8080/
}
check_sth() {
@@ -18,5 +18,5 @@ check_sth() {
}
do_merge() {
- ${top_srcdir}/tools/merge --config ${top_srcdir}/test/catlfish-test.cfg --timing --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed"
+ ${top_srcdir}/tools/merge --config machine/merge/catlfish-test.cfg --timing --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed"
}
diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index b5e5053..28d01b0 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -365,6 +365,7 @@ def gen_config(nodename, config, localconfig):
(Symbol("allowed_clients"), list(allowed_clients)),
(Symbol("allowed_servers"), list(allowed_servers)),
(Symbol("apikeys"), apikeys),
+ (Symbol("version"), config["version"]),
]
erlangconfig = [
@@ -405,12 +406,21 @@ def gen_testmakefile(config, testmakefile, machines, shellvars=False):
configfile.close()
+def printnodenames(config):
+ frontendnodenames = set([node["name"] for node in config["frontendnodes"]])
+ storagenodenames = set([node["name"] for node in config["storagenodes"]])
+ signingnodenames = set([node["name"] for node in config["signingnodes"]])
+ mergenodenames = set([node["name"] for node in config["mergenodes"]])
+
+ print " ".join(frontendnodenames|storagenodenames|signingnodenames|mergenodenames)
+
def main():
parser = argparse.ArgumentParser(description="")
parser.add_argument('--config', help="System configuration", required=True)
parser.add_argument('--localconfig', help="Local configuration")
parser.add_argument("--testmakefile", metavar="file", help="Generate makefile variables for test")
parser.add_argument("--testshellvars", metavar="file", help="Generate shell variable file for test")
+ parser.add_argument("--getnodenames", action='store_true', help="Get list of node names")
parser.add_argument("--machines", type=int, metavar="n", help="Number of machines")
args = parser.parse_args()
@@ -420,6 +430,9 @@ def main():
elif args.testshellvars and args.machines:
config = readconfig.read_config(args.config)
gen_testmakefile(config, args.testshellvars, args.machines, shellvars=True)
+ elif args.getnodenames:
+ config = readconfig.read_config(args.config)
+ printnodenames(config)
elif args.localconfig:
localconfig = readconfig.read_config(args.localconfig)
config = readconfig.verify_and_read_config(args.config, localconfig["logadminkey"])
diff --git a/tools/genconfig.sh b/tools/genconfig.sh
new file mode 100755
index 0000000..89bcd85
--- /dev/null
+++ b/tools/genconfig.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# usage: genconfig.sh <template> <apikeydir> <logpublickeyfile> <cacertfile> <logadminkey> <destination>
+
+BINDIR=$(dirname $0)
+
+template=$1
+apikeydir=$2
+logpublickeyfile=$3
+cacertfile=$4
+logadminkey=$5
+destination=$6
+
+nodenames=$($BINDIR/compileconfig.py --config=${template} --getnodenames)
+
+cat ${template} > ${destination}
+
+echo "apikeys:" >> ${destination}
+
+for node in ${nodenames}; do \
+ apipk=$(grep -v '^-----' ${apikeydir}/${node}.pem | tr '\n' ' ')
+ echo " - nodename: ${node}" >> ${destination}
+ echo " publickey: ${apipk}" >> ${destination}
+done
+
+if [ -f ${destination}.version ]; then
+ oldversion=$(cat ${destination}.version)
+ version=$(expr $oldversion + 1)
+else
+ version=1
+fi
+
+echo ${version} > ${destination}.version
+
+cafingerprint=$(openssl x509 -in ${cacertfile} -noout -sha256 -fingerprint | sed -e 's/.*=//' -e 's/://g')
+
+logpk=$(grep -v '^-----' ${logpublickeyfile} | tr '\n' ' ')
+echo "logpublickey: ${logpk}" >> ${destination}
+echo "cafingerprint: ${cafingerprint}" >> ${destination}
+echo "version: ${version}" >> ${destination}
+
+openssl dgst -sha256 -sign ${logadminkey} -out ${destination}.sig ${destination}
+
diff --git a/tools/getconfig.py b/tools/getconfig.py
new file mode 100755
index 0000000..92cde1f
--- /dev/null
+++ b/tools/getconfig.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017, NORDUnet A/S.
+# See LICENSE for licensing information.
+
+import sys
+import argparse
+import readconfig
+from certtools import create_ssl_context, get_sth, mv_file
+import os
+import errno
+
+def get_file(configurl):
+ if configurl.startswith("https://") or configurl.startswith("http://"):
+ result = urlget(configurl)
+ result.raise_for_status()
+ return result
+ elif configurl.startswith("file:///"):
+ path = configurl[8:]
+ path = path.replace("CURRENTWORKINGDIRECTORY", os.getcwd())
+ return open(path).read()
+
+def write_file(fn, data):
+ tempname = fn + ".new"
+ open(tempname, 'w').write(data)
+ mv_file(tempname, fn)
+
+def get_config_version(filename, logadminkey):
+ try:
+ config = readconfig.verify_and_read_config(filename, logadminkey)
+ return config["version"]
+ except IOError, e:
+ if e.errno == errno.ENOENT:
+ return -1
+ raise e
+
+def main():
+ parser = argparse.ArgumentParser(description="")
+ parser.add_argument('--dest', help="Where to write the verified system configuration",
+ required=True)
+ parser.add_argument('--localconfig', help="Local configuration",
+ required=True)
+ args = parser.parse_args()
+
+ localconfig = readconfig.read_config(args.localconfig)
+
+ old_config_version = get_config_version(args.dest, localconfig["logadminkey"])
+
+ configurl = localconfig["configurl"]
+ unverified_config = get_file(configurl)
+ unverified_config_sig = get_file(configurl + ".sig")
+ new_config = readconfig.verify_config(unverified_config, unverified_config_sig, localconfig["logadminkey"], configurl)
+ verified_config = unverified_config
+ verified_config_sig = unverified_config_sig
+
+ new_config_version = new_config["version"]
+
+ if new_config_version > old_config_version:
+ write_file(args.dest, verified_config)
+ write_file(args.dest + ".sig", verified_config_sig)
+ print "newconfig"
+
+ elif new_config_version < old_config_version:
+ print >>sys.stderr, "The version of the configuration on the admin server is older than the version we have, refusing update"
+ sys.exit(1)
+
+main()
diff --git a/tools/getconfig.sh b/tools/getconfig.sh
new file mode 100755
index 0000000..f73cf1b
--- /dev/null
+++ b/tools/getconfig.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# usage: getconfig.sh <localconfig> <globalconfig> <plopcontrolfile>
+
+set -o nounset
+set -o errexit
+
+BINDIR=$(dirname $0)
+
+localconfig=$1
+globalconfig=$2
+plopcontrolfile=$3
+
+plopcontrolport=$(cat ${plopcontrolfile})
+configversion=$(echo "configversion" | nc 127.0.0.1 ${plopcontrolport})
+echo "version before reload: $configversion"
+getconfigresult=$(${BINDIR}/getconfig.py --localconfig ${localconfig} --dest ${globalconfig})
+if [ "$getconfigresult" == "newconfig" ]; then
+ ${BINDIR}/compileconfig.py --localconfig ${localconfig} --config ${globalconfig}
+ reloadresult=$(echo "reload" | nc 127.0.0.1 ${plopcontrolport})
+ echo $reloadresult
+ if [ "$reloadresult" != "reload completed" ]; then
+ exit 1
+ fi
+ configversion=$(echo "configversion" | nc 127.0.0.1 ${plopcontrolport})
+ echo "version after reload: $configversion"
+else
+ echo "reload not needed"
+fi
diff --git a/tools/loginfo.py b/tools/loginfo.py
index 1537c5e..c742b33 100755
--- a/tools/loginfo.py
+++ b/tools/loginfo.py
@@ -21,7 +21,6 @@ def main():
help="Print tree size")
parser.add_argument('--signature', action='store_true',
help="Print signature")
- parser.add_argument('--config', help="System configuration", required=True)
parser.add_argument('--localconfig', help="Local configuration",
required=True)
parser.add_argument('baseurl', help="Log base URL")
diff --git a/tools/readconfig.py b/tools/readconfig.py
index 5079691..69531ca 100644
--- a/tools/readconfig.py
+++ b/tools/readconfig.py
@@ -34,10 +34,7 @@ def errorhandlify(term, filename, path=[]):
print "unknown type", type(term)
sys.exit(1)
-def verify_and_read_config(filename, publickey_base64):
- rawconfig = open(filename).read()
- signature = open(filename + ".sig").read()
-
+def verify_config(rawconfig, signature, publickey_base64, filename):
publickey = base64.decodestring(publickey_base64)
try:
@@ -50,5 +47,13 @@ def verify_and_read_config(filename, publickey_base64):
return errorhandlify(yaml.load(io.BytesIO(rawconfig), yaml.SafeLoader), filename)
+def verify_and_read_config(filename, publickey_base64):
+ rawconfig = open(filename).read()
+ signature = open(filename + ".sig").read()
+
+ verify_config(rawconfig, signature, publickey_base64, filename)
+
+ return errorhandlify(yaml.load(io.BytesIO(rawconfig), yaml.SafeLoader), filename)
+
def read_config(filename):
return errorhandlify(yaml.load(open(filename), yaml.SafeLoader), filename)