diff options
-rw-r--r-- | test/catlfish-test-local-1.cfg | 5 | ||||
-rw-r--r-- | test/catlfish-test-local-merge-2.cfg | 2 | ||||
-rw-r--r-- | test/catlfish-test-local-merge.cfg | 2 | ||||
-rw-r--r-- | test/catlfish-test-local-signing.cfg | 2 | ||||
-rw-r--r-- | test/catlfish-test.cfg.in | 2 | ||||
-rwxr-xr-x | test/scripts/light-system-test-prepare-redistribute-frontend.sh | 1 | ||||
-rwxr-xr-x | test/scripts/light-system-test-prepare.sh | 30 | ||||
-rwxr-xr-x | test/scripts/light-system-test-run-1.sh | 16 | ||||
-rwxr-xr-x | test/scripts/light-system-test-run-2.sh | 2 | ||||
-rwxr-xr-x | test/scripts/light-system-test-run-5.sh | 20 | ||||
-rwxr-xr-x | test/scripts/light-system-test.sh | 14 | ||||
-rw-r--r-- | test/scripts/testutils.sh | 4 | ||||
-rwxr-xr-x | tools/compileconfig.py | 13 | ||||
-rwxr-xr-x | tools/genconfig.sh | 43 | ||||
-rwxr-xr-x | tools/getconfig.py | 68 | ||||
-rwxr-xr-x | tools/getconfig.sh | 29 | ||||
-rwxr-xr-x | tools/loginfo.py | 1 | ||||
-rw-r--r-- | tools/readconfig.py | 13 |
18 files changed, 234 insertions, 33 deletions
diff --git a/test/catlfish-test-local-1.cfg b/test/catlfish-test-local-1.cfg index 1795649..21f8c17 100644 --- a/test/catlfish-test-local-1.cfg +++ b/test/catlfish-test-local-1.cfg @@ -1,6 +1,5 @@ localnodes: - frontend-1 - - storage-1 frontendaddresses: frontend-1: 127.0.0.1:8082 @@ -9,7 +8,7 @@ ctapiaddresses: frontend-1: 127.0.0.1:8080 storageaddresses: - storage-1: 127.0.0.1:8081 + frontend-1: 127.0.0.1:8081 #publichttpaddresses: @@ -34,5 +33,7 @@ logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+ 0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ== +configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg + #options: # - sctcaching diff --git a/test/catlfish-test-local-merge-2.cfg b/test/catlfish-test-local-merge-2.cfg index b871313..e2baa01 100644 --- a/test/catlfish-test-local-merge-2.cfg +++ b/test/catlfish-test-local-merge-2.cfg @@ -22,3 +22,5 @@ paths: logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+ 0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ== + +configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg diff --git a/test/catlfish-test-local-merge.cfg b/test/catlfish-test-local-merge.cfg index 3b4d45f..89db886 100644 --- a/test/catlfish-test-local-merge.cfg +++ b/test/catlfish-test-local-merge.cfg @@ -12,3 +12,5 @@ paths: logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+ 0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ== + +configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg diff --git a/test/catlfish-test-local-signing.cfg b/test/catlfish-test-local-signing.cfg index df91bcd..0eccc94 100644 --- a/test/catlfish-test-local-signing.cfg +++ b/test/catlfish-test-local-signing.cfg @@ -23,3 +23,5 @@ paths: logadminkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ Ah9sZ2CD+JeLbprS6AFcZbo0TGCH0rtEnr2Q3JW0ylhfA+ 0/WLu755b3soVX/wI23vqCVGC7N9fOB2WUltveQ== + +configurl: file:///CURRENTWORKINGDIRECTORY/catlfish-test-generated.cfg diff --git a/test/catlfish-test.cfg.in b/test/catlfish-test.cfg.in index 39288c7..86ba3be 100644 --- a/test/catlfish-test.cfg.in +++ b/test/catlfish-test.cfg.in @@ -6,7 +6,7 @@ frontendnodes: address: localhost:8082 storagenodes: - - name: storage-1 + - name: frontend-1 address: localhost:8081 signingnodes: diff --git a/test/scripts/light-system-test-prepare-redistribute-frontend.sh b/test/scripts/light-system-test-prepare-redistribute-frontend.sh index cba93d4..7141ba5 100755 --- a/test/scripts/light-system-test-prepare-redistribute-frontend.sh +++ b/test/scripts/light-system-test-prepare-redistribute-frontend.sh @@ -11,3 +11,4 @@ mv machine/machine-1 machine/machine-1-down mkdir -p machine/machine-1/db touch machine/machine-1/db/index touch machine/machine-1/db/newentries +cp machine/machine-1-down/{catlfish-test-local-1.cfg,catlfish-test.cfg,catlfish-test.cfg.sig} machine/machine-1/ diff --git a/test/scripts/light-system-test-prepare.sh b/test/scripts/light-system-test-prepare.sh index 84b06cd..847edd0 100755 --- a/test/scripts/light-system-test-prepare.sh +++ b/test/scripts/light-system-test-prepare.sh @@ -38,7 +38,6 @@ createcert () { createca createcert -cafingerprint=$(openssl x509 -in httpsca/demoCA/cacert.pem -noout -sha256 -fingerprint | sed -e 's/.*=//' -e 's/://g') mkdir keys (cd keys ; ${top_srcdir}/tools/create-key.sh logkey) openssl pkcs8 -topk8 -nocrypt -in keys/logkey-private.pem -out keys/logkey-private.pkcs8 @@ -50,28 +49,31 @@ printf 0 > mergedb-secondary/verifiedsize mkdir known_roots cp ${top_srcdir}/tools/testcerts/roots/* known_roots mkdir privatekeys -echo "apikeys:" > api-keys.cfg + for node in ${NODES}; do \ (cd privatekeys ; ${top_srcdir}/tools/create-key.sh ${node}) - apipk=$(grep -v '^-----' privatekeys/${node}.pem | tr '\n' ' ') mkdir -p nodes/${node}/log - echo " - nodename: ${node}" >> api-keys.cfg - echo " publickey: ${apipk}" >> api-keys.cfg done -logpk=$(grep -v '^-----' keys/logkey.pem | tr '\n' ' ') -echo "logpublickey: ${logpk}" >> api-keys.cfg -echo "cafingerprint: ${cafingerprint}" >> api-keys.cfg - +${top_srcdir}/tools/genconfig.sh ${top_srcdir}/test/catlfish-test.cfg.in privatekeys keys/logkey.pem httpsca/demoCA/cacert.pem ${top_srcdir}/test/logadminkey-private.pem catlfish-test-generated.cfg -cat ${top_srcdir}/test/catlfish-test.cfg.in api-keys.cfg > ${top_srcdir}/test/catlfish-test.cfg -openssl dgst -sha256 -sign ${top_srcdir}/test/logadminkey-private.pem -out ${top_srcdir}/test/catlfish-test.cfg.sig ${top_srcdir}/test/catlfish-test.cfg for machine in ${MACHINES}; do \ - ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-${machine}.cfg mkdir -p machine/machine-${machine}/db + cp ${top_srcdir}/test/catlfish-test-local-${machine}.cfg machine/machine-${machine}/ + ${top_srcdir}/tools/getconfig.py --localconfig machine/machine-${machine}/catlfish-test-local-${machine}.cfg --dest machine/machine-${machine}/catlfish-test.cfg + ${top_srcdir}/tools/compileconfig.py --config machine/machine-${machine}/catlfish-test.cfg --localconfig machine/machine-${machine}/catlfish-test-local-${machine}.cfg touch machine/machine-${machine}/db/index && touch machine/machine-${machine}/db/newentries done -${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge-2.cfg -${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-signing.cfg +mkdir -p machine/merge +cp ${top_srcdir}/test/catlfish-test-local-merge.cfg machine/merge/ +${top_srcdir}/tools/getconfig.py --localconfig machine/merge/catlfish-test-local-merge.cfg --dest machine/merge/catlfish-test.cfg +mkdir -p machine/merge-2 +cp ${top_srcdir}/test/catlfish-test-local-merge-2.cfg machine/merge-2/ +${top_srcdir}/tools/getconfig.py --localconfig machine/merge-2/catlfish-test-local-merge-2.cfg --dest machine/merge-2/catlfish-test.cfg +${top_srcdir}/tools/compileconfig.py --config machine/merge-2/catlfish-test.cfg --localconfig machine/merge-2/catlfish-test-local-merge-2.cfg +mkdir -p machine/signing +cp ${top_srcdir}/test/catlfish-test-local-signing.cfg machine/signing/ +${top_srcdir}/tools/getconfig.py --localconfig machine/signing/catlfish-test-local-signing.cfg --dest machine/signing/catlfish-test.cfg +${top_srcdir}/tools/compileconfig.py --config machine/signing/catlfish-test.cfg --localconfig machine/signing/catlfish-test-local-signing.cfg test -x ${SOFTHSM} && ${SOFTHSM} --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff || true test -x ${SOFTHSM} && ${SOFTHSM} --import keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00 || true diff --git a/test/scripts/light-system-test-run-1.sh b/test/scripts/light-system-test-run-1.sh index 3b6266e..1ad56a8 100755 --- a/test/scripts/light-system-test-run-1.sh +++ b/test/scripts/light-system-test-run-1.sh @@ -7,14 +7,14 @@ top_srcdir=$(cd $(dirname $0)/../..; pwd) . ${top_srcdir}/test/scripts/testutils.sh -python ${top_srcdir}/tools/testcase1.py https://localhost:8080/ keys/logkey.pem httpsca/demoCA/cacert.pem ${top_srcdir}/test || fail "Tests failed" +python ${top_srcdir}/tools/testcase1.py https://localhost:8080/ keys/logkey.pem httpsca/demoCA/cacert.pem machine/merge || fail "Tests failed" check_sth python ${top_srcdir}/tools/fetchallcerts.py ${BASEURL} --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem || fail "Verification failed" -python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed" +python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed" for certfile in ${top_srcdir}/tools/testcerts/cert[1-5].txt ${top_srcdir}/tools/testcerts/pre[12].txt; do python ${top_srcdir}/tools/submitcert.py --parallel=1 --store $certfile --check-sct --sct-file=submittedcerts ${BASEURL} --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem || fail "Submission failed" done -python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed" +python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed" do_merge check_sth @@ -30,16 +30,16 @@ python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/cert3.tx python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/cert4.txt fetchcertstore/00000003 || fail "Verification failed" python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/cert5.txt fetchcertstore/00000004 || fail "Verification failed" python ${top_srcdir}/tools/comparecert.py ${top_srcdir}/tools/testcerts/pre1.txt:${top_srcdir}/tools/testcerts/pre2.txt fetchcertstore/00000005:fetchcertstore/00000006 || fail"Verification failed" -python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed" +python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed" ${top_srcdir}/tools/to_catlfish.py to_erl nodes/merge-2/ "init:stop()" python ${top_srcdir}/tools/submitcert.py --parallel=1 --store ${top_srcdir}/tools/testcerts/cert6.txt --check-sct --sct-file=submittedcerts ${BASEURL} --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem || fail "Submission failed" echo NOTE: merge backup should fail with 111 Connection refused -${top_srcdir}/tools/merge_fetch.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed" -${top_srcdir}/tools/merge_backup.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg && fail "Merge backup should have failed" -${top_srcdir}/tools/merge_sth.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed" -${top_srcdir}/tools/merge_dist.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed" +${top_srcdir}/tools/merge_fetch.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed" +${top_srcdir}/tools/merge_backup.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg && fail "Merge backup should have failed" +${top_srcdir}/tools/merge_sth.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed" +${top_srcdir}/tools/merge_dist.py --config machine/merge/catlfish-test.cfg --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed" assert_equal "Tree size" "$(get_treesize)" 7 diff --git a/test/scripts/light-system-test-run-2.sh b/test/scripts/light-system-test-run-2.sh index 4c8bbdb..bf80c97 100755 --- a/test/scripts/light-system-test-run-2.sh +++ b/test/scripts/light-system-test-run-2.sh @@ -11,4 +11,4 @@ python ${top_srcdir}/tools/verifysct.py --sct-file=submittedcerts --parallel 1 $ check_sth -python ${top_srcdir}/tools/storagegc.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-1.cfg || fail "GC failed" +python ${top_srcdir}/tools/storagegc.py --config machine/machine-1/catlfish-test.cfg --localconfig machine/machine-1/catlfish-test-local-1.cfg || fail "GC failed" diff --git a/test/scripts/light-system-test-run-5.sh b/test/scripts/light-system-test-run-5.sh new file mode 100755 index 0000000..355e179 --- /dev/null +++ b/test/scripts/light-system-test-run-5.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +set -o nounset +set -o errexit + +top_srcdir=$(cd $(dirname $0)/../..; pwd) + +. ${top_srcdir}/test/scripts/testutils.sh + +${top_srcdir}/tools/genconfig.sh ${top_srcdir}/test/catlfish-test.cfg.in privatekeys keys/logkey.pem httpsca/demoCA/cacert.pem ${top_srcdir}/test/logadminkey-private.pem catlfish-test-generated.cfg + +for machine in ${MACHINES}; do \ + ${top_srcdir}/tools/getconfig.sh machine/machine-${machine}/catlfish-test-local-${machine}.cfg machine/machine-${machine}/catlfish-test.cfg frontend-${machine}.plopcontrol +done + + +do_merge +check_sth + +assert_equal "Tree size" "$(get_treesize)" 9 diff --git a/test/scripts/light-system-test.sh b/test/scripts/light-system-test.sh index eee1078..961520d 100755 --- a/test/scripts/light-system-test.sh +++ b/test/scripts/light-system-test.sh @@ -67,5 +67,19 @@ echo ${SCRIPTS}/light-system-test-prepare-redistribute-frontend.sh tests_start ${SCRIPTS}/light-system-test-run-4.sh || (echo "Tests failed"; sleep 5; tests_stop; false) + +echo +echo +echo +echo +echo Test 5 +echo +echo +echo +echo +echo + + +${SCRIPTS}/light-system-test-run-5.sh || (echo "Tests failed"; sleep 5; tests_stop; false) sleep 5 tests_stop diff --git a/test/scripts/testutils.sh b/test/scripts/testutils.sh index e779e07..2e9d6a1 100644 --- a/test/scripts/testutils.sh +++ b/test/scripts/testutils.sh @@ -10,7 +10,7 @@ assert_equal() { } get_treesize() { - ${top_srcdir}/tools/loginfo.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/ + ${top_srcdir}/tools/loginfo.py --localconfig machine/merge/catlfish-test-local-merge.cfg --treesize https://localhost:8080/ } check_sth() { @@ -18,5 +18,5 @@ check_sth() { } do_merge() { - ${top_srcdir}/tools/merge --config ${top_srcdir}/test/catlfish-test.cfg --timing --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed" + ${top_srcdir}/tools/merge --config machine/merge/catlfish-test.cfg --timing --localconfig machine/merge/catlfish-test-local-merge.cfg || fail "Merge failed" } diff --git a/tools/compileconfig.py b/tools/compileconfig.py index b5e5053..28d01b0 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -365,6 +365,7 @@ def gen_config(nodename, config, localconfig): (Symbol("allowed_clients"), list(allowed_clients)), (Symbol("allowed_servers"), list(allowed_servers)), (Symbol("apikeys"), apikeys), + (Symbol("version"), config["version"]), ] erlangconfig = [ @@ -405,12 +406,21 @@ def gen_testmakefile(config, testmakefile, machines, shellvars=False): configfile.close() +def printnodenames(config): + frontendnodenames = set([node["name"] for node in config["frontendnodes"]]) + storagenodenames = set([node["name"] for node in config["storagenodes"]]) + signingnodenames = set([node["name"] for node in config["signingnodes"]]) + mergenodenames = set([node["name"] for node in config["mergenodes"]]) + + print " ".join(frontendnodenames|storagenodenames|signingnodenames|mergenodenames) + def main(): parser = argparse.ArgumentParser(description="") parser.add_argument('--config', help="System configuration", required=True) parser.add_argument('--localconfig', help="Local configuration") parser.add_argument("--testmakefile", metavar="file", help="Generate makefile variables for test") parser.add_argument("--testshellvars", metavar="file", help="Generate shell variable file for test") + parser.add_argument("--getnodenames", action='store_true', help="Get list of node names") parser.add_argument("--machines", type=int, metavar="n", help="Number of machines") args = parser.parse_args() @@ -420,6 +430,9 @@ def main(): elif args.testshellvars and args.machines: config = readconfig.read_config(args.config) gen_testmakefile(config, args.testshellvars, args.machines, shellvars=True) + elif args.getnodenames: + config = readconfig.read_config(args.config) + printnodenames(config) elif args.localconfig: localconfig = readconfig.read_config(args.localconfig) config = readconfig.verify_and_read_config(args.config, localconfig["logadminkey"]) diff --git a/tools/genconfig.sh b/tools/genconfig.sh new file mode 100755 index 0000000..89bcd85 --- /dev/null +++ b/tools/genconfig.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# usage: genconfig.sh <template> <apikeydir> <logpublickeyfile> <cacertfile> <logadminkey> <destination> + +BINDIR=$(dirname $0) + +template=$1 +apikeydir=$2 +logpublickeyfile=$3 +cacertfile=$4 +logadminkey=$5 +destination=$6 + +nodenames=$($BINDIR/compileconfig.py --config=${template} --getnodenames) + +cat ${template} > ${destination} + +echo "apikeys:" >> ${destination} + +for node in ${nodenames}; do \ + apipk=$(grep -v '^-----' ${apikeydir}/${node}.pem | tr '\n' ' ') + echo " - nodename: ${node}" >> ${destination} + echo " publickey: ${apipk}" >> ${destination} +done + +if [ -f ${destination}.version ]; then + oldversion=$(cat ${destination}.version) + version=$(expr $oldversion + 1) +else + version=1 +fi + +echo ${version} > ${destination}.version + +cafingerprint=$(openssl x509 -in ${cacertfile} -noout -sha256 -fingerprint | sed -e 's/.*=//' -e 's/://g') + +logpk=$(grep -v '^-----' ${logpublickeyfile} | tr '\n' ' ') +echo "logpublickey: ${logpk}" >> ${destination} +echo "cafingerprint: ${cafingerprint}" >> ${destination} +echo "version: ${version}" >> ${destination} + +openssl dgst -sha256 -sign ${logadminkey} -out ${destination}.sig ${destination} + diff --git a/tools/getconfig.py b/tools/getconfig.py new file mode 100755 index 0000000..92cde1f --- /dev/null +++ b/tools/getconfig.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017, NORDUnet A/S. +# See LICENSE for licensing information. + +import sys +import argparse +import readconfig +from certtools import create_ssl_context, get_sth, mv_file +import os +import errno + +def get_file(configurl): + if configurl.startswith("https://") or configurl.startswith("http://"): + result = urlget(configurl) + result.raise_for_status() + return result + elif configurl.startswith("file:///"): + path = configurl[8:] + path = path.replace("CURRENTWORKINGDIRECTORY", os.getcwd()) + return open(path).read() + +def write_file(fn, data): + tempname = fn + ".new" + open(tempname, 'w').write(data) + mv_file(tempname, fn) + +def get_config_version(filename, logadminkey): + try: + config = readconfig.verify_and_read_config(filename, logadminkey) + return config["version"] + except IOError, e: + if e.errno == errno.ENOENT: + return -1 + raise e + +def main(): + parser = argparse.ArgumentParser(description="") + parser.add_argument('--dest', help="Where to write the verified system configuration", + required=True) + parser.add_argument('--localconfig', help="Local configuration", + required=True) + args = parser.parse_args() + + localconfig = readconfig.read_config(args.localconfig) + + old_config_version = get_config_version(args.dest, localconfig["logadminkey"]) + + configurl = localconfig["configurl"] + unverified_config = get_file(configurl) + unverified_config_sig = get_file(configurl + ".sig") + new_config = readconfig.verify_config(unverified_config, unverified_config_sig, localconfig["logadminkey"], configurl) + verified_config = unverified_config + verified_config_sig = unverified_config_sig + + new_config_version = new_config["version"] + + if new_config_version > old_config_version: + write_file(args.dest, verified_config) + write_file(args.dest + ".sig", verified_config_sig) + print "newconfig" + + elif new_config_version < old_config_version: + print >>sys.stderr, "The version of the configuration on the admin server is older than the version we have, refusing update" + sys.exit(1) + +main() diff --git a/tools/getconfig.sh b/tools/getconfig.sh new file mode 100755 index 0000000..f73cf1b --- /dev/null +++ b/tools/getconfig.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# usage: getconfig.sh <localconfig> <globalconfig> <plopcontrolfile> + +set -o nounset +set -o errexit + +BINDIR=$(dirname $0) + +localconfig=$1 +globalconfig=$2 +plopcontrolfile=$3 + +plopcontrolport=$(cat ${plopcontrolfile}) +configversion=$(echo "configversion" | nc 127.0.0.1 ${plopcontrolport}) +echo "version before reload: $configversion" +getconfigresult=$(${BINDIR}/getconfig.py --localconfig ${localconfig} --dest ${globalconfig}) +if [ "$getconfigresult" == "newconfig" ]; then + ${BINDIR}/compileconfig.py --localconfig ${localconfig} --config ${globalconfig} + reloadresult=$(echo "reload" | nc 127.0.0.1 ${plopcontrolport}) + echo $reloadresult + if [ "$reloadresult" != "reload completed" ]; then + exit 1 + fi + configversion=$(echo "configversion" | nc 127.0.0.1 ${plopcontrolport}) + echo "version after reload: $configversion" +else + echo "reload not needed" +fi diff --git a/tools/loginfo.py b/tools/loginfo.py index 1537c5e..c742b33 100755 --- a/tools/loginfo.py +++ b/tools/loginfo.py @@ -21,7 +21,6 @@ def main(): help="Print tree size") parser.add_argument('--signature', action='store_true', help="Print signature") - parser.add_argument('--config', help="System configuration", required=True) parser.add_argument('--localconfig', help="Local configuration", required=True) parser.add_argument('baseurl', help="Log base URL") diff --git a/tools/readconfig.py b/tools/readconfig.py index 5079691..69531ca 100644 --- a/tools/readconfig.py +++ b/tools/readconfig.py @@ -34,10 +34,7 @@ def errorhandlify(term, filename, path=[]): print "unknown type", type(term) sys.exit(1) -def verify_and_read_config(filename, publickey_base64): - rawconfig = open(filename).read() - signature = open(filename + ".sig").read() - +def verify_config(rawconfig, signature, publickey_base64, filename): publickey = base64.decodestring(publickey_base64) try: @@ -50,5 +47,13 @@ def verify_and_read_config(filename, publickey_base64): return errorhandlify(yaml.load(io.BytesIO(rawconfig), yaml.SafeLoader), filename) +def verify_and_read_config(filename, publickey_base64): + rawconfig = open(filename).read() + signature = open(filename + ".sig").read() + + verify_config(rawconfig, signature, publickey_base64, filename) + + return errorhandlify(yaml.load(io.BytesIO(rawconfig), yaml.SafeLoader), filename) + def read_config(filename): return errorhandlify(yaml.load(open(filename), yaml.SafeLoader), filename) |