====== NervProj Task list ======
==== 12/03/2023 ====
* ✅ Add support to parse tool paths in script commands such as: openssl:
notify: false
cmd: $[TOOL_PATH:openssl]
linux_env_vars:
LD_LIBRARY_PATH: $[TOOL_DIR:openssl]/lib64
* So added this processing code in ''runner.fill_placeholders()'' method: def fill_placeholders(self, content, hlocs):
"""Re-implementation of fill_placeholders to handle processing of tool paths"""
content = super().fill_placeholders(content, hlocs)
# Also find if we have any mention of a tool path or tool dir in there:
pat = re.compile(r"\$\[([^:]+):([a-z]+)\]")
tools = self.get_component("tools")
match = pat.search(content)
while match is not None:
# Get the source match:
match_str = match.group(0)
# get the request type:
req_type = match.group(1)
# Get the tool name:
tool_name = match.group(2)
# Compute the replacement:
match req_type:
case "TOOL_PATH":
replacement = tools.get_tool_path(tool_name)
case "TOOL_DIR":
replacement = tools.get_tool_dir(tool_name)
case "TOOL_ROOT_DIR":
replacement = tools.get_tool_root_dir(tool_name)
case _:
self.throw("Invalid replacement request type: %s", req_type)
# Replace in the string:
logger.info("Replacing '%s' with '%s'", match_str, replacement)
content = content.replace(match_str, replacement)
match = pat.search(content)
return content
* But then we also need to find the correct folder for openssl, which is not really a tool but rather an compiled library in our case. So I updated the ''setup_tools'' function to also support checking tools from libraries: # First we check if this could maybe match an installable library:
bman = self.get_component("builder")
ldesc = bman.get_library_desc(tname)
if ldesc is not None and ldesc["version"] == desc["version"]:
# We want to use this library to provide the tool:
bman.check_libraries([tname])
install_path = bman.get_library_root_dir(tname)
tpath = self.get_path(install_path, desc["sub_path"])
else:
full_name = f"{tname}-{desc['version']}"
install_path = self.get_path(self.tools_dir, full_name)
tpath = self.get_path(install_path, desc["sub_path"])
if not self.file_exists(tpath):
if "build_mode" in desc:
# This tool should be built from sources:
self.build_tool(full_name, desc)
else:
# retrieve the most appropriate source package for that tool:
pkg_file = self.retrieve_tool_package(desc)
# Extract the package:
self.extract_package(pkg_file, self.tools_dir, target_dir=full_name)
# CHeck if we have a post install command:
fname = f"_post_install_{desc['name']}_{self.platform}"
postinst = self.get_method(fname.lower())
if postinst is not None:
logger.info("Running post install for %s...", full_name)
postinst(install_path, desc)
# Remove the source package:
# self.remove_file(pkg_file)
* ✅ Add support to generate openssl certificates:
* To generate a root certificate: nvp gen-cert rootA rootA.cnf
* To generate a non-root certificate: nvp gen-cert clientA clientA.cnf -r rootA
* Using the ''admin.generate_certificate()'' method def generate_certificate(self, cname, cfgfile, root_cert):
"""Generate an SSL certificate"""
tools = self.get_component("tools")
openssl = tools.get_tool_path("openssl")
if root_cert is None:
# Generate a root certificate:
# openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
# openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
# openssl x509 -subject -issuer -noout -in rootA.pem
cmd1 = f"req -newkey rsa:2048 -sha256 -keyout {cname}_key.pem -out {cname}_req.pem -nodes -config ./{cfgfile} -batch"
cmd2 = f"x509 -req -in {cname}_req.pem -sha256 -extfile ./{cfgfile} -extensions v3_ca -signkey {cname}_key.pem -out {cname}.pem -days 365"
cmd3 = f"x509 -subject -issuer -noout -in {cname}.pem"
else:
# Generate a non-root certificate:
# openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
# openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
# copy clientAcert.pem + rootA.pem clientA.pem
# openssl x509 -subject -issuer -noout -in clientA.pem
# cmd1 = "req -newkey rsa:1024 -sha1 -keyout {cname}_key.pem -out {cname}_req.pem -nodes -config {cfgfile} -batch"
cmd1 = f"req -newkey rsa:2048 -sha256 -keyout {cname}_key.pem -out {cname}_req.pem -nodes -config {cfgfile} -batch"
cmd2 = f"x509 -req -in {cname}_req.pem -sha1 -extfile {cfgfile} -extensions usr_cert -CA {root_cert}.pem -CAkey {root_cert}_key.pem -CAcreateserial -out {cname}_cert.pem -days 365"
# copy {cname}_cert.pem + {root_cert}.pem {cname}.pem
cmd3 = f"x509 -subject -issuer -noout -in {cname}.pem"
cwd = self.get_cwd()
logger.info("CWD: %s", cwd)
self.execute([openssl] + cmd1.split(), cwd=cwd)
self.execute([openssl] + cmd2.split(), cwd=cwd)
if root_cert is not None:
# Combine the certificates:
content1 = self.read_text_file(f"{cname}_cert.pem")
content2 = self.read_text_file(f"{root_cert}.pem")
self.write_text_file(content1 + content2, f"{cname}.pem")
self.execute([openssl] + cmd3.split(), cwd=cwd)
===== TODO =====
* Add support to execute multiple commands in a single script (?)