NervProj Task list
12/03/2023
- ✅ Add support to parse tool paths in script commands such as:
openssl: notify: false cmd: $[TOOL_PATH:openssl] linux_env_vars: LD_LIBRARY_PATH: $[TOOL_DIR:openssl]/lib64- So added this processing code in
runner.fill_placeholders()method:def fill_placeholders(self, content, hlocs): """Re-implementation of fill_placeholders to handle processing of tool paths""" content = super().fill_placeholders(content, hlocs) # Also find if we have any mention of a tool path or tool dir in there: pat = re.compile(r"\$\[([^:]+):([a-z]+)\]") tools = self.get_component("tools") match = pat.search(content) while match is not None: # Get the source match: match_str = match.group(0) # get the request type: req_type = match.group(1) # Get the tool name: tool_name = match.group(2) # Compute the replacement: match req_type: case "TOOL_PATH": replacement = tools.get_tool_path(tool_name) case "TOOL_DIR": replacement = tools.get_tool_dir(tool_name) case "TOOL_ROOT_DIR": replacement = tools.get_tool_root_dir(tool_name) case _: self.throw("Invalid replacement request type: %s", req_type) # Replace in the string: logger.info("Replacing '%s' with '%s'", match_str, replacement) content = content.replace(match_str, replacement) match = pat.search(content) return content - But then we also need to find the correct folder for openssl, which is not really a tool but rather an compiled library in our case. So I updated the
setup_toolsfunction to also support checking tools from libraries:# First we check if this could maybe match an installable library: bman = self.get_component("builder") ldesc = bman.get_library_desc(tname) if ldesc is not None and ldesc["version"] == desc["version"]: # We want to use this library to provide the tool: bman.check_libraries([tname]) install_path = bman.get_library_root_dir(tname) tpath = self.get_path(install_path, desc["sub_path"]) else: full_name = f"{tname}-{desc['version']}" install_path = self.get_path(self.tools_dir, full_name) tpath = self.get_path(install_path, desc["sub_path"]) if not self.file_exists(tpath): if "build_mode" in desc: # This tool should be built from sources: self.build_tool(full_name, desc) else: # retrieve the most appropriate source package for that tool: pkg_file = self.retrieve_tool_package(desc) # Extract the package: self.extract_package(pkg_file, self.tools_dir, target_dir=full_name) # CHeck if we have a post install command: fname = f"_post_install_{desc['name']}_{self.platform}" postinst = self.get_method(fname.lower()) if postinst is not None: logger.info("Running post install for %s...", full_name) postinst(install_path, desc) # Remove the source package: # self.remove_file(pkg_file)
- ✅ Add support to generate openssl certificates:
- To generate a root certificate:
nvp gen-cert rootA rootA.cnf
- To generate a non-root certificate:
nvp gen-cert clientA clientA.cnf -r rootA
- Using the
admin.generate_certificate()methoddef generate_certificate(self, cname, cfgfile, root_cert): """Generate an SSL certificate""" tools = self.get_component("tools") openssl = tools.get_tool_path("openssl") if root_cert is None: # Generate a root certificate: # openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch # openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365 # openssl x509 -subject -issuer -noout -in rootA.pem cmd1 = f"req -newkey rsa:2048 -sha256 -keyout {cname}_key.pem -out {cname}_req.pem -nodes -config ./{cfgfile} -batch" cmd2 = f"x509 -req -in {cname}_req.pem -sha256 -extfile ./{cfgfile} -extensions v3_ca -signkey {cname}_key.pem -out {cname}.pem -days 365" cmd3 = f"x509 -subject -issuer -noout -in {cname}.pem" else: # Generate a non-root certificate: # openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch # openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365 # copy clientAcert.pem + rootA.pem clientA.pem # openssl x509 -subject -issuer -noout -in clientA.pem # cmd1 = "req -newkey rsa:1024 -sha1 -keyout {cname}_key.pem -out {cname}_req.pem -nodes -config {cfgfile} -batch" cmd1 = f"req -newkey rsa:2048 -sha256 -keyout {cname}_key.pem -out {cname}_req.pem -nodes -config {cfgfile} -batch" cmd2 = f"x509 -req -in {cname}_req.pem -sha1 -extfile {cfgfile} -extensions usr_cert -CA {root_cert}.pem -CAkey {root_cert}_key.pem -CAcreateserial -out {cname}_cert.pem -days 365" # copy {cname}_cert.pem + {root_cert}.pem {cname}.pem cmd3 = f"x509 -subject -issuer -noout -in {cname}.pem" cwd = self.get_cwd() logger.info("CWD: %s", cwd) self.execute([openssl] + cmd1.split(), cwd=cwd) self.execute([openssl] + cmd2.split(), cwd=cwd) if root_cert is not None: # Combine the certificates: content1 = self.read_text_file(f"{cname}_cert.pem") content2 = self.read_text_file(f"{root_cert}.pem") self.write_text_file(content1 + content2, f"{cname}.pem") self.execute([openssl] + cmd3.split(), cwd=cwd)
TODO
* Add support to execute multiple commands in a single script (?)