Plugins » Katello

Make it possible to run `katello-ssl-tool` concurrently for different hosts

The use of a postrun script file in a "shared" location made it impossible before this fix.

```
Traceback (most recent call last):
File "/bin/katello-ssl-tool", line 11, in <module>...

cleanup

ensure glibc-langpack-en is present

install docbook-utils from powertools on EL8

make test.sh work on EL9

stop testing on centos 7, start testing on centos stream 9

drop Python 2.7 from tests, add 3.9

2.7 was EL7 which we do not support anymore
3.9 is EL9

Fixes #34604 - Revert "Revert "Switch from genrsa to genpkey""

This reverts commit e17529ebfc0590ff6140ab33bc19f67b95e8cbaa.

genrsa is deprecated and genpkey is the replacement. Additionally,
FIPS enablement enforces this.

Bump version to 2.9.0

Revert "Switch from genrsa to genpkey"

This reverts commit 363f0e118c2b4b672f1ae8bcd3a08f0d0a0c72e5.

I left the CRYPTO change in sslToolConfig.py in, as it doesn't seem to
break anything.

Remove trivial unused test functions

Rewrite RPM version comparison code

Release 2.8.1

drop checksum_type

nothing seems to use it since the original import of the code in
996da43f313ad4b500c104a8bbacb85324e4fc27

use latest centos containers from quay

don't fail decoding data from RPM

some versions of the RPM bindings will return strings, some bytes, some
unicode… And only some of these know decode().
So let's just catch that AttributeError and assume there is nothing to
decode if it's raised.

Fixes running certs tools on EL 8.5+ which got a "fixed" RPM....

Switch from genrsa to genpkey

The openssl genrsa command is deprecated and does not work in all cases,
for example genrsa does not work on FIPS enabled EL8 hosts. This
switches to using genpkey and aes256 for crypto rather than the
deprecated des3.

Do not set the RPM digest algorithm

Hard coding the RPM digest alogrithm used can lead to RPMs that
do not work on some platforms like a FIPS enabled EL8 system. This
drops the parameter and lets the system dictate the values. This
change originally existed to support EL5 systems that needed the...

Release 2.8.0

Do not generate certificates in text format

Prior to this change certificates were generated in text format
which means they included as a header the x509 metadata information
rather than just the PEM encoded certificate. For some applications
this text based format can break them. In other cases, such as...

Remove unused exception

Remove unused getTarballFilename function

e2d3a1db9bbbaffcec447b2006091aee2c372160 removed the last caller of this
function.

Remove incSerial

This method effectively does int(hex(n), 16) + 1 with additional
safeguards. However, since n is already an int, it's entirely redundant
and it can be simplified to n = n + 1.

Release 2.7.3

don't use eval() to convert hex strings to integers

Bump version to 2.7.2

add a bad-serial test

generate correct serials on Python 3

fixSerial is supposed to make the serial have an even number of digits.

On Python2 dividing by an integer yields a different result than a
float:

>>> 5/2.0
    2.5
    >>> 5/2
    2

But the same does not hold true for Python3:...

Bump version to 2.7.1

Bump version to 2.6.2

Add README

Switch to Github Actions

Close file descriptors when possible

Remove unused functions

Drop unique and setIntersection functions

Fixes #15932 - Stricter check on file globs

When creating a certificate named foreman-proxy-client and then one for
foreman-proxy meant that the glob would match the client. This meant it
created foreman-proxy-client-1.0-1 and then foreman-proxy-1.0-2 even...

Drop katello-sudo-ssl-tool wrapper

Implement katello-ssl-tool via console_scripts

Remove checksum.py by checking file contents

There isn't really a difference between reading contents and comparing
versus reading the contents and comparing their hashes. This avoids
using the md5 hashing algorithm.

Simplify value assignment

Fixes #29724 - Increase cert bits to 4096

Bump version to 2.6.1

Ensure to decode err stream as utf-8 for EL8

Remove unused constants

Release 2.6.0

Remove unused functions

Stop generating a tarbal with certificates

This tarball is not used within Katello and only the RPMs are relevant.

Add a test for existing certificates

Refactor tests to be usable locally and extendable

By creating a tests directory that can also be executed locally in a
temporary directory it becomes easier to test locally. It's also easy to
add additional tests.

Ignore *.egg-info in git

This allows local installations in a virtual environment

Update a docstring to reflect the body

Release 2.5.3

Release 2.5.2

simplify sortRPMs

run the container tests

hdrLabelCompare expects two rpm.hdr, not tuples or anything else

`sortRPMs` should only pass `rpm.hdr` to `hdrLabelCompare`, not tuples
of `(rpm.hdr, path)` as they are in the `helper` list.

allow running tests inside a container

this allows to run test.sh inside a container with smth like:

podman run -v $(pwd):/app:Z --workdir=/app centos:7 bash .travis/test.sh

it also adds tests that the generated RPM is actually installable and
uncovers an issue when comparing the installed RPM to the generated one:...

always explicitly decode UTF-8

otherwise decode() on Python2 will default to ASCII and thus we end up
with errors like this:

ERROR: unhandled exception occurred:
    Traceback (most recent call last):
      File "/bin/katello-ssl-tool", line 51, in <module>...

Release 2.5.1

Refs #26188 - drop shebang from katello_ssl_tool.py

it's not meant to be called directly

Release 2.5.0

Make python3 compatible and add Travis

Merge pull request #1 from sean797/20021

Fixes #20021 - Optionally generate CA public cert with other CAs certs

Update katello-ssl-tool man page

Some small grammatical fixes and improvements.
Changed reference from ntpd to chronyd.

Refs #20021 - Optionally generate CA public cert with other CAs certs included

Remove spec file in favor of katello-packaging repository

Automatic commit of package [katello-certs-tools] release [2.4.0-1].

Automatic commit of package [katello-certs-tools] minor release [2.3.0-2].

Automatic commit of package [katello-certs-tools] release [2.3.0-1].

refs #10777 Use sha256 as default signing algorithm.

sha1 has been deprecated by many browsers and throws warnings when the
certificate expires after 12/31/2016.

sha256 should be good for awhile.

Automatic commit of package [katello-certs-tools] release [2.2.0-1].

Automatic commit of package [katello-certs-tools] release [2.1.0-1].

bumping version to 2.1

Automatic commit of package [katello-certs-tools] release [2.0.1-1].

bumping version to 2.0

add minimum openssl version

Automatic commit of package [katello-certs-tools] release [1.5.2-1].

Removing dependence on /usr/share/katello and turning into a stand
alone katello-certs-tools package. Includes updates to support
specifying the certs deployment directory and using a password file to
specify the password for cert generation.

Automatic commit of package [katello-certs-tools] release [1.5.1-1].

Bumping package versions for 1.5

Automatic commit of package [katello-certs-tools] release [1.4.4-1].

Support for generating client certs

Automatic commit of package [katello-certs-tools] release [1.4.3-1].

Automatic commit of package [katello-certs-tools] release [1.4.2-1].

Add 'certs-tools/' from commit '5111c76d8d4b3a88da112166d35360cd08c05f46'

git-subtree-dir: certs-tools
git-subtree-mainline: ee9c3d367d02d69ae2b7e5aa81de5442c203cf46
git-subtree-split: 5111c76d8d4b3a88da112166d35360cd08c05f46