Compare commits
1 Commits
pkg/dev/ri
...
master
| Author | SHA1 | Date |
|---|---|---|
 Emmanuel Garette
|
bb5b32a435 |
|
|
@ -1 +0,0 @@
|
|||
11
|
||||
|
|
@ -1,102 +0,0 @@
|
|||
Source: lemur
|
||||
Section: admin
|
||||
Priority: extra
|
||||
Maintainer: Cadoles <contact@cadoles.com>
|
||||
Build-depends: debhelper (>=11),
|
||||
python3-all,
|
||||
python3-setuptools,
|
||||
dh-python,
|
||||
git,
|
||||
npm
|
||||
Standards-Version: 3.9.4
|
||||
Homepage: https://forge.cadoles.com/Infra/lemur
|
||||
|
||||
Package: lemur
|
||||
Architecture: any
|
||||
Pre-Depends: dpkg, python3, ${misc:Pre-Depends}
|
||||
Depends: ${python:Depends}, ${misc:Depends},
|
||||
python3-lemur
|
||||
Description: Lemur
|
||||
|
||||
Package: python3-lemur
|
||||
Architecture: any
|
||||
Pre-Depends: dpkg, python3, ${misc:Pre-Depends}
|
||||
Depends: python3-acme,
|
||||
python3-alembic,
|
||||
python3-amqp,
|
||||
python3-aniso8601,
|
||||
python3-arrow,
|
||||
python3-bcrypt,
|
||||
python3-bs4,
|
||||
python3-billiard,
|
||||
python3-blinker,
|
||||
python3-boto3,
|
||||
python3-botocore,
|
||||
python3-celery,
|
||||
python3-certifi,
|
||||
python3-cffi,
|
||||
python3-chardet,
|
||||
python3-click,
|
||||
python3-cloudflare,
|
||||
python3-dnspython,
|
||||
python3-flask-bcrypt,
|
||||
python3-flask-cors,
|
||||
python3-flask-mail,
|
||||
python3-flask-migrate,
|
||||
python3-flask-principal,
|
||||
python3-flask-restful,
|
||||
python3-flask-script,
|
||||
python3-flask-sqlalchemy,
|
||||
python3-flask,
|
||||
python3-future,
|
||||
python3-gunicorn,
|
||||
python3-hvac,
|
||||
python3-idna,
|
||||
python3-inflection,
|
||||
python3-itsdangerous,
|
||||
python3-jinja2,
|
||||
python3-jmespath,
|
||||
python3-josepy,
|
||||
python3-kombu,
|
||||
python3-lockfile,
|
||||
python3-mako,
|
||||
python3-markupsafe,
|
||||
python3-marshmallow-sqlalchemy,
|
||||
python3-ndg-httpsclient,
|
||||
python3-paramiko,
|
||||
python3-pem,
|
||||
python3-psycopg2,
|
||||
python3-pyasn1-modules,
|
||||
python3-pyasn1,
|
||||
python3-pycparser,
|
||||
python3-jwt,
|
||||
python3-nacl,
|
||||
python3-openssl,
|
||||
python3-rfc3339,
|
||||
python3-dateutil,
|
||||
python3-editor,
|
||||
python3-pythonjsonlogger,
|
||||
python3-ldap,
|
||||
python3-tz,
|
||||
python3-yaml,
|
||||
python3-redis,
|
||||
python3-requests-toolbelt,
|
||||
python3-requests,
|
||||
python3-retrying,
|
||||
python3-s3transfer,
|
||||
python3-six,
|
||||
python3-soupsieve,
|
||||
python3-sqlalchemy-utils,
|
||||
python3-sqlalchemy,
|
||||
python3-tabulate,
|
||||
python3-urllib3,
|
||||
python3-vine,
|
||||
python3-werkzeug,
|
||||
python3-xmltodict
|
||||
Description: Lemur - library part
|
||||
|
||||
Package: lemur-static
|
||||
Architecture: any
|
||||
Pre-Depends: ${misc:Pre-Depends}
|
||||
Depends: ${misc:Depends}
|
||||
Description: static HTML/JS/CSS file
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: lemur
|
||||
Upstream-Contact: Cadoles <contact@cadoles.com>
|
||||
Source: https://forge.cadoles.com/Infra/lemur
|
||||
|
||||
Files: *
|
||||
Copyright: Lemur
|
||||
License: Apache-2.0 License
|
||||
|
||||
License: Apache-2.0 License
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
lemur/static/dist/* usr/share/lemur/static/
|
||||
lemur/migrations usr/share/lemur
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
#!/usr/bin/make -f
|
||||
# See debhelper(7) (uncomment to enable)
|
||||
# output every command that modifies files on the build system.
|
||||
#DH_VERBOSE = 1
|
||||
|
||||
export PYBUILD_NAME = lemur
|
||||
export PYBUILD_DISABLE_python3 = test
|
||||
|
||||
%:
|
||||
# suppression requirements version of package
|
||||
# only last version are supported by lemur
|
||||
# but Ubuntu has not last version
|
||||
sed -i "s/==\(\([[:digit:]]\)*\(\.\)*\)*//g" requirements.txt
|
||||
# unecessary dependency
|
||||
sed -i "s/zope.deferredimport/#zope.deferredimport/g" requirements.txt
|
||||
dh $@ --with python3 --buildsystem=pybuild
|
||||
|
||||
override_dh_install:
|
||||
rm -rf debian/python3-lemur/usr/lib/python*/dist-packages/lemur/static/
|
||||
rm -rf debian/python3-lemur/usr/lib/python*/dist-packages/lemur/tests/
|
||||
rm -rf debian/python3-lemur/usr/lib/python*/dist-packages/trustores
|
||||
mkdir -p debian/lemur/usr
|
||||
mv debian/python3-lemur/usr/bin debian/lemur/usr
|
||||
dh_install
|
||||
|
||||
override_dh_auto_build:
|
||||
npm install --unsafe-perm
|
||||
node_modules/.bin/gulp build
|
||||
node_modules/.bin/gulp package --urlContextPath=lemur
|
||||
dh_auto_build
|
||||
|
|
@ -1 +0,0 @@
|
|||
3.0 (quilt)
|
||||
|
|
@ -373,7 +373,8 @@ class CertificateOutputSchema(LemurOutputSchema):
|
|||
plugin = plugins.get(cert['authority']['plugin']['slug'])
|
||||
if plugin:
|
||||
plugin.wrap_certificate(cert)
|
||||
del cert['root_authority']
|
||||
if 'root_authority' in cert:
|
||||
del cert['root_authority']
|
||||
|
||||
|
||||
class CertificateShortOutputSchema(LemurOutputSchema):
|
||||
|
|
|
|||
|
|
@ -48,10 +48,15 @@ def split_cert(body):
|
|||
|
||||
|
||||
def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after):
|
||||
private_key = parse_private_key(authority_private_key).private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.OpenSSH,
|
||||
encryption_algorithm=serialization.NoEncryption(),
|
||||
).decode()
|
||||
with mktempfile() as issuer_tmp:
|
||||
cmd = ['ssh-keygen', '-s', issuer_tmp]
|
||||
with open(issuer_tmp, 'w') as i:
|
||||
i.writelines(authority_private_key)
|
||||
i.writelines(private_key)
|
||||
if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'):
|
||||
cmd.extend(['-I', user['username'] + ' user key',
|
||||
'-n', user['username']])
|
||||
|
|
@ -63,9 +68,9 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
|
|||
cmd.extend(['-I', common_name + ' host key',
|
||||
'-n', ','.join(domains),
|
||||
'-h'])
|
||||
# something like 20201024
|
||||
ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d")
|
||||
ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d")
|
||||
# something like 20201024102030
|
||||
ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d%H%M%S")
|
||||
ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d%H%M%S")
|
||||
cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after])
|
||||
with mktempfile() as cert_tmp:
|
||||
with open(cert_tmp, 'w') as f:
|
||||
|
|
@ -102,6 +107,8 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
|
|||
return cert_pem, private_key, chain_cert_pem, roles
|
||||
|
||||
def wrap_certificate(self, cert):
|
||||
if 'body' not in cert:
|
||||
return
|
||||
# get public_key in OpenSSH format
|
||||
public_key = parse_certificate(cert['body']).public_key().public_bytes(
|
||||
encoding=serialization.Encoding.OpenSSH,
|
||||
|
|
@ -109,10 +116,11 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
|
|||
).decode()
|
||||
public_key += ' ' + cert['user']['email']
|
||||
# sign it with authority private key
|
||||
if 'root_authority' in cert:
|
||||
root_authority = cert['root_authority']
|
||||
if 'root_authority' in cert and cert['root_authority']:
|
||||
authority = cert['root_authority']
|
||||
else:
|
||||
root_authority = get_by_root_authority(cert['authority']['id'])
|
||||
authority = cert['authority']
|
||||
root_authority = get_by_root_authority(authority['id'])
|
||||
authority_private_key = root_authority.private_key
|
||||
cert['body'] = sign_certificate(
|
||||
cert['common_name'],
|
||||
|
|
|
|||
Loading…
Reference in New Issue