Revision 77916538
Added by Benoît PECCATTE over 7 years ago
| rudder-agent/SOURCES/rudder-sign | ||
|---|---|---|
|
exit 2
|
||
|
fi
|
||
|
|
||
|
VERSION="$2"
|
||
|
# default version is 1.0
|
||
|
# Versions 1.x are compatible
|
||
|
if [ "${VERSION}" = "" ]
|
||
|
then
|
||
|
VERSION="1.0"
|
||
|
fi
|
||
|
|
||
|
# the key to use for signature
|
||
|
PRIVKEY=/var/rudder/cfengine-community/ppkeys/localhost.priv
|
||
|
PRIVKEY="/var/rudder/cfengine-community/ppkeys/localhost.priv"
|
||
|
PUBKEY="/var/rudder/cfengine-community/ppkeys/localhost.pub"
|
||
|
|
||
|
# cfengine passphrase
|
||
|
PASSPHRASE="Cfengine passphrase"
|
||
| ... | ... | |
|
# Public key identifier (last 4 bytes of the modulus)
|
||
|
KEYID=`openssl rsa -passin "pass:${PASSPHRASE}" -in "${PRIVKEY}" -noout -modulus | sed 's/.*\(........\)$/\1/'`
|
||
|
|
||
|
# Create a signature FILE
|
||
|
cat > "${FILE}.sign" <<EOF
|
||
|
if [ "${VERSION}" = "1.0" ]
|
||
|
then
|
||
|
# Create a signature FILE
|
||
|
cat > "${FILE}.sign" <<EOF
|
||
|
header=rudder-signature-v1
|
||
|
algorithm=${HASH}
|
||
|
digest=${SIGNATURE}
|
||
| ... | ... | |
|
keyid=${KEYID}
|
||
|
EOF
|
||
|
|
||
|
elif [ "${VERSION}" = "1.1" ]
|
||
|
then
|
||
|
SHORT_PUBKEY=`sed '/---/d' "${PUBKEY}" | tr -d '\n'`
|
||
|
HASH_VALUE=`openssl "${HASH}" "${FILE}" | sed "s/${HASH}(.*)= *\\(.*\\)/\\1/i"`
|
||
|
# Create a signature FILE
|
||
|
cat > "${FILE}.sign" <<EOF
|
||
|
header=rudder-signature-v1
|
||
|
algorithm=${HASH}
|
||
|
digest=${SIGNATURE}
|
||
|
hash_value=${HASH_VALUE}
|
||
|
short_pubkey=${SHORT_PUBKEY}
|
||
|
hostname=${HOSTNAME}
|
||
|
keydate=${KEYDATE}
|
||
|
keyid=${KEYID}
|
||
|
EOF
|
||
|
|
||
|
else
|
||
|
echo "ERROR: Unsupported signature version ${VERSION}"
|
||
|
exit 1
|
||
|
|
||
|
fi
|
||
| rudder-server-relay/SOURCES/relay-api/relay_api/shared_files.py | ||
|---|---|---|
|
# Extract informations from header
|
||
|
def parse_header(header):
|
||
|
data = {}
|
||
|
for line in header.rstrip().split():
|
||
|
for line in header.rstrip().split("\n"):
|
||
|
m = re.match(r"(\w+)\s*=\s*(.*)", line)
|
||
|
if m:
|
||
|
data[m.group(1)] = m.group(2)
|
||
| ... | ... | |
|
|
||
|
# add headers
|
||
|
header += expiry_line(info)
|
||
|
header += "hash_value=" + message_hash + "\n"
|
||
|
# replace hash by a guaranteed one
|
||
|
header = re.sub(r'hash_value=.*?\n', "hash_value=" + message_hash + "\n", header)
|
||
|
|
||
|
# where to store file
|
||
|
path = file_directory(shared_path, nodes, my_uuid, target_uuid, source_uuid, file_id)
|
||
Also available in: Unified diff
Fixes #9996: Extend rudder-sign to add new information