merge from master

certs-tools/certs/client_config_update.py

@@ -16,14 +16,13 @@
 # key=value formatted "config file" mapping script
 #
 # NOT TO BE USED DIRECTLY
-# This is called by a script generated by the rhn-bootstrap utility.
+# This is called by a script generated by the katello-bootstrap utility.
 #
 # Specifically engineered with the RHN Update Agent configuration files
 # in mind though it is relatively generic in nature.
 #
 # Author: Todd Warner <taw@redhat.com>
-#
-# $Id$
+# FIXME: fix the docs
 
 """
 Client configuration mapping script that writes to an RHN Update Agent-type

certs-tools/certs/rhn_bootstrap.py → certs-tools/certs/katello_bootstrap.py

@@ -36,7 +36,7 @@
 ## local imports
 import rhn_rpm
 from client_config_update import readConfigFile
-from rhn_bootstrap_strings import \
+from katello_bootstrap_strings import \
     getHeader, getConfigFilesSh, getUp2dateScriptsSh, getGPGKeyImportSh, \
     getCorpCACertSh, getRegistrationSh, getUp2dateTheBoxSh, \
     getAllowConfigManagement, getAllowRemoteCommands
@@ -45,15 +45,15 @@
 from checksum  import getFileChecksum
 
 ## GLOBALS
-PRODUCT_NAME = 'RHN Server'
+PRODUCT_NAME = 'Katello'
 if os.path.exists('/usr/share/rhn/proxy') \
   or os.path.exists('/var/www/rhns/proxy'):
     PRODUCT_NAME = 'RHN Proxy Server'
 elif os.path.exists('/usr/share/rhn/server') \
   or os.path.exists('/var/www/rhns/server'):
     PRODUCT_NAME = 'RHN Satellite Server'
 
-DEFAULT_CA_CERT_PATH = '/usr/share/rhn/'+CA_CRT_NAME
+DEFAULT_CA_CERT_PATH = '/usr/share/katello/'+CA_CRT_NAME
 
 DEFAULT_APACHE_PUB_DIRECTORY = '/var/www/html/pub'
 DEFAULT_OVERRIDES = 'client-config-overrides.txt'
@@ -74,7 +74,7 @@
 
 
 # should come out of common code when we move this code out of
-# rhns-certs-tools
+# katello-certs-tools
 def parseUrl(url):
     """ urlparse is more complicated than what we need.
 
@@ -259,11 +259,11 @@ def parseCommandline():
     _usage = """\
 %s [options]
 
-Note: for rhn-bootstrap to work, certain files are expected to be
+Note: for katello-bootstrap to work, certain files are expected to be
       in /var/www/html/pub/ (the default Apache public directory):
-        - the CA SSL public certificate (probably RHN-ORG-TRUSTED-SSL-CERT)
+        - the CA SSL public certificate (probably KATELLO-TRUSTED-SSL-CERT)
         - the CA SSL public certficate RPM
-          (probably rhn-org-trusted-ssl-cert-VER.noarch.rpm)""" % _progName
+          (probably katello-trusted-ssl-cert-VER.noarch.rpm)""" % _progName
 
     # preliminary parse (-h/--help is acted upon during final parse)
     optionList = getOptionsTable()

certs-tools/certs/rhn_bootstrap_strings.py → certs-tools/certs/katello_bootstrap_strings.py

@@ -13,7 +13,7 @@
 # in this software or its documentation.
 #
 #
-# shell script function library for rhn-bootstrap
+# shell script function library for katello-bootstrap
 #
 # $Id$
 
@@ -262,7 +262,7 @@ def getCorpCACertSh():
 else
     rm -f ${ORG_CA_CERT}
     $FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT}
-    mv ${ORG_CA_CERT} /usr/share/rhn/
+    mv ${ORG_CA_CERT} /usr/share/katello/
 
 fi
 if [ "$INSTALLER" == zypper ] ; then
@@ -272,7 +272,7 @@ def getCorpCACertSh():
     fi
     test -e "/etc/ssl/certs/${ORG_CA_CERT}.pem" || {
       test -d "/etc/ssl/certs" || mkdir -p "/etc/ssl/certs"
-      ln -s "/usr/share/rhn/${ORG_CA_CERT}" "/etc/ssl/certs/${ORG_CA_CERT}.pem"
+      ln -s "/usr/share/katello/${ORG_CA_CERT}" "/etc/ssl/certs/${ORG_CA_CERT}.pem"
     }
     test -x /usr/bin/c_rehash && /usr/bin/c_rehash /etc/ssl/certs/ | grep "${ORG_CA_CERT}"
 fi

certs-tools/certs/rhn_ssl_tool.py → certs-tools/certs/katello_ssl_tool.py

@@ -14,17 +14,17 @@
 # in this software or its documentation.
 #
 #
-# RHN SSL Maintenance Tool (main module)
+# Katello SSL Maintenance Tool (main module)
 #
 # *NOTE*
 # This module is intended to be imported and not run directly though it can
 # be. At the time of this note, the excutable wrapping this module was
-# /usr/bin/rhn-ssl-tool.
+# /usr/bin/katello-ssl-tool.
 #
 # Generate and maintain SSL keys & certificates. One can also build RPMs in
-# the RHN product context.
+# the Katello product context.
 #
-# NOTE: this tool is geared for RHN product usage, but can be used outside of
+# NOTE: this tool is geared for Katello product usage, but can be used outside of
 # that context to some degree.
 #
 # Author: Todd Warner <taw@redhat.com>
@@ -46,7 +46,7 @@
 from sslToolCli import processCommandline, CertExpTooShortException, \
         CertExpTooLongException, InvalidCountryCodeException
 
-from sslToolLib import RhnSslToolException, \
+from sslToolLib import KatelloSslToolException, \
         gendir, chdir, getMachineName, fixSerial, TempDir, parseRPMFilename, \
         errnoGeneralError, errnoSuccess
 
@@ -61,21 +61,21 @@
         SERVER_RPM_SUMMARY, CA_CERT_RPM_SUMMARY, BASE_SERVER_RPM_NAME
 
 
-class GenPrivateCaKeyException(RhnSslToolException):
+class GenPrivateCaKeyException(KatelloSslToolException):
     """ private CA key generation error """
-class GenPublicCaCertException(RhnSslToolException):
+class GenPublicCaCertException(KatelloSslToolException):
     """ public CA cert generation error """
-class GenServerKeyException(RhnSslToolException):
+class GenServerKeyException(KatelloSslToolException):
     """ private server key generation error """
-class GenServerCertReqException(RhnSslToolException):
+class GenServerCertReqException(KatelloSslToolException):
     """ server cert request generation error """
-class GenServerCertException(RhnSslToolException):
+class GenServerCertException(KatelloSslToolException):
     """ server cert generation error """
-class GenCaCertRpmException(RhnSslToolException):
+class GenCaCertRpmException(KatelloSslToolException):
     """ CA public certificate RPM generation error """
-class GenServerRpmException(RhnSslToolException):
+class GenServerRpmException(KatelloSslToolException):
     """ server RPM generation error """
-class GenServerTarException(RhnSslToolException):
+class GenServerTarException(KatelloSslToolException):
     """ server tar archive generation error """
 class FailedFileDependencyException(Exception):
     """ missing a file needed for this step """
@@ -193,9 +193,9 @@ def legacyTreeFixup(d):
         sys.stdout.write('\nLegacy tree structured file(s) moved:\n%s'
                          % moveMessage)
 
-    # move rhn-org-httpd-ssl-MACHINENAME-VERSION.*.rpm files to the
+    # move katello-httpd-ssl-MACHINENAME-VERSION.*.rpm files to the
     # MACHINENAME directory! (an RHN 3.6.0 change)
-    rootFilename = pathJoin(topdir, 'rhn-org-httpd-ssl-key-pair-')
+    rootFilename = pathJoin(topdir, 'katello-httpd-ssl-key-pair-')
     filenames = glob.glob(rootFilename+'*')
     for filename in filenames:
         # note: assuming version-rel is of that form.
@@ -721,7 +721,7 @@ def genCaRpm(d, verbosity=0):
     # build the CA certificate RPM
     args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
             "--name %s --version %s --release %s --packager %s --vendor %s "
-            "--group 'RHN/Security' --summary %s --description %s "
+            "--group 'Applications/System' --summary %s --description %s "
             "/usr/share/katello/%s=%s"
             % (repr(ca_cert_rpm_name), ver, rel, repr(d['--rpm-packager']),
                repr(d['--rpm-vendor']), repr(CA_CERT_RPM_SUMMARY),
@@ -772,17 +772,16 @@ def genCaRpm(d, verbosity=0):
     if verbosity >= 0:
         print """
 Make the public CA certficate publically available:
-    (NOTE: the RHN Satellite or Proxy installers may do this step for you.)
+    (NOTE: the Katello installer may do this step for you.)
     The "noarch" RPM and raw CA certificate can be made publically accessible
-    by copying it to the /var/www/html/pub directory of your RHN Satellite or
-    Proxy server."""
+    by copying it to the /var/www/html/pub directory of your Katello server."""
 
 
     return '%s.noarch.rpm' % clientRpmName
 
 
 def genProxyServerTarball_dependencies(d):
-    """ dependency check for the step that generates the RHN Proxy Server's
+    """ dependency check for the step that generates RHN Proxy Server's
         tar archive containing its SSL key set + CA certificate.
     """
 
@@ -1041,7 +1040,7 @@ def genServerRpm(d, verbosity=0):
     ## build the server RPM
     args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
             "--name %s --version %s --release %s --packager %s --vendor %s "
-            "--group 'RHN/Security' --summary %s --description %s --postun %s "
+            "--group 'Applications/System' --summary %s --description %s --postun %s "
             "/etc/pki/tls/private/%s:0600=%s "
             "/etc/pki/tls/certs/%s=%s "
             "/etc/pki/tls/certs/%s=%s "
@@ -1109,7 +1108,7 @@ def genServerRpm(d, verbosity=0):
     if verbosity >= 0:
         print """
 Deploy the server's SSL key pair/set RPM:
-    (NOTE: the RHN Satellite or Proxy installers may do this step for you.)
+    (NOTE: the Katello installer may do this step for you.)
     The "noarch" RPM needs to be deployed to the machine working as a
     web server, or RHN Satellite, or RHN Proxy.
     Presumably %s.""" % repr(d['--set-hostname'])
@@ -1269,7 +1268,7 @@ def writeError(e):
        %s --help""" % (e, os.path.basename(sys.argv[0]))
         writeError(msg)
         ret = 33
-    except RhnSslToolException, e:
+    except KatelloSslToolException, e:
         writeError(e)
         ret = 100
 

certs-tools/certs/sslToolCli.py

@@ -13,7 +13,7 @@
 # in this software or its documentation.
 #
 #
-# rhn-ssl-tool command line option module
+# katello-ssl-tool command line option module
 #
 # $Id$
 
@@ -28,7 +28,7 @@
 
 ## local imports
 from sslToolLib import daysTil18Jan2038, yearsTil18Jan2038, \
-                       RhnSslToolException, errnoGeneralError
+                       KatelloSslToolException, errnoGeneralError
 from sslToolConfig import figureDEFS_dirs, figureDEFS_CA, figureDEFS_server
 from sslToolConfig import figureDEFS_distinguishing
 from sslToolConfig import DEFS, getOption, reInitDEFS
@@ -371,11 +371,11 @@ def optionParse():
     return options
 
 
-class CertExpTooShortException(RhnSslToolException):
+class CertExpTooShortException(KatelloSslToolException):
     "certificate expiration must be at least 1 day"
-class CertExpTooLongException(RhnSslToolException):
+class CertExpTooLongException(KatelloSslToolException):
     "cert expiration cannot be > 1 year before the 32-bit overflow (in days)"
-class InvalidCountryCodeException(RhnSslToolException):
+class InvalidCountryCodeException(KatelloSslToolException):
     "invalid country code. Probably != 2 characters in length."
 
 

certs-tools/certs/sslToolConfig.py

@@ -13,9 +13,7 @@
 # in this software or its documentation.
 #
 #
-# rhn-ssl-tool openssl.cnf style file manipulation class
-#
-# $Id$
+# katello-ssl-tool openssl.cnf style file manipulation class
 
 ## FIXME: the logic here is *WAY* too complicated. Need to simplify -taw
 
@@ -38,21 +36,21 @@
 HOSTNAME = socket.gethostname()
 MACHINENAME = getMachineName(HOSTNAME)
 
-CA_KEY_NAME = 'RHN-ORG-PRIVATE-SSL-KEY'
-CA_CRT_NAME = 'RHN-ORG-TRUSTED-SSL-CERT'
+CA_KEY_NAME = 'KATELLO-PRIVATE-SSL-KEY'
+CA_CRT_NAME = 'KATELLO-TRUSTED-SSL-CERT'
 CA_CRT_RPM_NAME = string.lower(CA_CRT_NAME)
 
-BASE_SERVER_RPM_NAME = 'rhn-org-httpd-ssl-key-pair'
-BASE_SERVER_TAR_NAME = 'rhn-org-httpd-ssl-archive'
+BASE_SERVER_RPM_NAME = 'katello-httpd-ssl-key-pair'
+BASE_SERVER_TAR_NAME = 'katello-httpd-ssl-archive'
 
 LEGACY_CA_KEY_NAME = 'ca.key'
 LEGACY_CA_CRT_NAME = 'RHNS-CORP-CA-CERT'
 LEGACY_SERVER_RPM_NAME1 = 'rhns-ssl-cert'
 LEGACY_SERVER_RPM_NAME2 = 'rhn-httpd-ssl-key-pair'
 LEGACY_CA_CERT_RPM_NAME = 'rhns-ca-cert'
 
-CA_OPENSSL_CNF_NAME = 'rhn-ca-openssl.cnf'
-SERVER_OPENSSL_CNF_NAME = 'rhn-server-openssl.cnf'
+CA_OPENSSL_CNF_NAME = 'katello-ca-openssl.cnf'
+SERVER_OPENSSL_CNF_NAME = 'katello-server-openssl.cnf'
 
 MD = 'sha1'
 CRYPTO = '-des3'
@@ -95,8 +93,8 @@ def getStartDate_aWeekAgo():
 _defs = \
     {
         '--dir'             : BUILD_DIR,
-        '--ca-key'          : 'RHN-ORG-PRIVATE-SSL-KEY',
-        '--ca-cert'         : 'RHN-ORG-TRUSTED-SSL-CERT',
+        '--ca-key'          : 'KATELLO-PRIVATE-SSL-KEY',
+        '--ca-cert'         : 'KATELLO-TRUSTED-SSL-CERT',
         '--cert-expiration' : int(daysTil18Jan2038()),
         '--startdate'       : getStartDate_aWeekAgo(),
 
@@ -330,9 +328,9 @@ def figureDEFS_distinguishing(options):
 
 
 CONF_TEMPLATE_CA = """\
-# rhn-ca-openssl.cnf
+# katello-ca-openssl.cnf
 #---------------------------------------------------------------------------
-# RHN Management {Satellite,Proxy} autogenerated openSSL configuration file.
+# Katello Management autogenerated openSSL configuration file.
 #---------------------------------------------------------------------------
 
 [ ca ]
@@ -373,7 +371,7 @@ def figureDEFS_distinguishing(options):
 keyUsage = digitalSignature, keyEncipherment, keyCertSign
 extendedKeyUsage = serverAuth, clientAuth
 # PKIX recommendations harmless if included in all certificates.
-nsComment               = "RHN SSL Tool Generated Certificate"
+nsComment               = "Katello SSL Tool Generated Certificate"
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
@@ -383,17 +381,17 @@ def figureDEFS_distinguishing(options):
 extendedKeyUsage = serverAuth, clientAuth
 nsCertType = server
 # PKIX recommendations harmless if included in all certificates.
-nsComment               = "RHN SSL Tool Generated Certificate"
+nsComment               = "Katello SSL Tool Generated Certificate"
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 #===========================================================================
 """
 
 
 CONF_TEMPLATE_SERVER = """\
-# rhn-server-openssl.cnf
+# katello-server-openssl.cnf
 #---------------------------------------------------------------------------
-# RHN Management {Satellite,Proxy} autogenerated openSSL configuration file.
+# Katello Management autogenerated openSSL configuration file.
 #---------------------------------------------------------------------------
 [ req ]
 default_bits            = 2048
@@ -411,7 +409,7 @@ def figureDEFS_distinguishing(options):
 extendedKeyUsage = serverAuth, clientAuth
 nsCertType = server
 # PKIX recommendations harmless if included in all certificates.
-nsComment               = "RHN SSL Tool Generated Certificate"
+nsComment               = "Katello SSL Tool Generated Certificate"
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
@@ -444,7 +442,7 @@ def gen_req_alt_names(d, hostname):
     return result
 
 def gen_req_distinguished_name(d):
-    """ generates the rhn_distinguished section of the *-openssl.cnf file """
+    """ generates the req_distinguished section of the *-openssl.cnf file """
 
     s = ""
     keys = ('C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress')
@@ -513,8 +511,8 @@ def __init__(self, filename=None):
         self.filename = filename
         if self.filename is None:
             self.filename = SERVER_OPENSSL_CNF_NAME
-            if os.path.exists(os.path.join(DEFS['--dir'], 'rhn_openssl.cnf')):
-                self.filename = os.path.join(DEFS['--dir'], "rhn_openssl.cnf")
+            if os.path.exists(os.path.join(DEFS['--dir'], 'katello_openssl.cnf')):
+                self.filename = os.path.join(DEFS['--dir'], "katello_openssl.cnf")
             elif os.path.exists(os.path.join(DEFS['--dir'], 'openssl.cnf')):
                 self.filename = os.path.join(DEFS['--dir'], "openssl.cnf")
         self.filename = cleanupAbsPath(self.filename)
@@ -524,7 +522,7 @@ def parse(self):
             generated openssl.cnf.
 
             NOTE: we get a limited sampling of info here. We have no concept
-            of the [ some heading ] divisions in the rhn_openssl.cnf file.
+            of the [ some heading ] divisions in the katello_openssl.cnf file.
         """
 
         d = {}