Updates intelmqsetup and remove unnecessary code.

certtools · Mar 4, 2024 · 1ba4d93 · 1ba4d93
1 parent aaeb1b6
commit 1ba4d93
Showing 1 changed file with 12 additions and 205 deletions.
diff --git a/intelmq/bin/intelmqsetup.py b/intelmq/bin/intelmqsetup.py
@@ -27,39 +27,16 @@
 from grp import getgrnam
 from pathlib import Path
 from pwd import getpwnam
-from subprocess import run, CalledProcessError
-from tempfile import NamedTemporaryFile
 from typing import Optional
 
-try:
- import intelmq_api
- import intelmq_api.version
-except ImportError:
- intelmq_api = None
-
-try:
- import intelmq_manager
-except ImportError:
- intelmq_manager = None
-else:
- try:
- import intelmq_manager.build
- except ImportError:
- intelmq_manager_has_build = False
- else:
- intelmq_manager_has_build = True
-
 from termstyle import red
 from intelmq import (CONFIG_DIR, DEFAULT_LOGGING_PATH, ROOT_DIR, VAR_RUN_PATH,
- VAR_STATE_PATH, STATE_FILE_PATH)
+ VAR_STATE_PATH, STATE_FILE_PATH, VAR_SERVER_PATH)
 from intelmq.bin.intelmqctl import IntelMQController
 
-
 FILE_OUTPUT_PATH = Path(VAR_STATE_PATH) / 'file-output/'
 ETC_INTELMQ = Path('/etc/intelmq/')
 ETC_INTELMQ_MANAGER = ETC_INTELMQ / 'manager/'
-WEBSERVER_CONFIG_DIR = None # "cache" for the webserver configuration directory
-NOTE_WEBSERVER_RELOAD = False # if the webserver needs to be reloaded
 
 
 def basic_checks(skip_ownership):
@@ -108,57 +85,19 @@ def change_owner(file: str, owner: Optional[str] = None, group: Optional[str] =
  shutil.chown(file, group=group)
 
 
-def find_webserver_user():
- candidates = ('www-data', 'wwwrun', 'httpd', 'apache')
- for candidate in candidates:
- try:
- getpwnam(candidate)
- except KeyError:
- pass
- else:
- print(f'Detected Apache username {candidate!r}.')
- return candidate
- else:
- sys.exit(red("Unable to detect Apache user name. "
- "Please re-run this program and give the Apache user name with '--webserver-user'."))
-
-
-def find_webserver_configuration_directory():
- global WEBSERVER_CONFIG_DIR
- if WEBSERVER_CONFIG_DIR:
- return WEBSERVER_CONFIG_DIR
- webserver_configuration_dir_candidates = (Path('/etc/apache2/conf-available/'),
- Path('/etc/apache2/conf.d/'),
- Path('/etc/httpd/conf.d/'))
- for webserver_configuration_dir_candidate in webserver_configuration_dir_candidates:
- if webserver_configuration_dir_candidate.exists():
- print(f'Detected Apache configuration directory {webserver_configuration_dir_candidate!s}.')
- WEBSERVER_CONFIG_DIR = webserver_configuration_dir_candidate
- webserver_configuration_dir_candidate.as_posix
- return webserver_configuration_dir_candidate
- else:
- sys.exit(red("Unable to detect Apache configuration directory. "
- "Please re-run this program and give the Apache configuration directory with '--webserver-configuration-directory'."))
-
-
-def debian_activate_apache_config(config_name: str):
- if 'available' not in WEBSERVER_CONFIG_DIR.as_posix():
- return # not a Debian system
- available = WEBSERVER_CONFIG_DIR / config_name
- enabled = Path(WEBSERVER_CONFIG_DIR.as_posix().replace('available', 'enabled')) / config_name
- if not enabled.exists():
- enabled.symlink_to(available)
- print(f'Created symbolic link {enabled!s} pointing to {available!s}.')
-
-
 def intelmqsetup_core(ownership=True, state_file=STATE_FILE_PATH):
  create_directory(FILE_OUTPUT_PATH, 0o40755)
  create_directory(VAR_RUN_PATH, 0o40755)
  create_directory(DEFAULT_LOGGING_PATH, 0o40755)
  create_directory(CONFIG_DIR, 0o40775)
+ create_directory(VAR_SERVER_PATH, 0o40775)
 
  example_path = Path(pkg_resources.resource_filename('intelmq', 'etc'))
- example_confs = [example_path / 'runtime.yaml', example_path / 'harmonization.conf']
+ example_confs = [
+ example_path / 'runtime.yaml',
+ example_path / 'harmonization.conf',
+ example_path / 'intelmq.yaml',
+ ]
  for example_conf in example_confs:
  fname = Path(example_conf).name
  destination_file = Path(CONFIG_DIR) / fname
@@ -186,117 +125,6 @@ def intelmqsetup_core(ownership=True, state_file=STATE_FILE_PATH):
  change_owner(STATE_FILE_PATH, owner='intelmq', group='intelmq')
 
 
-def intelmqsetup_api(ownership: bool = True, webserver_user: Optional[str] = None):
- intelmq_group = getgrnam('intelmq')
- webserver_user = webserver_user or find_webserver_user()
-
- create_directory(ETC_INTELMQ, 0o40775)
- if ownership:
- change_owner(CONFIG_DIR, group='intelmq')
- change_owner(ETC_INTELMQ, owner='intelmq', group='intelmq')
-
- # Manager configuration directory
- create_directory(ETC_INTELMQ_MANAGER, 0o40775)
- if ownership:
- change_owner(ETC_INTELMQ_MANAGER, group='intelmq')
-
- base = Path(pkg_resources.resource_filename('intelmq_api', '')).parent
- api_config = base / 'etc/intelmq/api-config.json'
- etc_intelmq_config = ETC_INTELMQ / 'api-config.json'
- api_sudoers = base / 'etc/intelmq/api-sudoers.conf'
- etc_sudoers_api = Path('/etc/sudoers.d/01_intelmq-api') # same path as used in the packages
- api_manager_positions = base / 'etc/intelmq/manager/positions.conf'
- etc_intelmq_manager_positions = ETC_INTELMQ_MANAGER / 'positions.conf'
-
- if not base.as_posix().startswith('/usr/'):
- # Paths differ in editable installations
- print(red("Detected an editable (egg-link) pip-installation of 'intelmq-api'. Some feature of this program may not work."))
-
- if api_config.exists() and not etc_intelmq_config.exists():
- shutil.copy(api_config, etc_intelmq_config)
- print(f'Copied {api_config!s} to {ETC_INTELMQ!s}.')
- elif not api_config.exists() and not etc_intelmq_config.exists():
- print(red(f'Unable to install api-config.json: Neither {api_config!s} nor {etc_intelmq_config!s} exists.'))
- if api_sudoers.exists() and not etc_sudoers_api.exists():
- with open(api_sudoers) as sudoers:
- original_sudoers = sudoers.read()
- sudoers = original_sudoers.replace('www-data', webserver_user)
- with NamedTemporaryFile(mode='w') as tmp_file:
- tmp_file.write(sudoers)
- tmp_file.flush()
- try:
- run(('visudo', '-c', tmp_file.name))
- except CalledProcessError:
- sys.exit(red('Fatal error: Validation of adapted sudoers-file failed. Please report this bug.'))
- change_owner(tmp_file.name, owner='root', group='root', log=False)
- Path(tmp_file.name).chmod(0o440)
- shutil.copy(tmp_file.name, etc_sudoers_api)
- print(f'Copied {api_sudoers!s} to {etc_sudoers_api!s}.')
- elif not api_sudoers.exists() and not etc_sudoers_api.exists():
- print(red(f'Unable to install api-sudoers.conf: Neither {api_sudoers!s} nor {etc_sudoers_api!s} exists.'))
- if api_manager_positions.exists() and not etc_intelmq_manager_positions.exists():
- shutil.copy(api_manager_positions, etc_intelmq_manager_positions)
- print(f'Copied {api_manager_positions!s} to {etc_intelmq_manager_positions!s}.')
- etc_intelmq_manager_positions.chmod(0o664)
- change_owner(etc_intelmq_manager_positions, owner='intelmq', group='intelmq', log=False)
- elif not api_manager_positions.exists() and not etc_intelmq_manager_positions.exists():
- print(red(f'Unable to install positions.conf: Neither {api_manager_positions!s} nor {etc_intelmq_manager_positions!s} exists.'))
-
- if webserver_user not in intelmq_group.gr_mem:
- sys.exit(red(f"Webserver user {webserver_user} is not a member of the 'intelmq' group. "
- f"Please add it with: 'usermod -aG intelmq {webserver_user}'."))
-
-
-def intelmqsetup_api_webserver_configuration(webserver_configuration_directory: Optional[str] = None):
- webserver_configuration_dir = webserver_configuration_directory or find_webserver_configuration_directory()
- api_config = Path(pkg_resources.resource_filename('intelmq_api', '')).parent / 'etc/intelmq/api-apache.conf'
- apache_api_config = webserver_configuration_dir / 'api-apache.conf'
- if api_config.exists() and not apache_api_config.exists():
- shutil.copy(api_config, apache_api_config)
- print(f'Copied {api_config!s} to {ETC_INTELMQ!s}.')
- debian_activate_apache_config('api-apache.conf')
-
- global NOTE_WEBSERVER_RELOAD
- NOTE_WEBSERVER_RELOAD = True
- elif not api_config.exists() and not apache_api_config.exists():
- print(red(f'Unable to install webserver configuration api-config.conf: Neither {api_config!s} nor {apache_api_config!s} exists.'))
-
- print('Setup of intelmq-api successful.')
-
-
-def intelmqsetup_manager_webserver_configuration(webserver_configuration_directory: Optional[str] = None):
- webserver_configuration_dir = webserver_configuration_directory or find_webserver_configuration_directory()
- manager_config_1 = Path(pkg_resources.resource_filename('intelmq_manager', '')).parent / 'etc/intelmq/manager-apache.conf'
- # IntelMQ Manager >= 3.1.0
- manager_config_2 = Path(pkg_resources.resource_filename('intelmq_manager', '')) / 'manager-apache.conf'
- manager_config = manager_config_2 if manager_config_2.exists() else manager_config_1
- apache_manager_config = webserver_configuration_dir / 'manager-apache.conf'
- if manager_config.exists() and not apache_manager_config.exists():
- shutil.copy(manager_config, apache_manager_config)
- print(f'Copied {manager_config!s} to {apache_manager_config!s}.')
- debian_activate_apache_config('manager-apache.conf')
-
- global NOTE_WEBSERVER_RELOAD
- NOTE_WEBSERVER_RELOAD = True
- elif not manager_config.exists() and not apache_manager_config.exists():
- print(red(f'Unable to install webserver configuration manager-config.conf: Neither {manager_config_1!s} nor {manager_config_2!s} nor {apache_manager_config!s} exist.'))
-
-
-def intelmqsetup_manager_generate():
- if not intelmq_manager_has_build:
- print('Unable to build intelmq-manager files. Installed version of intelmq-manager is too old, at least version 3.1.0 is required.',
- file=sys.stderr)
- return
- src_dir = Path(pkg_resources.resource_filename('intelmq_manager', ''))
- html_dir_destination = Path('/usr/share/intelmq_manager/html')
-
- if not src_dir.as_posix().startswith('/usr/'):
- # Paths differ in editable installations
- print(red("Detected an editable (egg-link) pip-installation of intelmq-manager. Some features of this program may not work."))
-
- intelmq_manager.build.buildhtml(html_dir_destination)
-
-
 def main():
  parser = argparse.ArgumentParser("Set's up directories and example "
  "configurations for IntelMQ.")
@@ -306,44 +134,23 @@ def main():
  help='The state file location to use.',
  default=STATE_FILE_PATH)
  parser.add_argument('--webserver-user',
- help='The webserver to use instead of auto-detection.')
+ help='(DEPRECATED) The webserver to use instead of auto-detection.')
  parser.add_argument('--webserver-configuration-directory',
- help='The webserver configuration directory to use instead of auto-detection.')
+ help='(DEPRECATED) The webserver configuration directory to use instead of auto-detection.')
  parser.add_argument('--skip-api',
- help='Skip set-up of intelmq-api.',
+ help='(DEPRECATED) Skip set-up of intelmq-api.',
  action='store_true')
  parser.add_argument('--skip-webserver',
- help='Skip all operations on the webserver configuration, affects the API and Manager.',
+ help='(DEPRECATED) Skip all operations on the webserver configuration, affects the API and Manager.',
  action='store_true')
  parser.add_argument('--skip-manager',
- help='Skip set-up of intelmq-manager.',
+ help='(DEPRECATED) Skip set-up of intelmq-manager.',
  action='store_true')
  args = parser.parse_args()
 
  basic_checks(skip_ownership=args.skip_ownership)
  intelmqsetup_core(ownership=not args.skip_ownership,
  state_file=args.state_file)
- if intelmq_api and not args.skip_api:
- print(f'Running setup for intelmq-api (version {intelmq_api.version.__version__}).')
- intelmqsetup_api(ownership=not args.skip_ownership,
- webserver_user=args.webserver_user)
- if not args.skip_webserver:
- print('Running webserver setup for intelmq-api.')
- intelmqsetup_api_webserver_configuration(webserver_configuration_directory=args.webserver_configuration_directory)
- else:
- print('Skipping set-up of intelmq-api.')
- if intelmq_manager and not args.skip_manager and not args.skip_webserver:
- print('Running webserver setup for intelmq-manager.')
- intelmqsetup_manager_webserver_configuration(webserver_configuration_directory=args.webserver_configuration_directory)
- else:
- print('Skipping intelmq-manager configuration.')
- if intelmq_manager and not args.skip_manager:
- manager_version = pkg_resources.get_distribution('intelmq-manager').version
- print(f'Generate and save intelmq-manager (version {manager_version}) static files.')
- intelmqsetup_manager_generate()
-
- if NOTE_WEBSERVER_RELOAD:
- print('Reload the webserver to make the changes effective.')
 
  print("'intelmqsetup' completed.")