Commit bba95ed5 authored by Leigh Stoller's avatar Leigh Stoller

A couple of missing pieces for secure images and image relocation.

parent 7a2a2578
......@@ -40,7 +40,7 @@ SBIN_STUFF = cleanupslice gencabundle cleanupticket aptssh-setup \
sliveraction openvpn-setup
PSBIN_STUFF = register_resources expire_daemon gencrl postcrl \
addauthority getcacerts \
addauthority getcacerts ims_daemon \
gencrlbundle shutdownslice remauthority listusage \
update reregister listhistory \
register_sliver sa_daemon genadmincredential \
......@@ -52,7 +52,7 @@ PSBIN_STUFF = register_resources expire_daemon gencrl postcrl \
mondbd parsecert creategeniuser webcreategeniuser \
updategeniuser webupdategeniuser verifycert webverifycert \
postimagedata getimagedata triggerimageupdate \
deleteimagedata secureimageget
deleteimagedata secureimageget genimagecredential
ifeq ($(ISCLEARINGHOUSE),1)
PSBIN_STUFF += ch_daemon
......
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2019 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
# GENI Public License
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
#
# }}}
#
use strict;
use English;
use Getopt::Std;
use Date::Parse;
use Data::Dumper;
#
# Generate an image credential.
#
sub usage()
{
print "Usage: genimagecredential imageid [-o outfile] [target_urn]\n";
exit(1);
}
my $optlist = "o:";
my $outfile;
my $target;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
my $CMCERT = "$TB/etc/genicm.pem";
my $OURDOMAIN = "@OURDOMAIN@";
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Protos
sub fatal($);
#
# Turn off line buffering on output
#
$| = 1;
# Connect to CM database.
use vars qw($GENI_DBNAME);
$GENI_DBNAME = "geni-cm";
# Now we can load the libraries after setting the proper DB.
use lib '@prefix@/lib';
use emdb;
use emutil;
use GeniUser;
use GeniCertificate;
use GeniCredential;
use GeniAuthority;
use GeniHRN;
use OSImage;
use GeniImage;
if (!$PGENISUPPORT) {
print STDERR "You are not a protogeni site\n";
exit(0);
}
#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"o"})) {
$outfile = $options{"o"};
}
usage()
if (@ARGV < 1 || @ARGV > 2);
my $image = OSImage->Lookup($ARGV[0]);
fatal("No such image")
if (!defined($image));
if (@ARGV == 2) {
$target = GeniAuthority->Lookup($ARGV[1]);
if (!defined($target)) {
fatal("No such authority in DB");
}
}
else {
my $this_user = User->ThisUser();
if (!defined($this_user)) {
fatal("Who are you?");
}
$target = GeniUser->CreateFromLocal($this_user);
if (!defined($target)) {
fatal("Could not create GeniUser for $this_user");
}
}
my $credential = GeniImage::CreateImageCredential($image, $target);
if (!defined($credential)) {
fatal("Could not generate credential");
}
if (defined($outfile)) {
open(CRED, "> $outfile") or
fatal("Could not open file for writing: $!");
print CRED $credential->asString();
close(CRED);
}
else {
print $credential->asString();
}
exit(0);
sub fatal($)
{
my ($msg) = @_;
print STDERR "*** $0:\n".
" $msg\n";
exit(-1);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment