Commit bbf29a44 authored by Valentin Samir's avatar Valentin Samir

[gestion/tools] apt-keys-crans.py, un script qui génère automatiquement...

[gestion/tools] apt-keys-crans.py, un script qui génère automatiquement /bcfg2/Cfg/etc/crans/apt-keys/

À partir des fpr de la base ldap
parent d3c475c6
#!/bin/bash /usr/scripts/python.sh
# -*- coding: utf-8 -*-
import os
from subprocess import Popen, PIPE, STDOUT
import lc_ldap.shortcuts
from socket import gethostname
keyserver='komaz.adm.crans.org'
basedir='/bcfg2/Cfg/etc/crans/apt-keys/'
conn=lc_ldap.shortcuts.lc_ldap_readonly()
nounou=conn.search(u"(&(gpgFingerprint=*)(droits=nounou))")
fpr=[u['gpgFingerprint'][0].value for u in nounou]
def refresh_keys():
p = Popen(['gpg', '--keyserver', 'komaz.adm.crans.org', '--recv-keys'] + fpr, stdout=PIPE, stdin=PIPE, stderr=STDOUT)
ret=p.communicate()
if ret[1]:
print ret[1]
if ret[0]:
print ret[0]
def write_keys():
for user in nounou:
try:
os.mkdir(basedir + '%s.asc/' % user['uid'][0])
except OSError:
pass
path=basedir + '%s.asc/%s.asc' % (user['uid'][0],user['uid'][0])
# Est-ce que ça serait bien de mettre --export-options export-minimal ?
p = Popen(['gpg', '--armor', '--export', user['gpgFingerprint'][0].value], stdout=PIPE, stdin=PIPE, stderr=STDOUT)
ret=p.communicate()
if ret[1]:
print ret[1]
if ret[0]:
with open(path, 'w') as f:
f.write(ret[0])
f.close()
print "Witten down %s" % path
if __name__ == '__main__':
if gethostname() != 'bcfg2':
print "Doit être lancé sur bcfg2"
exit(1)
else:
refresh_keys()
write_keys()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment