diff --git a/config/opennsa.conf.template b/config/opennsa.conf.template index 71c739b28e8fe36d44f9c286123b8bf0250fc62b..29403a8de687b57de2f37ab3ad1a6f2f1fbaf653 100644 --- a/config/opennsa.conf.template +++ b/config/opennsa.conf.template @@ -16,4 +16,3 @@ tls=${TLS_ENABLED} [dud:topology] nrmmap=${NRM_FILE} - diff --git a/docker-compose.override.yml_placeholder b/docker-compose.override.yml_placeholder index b45c9feffdb2f27d79ec3ccf531aed29b501088d..7dea08cee614167e98fdcc7bf21c5afe2ef97052 100644 --- a/docker-compose.override.yml_placeholder +++ b/docker-compose.override.yml_placeholder @@ -15,7 +15,7 @@ services: #volumes: # - ./config/myNRMFile.nrm:/home/opennsa/opennsa/config/opennsa.nrm db: - image: postgres:9.6.5 + image: postgres:12 ##Expose 5432 locally ports: - 5432:5432 diff --git a/docker-compose.yml b/docker-compose.yml index 7b6080725b9a6bd3b6c5d584a4181b61e54dce0f..b370e4a475564b3beaeb2cb9d28c3ddc52f47d35 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: db: - image: postgres:9.6.5 + image: postgres:12 expose: - 5432 volumes: diff --git a/docker/Dockerfile b/docker/Dockerfile index 51ee956203c7415b12e43880a96a9f0cbe12822b..446748af97feb0174b875bbbdd61f6a285dc38cc 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,7 +5,6 @@ FROM debian:stable-slim LABEL maintainer="Henrik Thostrup Jensen <htj@nordu.net>" # -- Environment -- -ENV GIT_REPO https://github.com/NORDUnet/opennsa ENV USER opennsa @@ -19,26 +18,15 @@ ADD . /home/$USER/opennsa/ # pyasn1 and crypto is needed for ssh backends RUN apt update \ && apt install -y \ - git-core \ + libpq-dev \ python3 \ - python3-twisted-bin \ - python3-openssl \ - python3-psycopg2 \ python3-pip \ - python3-cryptography \ - python3-dateutil \ - && pip3 install \ - twistar \ - service-identity \ - pyasn1 \ - # -- Instal OpenNSA -- - # && echo git clone $GIT_REPO \ - # && su - $USER -c "git clone $GIT_REPO" \ - ## Unsure why but this needs to be pulled away from the main apt install + netcat \ + iputils-ping \ + && pip3 install -r /home/$USER/opennsa/requirements.txt \ && chown $USER:$USER -R /home/opennsa/opennsa \ - && apt install -y netcat iputils-ping \ # -- Cleanup -- - && apt remove -y git-core python3-pip \ + && apt remove -y python3-pip \ && apt autoremove -y \ && rm -rf /var/lib/apt/lists/* \ && cp /home/$USER/opennsa/docker/run_opennsa.sh /home/$USER/opennsa \ diff --git a/opennsa/opennsaTlsContext.py b/opennsa/opennsaTlsContext.py index 6f98125781b8afa49caef1fd2f6fa6d4daad3a1a..c13e5beb132d98faf3a282b86c4bf56b88fc16fc 100755 --- a/opennsa/opennsaTlsContext.py +++ b/opennsa/opennsaTlsContext.py @@ -44,11 +44,14 @@ class opennsaTlsContext: try: CACertificates.append(ssl.Certificate.loadPEM(CAFileContent)) except crypto.Error as error: - log.msg('Cannot load CA certificate from %s: %s' % (CAFilename, error), system = LOG_SYSTEM) + log.msg(f'Cannot load CA certificate from {CAFilename}: {error}', system=LOG_SYSTEM) else: - log.msg('Loaded CA certificate %s' % (str(CACertificates[-1].getSubject())), system = LOG_SYSTEM) + try: + log.msg(f'Loaded CA certificate {CACertificates[-1].getSubject()}', system=LOG_SYSTEM) + except: + log.msg("Failed to serialize Certificate Subject") if len(CACertificates) == 0: - print('No certificiates loaded for CTX verificiation. CA verification will not work.') + print('No certificates loaded for CTX verification. CA verification will not work.') return ssl.trustRootFromCertificates(CACertificates) def getTrustRoot(self): diff --git a/requirements.txt b/requirements.txt index 336060f6df8a1ccfeca18f92336d99a93dd32489..a677a0ae0b1d7e6fc34bb41b27f340668b48e260 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,9 +1,9 @@ -#twisted>=19.7.0 twisted>=21.2.0 twistar>=2.0 -#psycopg2>=2.7,<2.8 --no-binary psycopg2 -psycopg2 +psycopg2>=2.9,<2.10 --no-binary psycopg2 pyOpenSSL>=17.5.0 -python-dateutil -service_identity -idna \ No newline at end of file +python-dotenv>=0.19.0 +cryptography>=3.4.8 +python-dateutil>=2.8,<2.9 +service-identity>=21.1.0,<22.0.0 +idna>=3.2,<3.3