Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

scripts: Allow configuring a custom CA bundle for build process. 

For building Zulip in an environment where a custom CA certificate is
required to access the public Internet, one needs to be able to
specify that CA certificate for all network access done by the Zulip
installer/build process.  This change allows configuring that via the
environment.
This commit is contained in:
xificurC 2018-08-02 16:29:47 +02:00 committed by Tim Abbott
parent 4dbf59dbaa
commit 9e053c74cf
5 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/lib/install
View File

@ -11,6 +11,7 @@ Other options:
--certbot --certbot
--self-signed-cert --self-signed-cert
--no-init-db --no-init-db
--cacert
The --hostname and --email options are required, The --hostname and --email options are required,
unless --no-init-db is set and --certbot is not. unless --no-init-db is set and --certbot is not.
@ -21,12 +22,13 @@ EOF
# Shell option parsing. Over time, we'll want to move some of the # Shell option parsing. Over time, we'll want to move some of the
# environment variables below into this self-documenting system. # environment variables below into this self-documenting system.
args="$(getopt -o '' --long help,no-init-db,self-signed-cert,certbot,hostname:,email: -n "$0" -- "$@")" args="$(getopt -o '' --long help,no-init-db,self-signed-cert,certbot,hostname:,email:,cacert: -n "$0" -- "$@")"
eval "set -- $args" eval "set -- $args"
while true; do while true; do
case "$1" in case "$1" in
--help) usage;; --help) usage;;
--self-signed-cert) SELF_SIGNED_CERT=1; shift;; --self-signed-cert) SELF_SIGNED_CERT=1; shift;;
--cacert) export CUSTOM_CA_CERTIFICATES="$2"; shift; shift;;
--certbot) USE_CERTBOT=1; shift;; --certbot) USE_CERTBOT=1; shift;;
--hostname) EXTERNAL_HOST="$2"; shift; shift;; --hostname) EXTERNAL_HOST="$2"; shift; shift;;
--email) ZULIP_ADMINISTRATOR="$2"; shift; shift;; --email) ZULIP_ADMINISTRATOR="$2"; shift; shift;;

6
scripts/lib/install-node
View File

@ -28,7 +28,11 @@ fi
if [ "$current_node_version" != "v$node_version" ] || ! [ -L "$node_wrapper_path" ]; then if [ "$current_node_version" != "v$node_version" ] || ! [ -L "$node_wrapper_path" ]; then
export NVM_DIR=/usr/local/nvm export NVM_DIR=/usr/local/nvm
if ! [ -e "$NVM_DIR/nvm.sh" ]; then if ! [ -e "$NVM_DIR/nvm.sh" ]; then
wget -nv -O- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash wget_opts=(-nv)
if [ -n "${CUSTOM_CA_CERTIFICATES:-}" ]; then
wget_opts+=(--ca-certificate "${CUSTOM_CA_CERTIFICATES}")
fi
wget "${wget_opts[@]}" -O- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
fi fi
# shellcheck source=/dev/null # shellcheck source=/dev/null

2
scripts/lib/node_cache.py
View File

@ -90,6 +90,8 @@ def do_yarn_install(target_path, yarn_args, success_stamp, stdout=None, stderr=N
if os.path.exists("node_modules"): if os.path.exists("node_modules"):
cmds.append(["cp", "-R", "node_modules/", cached_node_modules]) cmds.append(["cp", "-R", "node_modules/", cached_node_modules])
cd_exec = os.path.join(ZULIP_PATH, "scripts/lib/cd_exec") cd_exec = os.path.join(ZULIP_PATH, "scripts/lib/cd_exec")
if os.environ.get('CUSTOM_CA_CERTIFICATES'):
cmds.append([YARN_BIN, "config", "set", "cafile", os.environ['CUSTOM_CA_CERTIFICATES']])
cmds.append([cd_exec, target_path, YARN_BIN, "install", "--non-interactive"] + cmds.append([cd_exec, target_path, YARN_BIN, "install", "--non-interactive"] +
yarn_args) yarn_args)
cmds.append(['touch', success_stamp]) cmds.append(['touch', success_stamp])

12
scripts/lib/setup_venv.py
View File

@ -252,6 +252,13 @@ def setup_virtualenv(target_venv_path, requirements_file, virtualenv_args=None,
exec(open(activate_this).read(), {}, dict(__file__=activate_this)) exec(open(activate_this).read(), {}, dict(__file__=activate_this))
return cached_venv_path return cached_venv_path
def add_cert_to_pipconf():
# type: () -> None
conffile = os.path.expanduser("~/.pip/pip.conf")
confdir = os.path.expanduser("~/.pip/")
os.makedirs(confdir, exist_ok=True)
run(["crudini", "--set", conffile, "global", "cert", os.environ["CUSTOM_CA_CERTIFICATES"]])
def do_setup_virtualenv(venv_path, requirements_file, virtualenv_args): def do_setup_virtualenv(venv_path, requirements_file, virtualenv_args):
# type: (str, str, List[str]) -> None # type: (str, str, List[str]) -> None
@ -272,6 +279,11 @@ def do_setup_virtualenv(venv_path, requirements_file, virtualenv_args):
activate_this = os.path.join(venv_path, "bin", "activate_this.py") activate_this = os.path.join(venv_path, "bin", "activate_this.py")
exec(open(activate_this).read(), {}, dict(__file__=activate_this)) exec(open(activate_this).read(), {}, dict(__file__=activate_this))
# use custom certificate if needed
if os.environ.get('CUSTOM_CA_CERTIFICATES'):
print("Configuring pip to use custom CA certificates...")
add_cert_to_pipconf()
try: try:
install_venv_deps(requirements_file) install_venv_deps(requirements_file)
except subprocess.CalledProcessError: except subprocess.CalledProcessError:

2
tools/update-authors-json
View File

@ -49,7 +49,7 @@ ContributorsJSON = TypedDict('ContributorsJSON', {
def fetch_contributors(repo_link: str) -> Optional[List[Dict[str, Dict[str, Any]]]]: def fetch_contributors(repo_link: str) -> Optional[List[Dict[str, Dict[str, Any]]]]:
r = requests.get(repo_link) # type: requests.Response r = requests.get(repo_link, verify=os.environ.get('CUSTOM_CA_CERTIFICATES')) # type: requests.Response
return r.json() if r.status_code == 200 else None return r.json() if r.status_code == 200 else None
def write_to_disk(json_data: ContributorsJSON, out_file: str) -> None: def write_to_disk(json_data: ContributorsJSON, out_file: str) -> None: