summary refs log tree commit diff
path: root/nixos/modules/services/misc/taskserver/helper-tool.py
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/misc/taskserver/helper-tool.py')
-rw-r--r--nixos/modules/services/misc/taskserver/helper-tool.py54
1 files changed, 36 insertions, 18 deletions
diff --git a/nixos/modules/services/misc/taskserver/helper-tool.py b/nixos/modules/services/misc/taskserver/helper-tool.py
index cd712332e03..30dcfe0a7a2 100644
--- a/nixos/modules/services/misc/taskserver/helper-tool.py
+++ b/nixos/modules/services/misc/taskserver/helper-tool.py
@@ -69,6 +69,24 @@ def taskd_cmd(cmd, *args, **kwargs):
     )
 
 
+def certtool_cmd(*args, **kwargs):
+    """
+    Invoke certtool from GNUTLS and return the output of the command.
+
+    The provided arguments are added to the certtool command and keyword
+    arguments are added to subprocess.check_output().
+
+    Note that this will suppress all output of certtool and it will only be
+    printed whenever there is an unsuccessful return code.
+    """
+    return subprocess.check_output(
+        [CERTTOOL_COMMAND] + list(args),
+        preexec_fn=lambda: os.umask(0077),
+        stderr=subprocess.STDOUT,
+        **kwargs
+    )
+
+
 def label(msg):
     if sys.stdout.isatty() or sys.stderr.isatty():
         sys.stderr.write(msg + "\n")
@@ -113,8 +131,7 @@ def generate_key(org, user):
     try:
         os.makedirs(basedir, mode=0700)
 
-        cmd = [CERTTOOL_COMMAND, "-p", "--bits", "2048", "--outfile", privkey]
-        subprocess.check_call(cmd, preexec_fn=lambda: os.umask(0077))
+        certtool_cmd("-p", "--bits", "2048", "--outfile", privkey)
 
         template_data = [
             "organization = {0}".format(org),
@@ -125,13 +142,14 @@ def generate_key(org, user):
         ]
 
         with create_template(template_data) as template:
-            cmd = [CERTTOOL_COMMAND, "-c",
-                   "--load-privkey", privkey,
-                   "--load-ca-privkey", cakey,
-                   "--load-ca-certificate", cacert,
-                   "--template", template,
-                   "--outfile", pubcert]
-            subprocess.check_call(cmd, preexec_fn=lambda: os.umask(0077))
+            certtool_cmd(
+                "-c",
+                "--load-privkey", privkey,
+                "--load-ca-privkey", cakey,
+                "--load-ca-certificate", cacert,
+                "--template", template,
+                "--outfile", pubcert
+            )
     except:
         rmtree(basedir)
         raise
@@ -152,15 +170,15 @@ def revoke_key(org, user):
         oldcrl = NamedTemporaryFile(mode="wb", prefix="old-crl")
         oldcrl.write(open(crl, "rb").read())
         oldcrl.flush()
-        cmd = [CERTTOOL_COMMAND,
-               "--generate-crl",
-               "--load-crl", oldcrl.name,
-               "--load-ca-privkey", cakey,
-               "--load-ca-certificate", cacert,
-               "--load-certificate", pubcert,
-               "--template", template,
-               "--outfile", crl]
-        subprocess.check_call(cmd, preexec_fn=lambda: os.umask(0077))
+        certtool_cmd(
+            "--generate-crl",
+            "--load-crl", oldcrl.name,
+            "--load-ca-privkey", cakey,
+            "--load-ca-certificate", cacert,
+            "--load-certificate", pubcert,
+            "--template", template,
+            "--outfile", crl
+        )
         oldcrl.close()
     rmtree(basedir)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 08:49:10 +0000