Skip to content

Commit

Permalink
Don't setup openssl if the openssl binary cannot be found
Browse files Browse the repository at this point in the history 
```
  Traceback (most recent call last):
    File "/opt/saltstack/salt/lib/python3.10/site.py", line 186, in addpackage
      exec(line)
    File "<string>", line 1, in <module>
    File "/opt/saltstack/salt/lib/python3.10/site-packages/relenv/runtime.py", line 969, in bootstrap
      setup_openssl()
    File "/opt/saltstack/salt/lib/python3.10/site-packages/relenv/runtime.py", line 802, in setup_openssl
      proc = subprocess.run(
    File "/opt/saltstack/salt/lib/python3.10/subprocess.py", line 503, in run
      with Popen(*popenargs, **kwargs) as process:
    File "/opt/saltstack/salt/lib/python3.10/subprocess.py", line 971, in __init__
      self._execute_child(args, executable, preexec_fn, close_fds,
    File "/opt/saltstack/salt/lib/python3.10/subprocess.py", line 1738, in _execute_child
      and os.path.dirname(executable)
    File "/opt/saltstack/salt/lib/python3.10/posixpath.py", line 152, in dirname
      p = os.fspath(p)
  TypeError: expected str, bytes or os.PathLike object, not NoneType
```

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
  • Loading branch information
@s0undt3ch @dwoz
s0undt3ch authored and dwoz committed Nov 7, 2023
1 parent 208d174 commit 3da9381
Showing 1 changed file with 28 additions and 29 deletions.
57 changes: 28 additions & 29 deletions relenv/runtime.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -791,14 +791,18 @@ def setup_openssl():
"""
Configure openssl certificate locations.
"""
openssl_bin = shutil.which("openssl")
if not openssl_bin:
debug("Could not find the 'openssl' binary in the path")
return

if "OPENSSL_MODULES" not in os.environ and sys.platform != "win32":
# First try and load the system's fips provider. Then load relenv's
# legacy and default providers. The fips provider must be loaded first
# in order OpenSSl to work properly..

# Try and determine the system's openssl modules directory. This is so
# we can use the system installed fips provider if it configured.
openssl_bin = shutil.which("openssl")
proc = subprocess.run(
[openssl_bin, "version", "-m"],
universal_newlines=True,
Expand Down Expand Up @@ -833,35 +837,30 @@ def setup_openssl():
# XXX Should we also setup SSL_CERT_FILE, OPENSSL_CONF &
# OPENSSL_CONF_INCLUDE?
if "SSL_CERT_DIR" not in os.environ and sys.platform != "win32":
openssl_bin = shutil.which("openssl")
if not openssl_bin:
debug("Could not find the 'openssl' binary in the path")
proc = subprocess.run(
[openssl_bin, "version", "-d"],
universal_newlines=True,
shell=False,
check=False,
capture_output=True,
)
if proc.returncode != 0:
msg = "Unable to get the certificates directory from openssl"
if proc.stderr:
msg += f": {proc.stderr}"
debug(msg)
else:

proc = subprocess.run(
[openssl_bin, "version", "-d"],
universal_newlines=True,
shell=False,
check=False,
capture_output=True,
)
if proc.returncode != 0:
msg = "Unable to get the certificates directory from openssl"
if proc.stderr:
msg += f": {proc.stderr}"
debug(msg)
else:
try:
_, directory = proc.stdout.split(":")
except ValueError:
debug("Unable to parse openssldir")
return
path = pathlib.Path(directory.strip().strip('"'))
if not os.environ.get("SSL_CERT_DIR"):
os.environ["SSL_CERT_DIR"] = str(path / "certs")
cert_file = path / "cert.pem"
if cert_file.exists() and not os.environ.get("SSL_CERT_FILE"):
os.environ["SSL_CERT_FILE"] = str(cert_file)
try:
_, directory = proc.stdout.split(":")
except ValueError:
debug("Unable to parse openssldir")
return
path = pathlib.Path(directory.strip().strip('"'))
if not os.environ.get("SSL_CERT_DIR"):
os.environ["SSL_CERT_DIR"] = str(path / "certs")
cert_file = path / "cert.pem"
if cert_file.exists() and not os.environ.get("SSL_CERT_FILE"):
os.environ["SSL_CERT_FILE"] = str(cert_file)


def set_openssl_modules_dir(path):
Expand Down

0 comments on commit 3da9381

Please sign in to comment.