subprocess command fails
Brad s
bcddd214 at gmail.com
Fri Feb 20 23:47:24 EST 2015
Yes, the program deletes the same files it produces. It looks to see if old stuff is there and if it exist, it deletes the files and creates and entirely new DNS zone with keys and then it is supposed to sign it.
The last step is where it is still failing but your code helped me to figure out why.
I am signing the zone with the current date/date (which is incorrect but was done for testing purposes.
I figured out how to add 2 years to the current data/time but I am unable to strip the formatting once I apply my + 2 years trick.
How can I add 2 years to stripped format date/time?
# dnssec-signzone -e20150221040000 -p -t -g -k Ktest123.com.ksk.key -o test123.com test123.com.external Ktest123.com.zsk.key
dnssec-signzone: fatal: No self-signed KSK DNSKEY found. Supply an active
key with the KSK flag set, or use '-P'.
# dnssec-signzone -e20160221040000 -p -t -g -k Ktest123.com.ksk.key -o test123.com test123.com.external Ktest123.com.zsk.key
Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked
test123.com.external.signed
Signatures generated: 9
Signatures retained: 0
Signatures dropped: 0
Signatures successfully verified: 0
Signatures unsuccessfully verified: 0
Signing time in seconds: 0.014
Signatures per second: 631.756
Runtime in seconds: 0.018
current code:
# cat makekeys.py
#!/usr/bin/python3.4
import subprocess
import sys
import string
import os.path
import datetime
import shlex
from time import gmtime, strftime
from subprocess import Popen, PIPE, STDOUT
pretime = strftime("%Y%m%d%H", gmtime())
time = datetime.datetime.strptime(pretime,'%Y%m%d%H')
print (time)
plustime = datetime.timedelta(days=730)
timeadd = (time + plustime)
str(timeadd)
#ndate = datetime.strptime(timeadd, '%Y%m%d%H')
#timeadd = timeadd.replace(tzinfo=UTC())
print (timeadd)
dname = input("Enter the domain to configure keys for? ")
if os.path.exists(dname+".external.signed"):
os.remove(dname+".external.signed")
#os.remove(dname+".external")
os.remove(dname+".ksk.key")
os.remove(dname+".zsk.key")
os.remove(dname+".ksk.private")
os.remove(dname+".zsk.private")
fd = open( dname+".external", 'w')
fd.write("$TTL 86400\n")
fd.write("$ORIGIN "+dname+".\n")
fd.write("@ 1D IN SOA yoda.ex-mailer.com. admin@"+dname+".(\n")
fd.write(" "+strftime("%Y%m%d%H", gmtime())+"\n")
#fd.write(" "+repr(timeadd)+"\n")
fd.write(" 3h\n")
fd.write(" 1h\n")
fd.write(" 1w\n")
fd.write(" 1h)\n")
fd.write(" IN NS yoda.ex-mailer.com.\n")
fd.write(" IN NS r2d2.ex-mailer.com.\n")
fd.write(dname+". IN TXT v=spf1 mx a:r2d2.ex-mailer.com -all\n")
fd.write(dname+". MX 0 r2d2.ex-mailer.com.\n")
fd.write("mail."+dname+". IN A 107.191.60.48\n")
fd.write("$include /usr/local/etc/namedb/K"+dname+".zsk.key ; ZSK\n")
fd.write("$include /usr/local/etc/namedb/K"+dname+".ksk.key ; KSK\n")
fd.close()
result = subprocess.check_output(["dnssec-keygen", "-f", "KSK", "-r", "/dev/urandom", "-a", "RSASHA256", "-b", "2048", "-n", "ZONE", dname])
result_utf8 = result.decode("utf-8").strip()
mylist = list(result_utf8)
print (mylist[0])
listlen= len(mylist)
array = list()
listlen -= 11
i = 0
while( i < listlen ):
#if mylist != '\n' ^ mylist != '':
array.insert(i, mylist[i])
i = i + 1
combined = "".join(array)
print ('combined')
print (combined)
fmove = subprocess.call(["mv", result_utf8+".key",combined +".ksk.key"])
fmove = subprocess.call(["mv", result_utf8+".private",combined +".ksk.private"])
zresult = subprocess.check_output(["dnssec-keygen","-r","/dev/urandom","-a","RSASHA256","-b","2048","-n","ZONE", dname])
zresult_utf8 = zresult.decode("utf-8").strip()
myzlist = list(zresult_utf8)
print (myzlist[0])
zlistlen= len(myzlist)
zarray = list()
zlistlen -= 11
zi = 0
while( zi <zlistlen ):
zarray.insert(zi, myzlist[zi])
zi = zi + 1
zcombined = "".join(zarray)
zfmove = subprocess.call(["mv", zresult_utf8+".key",zcombined+".zsk.key"])
zfmove = subprocess.call(["mv", zresult_utf8+".private",zcombined+".zsk.private"])
#sfmove = subprocess.call(['dnssec-signzone','-e',strftime('%Y%m%d%H', gmtime())+'0000','-p','-t','-g','-k',zcombined+'.ksk.key','-o',dname,dname+'.external',zcombined+'.zsk.key'])
#cmd = "dnssec-signzone','-e',strftime('%Y%m%d%H', gmtime())+'0000','-p','-t','-g','-k','K'+dname+'.ksk.key','-o',dname,dname+'.external','K"+dname+'.zsk.key'
#subprocess.check_call(shlex.split(sfmove))
cmdargv = [ 'dnssec-signzone',
'-e'+strftime('%Y%m%d%H', gmtime())+'0000',
'-p',
'-t',
'-g',
'-k', zcombined+'.ksk.key',
'-o', dname,
dname+'.external',
zcombined+'.zsk.key'
]
print("command = %r" % (cmdargv,))
sfmove = subprocess.call(cmdargv)
also, is the % to Python what precision is to C++?
On Friday, February 20, 2015 at 6:30:51 PM UTC-5, Brad s wrote:
> # cat makekeys.py
> #!/usr/bin/python3.4
> import subprocess
> import sys
> import string
> import os.path
> import datetime
> import shlex
> from time import gmtime, strftime
> from subprocess import Popen, PIPE, STDOUT
>
> pretime = strftime("%Y%m%d%H", gmtime())
> time = datetime.datetime.strptime(pretime,'%Y%m%d%H')
> print (time)
> plustime = datetime.timedelta(days=730)
> timeadd = (time + plustime)
> str(timeadd)
> #ndate = datetime.strptime(timeadd, '%Y%m%d%H')
> #timeadd = timeadd.replace(tzinfo=UTC())
> print (timeadd)
>
> dname = input("Enter the domain to configure keys for? ")
> if os.path.exists(dname+".external.signed"):
> os.remove(dname+".external.signed")
> #os.remove(dname+".external")
> os.remove(dname+".ksk.key")
> os.remove(dname+".zsk.key")
> os.remove(dname+".ksk.private")
> os.remove(dname+".zsk.private")
> fd = open( dname+".external", 'w')
> fd.write("$TTL 86400\n")
> fd.write("$ORIGIN "+dname+".\n")
> fd.write("@ 1D IN SOA yoda.ex-mailer.com. admin@"+dname+".(\n")
> fd.write(" "+strftime("%Y%m%d%H", gmtime())+"\n")
> #fd.write(" "+repr(timeadd)+"\n")
> fd.write(" 3h\n")
> fd.write(" 1h\n")
> fd.write(" 1w\n")
> fd.write(" 1h)\n")
> fd.write(" IN NS yoda.ex-mailer.com.\n")
> fd.write(" IN NS r2d2.ex-mailer.com.\n")
> fd.write(dname+". IN TXT v=spf1 mx a:r2d2.ex-mailer.com -all\n")
> fd.write(dname+". MX 0 r2d2.ex-mailer.com.\n")
> fd.write("mail."+dname+". IN A 107.191.60.48\n")
> fd.write("$include /usr/local/etc/namedb/K"+dname+".zsk.key ; ZSK\n")
> fd.write("$include /usr/local/etc/namedb/K"+dname+".ksk.key ; KSK\n")
> fd.close()
>
>
> result = subprocess.check_output(["dnssec-keygen", "-f", "KSK", "-r", "/dev/urandom", "-a", "RSASHA256", "-b", "2048", "-n", "ZONE", dname])
> result_utf8 = result.decode("utf-8").strip()
> mylist = list(result_utf8)
> print (mylist[0])
> listlen= len(mylist)
> array = list()
> listlen -= 11
> i = 0
> while( i < listlen ):
> #if mylist != '\n' ^ mylist != '':
> array.insert(i, mylist[i])
> i = i + 1
> combined = "".join(array)
> print ('combined')
> print (combined)
> fmove = subprocess.call(["mv", result_utf8+".key",combined +".ksk.key"])
> fmove = subprocess.call(["mv", result_utf8+".private",combined +".ksk.private"])
>
> zresult = subprocess.check_output(["dnssec-keygen","-r","/dev/urandom","-a","RSASHA256","-b","2048","-n","ZONE", dname])
> zresult_utf8 = zresult.decode("utf-8").strip()
> myzlist = list(zresult_utf8)
> print (myzlist[0])
> zlistlen= len(myzlist)
> zarray = list()
> zlistlen -= 11
> zi = 0
> while( zi <zlistlen ):
> zarray.insert(zi, myzlist[zi])
> zi = zi + 1
> zcombined = "".join(zarray)
> zfmove = subprocess.call(["mv", zresult_utf8+".key",zcombined+".zsk.key"])
> zfmove = subprocess.call(["mv", zresult_utf8+".private",zcombined+".zsk.private"])
>
> sfmove = subprocess.call(['dnssec-signzone','-e',strftime('%Y%m%d%H', gmtime())+'0000','-p','-t','-g','-k',zcombined+'.ksk.key','-o',dname,dname+'.external',zcombined+'.zsk.key'])
> #cmd = "dnssec-signzone','-e',strftime('%Y%m%d%H', gmtime())+'0000','-p','-t','-g','-k','K'+dname+'.ksk.key','-o',dname,dname+'.external','K"+dname+'.zsk.key'
> #subprocess.check_call(shlex.split(cmd))
>
>
>
>
>
>
> # python3.4 makekeys.py
> 2015-02-20 23:00:00
> 2017-02-19 23:00:00
> Enter the domain to configure keys for? test123.com
> Generating key pair.........+++ ...............+++
> K
> combined
> Ktest123.com
> Generating key pair...+++ .........................................................+++
> K
> dnssec-signzone: fatal: No self-signed KSK DNSKEY found. Supply an active
> key with the KSK flag set, or use '-P'.
>
> I am trying to execute a subprocess, something done in my script a couple of times. But on the last one, it outputs an error I cannot find the solution to. The exact same command using the same files produced at the command line works just fine.
>
>
>
> command works on the command line:
>
> dnssec-signzone -e20180330000000 -p -t -g -k Ktest123.com.ksk.key -o test123.com test123.com.external Ktest123.com.zsk.key
> Verifying the zone using the following algorithms: RSASHA256.
> Zone fully signed:
> Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
> ZSKs: 1 active, 0 stand-by, 0 revoked
> test123.com.external.signed
> Signatures generated: 9
> Signatures retained: 0
> Signatures dropped: 0
> Signatures successfully verified: 0
> Signatures unsuccessfully verified: 0
> Signing time in seconds: 0.010
> Signatures per second: 875.401
> Runtime in seconds: 0.013
More information about the Python-list
mailing list