slaprunner: drop collective.recipe.shelloutput and use slapos.recipe.build

collective.recipe.shelloutput does not work well with Python 3: it outputs values as bytes, which are printed in the format "!py!b'XXX'". The new "init" option is used as a replacement.

slaprunner: drop collective.recipe.shelloutput and use slapos.recipe.build
collective.recipe.shelloutput does not work well with Python 3: it outputs values as bytes, which are printed in the format "!py!b'XXX'". The new "init" option is used as a replacement.
f936ea2c · Bryton Lacquement · 3bb802c6 · f936ea2c · f936ea2c · f936ea2c
Commit f936ea2c authored Feb 25, 2020 by Bryton Lacquement 🚪
3 changed files
--- a/software/slaprunner/buildout.hash.cfg
+++ b/software/slaprunner/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = 8b78e32b877d591400746ec7fd68ed4c

 [template-runner]
 filename = instance-runner.cfg
-md5sum = be6d9d1c770a1ca63fce40093ffc25b4
+md5sum = 99f2c1e0ff1668e57a242a77a33b4d23

 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2

--- a/software/slaprunner/instance-runner.cfg
+++ b/software/slaprunner/instance-runner.cfg
@@ -287,35 +287,29 @@ extra-args=-t rsa
 <=runner-sshd-ssh-keygen-base
 extra-args=-t ecdsa -b 521

-[runner-sshd-publickey-fingerprint-shelloutput]
-recipe = collective.recipe.shelloutput
-# XXX because collective.recipe.shelloutput ignore errors, we run the same
-# command in a plone.recipe.command so that if fails if something goes wrong.
-commands =
-  fingerprint = bash -o pipefail -c "${openssh-output:keygen} -lf $${runner-sshd-ssh-host-ecdsa-key:output} | cut  -f 2 -d\ | sed 's/+/%2B/g' | sed 's/\//%2F/g' | sed 's/SHA256://'"
-
 [runner-sshd-publickey-fingerprint]
 # fingerprint for ssh url, see
 # https://tools.ietf.org/id/draft-salowey-secsh-uri-00.html#connparam
 # https://winscp.net/eng/docs/session_url#hostkey
-
-_fingerprint = $${runner-sshd-publickey-fingerprint-shelloutput:fingerprint}
-
-# format is host-key-alg-fingerprint, but we know that
-# $${runner-sshkeys-sshd:public-key} is rsa so for host-key-alg
-# we just use use rsa.
-fingerprint = ssh-rsa-$${:_fingerprint}
-
-# XXX because collective.recipe.shelloutput ignore errors and capture output
-# "Error ...", we use a plone.recipe.command to check that this command did
-# not fail.
-# This command will always fail on first buildout run, because
-# collective.recipe.shelloutput is evaluated at buildout recipes __init__ step,
-# but the key file is created later at install step.
-recipe = plone.recipe.command
-stop-on-error = true
-command = echo "$${:_fingerprint}" | ( grep ^Error || exit 0 && exit 1 )
-
+recipe = slapos.recipe.build
+init =
+  import os
+  import subprocess
+  from six.moves.urllib.parse import quote
+  keyfile = self.buildout['runner-sshd-ssh-host-ecdsa-key']['output']
+  if os.path.isfile(keyfile):
+    x = subprocess.check_output(('${openssh-output:keygen}', '-lf', keyfile))
+    x = x.split()[1]
+    assert x.startswith(b'SHA256:'), x
+    # format is host-key-alg-fingerprint, but we know that
+    # $${runner-sshd-ssh-host-ecdsa-key:output} is rsa so for host-key-alg
+    # we just use use rsa.
+    options['fingerprint'] = "ssh-rsa-" + quote(x[7:], safe='')
+  else:
+    # This command will always fail on first buildout run, because it is
+    # evaluated at buildout recipes __init__ step, but the key file is created
+    # later at install step.
+    options['fingerprint'] = "NotReady"

 #---------------------------
 #--

--- a/software/slaprunner/software.cfg
+++ b/software/slaprunner/software.cfg
@@ -150,7 +150,6 @@ eggs =
  erp5.util
  lock-file
  plone.recipe.command
-  collective.recipe.shelloutput
  slapos.recipe.build
  slapos.toolbox[flask_auth]
  gunicorn