Created by: hidrarga
I'm proposing to move renew_from_cube.py, which was nothing more than a Yunohost wrapper for the renewal script, and to put it directly inside the Neutrinet app.
So, the main (and only) script is now renew.py, which you can safely run from your computer. If you want to run this script on a cube, there will be a bash script on the Neutrinet app repository. I'm just waiting for Ilja to make his own changes on the packaging stuff. I can also provide the bash script here meanwhile, so that you can review it, but we'll have to move it later on. Let me know what you prefer.
There are quite a lot of changes in this pull request:
- Use pyOpenSSL instead of making system calls to openssl
- Use Argparse, the built-in argument parser in python. I also added a bunch of parameters (see the README.md)
- Use the built-in python logger. By default it only display info (and more critical) messages, but we can choose to display debug messages as well with the
- Based on this article, use a retry session for the queries to the Neutrinet API
- Check that the public part of the client certificate (when provided) will be soon expired before starting the renewal. Before the migration, this task was done by the renew_from_cube.py script, but it's better to move it here, because when you run it on your computer, you'd expect that the script checks the expiration date before renewing.
- Let the user provide the target directory. This part is necessary for the Neutrinet app that will renew the certificates on the cube, because otherwise it would be too difficult to get back the newly generated target directory… Note that when you don't provide the target directory, the directory is generated as before.
- Remove the dependency to StringIO as it is not needed in python3, and use BytesIO instead.
I successfully tested the script on my machine and on a cube.