make regenerating the multi-profile example more programmatic
This commit is contained in:
parent
721c571da6
commit
d9ee277ff4
@ -31,16 +31,12 @@
|
|||||||
<!-- You can also use substitution from different profiles: -->
|
<!-- You can also use substitution from different profiles: -->
|
||||||
<!-- <username>{xpath_ref%//profile[@name='another_profile']/meta/names/uxname"}</username> -->
|
<!-- <username>{xpath_ref%//profile[@name='another_profile']/meta/names/uxname"}</username> -->
|
||||||
<name>{xpath_ref%//meta/dev/author/text()}</name>
|
<name>{xpath_ref%//meta/dev/author/text()}</name>
|
||||||
<password hashed="no"
|
<password hashed="no" hash_algo="sha512" salt="auto">testpassword</password>
|
||||||
hash_algo="sha512"
|
|
||||||
salt="auto">testpassword</password>
|
|
||||||
</user>
|
</user>
|
||||||
<user sudo="no">
|
<user sudo="no">
|
||||||
<username>testuser</username>
|
<username>testuser</username>
|
||||||
<name>Test User</name>
|
<name>Test User</name>
|
||||||
<password hashed="no"
|
<password hashed="no" hash_algo="sha512" salt="auto">anothertestpassword</password>
|
||||||
hash_algo="sha512"
|
|
||||||
salt="auto">anothertestpassword</password>
|
|
||||||
</user>
|
</user>
|
||||||
</accounts>
|
</accounts>
|
||||||
<sources>
|
<sources>
|
||||||
@ -49,16 +45,14 @@
|
|||||||
<webroot>/iso/latest</webroot>
|
<webroot>/iso/latest</webroot>
|
||||||
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-x86_64.tar.gz</tarball>
|
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-x86_64.tar.gz</tarball>
|
||||||
<checksum hash="sha1">{xpath_ref%../mirror/text()}{xpath_ref%../webroot/text()}/sha1sums.txt</checksum>
|
<checksum hash="sha1">{xpath_ref%../mirror/text()}{xpath_ref%../webroot/text()}/sha1sums.txt</checksum>
|
||||||
<sig keys="7F2D434B9741E8AC"
|
<sig keys="7F2D434B9741E8AC" keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
||||||
keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
|
||||||
</source>
|
</source>
|
||||||
<source arch="i686">
|
<source arch="i686">
|
||||||
<mirror>http://archlinux32.mirror.domain.tld</mirror>
|
<mirror>http://archlinux32.mirror.domain.tld</mirror>
|
||||||
<webroot>/iso/latest</webroot>
|
<webroot>/iso/latest</webroot>
|
||||||
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-i686.tar.gz</tarball>
|
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-i686.tar.gz</tarball>
|
||||||
<checksum hash="sha512">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/sha512sums.txt</checksum>
|
<checksum hash="sha512">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/sha512sums.txt</checksum>
|
||||||
<sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506"
|
<sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506" keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
||||||
keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
|
||||||
</source>
|
</source>
|
||||||
</sources>
|
</sources>
|
||||||
<build its_full_of_stars="yes">
|
<build its_full_of_stars="yes">
|
||||||
@ -77,24 +71,49 @@
|
|||||||
<basedistro>archlinux</basedistro>
|
<basedistro>archlinux</basedistro>
|
||||||
<iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
|
<iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
|
||||||
<ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
|
<ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
|
||||||
<ssl>
|
<ssl custom="no">
|
||||||
|
<!-- http://ipxe.org/crypto -->
|
||||||
<ca>
|
<ca>
|
||||||
<cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
|
<cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
|
||||||
<csr />
|
<!-- If csr is self-enclosed (<csr />), we'll just generate and use a CSR in-memory.
|
||||||
<key>{xpath_ref%build/paths/ssl/text()}/ca.key</key>
|
Assuming we need to generate a certificate, anyways.
|
||||||
|
If you want to write it out to disk (for debugging, etc.) OR use one already generated,
|
||||||
|
then provide a path.
|
||||||
|
e.g.:
|
||||||
|
<csr>{xpath_ref%build/paths/ssl/text()}/ca.csr</csr> -->
|
||||||
|
<csr/>
|
||||||
|
<key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/ca.key</key>
|
||||||
|
<subject>
|
||||||
|
<commonName>domain.tld</commonName>
|
||||||
|
<countryName>XX</countryName>
|
||||||
|
<localityName>Some City</localityName>
|
||||||
|
<stateOrProvinceName>Some State</stateOrProvinceName>
|
||||||
|
<organization>Some Org, Inc.</organization>
|
||||||
|
<organizationalUnitName>Department Name</organizationalUnitName>
|
||||||
|
<emailAddress>{xpath_ref%../../../../../../meta/names/dev/email/text()}</emailAddress>
|
||||||
|
</subject>
|
||||||
</ca>
|
</ca>
|
||||||
<server>
|
<server>
|
||||||
<cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
|
<cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
|
||||||
<csr />
|
<csr/>
|
||||||
<key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
|
<key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
|
||||||
|
<subject>
|
||||||
|
<commonName>domain.tld (client)</commonName>
|
||||||
|
<countryName>XX</countryName>
|
||||||
|
<localityName>Some City</localityName>
|
||||||
|
<stateOrProvinceName>Some State</stateOrProvinceName>
|
||||||
|
<organization>Some Org, Inc.</organization>
|
||||||
|
<organizationalUnitName>Department Name</organizationalUnitName>
|
||||||
|
<emailAddress>{xpath_ref%../../../../../../meta/names/dev/email/text()}</emailAddress>
|
||||||
|
</subject>
|
||||||
</server>
|
</server>
|
||||||
</ssl>
|
</ssl>
|
||||||
<uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
|
<uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
|
||||||
</ipxe>
|
</ipxe>
|
||||||
<gpg keyid="none" gnupghome="none" publish="no" sync="yes" />
|
<gpg keyid="none" gnupghome="none" publish="no" sync="yes"/>
|
||||||
<sync>
|
<sync>
|
||||||
<http enabled="yes" rsync="yes" />
|
<http enabled="yes" rsync="yes"/>
|
||||||
<tftp enabled="yes" rsync="yes" />
|
<tftp enabled="yes" rsync="yes"/>
|
||||||
<rsync enabled="yes">
|
<rsync enabled="yes">
|
||||||
<user>root</user>
|
<user>root</user>
|
||||||
<path>/srv/http/{xpath_ref%//meta/names/uxname/text()}</path>
|
<path>/srv/http/{xpath_ref%//meta/names/uxname/text()}</path>
|
||||||
@ -105,7 +124,7 @@
|
|||||||
</sync>
|
</sync>
|
||||||
</build>
|
</build>
|
||||||
</profile>
|
</profile>
|
||||||
<profile name="alternate" id="1" uuid="2ed07c19-2071-4d66-8569-da40475ba716">
|
<profile name="alternate" id="2" uuid="2ed07c19-2071-4d66-8569-da40475ba716">
|
||||||
<meta>
|
<meta>
|
||||||
<names>
|
<names>
|
||||||
<name>AnotherCD</name>
|
<name>AnotherCD</name>
|
||||||
@ -120,34 +139,30 @@
|
|||||||
</dev>
|
</dev>
|
||||||
<uri>https://domain.tld/projname</uri>
|
<uri>https://domain.tld/projname</uri>
|
||||||
<ver>0.0.1</ver>
|
<ver>0.0.1</ver>
|
||||||
<max_recurse>3</max_recurse>
|
<max_recurse>5</max_recurse>
|
||||||
</meta>
|
</meta>
|
||||||
<accounts>
|
<accounts>
|
||||||
<rootpass hashed="no">atotallyinsecurepassword</rootpass>
|
<rootpass hashed="no">atotallyinsecurepassword</rootpass>
|
||||||
<user sudo="no">
|
<user sudo="no">
|
||||||
<username>testuser</username>
|
<username>testuser</username>
|
||||||
<name>Test User</name>
|
<name>Test User</name>
|
||||||
<password hashed="no"
|
<password hashed="no" hash_algo="sha512" salt="auto">testpassword</password>
|
||||||
hash_algo="sha512"
|
|
||||||
salt="auto">atestpassword</password>
|
|
||||||
</user>
|
</user>
|
||||||
</accounts>
|
</accounts>
|
||||||
<sources>
|
<sources>
|
||||||
<source arch="x86_64">
|
<source arch="x86_64">
|
||||||
<mirror>http://archlinux.mirror.domain.tld</mirror>
|
<mirror>http://archlinux.mirror.domain.tld</mirror>
|
||||||
<webroot>/iso/latest</webroot>
|
<webroot>/iso/latest</webroot>
|
||||||
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-x86_64.tar.gz</tarball>
|
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-x86_64.tar.gz</tarball>
|
||||||
<checksum hash="sha1">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/sha1sums.txt</checksum>
|
<checksum hash="sha1">{xpath_ref%../mirror/text()}{xpath_ref%../webroot/text()}/sha1sums.txt</checksum>
|
||||||
<sig keys="7F2D434B9741E8AC"
|
<sig keys="7F2D434B9741E8AC" keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
||||||
keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
|
||||||
</source>
|
</source>
|
||||||
<source arch="i686">
|
<source arch="i686">
|
||||||
<mirror>http://archlinux32.mirror.domain.tld</mirror>
|
<mirror>http://archlinux32.mirror.domain.tld</mirror>
|
||||||
<webroot>/iso/latest</webroot>
|
<webroot>/iso/latest</webroot>
|
||||||
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-i686.tar.gz</tarball>
|
<tarball flags="glob,latest">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/archlinux-bootstrap-*-i686.tar.gz</tarball>
|
||||||
<checksum hash="sha512">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/sha512sums.txt</checksum>
|
<checksum hash="sha512">{xpath_ref%../mirror/text()}/{xpath_ref%../webroot/text()}/sha512sums.txt</checksum>
|
||||||
<sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506"
|
<sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506" keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
||||||
keyserver="hkp://pool.sks-keyservers.net">{xpath_ref%../tarball/text()}.sig</sig>
|
|
||||||
</source>
|
</source>
|
||||||
</sources>
|
</sources>
|
||||||
<build its_full_of_stars="yes">
|
<build its_full_of_stars="yes">
|
||||||
@ -166,22 +181,42 @@
|
|||||||
<basedistro>archlinux</basedistro>
|
<basedistro>archlinux</basedistro>
|
||||||
<iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
|
<iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
|
||||||
<ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
|
<ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
|
||||||
<ssl>
|
<ssl custom="no">
|
||||||
<ca>
|
<ca>
|
||||||
<cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
|
<cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
|
||||||
<key>{xpath_ref%build/paths/ssl/text()}/ca.key</key>
|
<csr/>
|
||||||
|
<key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/ca.key</key>
|
||||||
|
<subject>
|
||||||
|
<commonName>domain.tld</commonName>
|
||||||
|
<countryName>XX</countryName>
|
||||||
|
<localityName>Some City</localityName>
|
||||||
|
<stateOrProvinceName>Some State</stateOrProvinceName>
|
||||||
|
<organization>Some Org, Inc.</organization>
|
||||||
|
<organizationalUnitName>Department Name</organizationalUnitName>
|
||||||
|
<emailAddress>{xpath_ref%../../../../../../meta/names/dev/email/text()}</emailAddress>
|
||||||
|
</subject>
|
||||||
</ca>
|
</ca>
|
||||||
<server>
|
<server>
|
||||||
<cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
|
<cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
|
||||||
<key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
|
<csr/>
|
||||||
|
<key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
|
||||||
|
<subject>
|
||||||
|
<commonName>domain.tld (client)</commonName>
|
||||||
|
<countryName>XX</countryName>
|
||||||
|
<localityName>Some City</localityName>
|
||||||
|
<stateOrProvinceName>Some State</stateOrProvinceName>
|
||||||
|
<organization>Some Org, Inc.</organization>
|
||||||
|
<organizationalUnitName>Department Name</organizationalUnitName>
|
||||||
|
<emailAddress>{xpath_ref%../../../../../../meta/names/dev/email/text()}</emailAddress>
|
||||||
|
</subject>
|
||||||
</server>
|
</server>
|
||||||
</ssl>
|
</ssl>
|
||||||
<uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
|
<uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
|
||||||
</ipxe>
|
</ipxe>
|
||||||
<gpg keyid="none" gnupghome="none" publish="no" sync="yes" />
|
<gpg keyid="none" gnupghome="none" publish="no" sync="yes"/>
|
||||||
<sync>
|
<sync>
|
||||||
<http enabled="yes" rsync="yes" />
|
<http enabled="yes" rsync="yes"/>
|
||||||
<tftp enabled="yes" rsync="yes" />
|
<tftp enabled="yes" rsync="yes"/>
|
||||||
<rsync enabled="yes">
|
<rsync enabled="yes">
|
||||||
<user>root</user>
|
<user>root</user>
|
||||||
<path>/srv/http/{xpath_ref%//meta/names/uxname/text()}</path>
|
<path>/srv/http/{xpath_ref%//meta/names/uxname/text()}</path>
|
||||||
|
53
docs/examples/regen_multi.py
Executable file
53
docs/examples/regen_multi.py
Executable file
@ -0,0 +1,53 @@
|
|||||||
|
#!/usr/bin/env python3.6
|
||||||
|
|
||||||
|
import copy
|
||||||
|
from lxml import etree
|
||||||
|
|
||||||
|
with open('single_profile.xml', 'rb') as f:
|
||||||
|
xml = etree.fromstring(f.read())
|
||||||
|
|
||||||
|
single_profile = xml.xpath('/bdisk/profile[1]')[0]
|
||||||
|
alt_profile = copy.deepcopy(single_profile)
|
||||||
|
for c in alt_profile.xpath('//comment()'):
|
||||||
|
p = c.getparent()
|
||||||
|
p.remove(c)
|
||||||
|
|
||||||
|
# Change the profile identifiers
|
||||||
|
alt_profile.attrib['name'] = 'alternate'
|
||||||
|
alt_profile.attrib['id'] = '2'
|
||||||
|
alt_profile.attrib['uuid'] = '2ed07c19-2071-4d66-8569-da40475ba716'
|
||||||
|
|
||||||
|
meta_tags = {'name': 'AnotherCD',
|
||||||
|
'uxname': 'bdisk_alt',
|
||||||
|
'pname': '{xpath_ref%../name/text()}',
|
||||||
|
'desc': 'Another rescue/restore live environment.',
|
||||||
|
'author': 'Another Dev Eloper',
|
||||||
|
'email': '{xpath_ref%//profile[@name="default"]/meta/dev/email/text()}',
|
||||||
|
'website': '{xpath_ref%//profile[@name="default"]/meta/dev/website/text()}',
|
||||||
|
'ver': '0.0.1'}
|
||||||
|
# Change the names
|
||||||
|
meta = alt_profile.xpath('/profile/meta')[0]
|
||||||
|
for e in meta.iter():
|
||||||
|
if e.tag in meta_tags:
|
||||||
|
e.text = meta_tags[e.tag]
|
||||||
|
|
||||||
|
accounts_tags = {'rootpass': 'atotallyinsecurepassword',
|
||||||
|
'username': 'testuser',
|
||||||
|
'name': 'Test User',
|
||||||
|
'passowrd': 'atestpassword'}
|
||||||
|
accounts = alt_profile.xpath('/profile/accounts')[0]
|
||||||
|
for e in accounts.iter():
|
||||||
|
if e.tag in accounts_tags:
|
||||||
|
e.text = accounts_tags[e.tag]
|
||||||
|
if e.tag == 'rootpass':
|
||||||
|
e.attrib['hashed'] = 'no'
|
||||||
|
elif e.tag == 'user':
|
||||||
|
e.attrib['sudo'] = 'no'
|
||||||
|
# Delete the second user
|
||||||
|
accounts.remove(accounts[2])
|
||||||
|
xml.append(alt_profile)
|
||||||
|
|
||||||
|
#print(etree.tostring(xml).decode('utf-8'))
|
||||||
|
with open('multi_profile.xml', 'wb') as f:
|
||||||
|
f.write(b'<?xml version="1.0" encoding="UTF-8" ?>\n' + etree.tostring(xml,
|
||||||
|
pretty_print = True))
|
@ -81,6 +81,12 @@
|
|||||||
<!-- http://ipxe.org/crypto -->
|
<!-- http://ipxe.org/crypto -->
|
||||||
<ca>
|
<ca>
|
||||||
<cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
|
<cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
|
||||||
|
<!-- If csr is self-enclosed (<csr />), we'll just generate and use a CSR in-memory.
|
||||||
|
Assuming we need to generate a certificate, anyways.
|
||||||
|
If you want to write it out to disk (for debugging, etc.) OR use one already generated,
|
||||||
|
then provide a path.
|
||||||
|
e.g.:
|
||||||
|
<csr>{xpath_ref%build/paths/ssl/text()}/ca.csr</csr> -->
|
||||||
<csr />
|
<csr />
|
||||||
<key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/ca.key</key>
|
<key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/ca.key</key>
|
||||||
<subject>
|
<subject>
|
||||||
|
Loading…
Reference in New Issue
Block a user