So I have some news.
I finally managed to decrypt the key without a password; it's not particularly secure, but it's a demo. So I modified my PHP code to include the line
sudo -u wapt /opt/wapt/bin/python /opt/wapt/testarg.py 0019ECDE-E109-DE11-AEAF-0025111B87F7add remove
(command I created to automate everything)
The problem is, the command returns nothing and doesn't work, so I took the initiative and discovered that for some reason, no matter what rights I grant it, nginx cannot do sudo.
The solution I used was to modify the user in php-fpm using wapt.
If I run the `whoami` command on the PHP script, it returns `wapt`, so I'm using the correct user. I also modified my command by..
/opt/wapt/bin/python /opt/wapt/testarg.py 0019ECDE-E109-DE11-AEAF-0025111B87F7add remove
since sudo is supposed to be unnecessary.
And surprisingly, it still doesn't work.
So I modified the /etc/passwd file to allow the connection with the wapt user so that I could connect and test the command directly on the console.
And surprisingly, it works!
So I assumed that something in Python was blocking PHP.
So I added print statements to each line of my code:
Code: Select all
from waptpackage import PackageEntry,WaptLocalRepo
from waptcrypto import SSLCABundle,SSLPrivateKey,SSLCertificate
import sys
arg=""
#Configuration
certpub="/opt/wapt/wapt.crt"
privatekey="/opt/wapt/wapt.pem"
if len(sys.argv)>2:
for i in sys.argv:
if not i==sys.argv[0]:
arg=arg+i+" "
arg=arg.split("add")
print("1")
option=arg[1].split("remove")
print("2")
uuid_machine=arg[0]
print("3")
adddepend=option[0].split(" ")
print("4")
removedepend=option[1].split(" ")
print("5")
adddepend.remove("")
print("6")
removedepend.remove("")
print("7")
adddepend.remove("")
print("8")
removedepend.remove("")
print("9")
ca_bundle = SSLCABundle()
print("10")
signers_bundle = SSLCABundle()
print("11")
signers_bundle.add_certificates_from_pem(pem_filename=certpub)
print("12")
key = SSLPrivateKey(privatekey)
print("13")
pe = PackageEntry(waptfile = "/var/www/html/wapt-host/%s.wapt" % uuid_machine)
print("14")
depends = pe.depends.split(',')
print("15")
if len(adddepend)>0:
print("16")
for dep in adddepend:
if not dep in depends:
depends.append(dep)
if not len(removedepend)<=0:
print("17")
for dep in removedepend:
if dep in depends:
depends.remove(dep)
print("18")
pe.depends = ','.join(depends)
print("19")
pe.inc_build()
print("20")
pe.sign_package(private_key=key,certificate = signers_bundle.certificates())
print("21")
print("Modification reussite")
else:
print("Erreur pas assez d arguments ont ete saisis")
/opt/wapt/bin/python /opt/wapt/testarg.py 0019ECDE-E109-DE11-AEAF-0025111B87F7add remove1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20
Which means it's stuck here:
Code: Select all
pe.sign_package(private_key=key,certificate = signers_bundle.certificates())System: CentOS 7
Wapt version: 1.7.4
PHP version: 7.2.19
