måndag 7 februari 2011

Python virtualenv

Virtualenv http://pypi.python.org/pypi/virtualenv is very useful.  It creates a new file environment into which you can install python software without screwing up your already installed system python.

To create a virtual environment, if you already have  virtualenv installed, do

  • python -m virtualenv myEnv

otherwise,
  • download virtualenv-1.5.1.tar.gz
  • unpack it: tar xfz virtualenv-*-gz
  • create the environment:  python virtualenv-1.5.1/virtualenv.py myEnv
  • once the environment (myEnv) has been created,  you can remove the virtualenv-1.5.1 directory.
Example:
curl -s http://pypi.python.org/packages/source/v/virtualenv/virtualenv-1.5.1.tar.gz | tar zxvf -
python virtualenv-1.5.1/virtualenv.py myEnv

Now you can use myEnv/bin/python or myEnv/bin/pip to install packages

(pip can download and install python packages very neatly).


tisdag 1 februari 2011

wget and ssl certificates

wget and ssl certificates


To use certificates with wget, first get the root cerificate for the site.

1. Just have one certificate


You can either go to the site with Firefox, click on the little lock in
the status bar, in the Security tab click View certificate, click on Details,
click on the topmost certificate in the “Certificate Hierarchy”, click on
“Export…” and save as “.pem”.

Now you can use ssl with wget like this:

wget --ca-certificate={the_cert_file}  https://www.google.com

2. A directory full of certificates


Or you can have an entire directory full of certificates that wget
can choose from. Useful if you want to use all the certificates
from the KeyChain.app.

If you export all the certificates from KeyChain.app in one go
(you can select multiple and export all at once), then you must
split up the file into individual files for each certificate, and
name the certificates by their hash and a “.0” at the end.

If the certificates from KeyChain.app are saved into the file
Certificates.pem, then this splits these commands splits the
files and renames them.

mkdir certdir
cd certdir

n=0 ; cat ../Certificates.pem | while read x; do if [ "$x" == "-----BEGIN CERTIFICATE-----" ]; then n=$((n+1)); fi; echo >>cert-$n.pem $x ; done

for f in cert-*; do n=$(openssl x509 -hash -in $f -noout); mv $f $n.0; done

cd ..

Now you can use ssl with wget like this:

wget --ca-directory=certdir  https://www.google.com
If you want to, you can put the certdir in your ~/.wgetrc file so you
won't have to specify it all the time.  Just put the line

ca_directory = {full path to certdir}
and you're done.

Actually, you also need some way to handle revocation of certificates.
But that's for another day.