[release/6.x] Cherry pick: Recovery script change (#7306) (#7323)

Co-authored-by: Eddy Ashton <edashton@microsoft.com>
Co-authored-by: Amaury Chamayou <amchamay@microsoft.com>

Author: 3 people

CHANGELOG.md

@@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Node will now retry when fetching snapshots. This is controlled with `command.join.fetch_snapshot_max_attempts` and `command.join.fetch_snapshot_retry_interval`. (#7317)
 - Remove pyopenssl (#7297)
 
+### Changed
+
+- The `submit_recovery_share.sh` script will no longer try to create a virtual environment and install the CCF Python package on every call. Instead it will return an error if the package is not installed (specifically if the `ccf_cose_sign1` tool it relies on cannot be found) (#7306)
+
 [6.0.14]: https://github.com/microsoft/CCF/releases/tag/ccf-6.0.14
 
 ### Added

python/utils/submit_recovery_share.sh

@@ -66,12 +66,10 @@ if [ -z "${member_id_cert}" ]; then
     exit 1
 fi
 
-if [ ! -f "env/bin/activate" ]
-    then
-        python3 -m venv env
+if ! command -v ccf_cose_sign1 > /dev/null; then
+    echo "Error: This script requires the ccf_cose_sign1 CLI tool, distributed as part of the CCF Python package. Please install it via 'pip install ccf' in the current Python environment"
+    exit 1
 fi
-source env/bin/activate
-pip install -q ccf
 
 # Compute member ID, as the SHA-256 fingerprint of the signing certificate
 member_id=$(openssl x509 -in "$member_id_cert" -noout -fingerprint -sha256 | cut -d "=" -f 2 | sed 's/://g' | awk '{print tolower($0)}')