From 1dd103bc8c445a1fe4f5ab59a1e6a343a8984305 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 8 Oct 2012 07:54:47 -0400 Subject: Create Firefox extension on upgrade and replica-install If the signing cert is not available, create an unsigned extension. Add a zip dependency to the specfile. https://fedorahosted.org/freeipa/ticket/3150 --- freeipa.spec.in | 4 +++ install/tools/ipa-replica-install | 2 ++ install/tools/ipa-upgradeconfig | 12 ++++++++ ipapython/ipautil.py | 17 ++++++++--- ipaserver/install/httpinstance.py | 63 ++++++++++++++++++++++++++------------- 5 files changed, 74 insertions(+), 24 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index cc27ffe43..318638c20 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -173,6 +173,7 @@ Requires(postun): python initscripts chkconfig %endif Requires: python-dns Requires: keyutils +Requires: zip # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions @@ -786,6 +787,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Wed Oct 10 2012 Petr Viktorin - 2.99.0-49 +- Add zip dependency, needed for creating unsigned Firefox extensions + * Mon Oct 8 2012 Martin Kosek - 2.99.0-48 - Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 8f55d7578..92e5f8659 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -217,6 +217,8 @@ def install_http(config, auto_redirect): print "error copying files: " + str(e) sys.exit(1) + http.setup_firefox_extension(config.realm_name, config.domain_name) + return http def install_bind(config, options): diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 97bbd66a9..3ba6b5c06 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -283,6 +283,17 @@ def cleanup_kdc(fstore): fstore.untrack_file(filename) root_logger.debug('Uninstalling %s', filename) + +def setup_firefox_extension(fstore): + """Set up the Firefox configuration extension, if it's not set up yet + """ + root_logger.info('[Setting up Firefox extension]') + http = httpinstance.HTTPInstance(fstore) + realm = api.env.realm + domain = api.env.domain + http.setup_firefox_extension(realm, domain) + + def upgrade_ipa_profile(ca): """ Update the IPA Profile provided by dogtag @@ -624,6 +635,7 @@ def main(): pass cleanup_kdc(fstore) + setup_firefox_extension(fstore) changed_psearch = named_enable_psearch() changed_autoincrement = named_enable_serial_autoincrement() if changed_psearch or changed_autoincrement: diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 11433b4be..0b519c295 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -223,8 +223,17 @@ def template_str(txt, vars): return val def template_file(infilename, vars): - txt = open(infilename).read() - return template_str(txt, vars) + """Read a file and perform template substitutions""" + with open(infilename) as f: + return template_str(f.read(), vars) + + +def copy_template_file(infilename, outfilename, vars): + """Copy a file, performing template substitutions""" + txt = template_file(infilename, vars) + with open(outfilename, 'w') as file: + file.write(txt) + def write_tmp_file(txt): fd = tempfile.NamedTemporaryFile() @@ -237,7 +246,7 @@ def shell_quote(string): return "'" + string.replace("'", "'\\''") + "'" def run(args, stdin=None, raiseonerr=True, - nolog=(), env=None, capture_output=True): + nolog=(), env=None, capture_output=True, cwd=None): """ Execute a command and return stdin, stdout and the process return code. @@ -285,7 +294,7 @@ def run(args, stdin=None, raiseonerr=True, try: p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err, - close_fds=True, env=env) + close_fds=True, env=env, cwd=cwd) stdout,stderr = p.communicate(stdin) stdout,stderr = str(stdout), str(stderr) # Make pylint happy except KeyboardInterrupt: diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index afadde40b..29077367d 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -286,27 +286,18 @@ class HTTPInstance(service.Service): def __setup_autoconfig(self): target_fname = '/usr/share/ipa/html/preferences.html' - prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) - prefs_fd = open(target_fname, "w") - prefs_fd.write(prefs_txt) - prefs_fd.close() - os.chmod(target_fname, 0644) - - target_fname = '/usr/share/ipa/html/krb.js' - prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "krb.js.template", self.sub_dict) - prefs_fd = open(target_fname, "w") - prefs_fd.write(prefs_txt) - prefs_fd.close() + ipautil.copy_template_file( + ipautil.SHARE_DIR + "preferences.html.template", + target_fname, self.sub_dict) os.chmod(target_fname, 0644) # The signing cert is generated in __setup_ssl db = certs.CertDB(self.realm, subject_base=self.subject_base) - pwdfile = open(db.passwd_fname) - pwd = pwdfile.read() - pwdfile.close() + with open(db.passwd_fname) as pwdfile: + pwd = pwdfile.read() # Setup configure.jar - tmpdir = tempfile.mkdtemp(prefix = "tmp-") + tmpdir = tempfile.mkdtemp(prefix="tmp-") target_fname = '/usr/share/ipa/html/configure.jar' shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir) db.run_signtool(["-k", "Signing-Cert", @@ -316,15 +307,47 @@ class HTTPInstance(service.Service): shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) + self.setup_firefox_extension(self.realm, self.domain, force=True) + + def setup_firefox_extension(self, realm, domain, force=False): + """Set up the signed browser configuration extension + + If the extension is already set up, skip the installation unless + ``force`` is true. + """ + + target_fname = '/usr/share/ipa/html/krb.js' + if os.path.exists(target_fname) and not force: + root_logger.info( + '%s exists, skipping install of Firefox extension', + target_fname) + return + + sub_dict = dict(REALM=realm, DOMAIN=domain) + db = certs.CertDB(realm) + with open(db.passwd_fname) as pwdfile: + pwd = pwdfile.read() + + ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template", + target_fname, sub_dict) + os.chmod(target_fname, 0644) + # Setup extension - tmpdir = tempfile.mkdtemp(prefix = "tmp-") + tmpdir = tempfile.mkdtemp(prefix="tmp-") extdir = tmpdir + "/ext" target_fname = "/usr/share/ipa/html/kerberosauth.xpi" shutil.copytree("/usr/share/ipa/ffextension", extdir) - db.run_signtool(["-k", "Signing-Cert", - "-p", pwd, - "-X", "-Z", target_fname, - extdir]) + if db.has_nickname('Signing-Cert'): + db.run_signtool(["-k", "Signing-Cert", + "-p", pwd, + "-X", "-Z", target_fname, + extdir]) + else: + root_logger.warning('Object-signing certificate was not found. ' + 'Creating unsigned Firefox configuration extension.') + filenames = os.listdir(extdir) + ipautil.run(['/usr/bin/zip', '-r', target_fname] + filenames, + cwd=extdir) shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) -- cgit