diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-10-08 07:54:47 -0400 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2012-10-17 10:52:07 +0200 |
commit | 41ff6aa37ac0757639d5f8648d1981df50e22b54 (patch) | |
tree | f44a03d7606e29a7688ac17a9efa6284041cc047 | |
parent | 8f59974f95c4f25ce0a3205d4f72fd61a3911ccb (diff) | |
download | freeipa.git-41ff6aa37ac0757639d5f8648d1981df50e22b54.tar.gz freeipa.git-41ff6aa37ac0757639d5f8648d1981df50e22b54.tar.xz freeipa.git-41ff6aa37ac0757639d5f8648d1981df50e22b54.zip |
Create Firefox extension on upgrade and replica-install
If the signing cert is not available, create an unsigned extension.
Add a zip dependency to the specfile.
https://fedorahosted.org/freeipa/ticket/3150
-rw-r--r-- | freeipa.spec.in | 4 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 15 | ||||
-rw-r--r-- | ipapython/ipautil.py | 17 | ||||
-rw-r--r-- | ipaserver/install/httpinstance.py | 63 |
5 files changed, 76 insertions, 25 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index cede5a0b..38eeffd5 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -150,6 +150,7 @@ Requires(postun): python systemd-units Requires(preun): python initscripts chkconfig Requires(postun): python initscripts chkconfig %endif +Requires: zip # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions @@ -691,6 +692,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Wed Oct 10 2012 Petr Viktorin <pviktori@redhat.com> - 2.2.0-22 +- Add zip dependency, needed for creating unsigned Firefox extensions + * Tue Apr 10 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-21 - Set min for selinux-policy to 3.10.0-110 on F-17 to pick up certmonger policy for restarting services. diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 081413e1..9cdf39ca 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -206,6 +206,8 @@ def install_http(config, auto_redirect): print "error copying files: " + str(e) sys.exit(1) + http.setup_firefox_extension(config.realm_name, config.domain_name) + return http def install_bind(config, options): diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index a2a30249..74b35f6c 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -39,6 +39,7 @@ try: import os import shutil import fileinput + from ipalib import api import ipalib.errors except ImportError: print >> sys.stderr, """\ @@ -208,7 +209,7 @@ def update_dbmodules(realm, filename="/etc/krb5.conf"): newfile.append('#%s' % line) prefix = '' continue - + newfile.append('%s%s' % (prefix, line)) # Append updated dbmodules information @@ -232,6 +233,14 @@ def cleanup_kdc(fstore): if fstore.has_file(filename): fstore.untrack_file(filename) +def setup_firefox_extension(fstore): + """Set up the Firefox configuration extension, if it's not set up yet + """ + http = httpinstance.HTTPInstance(fstore) + realm = api.env.realm + domain = api.env.domain + http.setup_firefox_extension(realm, domain) + def upgrade_ipa_profile(realm): """ Update the IPA Profile provided by dogtag @@ -274,6 +283,9 @@ def main(): # Ok, we are an IPA server, do the additional tests + api.bootstrap(context='restart') + api.finalize() + check_certs() sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } @@ -304,6 +316,7 @@ def main(): cleanup_kdc(fstore) upgrade_ipa_profile(krbctx.default_realm) + setup_firefox_extension(fstore) try: if __name__ == "__main__": diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 69c32893..a14e03fe 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -211,8 +211,17 @@ def template_str(txt, vars): return val def template_file(infilename, vars): - txt = open(infilename).read() - return template_str(txt, vars) + """Read a file and perform template substitutions""" + with open(infilename) as f: + return template_str(f.read(), vars) + + +def copy_template_file(infilename, outfilename, vars): + """Copy a file, performing template substitutions""" + txt = template_file(infilename, vars) + with open(outfilename, 'w') as file: + file.write(txt) + def write_tmp_file(txt): fd = tempfile.NamedTemporaryFile() @@ -225,7 +234,7 @@ def shell_quote(string): return "'" + string.replace("'", "'\\''") + "'" def run(args, stdin=None, raiseonerr=True, - nolog=(), env=None, capture_output=True): + nolog=(), env=None, capture_output=True, cwd=None): """ Execute a command and return stdin, stdout and the process return code. @@ -273,7 +282,7 @@ def run(args, stdin=None, raiseonerr=True, try: p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err, - close_fds=True, env=env) + close_fds=True, env=env, cwd=cwd) stdout,stderr = p.communicate(stdin) stdout,stderr = str(stdout), str(stderr) # Make pylint happy except KeyboardInterrupt: diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 1559229d..188edd2a 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -247,27 +247,18 @@ class HTTPInstance(service.Service): def __setup_autoconfig(self): target_fname = '/usr/share/ipa/html/preferences.html' - prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) - prefs_fd = open(target_fname, "w") - prefs_fd.write(prefs_txt) - prefs_fd.close() - os.chmod(target_fname, 0644) - - target_fname = '/usr/share/ipa/html/krb.js' - prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "krb.js.template", self.sub_dict) - prefs_fd = open(target_fname, "w") - prefs_fd.write(prefs_txt) - prefs_fd.close() + ipautil.copy_template_file( + ipautil.SHARE_DIR + "preferences.html.template", + target_fname, self.sub_dict) os.chmod(target_fname, 0644) # The signing cert is generated in __setup_ssl db = certs.CertDB(self.realm, subject_base=self.subject_base) - pwdfile = open(db.passwd_fname) - pwd = pwdfile.read() - pwdfile.close() + with open(db.passwd_fname) as pwdfile: + pwd = pwdfile.read() # Setup configure.jar - tmpdir = tempfile.mkdtemp(prefix = "tmp-") + tmpdir = tempfile.mkdtemp(prefix="tmp-") target_fname = '/usr/share/ipa/html/configure.jar' shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir) db.run_signtool(["-k", "Signing-Cert", @@ -277,15 +268,47 @@ class HTTPInstance(service.Service): shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) + self.setup_firefox_extension(self.realm, self.domain, force=True) + + def setup_firefox_extension(self, realm, domain, force=False): + """Set up the signed browser configuration extension + + If the extension is already set up, skip the installation unless + ``force`` is true. + """ + + target_fname = '/usr/share/ipa/html/krb.js' + if os.path.exists(target_fname) and not force: + root_logger.info( + '%s exists, skipping install of Firefox extension', + target_fname) + return + + sub_dict = dict(REALM=realm, DOMAIN=domain) + db = certs.CertDB(realm) + with open(db.passwd_fname) as pwdfile: + pwd = pwdfile.read() + + ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template", + target_fname, sub_dict) + os.chmod(target_fname, 0644) + # Setup extension - tmpdir = tempfile.mkdtemp(prefix = "tmp-") + tmpdir = tempfile.mkdtemp(prefix="tmp-") extdir = tmpdir + "/ext" target_fname = "/usr/share/ipa/html/kerberosauth.xpi" shutil.copytree("/usr/share/ipa/ffextension", extdir) - db.run_signtool(["-k", "Signing-Cert", - "-p", pwd, - "-X", "-Z", target_fname, - extdir]) + if db.has_nickname('Signing-Cert'): + db.run_signtool(["-k", "Signing-Cert", + "-p", pwd, + "-X", "-Z", target_fname, + extdir]) + else: + root_logger.warning('Object-signing certificate was not found. ' + 'Creating unsigned Firefox configuration extension.') + filenames = os.listdir(extdir) + ipautil.run(['/usr/bin/zip', '-r', target_fname] + filenames, + cwd=extdir) shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) |