diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-10-08 07:54:47 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-10-10 17:34:19 +0200 |
commit | 1dd103bc8c445a1fe4f5ab59a1e6a343a8984305 (patch) | |
tree | bc397d9f1214478e921139eba16f50777af5caf3 | |
parent | 7c0f1ea5018dd692666e8c758e81f9495d14b760 (diff) | |
download | freeipa.git-1dd103bc8c445a1fe4f5ab59a1e6a343a8984305.tar.gz freeipa.git-1dd103bc8c445a1fe4f5ab59a1e6a343a8984305.tar.xz freeipa.git-1dd103bc8c445a1fe4f5ab59a1e6a343a8984305.zip |
Create Firefox extension on upgrade and replica-install
If the signing cert is not available, create an unsigned extension.
Add a zip dependency to the specfile.
https://fedorahosted.org/freeipa/ticket/3150
-rw-r--r-- | freeipa.spec.in | 4 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 12 | ||||
-rw-r--r-- | ipapython/ipautil.py | 17 | ||||
-rw-r--r-- | ipaserver/install/httpinstance.py | 63 |
5 files changed, 74 insertions, 24 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index cc27ffe4..318638c2 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -173,6 +173,7 @@ Requires(postun): python initscripts chkconfig %endif Requires: python-dns Requires: keyutils +Requires: zip # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions @@ -786,6 +787,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Wed Oct 10 2012 Petr Viktorin <pviktori@redhat.com> - 2.99.0-49 +- Add zip dependency, needed for creating unsigned Firefox extensions + * Mon Oct 8 2012 Martin Kosek <mkosek@redhat.com> - 2.99.0-48 - Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 8f55d757..92e5f865 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -217,6 +217,8 @@ def install_http(config, auto_redirect): print "error copying files: " + str(e) sys.exit(1) + http.setup_firefox_extension(config.realm_name, config.domain_name) + return http def install_bind(config, options): diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 97bbd66a..3ba6b5c0 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -283,6 +283,17 @@ def cleanup_kdc(fstore): fstore.untrack_file(filename) root_logger.debug('Uninstalling %s', filename) + +def setup_firefox_extension(fstore): + """Set up the Firefox configuration extension, if it's not set up yet + """ + root_logger.info('[Setting up Firefox extension]') + http = httpinstance.HTTPInstance(fstore) + realm = api.env.realm + domain = api.env.domain + http.setup_firefox_extension(realm, domain) + + def upgrade_ipa_profile(ca): """ Update the IPA Profile provided by dogtag @@ -624,6 +635,7 @@ def main(): pass cleanup_kdc(fstore) + setup_firefox_extension(fstore) changed_psearch = named_enable_psearch() changed_autoincrement = named_enable_serial_autoincrement() if changed_psearch or changed_autoincrement: diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 11433b4b..0b519c29 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -223,8 +223,17 @@ def template_str(txt, vars): return val def template_file(infilename, vars): - txt = open(infilename).read() - return template_str(txt, vars) + """Read a file and perform template substitutions""" + with open(infilename) as f: + return template_str(f.read(), vars) + + +def copy_template_file(infilename, outfilename, vars): + """Copy a file, performing template substitutions""" + txt = template_file(infilename, vars) + with open(outfilename, 'w') as file: + file.write(txt) + def write_tmp_file(txt): fd = tempfile.NamedTemporaryFile() @@ -237,7 +246,7 @@ def shell_quote(string): return "'" + string.replace("'", "'\\''") + "'" def run(args, stdin=None, raiseonerr=True, - nolog=(), env=None, capture_output=True): + nolog=(), env=None, capture_output=True, cwd=None): """ Execute a command and return stdin, stdout and the process return code. @@ -285,7 +294,7 @@ def run(args, stdin=None, raiseonerr=True, try: p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err, - close_fds=True, env=env) + close_fds=True, env=env, cwd=cwd) stdout,stderr = p.communicate(stdin) stdout,stderr = str(stdout), str(stderr) # Make pylint happy except KeyboardInterrupt: diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index afadde40..29077367 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -286,27 +286,18 @@ class HTTPInstance(service.Service): def __setup_autoconfig(self): target_fname = '/usr/share/ipa/html/preferences.html' - prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) - prefs_fd = open(target_fname, "w") - prefs_fd.write(prefs_txt) - prefs_fd.close() - os.chmod(target_fname, 0644) - - target_fname = '/usr/share/ipa/html/krb.js' - prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "krb.js.template", self.sub_dict) - prefs_fd = open(target_fname, "w") - prefs_fd.write(prefs_txt) - prefs_fd.close() + ipautil.copy_template_file( + ipautil.SHARE_DIR + "preferences.html.template", + target_fname, self.sub_dict) os.chmod(target_fname, 0644) # The signing cert is generated in __setup_ssl db = certs.CertDB(self.realm, subject_base=self.subject_base) - pwdfile = open(db.passwd_fname) - pwd = pwdfile.read() - pwdfile.close() + with open(db.passwd_fname) as pwdfile: + pwd = pwdfile.read() # Setup configure.jar - tmpdir = tempfile.mkdtemp(prefix = "tmp-") + tmpdir = tempfile.mkdtemp(prefix="tmp-") target_fname = '/usr/share/ipa/html/configure.jar' shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir) db.run_signtool(["-k", "Signing-Cert", @@ -316,15 +307,47 @@ class HTTPInstance(service.Service): shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) + self.setup_firefox_extension(self.realm, self.domain, force=True) + + def setup_firefox_extension(self, realm, domain, force=False): + """Set up the signed browser configuration extension + + If the extension is already set up, skip the installation unless + ``force`` is true. + """ + + target_fname = '/usr/share/ipa/html/krb.js' + if os.path.exists(target_fname) and not force: + root_logger.info( + '%s exists, skipping install of Firefox extension', + target_fname) + return + + sub_dict = dict(REALM=realm, DOMAIN=domain) + db = certs.CertDB(realm) + with open(db.passwd_fname) as pwdfile: + pwd = pwdfile.read() + + ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template", + target_fname, sub_dict) + os.chmod(target_fname, 0644) + # Setup extension - tmpdir = tempfile.mkdtemp(prefix = "tmp-") + tmpdir = tempfile.mkdtemp(prefix="tmp-") extdir = tmpdir + "/ext" target_fname = "/usr/share/ipa/html/kerberosauth.xpi" shutil.copytree("/usr/share/ipa/ffextension", extdir) - db.run_signtool(["-k", "Signing-Cert", - "-p", pwd, - "-X", "-Z", target_fname, - extdir]) + if db.has_nickname('Signing-Cert'): + db.run_signtool(["-k", "Signing-Cert", + "-p", pwd, + "-X", "-Z", target_fname, + extdir]) + else: + root_logger.warning('Object-signing certificate was not found. ' + 'Creating unsigned Firefox configuration extension.') + filenames = os.listdir(extdir) + ipautil.run(['/usr/bin/zip', '-r', target_fname] + filenames, + cwd=extdir) shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) |