Make manual import easier for users

yast · Feb 22, 2019 · 1258acb · 1258acb
1 parent 3ab643a
commit 1258acb
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 11 deletions.
diff --git a/src/bin/install_ssl_certificates b/src/bin/install_ssl_certificates
@@ -0,0 +1,49 @@
+#! /usr/bin/env ruby
+
+# ------------------------------------------------------------------------------
+# Copyright (c) 2019 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of version 2 of the GNU General Public License as published by the
+# Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+#
+# ------------------------------------------------------------------------------
+#
+
+# This is a helper script which to import the SSL certificates into inst-sys
+# during installation. (But is should work also in installed system.)
+#
+# It is intended for user convenience, this script just call the YaST
+# functions, it not used by YaST itself.
+
+require "English"
+require "yast"
+require "registration/ssl_certificate"
+
+puts "Updating the SSL certificates..."
+
+dir = Registration::SslCertificate::INSTSYS_CERT_DIR
+
+if Dir.empty?(dir)
+  puts "ERROR: Empty #{dir} directory, put your SSL certificate there."
+  exit 1
+end
+
+# in installed system just call the update-ca-certificates script
+if ENV["YAST_IS_RUNNING"] != "instsys"
+  system("/usr/sbin/update-ca-certificates")
+  puts $CHILD_STATUS.success? ? "Done" : "Failed!"
+  exit $CHILD_STATUS.exitstatus
+end
+
+# import into the inst-sys
+if Registration::SslCertificate.update_instsys_ca
+  puts "Done"
+else
+  puts "Failed!"
+  exit 1
+end
diff --git a/src/data/registration/certificate_error.erb b/src/data/registration/certificate_error.erb
@@ -24,17 +24,16 @@ textdomain "registration"
     <li>
       <%# TRANSLATORS: %{dir} is replaced by the certificate directory %>
       <%= _("Copy the certificate in PEM format to %{dir} directory") %
-            { dir: "<tt>/etc/pki/trust/anchors</tt>" } %> 
+            { dir: "<tt>#{SslCertificate::INSTSYS_CERT_DIR}</tt>" } %> 
     </li>
 
-    <% import_commands.each do |cmd| %>
     <li>
       <%# TRANSLATORS: label followed by a command to run %>
-      <%= _("Run command:") %> <tt><%= h(cmd) %></tt>
+      <%= _("Run command:") %> <tt><%= h(import_command) %></tt>
     </li>
-    <% end %>
 
     <li>
+      <%# TRANSLATORS: suggestin to run the registration again %>
       <%= _("Run registration again") %>
     </li>
   </ul>

diff --git a/src/lib/registration/ui/failed_certificate_popup.rb b/src/lib/registration/ui/failed_certificate_popup.rb
@@ -16,6 +16,8 @@
 require "yast"
 
 require "registration/erb_renderer.rb"
+require "registration/helpers"
+require "registration/ssl_certificate"
 require "registration/ssl_certificate_details"
 require "registration/ssl_error_codes"
 require "registration/url_helpers"
@@ -68,15 +70,11 @@ def ssl_error_message
         Helpers.render_erb_template("certificate_error.erb", binding)
       end
 
-      def import_commands
-        # in the inst-sys we need to import the certificate manually,
-        # the update-ca-certificates script is missing
+      def import_command
         if Yast::Stage.initial
-          ["trust extract --format=openssl-directory --filter=ca-anchors " \
-            "--overwrite #{SslCertificate::TMP_CA_CERTS_DIR}",
-           "cp #{SslCertificate::TMP_CA_CERTS_DIR}/* #{SslCertificate::CA_CERTS_DIR}/openssl"]
+          File.join(Yast::Directory.bindir, "install_ssl_certificates")
         else
-          ["update-ca-certificates"]
+          "update-ca-certificates"
         end
       end
     end