Make manual import easier for users

yast · Feb 22, 2019 · b789031 · b789031
1 parent 3ab643a
commit b789031
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 19 deletions.
diff --git a/package/yast2-registration.spec b/package/yast2-registration.spec
@@ -84,6 +84,7 @@ source (mirror) automatically.
 
 %files
 %defattr(-,root,root)
+%{yast_ybindir}/*
 %{yast_desktopdir}/*.desktop
 %{yast_clientdir}/*.rb
 %{yast_ydatadir}/registration

diff --git a/src/bin/install_ssl_certificates b/src/bin/install_ssl_certificates
@@ -0,0 +1,48 @@
+#! /usr/bin/env ruby
+
+# ------------------------------------------------------------------------------
+# Copyright (c) 2019 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of version 2 of the GNU General Public License as published by the
+# Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+#
+# ------------------------------------------------------------------------------
+#
+
+# This is a helper script which to import the SSL certificates into inst-sys
+# during installation. (But is should work also in installed system.)
+#
+# It is intended for user convenience, this script just call the YaST
+# functions, it not used by YaST itself.
+
+require "English"
+require "yast"
+require "registration/ssl_certificate"
+
+dir = Registration::SslCertificate::INSTSYS_CERT_DIR
+if Dir.empty?(dir)
+  puts "ERROR: Empty #{dir} directory, put your SSL certificate there."
+  exit 1
+end
+
+# in installed system just call the update-ca-certificates script
+if ENV["YAST_IS_RUNNING"] != "instsys"
+  puts "Updating the installed SSL certificates..."
+  system("/usr/sbin/update-ca-certificates")
+  puts $CHILD_STATUS.success? ? "Done" : "Failed!"
+  exit $CHILD_STATUS.exitstatus
+end
+
+# import into the inst-sys
+puts "Updating the inst-sys SSL certificates..."
+if Registration::SslCertificate.update_instsys_ca
+  puts "Done"
+else
+  puts "Failed!"
+  exit 1
+end
diff --git a/src/data/registration/certificate_error.erb b/src/data/registration/certificate_error.erb
@@ -24,17 +24,16 @@ textdomain "registration"
     <li>
       <%# TRANSLATORS: %{dir} is replaced by the certificate directory %>
       <%= _("Copy the certificate in PEM format to %{dir} directory") %
-            { dir: "<tt>/etc/pki/trust/anchors</tt>" } %> 
+            { dir: "<tt>#{SslCertificate::INSTSYS_CERT_DIR}</tt>" } %> 
     </li>
 
-    <% import_commands.each do |cmd| %>
     <li>
-      <%# TRANSLATORS: label followed by a command to run %>
-      <%= _("Run command:") %> <tt><%= h(cmd) %></tt>
+      <%# TRANSLATORS: suggestion for user, followed by a command to run %>
+      <%= _("Run command:") %> <tt><%= h(import_command) %></tt>
     </li>
-    <% end %>
 
     <li>
+      <%# TRANSLATORS: suggestion to run the registration again %>
       <%= _("Run registration again") %>
     </li>
   </ul>

diff --git a/src/lib/registration/ssl_certificate_details.rb b/src/lib/registration/ssl_certificate_details.rb
@@ -16,7 +16,6 @@ class SslCertificateDetails
     INDENT = " " * 3
 
     def initialize(certificate)
-      Yast.import "Stage"
       textdomain "registration"
       @certificate = certificate
     end
@@ -45,10 +44,6 @@ def summary(small_space: false)
         INDENT + sha256
       end
 
-      if error_code == SslErrorCodes::NO_LOCAL_ISSUER_CERTIFICATE
-        summary += "\n\n" + import_hint
-      end
-
       summary
     end
 
@@ -58,7 +53,7 @@ def richtext_summary
 
   private
 
-    attr_reader :certificate, :error_code
+    attr_reader :certificate
 
     def identity_details(cn, o, ou)
       # label followed by the SSL certificate identification

diff --git a/src/lib/registration/ui/failed_certificate_popup.rb b/src/lib/registration/ui/failed_certificate_popup.rb
@@ -15,7 +15,8 @@
 require "erb"
 require "yast"
 
-require "registration/erb_renderer.rb"
+require "registration/helpers"
+require "registration/ssl_certificate"
 require "registration/ssl_certificate_details"
 require "registration/ssl_error_codes"
 require "registration/url_helpers"
@@ -31,6 +32,7 @@ class FailedCertificatePopup
 
       Yast.import "Report"
       Yast.import "Stage"
+      Yast.import "Directory"
 
       # create a new dialog for importing a SSL certificate and run it
       # @param cert [Registration::SslCertitificate] certificate to display
@@ -68,15 +70,11 @@ def ssl_error_message
         Helpers.render_erb_template("certificate_error.erb", binding)
       end
 
-      def import_commands
-        # in the inst-sys we need to import the certificate manually,
-        # the update-ca-certificates script is missing
+      def import_command
         if Yast::Stage.initial
-          ["trust extract --format=openssl-directory --filter=ca-anchors " \
-            "--overwrite #{SslCertificate::TMP_CA_CERTS_DIR}",
-           "cp #{SslCertificate::TMP_CA_CERTS_DIR}/* #{SslCertificate::CA_CERTS_DIR}/openssl"]
+          File.join(Yast::Directory.bindir, "install_ssl_certificates")
         else
-          ["update-ca-certificates"]
+          "update-ca-certificates"
         end
       end
     end