Skip to content

Commit

Permalink
Merge 169b357 into ed9c01b
Browse files Browse the repository at this point in the history
  • Loading branch information
@skazi0
skazi0 committed May 5, 2022
2 parents ed9c01b + 169b357 commit d9ecd83
Show file tree
Hide file tree
Showing 6 changed files with 57 additions and 11 deletions.
7 changes: 7 additions & 0 deletions package/yast2-registration.changes
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu May 5 06:04:55 UTC 2022 - Ladislav Slezák <lslezak@suse.cz>

- Fixed importing SSL certificates (bsc#1195220)
(by jacek.tomasiak@gmail.com)
- 4.5.2

-------------------------------------------------------------------
Fri Apr 22 10:32:15 UTC 2022 - Ladislav Slezák <lslezak@suse.cz>

Expand Down
2 changes: 1 addition & 1 deletion package/yast2-registration.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@


Name: yast2-registration
Version: 4.5.1
Version: 4.5.2
Release: 0
Summary: YaST2 - Registration Module
License: GPL-2.0-only
Expand Down
22 changes: 14 additions & 8 deletions src/lib/registration/ssl_certificate.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,26 +83,32 @@ def self.download(url, insecure: false)
# @see CA_CERTS_DIR
# @see TMP_CA_CERTS_DIR
def self.update_instsys_ca
# Update database
Yast::Execute.locally("trust", "extract", "--format=openssl-directory", "--filter=ca-anchors",
"--overwrite", TMP_CA_CERTS_DIR)
FileUtils.mkdir_p(TMP_CA_CERTS_DIR)
# Extract system certs in openssl and pem formats
Yast::Execute.locally("trust", "extract", "--format=openssl-directory",
"--filter=ca-anchors", "--overwrite", File.join(TMP_CA_CERTS_DIR, "openssl"))
Yast::Execute.locally("trust", "extract", "--format=pem-directory-hash",
"--filter=ca-anchors", "--overwrite", File.join(TMP_CA_CERTS_DIR, "pem"))

# Copy certificates/links
files = Dir[File.join(TMP_CA_CERTS_DIR, "*")]
return false if files.empty?
targets = ["pem", "openssl"].map { |d| File.join(CA_CERTS_DIR, d) }
new_files = targets.each_with_object([]) do |subdir, memo|
new_files = []
["pem", "openssl"].each do |subdir|
files = Dir[File.join(TMP_CA_CERTS_DIR, subdir, "*")]
next if files.empty?
subdir = File.join(CA_CERTS_DIR, subdir)
FileUtils.mkdir_p(subdir) unless Dir.exist?(subdir)
files.each do |file|
# FileUtils.cp does not seem to allow copying the links without dereferencing them.
Yast::Execute.locally("cp", "--no-dereference", "--preserve=links", file, subdir)
memo << File.join(subdir, File.basename(file))
new_files << File.join(subdir, File.basename(file))
end
end

# Cleanup
FileUtils.rm_rf(TMP_CA_CERTS_DIR)

return false if new_files.empty?

# Reload SUSEConnect internal cert pool (suseconnect-ng only)
SUSE::Connect::SSLCertificate.reload if SUSE::Connect::SSLCertificate.respond_to?(:reload)

Expand Down
0 test/fixtures/anchors/YaST_Team.pem → test/fixtures/anchors/openssl/YaST_Team.pem
View file
File renamed without changes.
23 changes: 23 additions & 0 deletions test/fixtures/anchors/pem/YaST_Team.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDvzCCAqegAwIBAgIJAJNA85YnEsdeMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV
BAYTAkVTMRMwEQYDVQQIDApMYXMgUGFsbWFzMSMwIQYDVQQHDBpMYXMgUGFsbWFz
IGRlIEdyYW4gQ2FuYXJpYTEZMBcGA1UECgwQU1VTRSBMSU5VWCwgR21iSDESMBAG
A1UECwwJWWFTVCBUZWFtMB4XDTE2MDcyOTA3NDIyNloXDTE2MDgyODA3NDIyNlow
djELMAkGA1UEBhMCRVMxEzARBgNVBAgMCkxhcyBQYWxtYXMxIzAhBgNVBAcMGkxh
cyBQYWxtYXMgZGUgR3JhbiBDYW5hcmlhMRkwFwYDVQQKDBBTVVNFIExJTlVYLCBH
bWJIMRIwEAYDVQQLDAlZYVNUIFRlYW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/1CmF0hSYw6lQhmR26fT4iW5mOueoRHkuCOqp5zFCB3b0/8kgNUQm
/BXBrrBgYML9CvRXXNFsUj7BQuEE78eJBvcLnQdpoJZOjcZa5QC/cmzRbouDvfaV
dIJGBhvG1QlExnmXf2eHArtwq3xIkjAUUuhiL2uhOsH5TV0USHrJK5mhcdHB1ZsF
USW9joptWUC1LtcSt95X2B1PUn3UnSKVeU4V16w3Z/TRGjUxBl6iXnDVMNVXCMFN
MTRMDnY1BYv++XXy9jhxXgX5wqQ99sRx3b6LSXeNAF1ek/6nuHyfj5qXhPigE7TX
2nnVGQP9ZoDzfdQSU57TwamG/LdU5L6vAgMBAAGjUDBOMB0GA1UdDgQWBBRrNGbo
10cn76hsFWokfWxEFvXWLTAfBgNVHSMEGDAWgBRrNGbo10cn76hsFWokfWxEFvXW
LTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAGIGnaWbrIWdNvxZWI
Gc/knvytBB7zwhk7zyijQMKiZY4LRqv/B4B1BSWmoYs/VBWYULLzMRcX1QttOVpr
6zP/SdxSFmRTa8ZhrHWOfxHVS1Jp9IWe9s5xmt5tr34L+i2mGd6wTwUmaWZFqICO
N6mhaOvpeMZEowdQWsoqklbXJrQ1COHm0ogpcODWDKwr2plJa29FMwecZEmfaZeX
X6yUCim0ASV9Eh7rQi6iNLFyGnqAXtRnm83Sf/xKinIjHUFXvjjRvZS1wOSElSYS
WjG2xs4u+6+lrCJ1H5ZgII8EFfxPf53e1f8zl058RVvAMA+SGYjN0fhl3KBcIJqu
62cN
-----END CERTIFICATE-----
14 changes: 12 additions & 2 deletions test/ssl_certificate_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,12 @@
stub_const("Registration::SslCertificate::CA_CERTS_DIR", ca_dir.to_s)
allow(Yast::Execute).to receive(:locally).and_call_original
allow(FileUtils).to receive(:rm_rf).and_call_original
CERT_LINKS.each { |l| FileUtils.ln_sf(tmp_ca_dir.join(CERT_NAME), tmp_ca_dir.join(l)) }
["openssl", "pem"].each do |d|
FileUtils.mkdir_p(tmp_ca_dir.join(d))
CERT_LINKS.each do |l|
FileUtils.ln_sf(tmp_ca_dir.join(d, CERT_NAME), tmp_ca_dir.join(d, l))
end
end
end

after do
Expand All @@ -66,7 +71,12 @@

it "adds new certs under anchors to system CA certificates" do
expect(Yast::Execute).to receive(:locally).with("trust", "extract",
"--format=openssl-directory", "--filter=ca-anchors", "--overwrite", tmp_ca_dir.to_s)
"--format=openssl-directory", "--filter=ca-anchors", "--overwrite",
tmp_ca_dir.join("openssl").to_s)
.and_return(true)
expect(Yast::Execute).to receive(:locally).with("trust", "extract",
"--format=pem-directory-hash", "--filter=ca-anchors", "--overwrite",
tmp_ca_dir.join("pem").to_s)
.and_return(true)
expect(FileUtils).to receive(:rm_rf).with(tmp_ca_dir.to_s)
.and_return(Dir[tmp_ca_dir.join("*")])
Expand Down

0 comments on commit d9ecd83

Please sign in to comment.