Skip to content

Commit

Permalink
"reg_ssl_verify=0" boot parameter disables SSL checks (part of bnc#87…
Browse files Browse the repository at this point in the history
…4745)
  • Loading branch information
lslezak committed Apr 29, 2014
1 parent e073e5e commit e443a64
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 3 deletions.
18 changes: 18 additions & 0 deletions src/lib/registration/helpers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -209,5 +209,23 @@ def self.slp_discovery_feedback
end
end

# check if insecure registration is requested
# (the "reg_ssl_verify=0" boot commandline option is used)
def self.insecure_registration
# check the boot parameter only at installation/update
return false unless Yast::Mode.installation || Yast::Mode.update

parameters = Yast::Linuxrc.InstallInf("Cmdline")
return false unless parameters

reg_ssl_verify_param = parameters.split.grep(/\Areg_ssl_verify=/i).last
return false unless reg_ssl_verify_param

reg_ssl_verify = reg_ssl_verify_param.split('=', 2).last
log.info "Boot reg_ssl_verify option: #{reg_ssl_verify.inspect}"

reg_ssl_verify == "0"
end

end
end
5 changes: 5 additions & 0 deletions src/lib/registration/registration.rb
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,11 @@ def connect_params(params)
default_params[:url] = @url
end

if Helpers.insecure_registration
log.warn "SSL certificate check disabled via reg_ssl boot parameter"
default_params[:insecure] = true
end

default_params.merge(params)
end
end
Expand Down
48 changes: 48 additions & 0 deletions test/helpers_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -157,4 +157,52 @@
expect(Registration::Helpers.base_version("12-1")).to eq("12")
end
end

describe ".insecure_registration" do
let(:yast_mode) { double("Yast::Mode") }
let(:yast_linuxrc) { double("Yast::Linuxrc") }

before do
stub_const("Yast::Mode", yast_mode)
stub_const("Yast::Linuxrc", yast_linuxrc)
end

context "outside installation/update" do
before do
allow(yast_mode).to receive(:installation).and_return(false)
allow(yast_mode).to receive(:update).and_return(false)
end

it "returns false and does not check boot parameters" do
expect(yast_linuxrc).to receive(:InstallInf).never
expect(Registration::Helpers.insecure_registration).to eq(false)
end
end

context "at installation" do
before do
allow(yast_mode).to receive(:installation).and_return(true)
allow(yast_mode).to receive(:update).and_return(false)
end

it "returns false when reg_ssl_verify option is not used at boot commandline" do
expect(yast_linuxrc).to receive(:InstallInf).with("Cmdline").
and_return("splash=silent vga=0x314")
expect(Registration::Helpers.insecure_registration).to eq(false)
end

it "returns false when reg_ssl_verify=1 boot option is used" do
expect(yast_linuxrc).to receive(:InstallInf).with("Cmdline").
and_return("splash=silent reg_ssl_verify=1 vga=0x314")
expect(Registration::Helpers.insecure_registration).to eq(false)
end

it "returns true when reg_ssl_verify=0 boot option is used" do
expect(yast_linuxrc).to receive(:InstallInf).with("Cmdline").
and_return("splash=silent reg_ssl_verify=0 vga=0x314")
expect(Registration::Helpers.insecure_registration).to eq(true)
end
end
end

end
9 changes: 6 additions & 3 deletions test/registration_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
reg_code = "reg_code"

expect(Registration::SwMgmt).to receive(:zypp_config_writable!)
expect(Registration::Helpers).to receive(:insecure_registration).and_return(false)
SUSE::Connect::Credentials.any_instance.should_receive(:write)
expect(SUSE::Connect::YaST).to(receive(:announce_system)
.with(hash_including(:token => reg_code))
Expand All @@ -30,7 +31,7 @@
Registration::Registration.new.register("email", reg_code, "sles-12-x86_64")
end
end

describe ".register_products" do
it "registers the selected product and returns added zypp services" do
product = {
Expand All @@ -39,7 +40,7 @@
"version" => "12",
"release_type" => "DVD"
}

source = SUSE::Connect::Source.new("service", "https://example.com")
service = SUSE::Connect::Service.new([source], [], [])

Expand All @@ -54,10 +55,12 @@
))
.and_return(service)
)

expect(Registration::Helpers).to receive(:insecure_registration).and_return(false)
expect(Registration::SwMgmt).to receive(:add_services)
expect(SUSE::Connect::Credentials).to receive(:read)
.with(SUSE::Connect::Credentials::GLOBAL_CREDENTIALS_FILE)

service_list = Registration::Registration.new.register_products([product])
expect(service_list).to eq([service])
end
Expand Down

0 comments on commit e443a64

Please sign in to comment.