Set CA bundle path depends on distro

uyuni-project · Sep 15, 2023 · a20693c · a20693c
1 parent 88b6235
commit a20693c
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 7 deletions.
diff --git a/client/tools/mgr-push/mgr-push.changes.mbussolotto.rhnpush_ca_cerfificate_path b/client/tools/mgr-push/mgr-push.changes.mbussolotto.rhnpush_ca_cerfificate_path
@@ -0,0 +1 @@
+-  Use bundle CA certificate in rhnpush
diff --git a/client/tools/mgr-push/rhnpush_config.py b/client/tools/mgr-push/rhnpush_config.py
@@ -20,6 +20,7 @@
 #
 
 import sys
+import os
 
 # pylint: disable=F0401
 if sys.version_info[0] == 3:
@@ -36,6 +37,14 @@ class rhnpushConfigParser:
     # pylint: disable=W0201
     _instance = None
 
+    def get_ca_bundle_path(self):
+        if os.system("grep -iq '^ID_LIKE=.*suse' /etc/os-release") == 0:
+            return '/etc/ssl/ca-bundle.pem'
+        if os.system("grep -iq '^ID_LIKE=.*rhel' /etc/os-release") == 0:
+            return '/etc/pki/tls/certs/ca-bundle.crt'
+        if os.system("grep -iq '^ID_LIKE=.*debian' /etc/os-release") == 0:
+            return '/etc/ssl/certs/ca-certificates.crt'
+
     def __init__(self, filename=None, ensure_consistency=False):
 
         # Defaults that are used if the ensure_consistency parameter of the constructor is true
@@ -66,7 +75,7 @@ def __init__(self, filename=None, ensure_consistency=False):
             'no_session_caching':   '0',
             'proxy':   '',
             'tolerant':   '0',
-            'ca_chain':   '/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT',
+            'ca_chain':  self.get_ca_bundle_path(),
             'timeout': None
         }
 

diff --git a/client/tools/mgr-push/rhnpushrc b/client/tools/mgr-push/rhnpushrc
@@ -73,8 +73,5 @@ no_session_caching  =   0
 #Have rhnpush be tolerant of errors when pushing a large number of packages.
 tolerant        =   0
 
-#The CA cert used to verify the ssl server
-ca_chain        =   /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
-
 #Default connection timeout, (no value for default)
 timeout         = 300
diff --git a/python/rhn/transports.py b/python/rhn/transports.py
@@ -261,7 +261,7 @@ def __init__(self, transfer=0, encoding=0, refreshCallback=None,
 
     def add_trusted_cert(self, certfile):
         if not os.access(certfile, os.R_OK):
-            raise ValueError("Certificate file %s is not accessible" % certfile)
+            raise ValueError("SafeTransport: Certificate file %s is not accessible" % certfile)
         self.trusted_certs.append(certfile)
 
     def get_connection(self, host):
@@ -316,7 +316,7 @@ def __init__(self, proxy, proxyUsername=None, proxyPassword=None,
 
     def add_trusted_cert(self, certfile):
         if not os.access(certfile, os.R_OK):
-            raise ValueError("Certificate file %s is not accessible" % certfile)
+            raise ValueError("SafeProxyTransport:Certificate file %s is not accessible" % certfile)
         self.trusted_certs.append(certfile)
 
     def get_connection(self, host):

diff --git a/testsuite/features/step_definitions/common_steps.rb b/testsuite/features/step_definitions/common_steps.rb
@@ -507,7 +507,7 @@
 end
 
 When(/^I push package "([^"]*)" into "([^"]*)" channel$/) do |arg1, arg2|
-  srvurl = "http://#{ENV['SERVER']}/APP"
+  srvurl = "https://#{ENV['SERVER']}/APP"
   command = "rhnpush --server=#{srvurl} -u admin -p admin --nosig -c #{arg2} #{arg1} "
   get_target('server').run(command, timeout: 500)
   get_target('server').run('ls -lR /var/spacewalk/packages', timeout: 500)