Skip to content

Commit

Permalink
Set CA bundle path depends on distro
Browse files Browse the repository at this point in the history
  • Loading branch information
cbosdo authored and mbussolotto committed Sep 5, 2023
1 parent 26d6845 commit e6d3b42
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 4 deletions.
2 changes: 1 addition & 1 deletion client/tools/mgr-cfg/config_common/repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ def __init__(self, setup_network=1):
if isinstance(ca, basestring):
ca = [ca]

ca_certs = ca or ["/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT"]
ca_certs = ca or ["/etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT"]

# not sure if we need this or not...
lang = None
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- Use CA certificate from /etc/pki/trust/anchors in rhnpush
11 changes: 10 additions & 1 deletion client/tools/mgr-push/rhnpush_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
#

import sys
import os

# pylint: disable=F0401
if sys.version_info[0] == 3:
Expand All @@ -36,6 +37,14 @@ class rhnpushConfigParser:
# pylint: disable=W0201
_instance = None

def get_ca_bundle_path(self):
if os.system("grep -iq '^ID_LIKE=.*suse' /etc/os-release") == 0:
return '/etc/ssl/ca-bundle.pem'
if os.system("grep -iq '^ID_LIKE=.*rhel' /etc/os-release") == 0:
return '/etc/pki/tls/certs/ca-bundle.crt'
if os.system("grep -iq '^ID_LIKE=.*debian' /etc/os-release") == 0:
return '/etc/ssl/certs/ca-certificates.crt'

def __init__(self, filename=None, ensure_consistency=False):

# Defaults that are used if the ensure_consistency parameter of the constructor is true
Expand Down Expand Up @@ -66,7 +75,7 @@ def __init__(self, filename=None, ensure_consistency=False):
'no_session_caching': '0',
'proxy': '',
'tolerant': '0',
'ca_chain': '/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT',
'ca_chain': get_ca_bundle_path(),
'timeout': None
}

Expand Down
2 changes: 1 addition & 1 deletion client/tools/mgr-push/rhnpushrc
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ no_session_caching = 0
tolerant = 0

#The CA cert used to verify the ssl server
ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
ca_chain = /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT

#Default connection timeout, (no value for default)
timeout = 300
2 changes: 1 addition & 1 deletion testsuite/features/step_definitions/common_steps.rb
Original file line number Diff line number Diff line change
Expand Up @@ -507,7 +507,7 @@
end

When(/^I push package "([^"]*)" into "([^"]*)" channel$/) do |arg1, arg2|
srvurl = "http://#{ENV['SERVER']}/APP"
srvurl = "https://#{ENV['SERVER']}/APP"
command = "rhnpush --server=#{srvurl} -u admin -p admin --nosig -c #{arg2} #{arg1} "
get_target('server').run(command, timeout: 500)
get_target('server').run('ls -lR /var/spacewalk/packages', timeout: 500)
Expand Down

0 comments on commit e6d3b42

Please sign in to comment.