[Engine-patches] Change in ovirt-engine[master]: packaging: setup: enforce java home for pki

Fri, 05 Jul 2013 15:46:28 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: packaging: setup: enforce java home for pki
......................................................................

packaging: setup: enforce java home for pki

pki ca creation script use keytool utility directly, this may use
keytool utility of jdk other than openjdk. as some compatibility issues
were found, use the keytool from the JAVA_HOME we use for our
application.

pki migration to PKCS#12 format also use keytool, apply the same method.

Change-Id: I23ca5bc86cca6e9115a425ff885ab973a4e4135b
Signed-off-by: Alon Bar-Lev <[email protected]>
---
M packaging/bin/pki-create-ca.sh
M packaging/fedora/setup/basedefs.py
M packaging/fedora/setup/engine-setup.py
M packaging/fedora/setup/engine-upgrade.py
M packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
5 files changed, 21 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/24/16524/1

diff --git a/packaging/bin/pki-create-ca.sh b/packaging/bin/pki-create-ca.sh
index 0ad0d11..d726923 100755
--- a/packaging/bin/pki-create-ca.sh
+++ b/packaging/bin/pki-create-ca.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+KEYTOOL="${JAVA_HOME:-/usr}/bin/keytool"
+
 enroll() {
        local subject="$1"
 
@@ -60,14 +62,14 @@
 keystore() {
        local password="$1"
 
-       keytool \
+       "${KEYTOOL}" \
                -delete \
                -noprompt \
                -alias cacert \
                -keystore "${PKIDIR}/.truststore" \
                -storepass "${password}" \
                > /dev/null 2>&1
-       keytool \
+       "${KEYTOOL}" \
                -import \
                -noprompt \
                -trustcacerts \
diff --git a/packaging/fedora/setup/basedefs.py 
b/packaging/fedora/setup/basedefs.py
index d4c4848..1577560 100644
--- a/packaging/fedora/setup/basedefs.py
+++ b/packaging/fedora/setup/basedefs.py
@@ -204,7 +204,6 @@
 EXEC_GETENFORCE="/usr/sbin/getenforce"
 EXEC_SETSEBOOL="/usr/sbin/setsebool"
 EXEC_SEMANAGE="/usr/sbin/semanage"
-EXEC_KEYTOOL="/usr/bin/keytool"
 EXEC_FIREWALL_CMD = '/usr/bin/firewall-cmd'
 
 # DBUtils
diff --git a/packaging/fedora/setup/engine-setup.py 
b/packaging/fedora/setup/engine-setup.py
index 03de087..9be0127 100755
--- a/packaging/fedora/setup/engine-setup.py
+++ b/packaging/fedora/setup/engine-setup.py
@@ -766,7 +766,11 @@
                 "--keystore-password=%s" % basedefs.CONST_CA_PASS,
             ]
 
-            out, rc = utils.execCmd(cmdList=cmd, failOnError=True, 
msg=output_messages.ERR_RC_CODE, maskList=[basedefs.CONST_CA_PASS])
+            env = {
+                'JAVA_HOME': controller.CONF["JAVA_HOME"],
+            }
+
+            out, rc = utils.execCmd(cmdList=cmd, envDict=env, 
failOnError=True, msg=output_messages.ERR_RC_CODE, 
maskList=[basedefs.CONST_CA_PASS])
 
             # Enroll certificates
             for name in ('engine', 'apache', 'jboss'):
diff --git a/packaging/fedora/setup/engine-upgrade.py 
b/packaging/fedora/setup/engine-upgrade.py
index e3b5bf0..914be8b 100755
--- a/packaging/fedora/setup/engine-upgrade.py
+++ b/packaging/fedora/setup/engine-upgrade.py
@@ -477,6 +477,10 @@
 
     def prepare(self):
         mask = [basedefs.CONST_KEY_PASS]
+        javaHome = utils.findJavaHome()
+        if not javaHome:
+            raise RuntimeError("Cannot locate java")
+        keytool = os.path.join(javaHome, 'bin', 'keytool')
 
         if os.path.exists(self.JKSKEYSTORE):
             logging.debug("PKI: convert JKS to PKCS#12")
@@ -488,7 +492,7 @@
                 os.unlink(tmpPKCS12)    # java does not like empty files as 
keystore
 
                 cmd = [
-                    basedefs.EXEC_KEYTOOL,
+                    keytool,
                     "-importkeystore",
                     "-noprompt",
                     "-srckeystore", self.JKSKEYSTORE,
@@ -572,7 +576,7 @@
         if os.path.exists(self.TMPTRUSTSTORE):
             os.unlink(self.TMPTRUSTSTORE)
         cmd = [
-            basedefs.EXEC_KEYTOOL,
+            keytool,
             "-import",
             "-noprompt",
             "-keystore", self.TMPTRUSTSTORE,
diff --git a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py 
b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
index 1433f34..586f3a1 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
@@ -168,7 +168,7 @@
                 )
 
         self.execute(
-            (
+            args=(
                 osetupcons.FileLocations.OVIRT_ENGINE_PKI_CA_CREATE,
                 '--subject=/C=%s/O=%s/CN=%s.%s' % (
                     self.environment[osetupcons.PKIEnv.COUNTRY],
@@ -182,6 +182,11 @@
                     self.environment[osetupcons.PKIEnv.STORE_PASS],
                 ),
             ),
+            envAppend={
+                'JAVA_HOME': self.environment[
+                    osetupcons.ConfigEnv.JAVA_HOME
+                ],
+            },
         )
 
         for name in ('engine', 'apache', 'jboss'):


-- 
To view, visit http://gerrit.ovirt.org/16524
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I23ca5bc86cca6e9115a425ff885ab973a4e4135b
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to