debian/invirt-update-vnc-cert

   1 #!/usr/bin/python
   2
   3 from invirt.config import structs as config
   4 from subprocess import Popen, check_call, PIPE, CalledProcessError
   5 import tempfile
   6 import os
   7 import sys
   8 import shutil
   9
  10 def check_wait(popen):
  11     retcode = popen.wait()
  12     if retcode != 0:
  13         raise CalledProcessError(retcode, popen.pid)
  14     return retcode
  15
  16 def main():
  17     check_call(['kinit', '-k', 'daemon/%s' % config.web.hostname])
  18
  19     temp_dir = tempfile.mkdtemp()
  20
  21     jarfile = os.path.join(temp_dir, 'VncViewer.jar')
  22
  23     shutil.copy('/usr/share/invirt-vnc-client/VncViewer.src.jar',
  24                 jarfile)
  25
  26     keystore = os.path.join(temp_dir, 'trust.store')
  27     for host in config.hosts:
  28         cert = Popen(['remctl', config.remote.hostname, 'web', 'vnccert', host.hostname],
  29                      stdout=PIPE)
  30         check_wait(cert)
  31         check_call(['keytool', '-import', '-noprompt', '-alias', host.hostname,
  32                     '-keystore', keystore, '-storepass', 'foobar'],
  33                    stdin=cert.stdout)
  34
  35     check_call(['jar', 'uf', jarfile,
  36                 '-C', temp_dir, 'trust.store'])
  37
  38     if config.vnc.has_key("signing_keystore_path") \
  39        and os.path.exists(config.vnc.signing_keystore_path):
  40         check_call(['jarsigner', '-keystore',
  41                     config.vnc.signing_keystore_path,
  42                     '-storepass', 'changeit', jarfile,
  43                     config.vnc.signing_key_alias])
  44
  45     shutil.move(jarfile, '/usr/share/invirt-vnc-client/VncViewer.jar')
  46
  47     shutil.rmtree(temp_dir)
  48
  49 if __name__ == '__main__':
  50     sys.exit(main())