Isolate our patches to the VNC client from the upstream TightVNC

[invirt/packages/invirt-vnc-client.git] / debian / invirt-update-vnc-cert

diff --git a/debian/invirt-update-vnc-cert b/debian/invirt-update-vnc-cert
index b07832a..8e634c0 100755 (executable)
--- a/debian/invirt-update-vnc-cert
+++ b/debian/invirt-update-vnc-cert
@@ -1,18 +1,29 @@
-#!/bin/bash
+#!/usr/bin/python
 
-if [ "$(ls /etc/invirt/vnc-cert.d)" == "" ]; then
-    echo "E: No certs in /etc/invirt/vnc-cert.d/" >&2
-    echo "   Put certificates for all Invirt VNC proxy servers in" >&2
-    echo "   /etc/invirt/vnc-cert.d, then run this script again" >&2
-    exit 1
-fi
+from invirt.config import structs as config
+from subprocess import Popen, call, PIPE
+import tempfile
+import os
+import sys
+import shutil
 
-TMP_DIR="$(mktemp -d)"
-for i in /etc/invirt/vnc-cert.d/*.crt; do
-    keytool -import -noprompt -alias "$(basename "${i%.crt}")" -file \
-       "$i" -keystore "$TMP_DIR/trust.store" -storepass "foobar"
-done
+def main():
+    call(['kinit', '-k', 'daemon/%s' % config.web.hostname])
+    
+    temp_dir = tempfile.mkdtemp()
+    keystore = os.path.join(temp_dir, 'trust.store')
+    for host in config.hosts:
+        cert = Popen(['remctl', config.remote.hostname, 'web', 'vnccert', host.hostname],
+                     stdout=PIPE)
+        cert.wait()
+        call(['keytool', '-import', '-noprompt', '-alias', host.hostname,
+              '-keystore', keystore, '-storepass', 'foobar'],
+             stdin=cert.stdout)
+    
+    call(['jar', 'uf', '/usr/share/invirt-vnc-client/VncViewer.jar',
+          '-C', temp_dir, 'trust.store'])
+    
+    shutil.rmtree(temp_dir)
 
-jar uf /usr/share/invirt-vnc-client/VncViewer.jar -C "$TMP_DIR" trust.store
-
-rm -rf "$TMP_DIR"
+if __name__ == '__main__':
+    sys.exit(main())