X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-vnc-client.git/blobdiff_plain/32970dd51d76584680d859f118ee0cac2fd904a7..72bd5ed6de8518646bb16e54b96ddc7f3a0f071b:/debian/invirt-update-vnc-cert?ds=sidebyside diff --git a/debian/invirt-update-vnc-cert b/debian/invirt-update-vnc-cert index fa73f27..177c39a 100755 --- a/debian/invirt-update-vnc-cert +++ b/debian/invirt-update-vnc-cert @@ -1,18 +1,43 @@ -#!/bin/bash +#!/usr/bin/python -if [ "$(ls /etc/invirt/vnc-cert.d)" == "" ]; then - echo "E: No certs in /etc/invirt/vnc-cert.d/" >&2 - echo " Put certificates for all Invirt VNC proxy servers in" >&2 - echo " /etc/invirt/vnc-cert.d, then run this script again" >&2 - exit 1 -fi +from invirt.config import structs as config +from subprocess import Popen, check_call, PIPE, CalledProcessError +import tempfile +import os +import sys +import shutil -TMP_DIR="$(mktemp -d)" -for i in $(ls /etc/invirt/vnc-cert.d/*.crt); do - keytool -noprompt -alias "${i%.crt}" -file "/etc/invirt/vnc-cert.d/$i" \ - -keystore "$TMP_DIR/trust.store" -storepass "foobar" -done +def check_wait(popen): + retcode = popen.wait() + if retcode != 0: + raise CalledProcessError(retcode, popen.pid) + return retcode -jar uf /usr/share/invirt-vnc-client/VncViewer.jar -C "$TMP_DIR" trust.store +def main(): + check_call(['kinit', '-k', 'daemon/%s' % config.web.hostname]) + + temp_dir = tempfile.mkdtemp() -rm -rf "$TMP_DIR" + jarfile = os.path.join(temp_dir, 'VncViewer.jar') + + shutil.copy('/usr/share/invirt-vnc-client/VncViewer.src.jar', + jarfile) + + keystore = os.path.join(temp_dir, 'trust.store') + for host in config.hosts: + cert = Popen(['remctl', config.remote.hostname, 'web', 'vnccert', host.hostname], + stdout=PIPE) + check_wait(cert) + check_call(['keytool', '-import', '-noprompt', '-alias', host.hostname, + '-keystore', keystore, '-storepass', 'foobar'], + stdin=cert.stdout) + + check_call(['jar', 'uf', jarfile, + '-C', temp_dir, 'trust.store']) + + shutil.move(jarfile, '/usr/share/invirt-vnc-client/VncViewer.jar') + + shutil.rmtree(temp_dir) + +if __name__ == '__main__': + sys.exit(main())