X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-vnc-client.git/blobdiff_plain/e668088ccdedcefbd0bd290d98532d4f16458e5e..68c87b47bcfe383b57b8ba18d39e088fa4fb789d:/debian/invirt-update-vnc-cert?ds=inline diff --git a/debian/invirt-update-vnc-cert b/debian/invirt-update-vnc-cert index b07832a..177c39a 100755 --- a/debian/invirt-update-vnc-cert +++ b/debian/invirt-update-vnc-cert @@ -1,18 +1,43 @@ -#!/bin/bash +#!/usr/bin/python -if [ "$(ls /etc/invirt/vnc-cert.d)" == "" ]; then - echo "E: No certs in /etc/invirt/vnc-cert.d/" >&2 - echo " Put certificates for all Invirt VNC proxy servers in" >&2 - echo " /etc/invirt/vnc-cert.d, then run this script again" >&2 - exit 1 -fi +from invirt.config import structs as config +from subprocess import Popen, check_call, PIPE, CalledProcessError +import tempfile +import os +import sys +import shutil -TMP_DIR="$(mktemp -d)" -for i in /etc/invirt/vnc-cert.d/*.crt; do - keytool -import -noprompt -alias "$(basename "${i%.crt}")" -file \ - "$i" -keystore "$TMP_DIR/trust.store" -storepass "foobar" -done +def check_wait(popen): + retcode = popen.wait() + if retcode != 0: + raise CalledProcessError(retcode, popen.pid) + return retcode -jar uf /usr/share/invirt-vnc-client/VncViewer.jar -C "$TMP_DIR" trust.store +def main(): + check_call(['kinit', '-k', 'daemon/%s' % config.web.hostname]) + + temp_dir = tempfile.mkdtemp() -rm -rf "$TMP_DIR" + jarfile = os.path.join(temp_dir, 'VncViewer.jar') + + shutil.copy('/usr/share/invirt-vnc-client/VncViewer.src.jar', + jarfile) + + keystore = os.path.join(temp_dir, 'trust.store') + for host in config.hosts: + cert = Popen(['remctl', config.remote.hostname, 'web', 'vnccert', host.hostname], + stdout=PIPE) + check_wait(cert) + check_call(['keytool', '-import', '-noprompt', '-alias', host.hostname, + '-keystore', keystore, '-storepass', 'foobar'], + stdin=cert.stdout) + + check_call(['jar', 'uf', jarfile, + '-C', temp_dir, 'trust.store']) + + shutil.move(jarfile, '/usr/share/invirt-vnc-client/VncViewer.jar') + + shutil.rmtree(temp_dir) + +if __name__ == '__main__': + sys.exit(main())