Create Firefox extension on upgrade and replica-install

If the signing cert is not available, create an unsigned extension. Add a zip dependency to the specfile. https://fedorahosted.org/freeipa/ticket/3150
2025-02-25 18:55:28 -06:00 · 2012-10-08 07:54:47 -04:00
parent 7c0f1ea501
commit 1dd103bc8c
5 changed files with 74 additions and 24 deletions
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -286,27 +286,18 @@ class HTTPInstance(service.Service):

    def __setup_autoconfig(self):
        target_fname = '/usr/share/ipa/html/preferences.html'
-        prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
-        prefs_fd = open(target_fname, "w")
-        prefs_fd.write(prefs_txt)
-        prefs_fd.close()
-        os.chmod(target_fname, 0644)
-
-        target_fname = '/usr/share/ipa/html/krb.js'
-        prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "krb.js.template", self.sub_dict)
-        prefs_fd = open(target_fname, "w")
-        prefs_fd.write(prefs_txt)
-        prefs_fd.close()
+        ipautil.copy_template_file(
+            ipautil.SHARE_DIR + "preferences.html.template",
+            target_fname, self.sub_dict)
        os.chmod(target_fname, 0644)

        # The signing cert is generated in __setup_ssl
        db = certs.CertDB(self.realm, subject_base=self.subject_base)
-        pwdfile = open(db.passwd_fname)
-        pwd = pwdfile.read()
-        pwdfile.close()
+        with open(db.passwd_fname) as pwdfile:
+            pwd = pwdfile.read()

        # Setup configure.jar
-        tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+        tmpdir = tempfile.mkdtemp(prefix="tmp-")
        target_fname = '/usr/share/ipa/html/configure.jar'
        shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
        db.run_signtool(["-k", "Signing-Cert",
@@ -316,15 +307,47 @@ class HTTPInstance(service.Service):
        shutil.rmtree(tmpdir)
        os.chmod(target_fname, 0644)

+        self.setup_firefox_extension(self.realm, self.domain, force=True)
+
+    def setup_firefox_extension(self, realm, domain, force=False):
+        """Set up the signed browser configuration extension
+
+        If the extension is already set up, skip the installation unless
+        ``force`` is true.
+        """
+
+        target_fname = '/usr/share/ipa/html/krb.js'
+        if os.path.exists(target_fname) and not force:
+            root_logger.info(
+                '%s exists, skipping install of Firefox extension',
+                    target_fname)
+            return
+
+        sub_dict = dict(REALM=realm, DOMAIN=domain)
+        db = certs.CertDB(realm)
+        with open(db.passwd_fname) as pwdfile:
+            pwd = pwdfile.read()
+
+        ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template",
+            target_fname, sub_dict)
+        os.chmod(target_fname, 0644)
+
        # Setup extension
-        tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+        tmpdir = tempfile.mkdtemp(prefix="tmp-")
        extdir = tmpdir + "/ext"
        target_fname = "/usr/share/ipa/html/kerberosauth.xpi"
        shutil.copytree("/usr/share/ipa/ffextension", extdir)
-        db.run_signtool(["-k", "Signing-Cert",
-                            "-p", pwd,
-                            "-X", "-Z", target_fname,
-                            extdir])
+        if db.has_nickname('Signing-Cert'):
+            db.run_signtool(["-k", "Signing-Cert",
+                                "-p", pwd,
+                                "-X", "-Z", target_fname,
+                                extdir])
+        else:
+            root_logger.warning('Object-signing certificate was not found. '
+                'Creating unsigned Firefox configuration extension.')
+            filenames = os.listdir(extdir)
+            ipautil.run(['/usr/bin/zip', '-r', target_fname] + filenames,
+                cwd=extdir)
        shutil.rmtree(tmpdir)
        os.chmod(target_fname, 0644)