Create Firefox configuration extension on CA-less install

Create: * kerberosauth.xpi * krb.js even when --http_pkcs12 option is used. https://fedorahosted.org/freeipa/ticket/3747
2025-02-25 18:55:28 -06:00 · 2013-06-25 16:53:24 +02:00 · 2013-06-25 16:53:24 +02:00 · f5bc155f56
commit f5bc155f56
parent 736dd0fcd6
4 changed files with 33 additions and 26 deletions
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@ -216,19 +216,21 @@ def install_http(config, auto_redirect):
        auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt")

    # Now copy the autoconfiguration files
-    if ipautil.file_exists(config.dir + "/preferences.html"):
-        try:
-            shutil.copy(config.dir + "/preferences.html", "/usr/share/ipa/html/preferences.html")
-            shutil.copy(config.dir + "/configure.jar", "/usr/share/ipa/html/configure.jar")
-            if ipautil.file_exists(config.dir + "/krb.js"):
-                shutil.copy(
-                    config.dir + "/krb.js", "/usr/share/ipa/html/krb.js")
-                shutil.copy(
-                    config.dir + "/kerberosauth.xpi",
-                    "/usr/share/ipa/html/kerberosauth.xpi")
-        except Exception, e:
-            print "error copying files: " + str(e)
-            sys.exit(1)
+    try:
+        if ipautil.file_exists(config.dir + "/preferences.html"):
+            shutil.copy(config.dir + "/preferences.html",
+                        "/usr/share/ipa/html/preferences.html")
+        if ipautil.file_exists(config.dir + "/configure.jar"):
+            shutil.copy(config.dir + "/configure.jar",
+                        "/usr/share/ipa/html/configure.jar")
+        if ipautil.file_exists(config.dir + "/krb.js"):
+            shutil.copy(config.dir + "/krb.js",
+                        "/usr/share/ipa/html/krb.js")
+            shutil.copy(config.dir + "/kerberosauth.xpi",
+                        "/usr/share/ipa/html/kerberosauth.xpi")
+    except Exception, e:
+        print "error copying files: " + str(e)
+        sys.exit(1)

    http.setup_firefox_extension(config.realm_name, config.domain_name)

--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@ -1103,12 +1103,12 @@ def main():
    http = httpinstance.HTTPInstance(fstore)
    if options.http_pkcs12:
        http.create_instance(
-            realm_name, host_name, domain_name, dm_password, autoconfig=False,
+            realm_name, host_name, domain_name, dm_password,
            pkcs12_info=http_pkcs12_info, subject_base=options.subject,
            auto_redirect=options.ui_redirect, ca_file=ca_file)
    else:
        http.create_instance(
-            realm_name, host_name, domain_name, dm_password, autoconfig=True,
+            realm_name, host_name, domain_name, dm_password,
            subject_base=options.subject, auto_redirect=options.ui_redirect)
    ipaservices.restore_context("/var/cache/ipa/sessions")

--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -313,15 +313,19 @@ class HTTPInstance(service.Service):
            pwd = pwdfile.read()

        # Setup configure.jar
-        tmpdir = tempfile.mkdtemp(prefix="tmp-")
-        target_fname = '/usr/share/ipa/html/configure.jar'
-        shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
-        db.run_signtool(["-k", "Signing-Cert",
-                         "-Z", target_fname,
-                         "-e", ".html", "-p", pwd,
-                         tmpdir])
-        shutil.rmtree(tmpdir)
-        os.chmod(target_fname, 0644)
+        if db.has_nickname('Signing-Cert'):
+            tmpdir = tempfile.mkdtemp(prefix="tmp-")
+            target_fname = '/usr/share/ipa/html/configure.jar'
+            shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
+            db.run_signtool(["-k", "Signing-Cert",
+                            "-Z", target_fname,
+                            "-e", ".html", "-p", pwd,
+                            tmpdir])
+            shutil.rmtree(tmpdir)
+            os.chmod(target_fname, 0644)
+        else:
+            root_logger.warning('Object-signing certificate was not found; '
+                'therefore, configure.jar was not created.')

        self.setup_firefox_extension(self.realm, self.domain, force=True)

--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@ -338,8 +338,9 @@ class ReplicaPrepare(admintool.AdminTool):
            self.copy_info_file("/usr/share/ipa/html/krb.js", "krb.js")
            self.copy_info_file(
                "/usr/share/ipa/html/kerberosauth.xpi", "kerberosauth.xpi")
-            self.copy_info_file(
-                "/usr/share/ipa/html/configure.jar", "configure.jar")
+        jar_filename = "/usr/share/ipa/html/configure.jar"
+        if ipautil.file_exists(jar_filename):
+            self.copy_info_file(jar_filename, "configure.jar")
        cacert_filename = "/var/kerberos/krb5kdc/cacert.pem"
        if ipautil.file_exists(cacert_filename):
            self.copy_info_file(cacert_filename, "cacert.pem")