freeipa/ipapython/platform/debian/instances/utils.py

import os
import subprocess

import ipautil

from hashutil import md5

def bind_check_installation(unattended):
    # files in /etc/ are not being deleted on package removal, so we can't
    # rely on them to check if BIND is installed. Also, because Debian has
    # switched to the multiarch filesystem layout there is no easy way
    # to look for the ldap.so BIND plugin. But we can query dpkg database
    # to see if both packages are installed, it actually feels like a cleaner
    # solution.
    dpkg_query = ['/usr/bin/dpkg-query', '-W', '-f', '${Package}']
    try:
        ipautil.run(dpkg_query + ['bind'], raiseonerr=True):
    except ipautil.CalledProcessError:
        print "BIND was not found on this system"
        print "Please install the 'bind9' package and start the installation again"
        has_bind = False

    try:
        ipautil.run(dpkg_query + ['bind-dyndb-ldap'], raiseonerr=True)
    except ipautil.CalledProcessError:
        print "The BIND LDAP plug-in was not found on this system"
        print "Please install the 'bind-dyndb-ldap' package and start the installation again"
        has_bind = False

    if not has_bind:
        return False

    dpkg_query = ['/usr/bin/dpkg-query', '-W', '-f', '${Conffiles}']
    stdout, stderr, ret = ipautil.run(dpkg_query)
    # convert dpkg-query output into a mapping fname->md5sum
    conf_files = dict([p.strip().split(' ') for p in stdout.split('\n')])

    # IPA installation modified named.local so lets check it for local changes
    fname = '/etc/bind/named.local'
    hash = md5.new(open(fname, 'rb').read()).digest()
    if conf_files[fname] != hash:
        msg = "Existing BIND configuration detected, overwrite?"
        return ipautil.user_input(msg, False)

    return True