[Engine-patches] Change in ovirt-engine[engine_3.2]: pki: solve ibm/openjdk incompatibility

Alon Bar-Lev Sun, 19 May 2013 04:37:50 -0700

Alon Bar-Lev has uploaded a new change for review.

Change subject: pki: solve ibm/openjdk incompatibility
......................................................................


pki: solve ibm/openjdk incompatibility

synthesis PKCS#12 using openssl to remove the friendly name causing the
openjdk to fail reading its content.

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=961081
Change-Id: Ib54e1a6dc5608ca7697c06b72ded988ded75d13f
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M packaging/fedora/setup/engine-upgrade.py
1 file changed, 47 insertions(+), 19 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/64/14864/1

diff --git a/packaging/fedora/setup/engine-upgrade.py 
b/packaging/fedora/setup/engine-upgrade.py
index 6bc4b3b..d146b7a 100755
--- a/packaging/fedora/setup/engine-upgrade.py
+++ b/packaging/fedora/setup/engine-upgrade.py
@@ -7,6 +7,7 @@
 import shutil
 import logging
 import traceback
+import tempfile
 import types
 import time
 import pwd
@@ -90,7 +91,8 @@
 MSG_ERROR_PGPASS = "Error: DB password file was not found on this system. 
Verify \
 that this system was previously installed and that there's a password file at 
%s or %s" % \
 (basedefs.DB_PASS_FILE, basedefs.ORIG_PASS_FILE)
-MSG_ERROR_FAILED_CONVERT_ENGINE_KEY = "Error: Can't convert engine key to 
PKCS#12 fomat"
+MSG_ERROR_FAILED_CONVERT_ENGINE_KEY = "Error: Can't convert engine key to 
PKCS#12 format"
+MSG_ERROR_FAILED_SYNTHESIS_ENGINE_KEY = "Error: Can't synthesis engine key to 
PKCS#12 format"
 MSG_ERROR_SSH_KEY_SYMLINK = "Error: SSH key should not be symlink"
 MSG_ERROR_UUID_VALIDATION_FAILED = (
     "Pre-upgade host UUID validation failed\n"
@@ -470,24 +472,50 @@
     def prepare(self):
         if os.path.exists(self.JKSKEYSTORE):
             logging.debug("PKI: convert JKS to PKCS#12")
-            cmd = [
-                basedefs.EXEC_KEYTOOL,
-                "-importkeystore",
-                "-noprompt",
-                "-srckeystore", self.JKSKEYSTORE,
-                "-srcstoretype", "JKS",
-                "-srcstorepass", basedefs.CONST_KEY_PASS,
-                "-srcalias", "engine",
-                "-srckeypass", basedefs.CONST_KEY_PASS,
-                "-destkeystore", basedefs.FILE_ENGINE_KEYSTORE,
-                "-deststoretype", "PKCS12",
-                "-deststorepass", basedefs.CONST_KEY_PASS,
-                "-destalias", "1",
-                "-destkeypass", basedefs.CONST_KEY_PASS
-            ]
-            output, rc = utils. execCmd(cmdList=cmd, failOnError=True, 
msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY)
-            utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE)
-            os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640)
+
+            tmpPKCS12 = None
+            try:
+                fd, tmpPKCS12 = tempfile.mkstemp()
+                os.close(fd)
+                os.unlink(tmpPKCS12)    # java does not like empty files as 
keystore
+
+                mask = [basedefs.CONST_KEY_PASS]
+
+                cmd = [
+                    basedefs.EXEC_KEYTOOL,
+                    "-importkeystore",
+                    "-noprompt",
+                    "-srckeystore", self.JKSKEYSTORE,
+                    "-srcstoretype", "JKS",
+                    "-srcstorepass", basedefs.CONST_KEY_PASS,
+                    "-srcalias", "engine",
+                    "-srckeypass", basedefs.CONST_KEY_PASS,
+                    "-destkeystore", tmpPKCS12,
+                    "-deststoretype", "PKCS12",
+                    "-deststorepass", basedefs.CONST_KEY_PASS,
+                    "-destalias", "1",
+                    "-destkeypass", basedefs.CONST_KEY_PASS
+                ]
+                output, rc = utils.execCmd(cmdList=cmd, maskList=mask, 
failOnError=True, msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY)
+
+                # synthesis PKCS#12 see rhbz#961069
+                cmd = [
+                    (
+                        "{openssl} pkcs12 -in {input} -passin pass:{password} 
-nodes | "
+                        "{openssl} pkcs12 -export -out {output} -passout 
pass:{password}"
+                    ).format(
+                        openssl=basedefs.EXEC_OPENSSL,
+                        input=tmpPKCS12,
+                        output=basedefs.FILE_ENGINE_KEYSTORE,
+                        password=basedefs.CONST_KEY_PASS,
+                    )
+                ]
+                utils.execCmd(cmdList=cmd, maskList=mask, useShell=True, 
failOnError=True, msg=MSG_ERROR_FAILED_SYNTHESIS_ENGINE_KEY)
+                utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE)
+                os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640)
+            finally:
+                if tmpPKCS12 is not None and os.path.exists(tmpPKCS12):
+                    os.unlink(tmpPKCS12)
 
         for src, dst in (
             (basedefs.FILE_ENGINE_KEYSTORE, basedefs.FILE_APACHE_KEYSTORE),


--
To view, visit http://gerrit.ovirt.org/14864
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib54e1a6dc5608ca7697c06b72ded988ded75d13f
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: engine_3.2
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[engine_3.2]: pki: solve ibm/openjdk incompatibility

Reply via email to