Author: jdsn
Date: Mon Jan 21 19:19:45 2008
New Revision: 43805
URL: http://svn.opensuse.org/viewcvs/yast?rev=43805&view=rev
Log:
initial checkin of yep related changes
Added:
branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/RegisterCert.pm
Modified:
branches/SuSE-SLE-10-SP2-Branch/registration/src/clients/inst_suse_register.ycp
branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Makefile.am
branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Register.ycp
Modified: branches/SuSE-SLE-10-SP2-Branch/registration/src/clients/inst_suse_register.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/registration/src/clients/inst_suse_register.ycp?rev=43805&r1=43804&r2=43805&view=diff
==============================================================================
--- branches/SuSE-SLE-10-SP2-Branch/registration/src/clients/inst_suse_register.ycp (original)
+++ branches/SuSE-SLE-10-SP2-Branch/registration/src/clients/inst_suse_register.ycp Mon Jan 21 19:19:45 2008
@@ -33,6 +33,16 @@
import "PackageSystem";
import "Package";
+
+ // this operation MUST be first and run in any case, even if registration should be skipped (FATE #302966)
+ symbol confRegSrv = Register::configureRegistrationServer();
+ if (confRegSrv == `conferror || confRegSrv == `notrust)
+ {
+ y2debug("Registration can not be run due to YEP configuration error.");
+ }
+
+
+
// no network - no suse_register
if (!Mode::normal())
{
Modified: branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Makefile.am
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Makefile.am?rev=43805&r1=43804&r2=43805&view=diff
==============================================================================
--- branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Makefile.am (original)
+++ branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Makefile.am Mon Jan 21 19:19:45 2008
@@ -2,7 +2,7 @@
# Makefile.am for registration/modules
#
-module_DATA = Register.ycp
+module_DATA = Register.ycp RegisterCert.pm
EXTRA_DIST = $(module_DATA)
Modified: branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Register.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Register.ycp?rev=43805&r1=43804&r2=43805&view=diff
==============================================================================
--- branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Register.ycp (original)
+++ branches/SuSE-SLE-10-SP2-Branch/registration/src/modules/Register.ycp Mon Jan 21 19:19:45 2008
@@ -18,9 +18,10 @@
import "Misc";
import "Stage";
import "Label";
+import "Popup";
import "ProductFeatures";
import "SourceManager";
-
+import "RegisterCert";
// --------------------------------------------------------------
@@ -50,6 +51,8 @@
global boolean use_proxy = false;
global string http_proxy = "";
global string https_proxy = "";
+global string yep_server = nil; // (FATE #302966)
+global string yep_server_cert = nil; // (FATE #302966)
global map registration_data = $[];
@@ -62,39 +65,549 @@
// START: Locally defined functions
// ------------------------------------------------------------------
+
/*
- * get_home_dir()
+ * amIroot()
*
- * get the home directory of the user running this module
- * because not only root is allowed to run inst_suse_register
+ * checks if running as root
+ * returns true if running as root - else returns false
+ *
+ */
+boolean amIroot()
+{
+ // check if we are root
+ map userid = (map) SCR::Execute(.target.bash_output, "id -u");
+ y2milestone("running with user id %1", userid);
+ return String::FirstChunk(userid["stdout"]:"1", "\n") == "0" ? true:false;
+}
+
+
+
+/*
+ * mountFloppy()
*
- * @return home directory as string
+ * mount a floppy disk
+ * @return map with status information
*
*/
-string get_home_dir()
+map mountFloppy()
{
- map gethome = (map) SCR::Execute(.target.bash_output, " cd; pwd ");
- return ((integer) gethome["exit"]:1 == 0) ? String::FirstChunk(gethome["stdout"]:"/tmp", "\n") : "/tmp";
+ // floppy mount support (FATE #303335)
+ list drives = (list) SCR::Read(.probe.floppy);
+
+ if ( size(drives) == 0 )
+ {
+ return $[ "mounted" : false ];
+ }
+
+ string fddevice = drives[0, "dev_name"]:"/dev/fd0";
+ string tmpdir = (string) SCR::Read(.target.tmpdir);
+ if (tmpdir == nil) tmpdir = "/tmp";
+ string mpoint = tmpdir + "/fd";
+
+ // create mount point directory
+ SCR::Execute(.target.mkdir, mpoint);
+
+ y2debug("Trying to mount %1 as floppy drive to load the YEP server certificate from.");
+
+ boolean result = (boolean) SCR::Execute(.target.mount, [fddevice, mpoint], "-o ro" );
+
+ return $[ "mounted" : result, "mpoint" : mpoint, "device" : fddevice ];
}
/*
- * amIroot()
+ * umountFloppy()
*
- * checks if running as root
- * returns true if running as root - else returns false
+ * umount a floppy disk
+ * @return void
*
*/
-boolean amIroot()
+void umountFloppy(string mpoint)
{
- // check if we are root
- map userid = (map) SCR::Execute(.target.bash_output, "id -u");
- y2milestone("running with user id %1", userid);
- return String::FirstChunk(userid["stdout"]:"1", "\n") == "0" ? true:false;
+ if (mpoint == nil || mpoint == "") return;
+ SCR::Execute(.target.umount, mpoint);
+}
+
+
+/*
+ * certificateError()
+ *
+ * report error messages if YEP server certificate is not found
+ * @return symbol yes, no or retry
+ *
+ */
+symbol certificateError(string heading, symbol type)
+{
+ if (heading == nil || heading == "") heading = _("Unknown error");
+
+ string errorrMessage = "";
+ string question = _("Do you want to skip Registration?");
+ string otherwise = sprintf( _("If you select %1 the Registration will most likely fail.
+Otherwise you may copy the certificate file to the system manually
+and then specify its path by choosing %2."), deletechars(Label::FileName(), "&"), deletechars(Label::ContinueButton(), "&"));
+
+
+ if (type == `floppy)
+ {
+ errorMessage = _("Could not load the YEP server certificate file from floppy disk.");
+ }
+ else if (type == `url)
+ {
+ errorMessage = _("Could not download the YEP server certificate file from specified URL.");
+ }
+ else if (type == `file)
+ {
+ errorMessage = _("Could not find the YEP server certificate file in specified path.");
+ }
+ else
+ {
+ errorMessage = _("Unknown Error occurred while retrieving YEP server certificate");
+ }
+
+ errorMessage = errorMessage + "\n\n" + question + "\n\n" + otherwise;
+ return Popup::AnyQuestion3(heading, errorMessage, _("Skip"), Label::ContinueButton(), Label::FileName(), `focus_yes );
+}
+
+
+
+
+
+/*
+ * suseRegisterURL()
+ *
+ * get or set the suseRegisterURL
+ * @return current url
+ */
+string suseRegisterURL(string url)
+{
+ // nil, empty string, unparsable urls and non-https urls as parameter means 'get url' else 'set url'
+
+ string cururl = nil;
+ map urlmap = $[];
+ string suseRegisterConf = "/etc/suseRegister.conf";
+
+ SCR::RegisterAgent (.temporary_suseregister_agent, `ag_ini(
+ `IniAgent( suseRegisterConf,
+ $[
+ "options" : [ "line_can_continue", "global_values", "join_multiline", "comments_last", "flat" ],
+ "comments": [ "^[ \t]*#.*$", "^[ \t]*$" ],
+ "params" : [ $[ "match" : [ "([a-zA-Z0-9_-]+)[ \t]*=[ \t]*([^ \t]*)", "%s = %s" ] ] ]
+ ]
+ )));
+
+ // in case the yep server was already changed do not change it again (to support mobile PCs in different environments)
+ if ( (string)SCR::Read(.temporary_suseregister_agent.yepurlmodified) == "true" )
+ {
+ url = nil;
+ y2debug("YEP server has already been modified. I will not change it again.");
+ }
+
+ cururl = (string) SCR::Read(.temporary_suseregister_agent.url);
+ urlmap = URL::Parse(url);
+
+ if ( url != nil && url != "" && urlmap != $[] && urlmap["schema"]:"" == "https" )
+ {
+ SCR::Write(.temporary_suseregister_agent.url, url);
+ cururl = (string) SCR::Read(.temporary_suseregister_agent.url);
+ if (url == cururl) SCR::Write(.temporary_suseregister_agent.yepurlmodified, "true");
+ }
+
+ SCR::UnregisterAgent (.temporary_suseregister_agent);
+ return cururl;
}
+
+/*
+ * setupRegistrationServer()
+ *
+ * write YEP server settings to (FATE #302966)
+ * @return symbol that says if we can perform the registration
+ *
+ */
+symbol setupRegistrationServer(symbol mode)
+{
+ // in case yep_server is undefined nothing needs to be done
+ if (yep_server == nil || yep_server == "") return `ok;
+
+ boolean ay = false; // are we running in autoYaST mode?
+ boolean trust = false;
+ if (mode == `autoyast)
+ {
+ trust = true;
+ ay = true
+ }
+
+ // check if yep_server is a valid url
+ map yep_server_parsed = URL::Parse(yep_server);
+ if (yep_server_parsed == $[] || yep_server_parsed["host"]:"" == "" || yep_server_parsed["scheme"]:"" != "https" )
+ {
+ y2debug("The string '%1' could not be parsed and validated as URL to be used as YEP server.", yep_server);
+ if (ay) return `conferror;
+
+ string no_yep_server = _("The YEP server URL could not be validated as URL.
+Registration can not be performed. Please modify /etc/suseRegister.conf and run Registration manually.
+The YEP server URL that was configured was
+%1");
+ Popup::Message(sformat(no_yep_server, yep_server));
+ return `conferror;
+ }
+
+
+ // write YEP server URL to /etc/suseRegister.conf
+ if (yep_server == suseRegisterURL(yep_server) )
+ { y2milestone("Setup custom yep server as registration server successful: %1", yep_server); }
+ else
+ { y2error("Failed to setup custom yep server as registration server: %1", yep_server); }
+
+
+
+ // ----------===============================================-------------- //
+
+ symbol certmode = nil;
+
+ // never ever load a certificate file for a *.novell.com yep server
+ if ( regexpmatch(yep_server_parsed["host"], ".+\.novell\.com$") { certmode = `none }
+ else if (yep_server_cert == nil || yep_server_cert == "") { certmode = `url }
+ else if ( regexpmatch(yep_server_cert, "^(https?|ftp)://.+") ) { certmode = `url; }
+ else if ( regexpmatch(yep_server_cert, "^floppy/.+") ) { certmode = `floppy; }
+ else if ( regexpmatch(yep_server_cert, "^/.+") ) { certmode = `path; }
+ else if ( regexpmatch(yep_server_cert, "^ask$") ) { certmode = `ask; }
+ else if ( regexpmatch(yep_server_cert, "^done$") ) { certmode = `done; }
+ else { certmode = `none; }
+
+
+ if (! contains([`none, `done, `url, `floppy, `ask, `path], certmode) )
+ {
+ y2error("No YEP server certificate mode found to handle current configuration. This should not happen!");
+ return `conferror;
+ }
+
+ string certTmpFile = sformat("%1/__tmpYEPcert.crt", SCR::Read(.target.tmpdir));
+
+
+ if ( certmode == `url )
+ {
+ map certParse = URL::Parse(yep_server_cert);
+
+ // if no yep_server_cert is passed then we fall back to predefined yep_server_cert
+ if (yep_server_cert == nil || yep_server_cert == "" || certParse == $[])
+ {
+ map certUrl = yep_server_parsed;
+ certUrl["scheme"] = "http";
+ certUrl["port"] = "80";
+ certUrl["path"] = "/yep.crt";
+ yep_server_cert = URL::Build(certUrl);
+ certParse=certUrl;
+
+ }
+ y2debug("Using %1 as URL to download the YEP server certificate.", yep_server_cert);
+
+ // download cert
+ string curlcmd = sprintf("curl -f --connect-timeout 60 --max-time 120 '%1' -o %2", yep_server_cert, certTmpFile);
+ if ( SCR::Execute (.target.bash, curlcmd) != 0)
+ {
+ y2error("Could not download the YEP server certificate from specified URL %1", yep_server_cert);
+ if (ay) return `conferror;
+
+ // translators: this is a heading for an error message - so no punctuation
+ string urlError = _("Downloading YEP server certificate failed");
+ symbol errret = certificateError( urlError, `url);
+
+ certTmpFile = nil;
+ }
+ }
+
+ if (certmode == `floppy)
+ {
+ // mount and copy
+ map mf = mountFloppy();
+ if (!mf["mounted"]:false)
+ {
+ umountFloppy(mf["mpoint"]);
+ y2error("Could not mount floppy disk to copy the YEP server certificte from. The device that was used was %1", mf["device"]);
+ if (ay)
+ {
+ y2error("No YEP server certificate available. As we are in autoYaST mode Registration will be skipped. Please run it manually.");
+ return `silentskip;
+ }
+ else
+ {
+ // translators: this is a heading for an error message - so no punctuation
+ fdMountError = _("Could not mount floppy disk");
+ symbol errret = certificateError( fdMountError, `floppy);
+
+ if ( errret == `yes )
+ {
+ y2warning("No YEP certificate could be retrieved (floppy mount error). User selected to skip Registration.");
+ return `silentskip;
+ }
+ else ( errret = `no )
+ {
+ y2warning("No YEP certificate could be retrieved (floppy mount error). User selected to NOT skip Registration. Most likely Registration will fail now.");
+ return `ok;
+ }
+ else { certmode = `ask; }
+ }
+ }
+ else
+ {
+ string fdpath = regexpsub( yep_server_cert , "^floppy/(.+)$","\\1");
+ string cp2tmp = sformat("/bin/cp -a %1 %2 ", mf["mpoint"]:"/media/floppy" + "/" + fdpath, certTmpFile );
+ if ( SCR::Execute (.target.bash, cp2tmp) != 0)
+ {
+ y2error("Could not copy the specified YEP certificate file from floppy disk.");
+ if (ay) return `silentskip;
+
+ // translators: this is a heading for an error message - so no punctuation
+ string fdCopyError = _("Could not read file floppy disk");
+ symbol errret = certificateError( fdCopyError, `floppy);
+
+ if ( errret == `yes )
+ {
+ y2warning("No YEP certificate could be retrieved (could not copy from floppy). User selected to skip Registration.");
+ return `silentskip;
+ }
+ else ( errret = `no )
+ {
+ y2warning("No YEP certificate could be retrieved (could not copy from floppy). User selected to NOT skip Registration. Most likely Registration will fail now.");
+ return `ok;
+ }
+ else { certmode = `ask; }
+
+ }
+
+ umountFloppy(mf["mpoint"]);
+ }
+
+ }
+
+ if (certmode == `path)
+ {
+ // try to copy cert if valid path, else ask // copy
+
+ string cp2tmp = sformat("/bin/cp -a %1 %2 ", yep_server_cert:"/thisfiledoesnotexist/noitdoesnot" , certTmpFile );
+ if ( SCR::Execute(.target.bash, cp2tmp ) != 0 )
+ {
+ y2error("Could not copy local YEP server certificate file");
+ if (ay) return `silentskip;
+
+ // translators: this is a heading for an error message - so no punctuation
+ string fileCopyError = _("Could find file in local path");
+ symbol errret = certificateError( fileCopyError, `file);
+ if ( errret == `yes )
+ {
+ y2warning("No YEP certificate could be retrieved (could not copy local file). User selected to skip Registration.");
+ return `silentskip;
+ }
+ else ( errret = `no )
+ {
+ y2warning("No YEP certificate could be retrieved (could not copy local file). User selected to NOT skip Registration. Most likely Registration will fail now.");
+ return `ok;
+ }
+ else { certmode = `ask; }
+ }
+ }
+
+ if (certmode == `ask)
+ {
+ if (ay)
+ {
+ y2error("YEP server certificate was configured to be asked for. AutoYaST does not support interactive dialogs. Registration will be skipped.");
+ return `silentskip;
+ }
+
+ string basepath = "/tmp";
+ string certFile = "";
+ string selectCertLabel = _("Select YEP server certificate file");
+ boolean exitloop = false;
+
+ do
+ {
+ do
+ {
+ certFile = UI::AskForExistingFile(basepath, "*.crt", selectCertLabel);
+ } while (certFile == "")
+
+ if (certFile == nil)
+ {
+ string skipReg = _("Do you really want to cancel and thereby skip the Registration?");
+ if (Popup::YesNo(skipReg))
+ {
+ y2debug("User selected to cancel manual certificate dialog and thereby skip registration");
+ return `conferror;
+ }
+ }
+
+ string cp2tmp = sformat("/bin/cp -a %1 %2 ", certFile , certTmpFile );
+ if (SCR::Execute(cp2tmp) == 0)
+ {
+ y2debug("Found user specified YEP server certificate file");
+ exitloop = true;
+ }
+ else
+ {
+ string fileErrorHeader = _("Could not copy local file");
+ string fileErrorMsg = _("Do you want to retry?");
+ if (!Popup::YesNoHeadline(fileErrorHeader, fileErrorMsg))
+ {
+ y2debug("Could not copy local file as YEP server certificate");
+ exitloop = true;
+ }
+ }
+
+ } while ( !exitloop );
+
+
+ }
+
+ if (certmode == `done)
+ {
+ y2debug("User configured to do nothing to retrieve a YEP server certificate.");
+ y2debug("I hope you know what you do. Registration will be run but may fail due to missing certificate.");
+ return `ok;
+ }
+
+ if (certmode == `none)
+ {
+ y2warning("The string that was passed to get the YEP server certificate does not match any handler.");
+ y2warning("The string was: %1", yep_server_cert);
+ y2warning("No certificate could be retrieved. Registration process will not be run!");
+ return `conferror;
+ }
+
+
+
+ // in autoYaST mode we automatically trust - we are done here
+ if (trust || ay) { retrun `ok; }
+
+ // ask user if he trusts the certificate
+ map certParsed = RegisterCert::parseCertificate(certTmpFile);
+ y2milestone("YEP server certificate file information: %1", certParsed);
+
+ string trustQuestion = _("Do you want to trust this certificate?");
+ string trustMessage = _("This certificate will be used to connect to the YEP server.\nYou have to trust this certificate in order to continue with the Registration.")
+
+ string certInfo = "";
+ list issueList = (list) cP["ISSUER"]:[];
+ //translators: this is certificate context
+ certInfo = certInfo + _("<p><b>Issued For:</b></p>");
+ if (size (issueList) > 0)
+ {
+ certInfo = certInfo + "<pre>";
+ foreach (map keyval, (list