[yast-devel] Re: [yast-commit] <web-client> master : create an SSL certificate with the best hostname, do not start yastwc without a certificate (bnc#557752), version 0.0.20

23 Nov 2009

      J.Daniel Schmidt write:
> ref: refs/heads/master
> commit c2db5a722725ee68bf539b29d8369ed71508d088
> Author: J. Daniel Schmidt <jdsn@suse.de>
> Date:   Mon Nov 23 18:18:20 2009 +0100
> 
>     create an SSL certificate with the best hostname, do not start yastwc
>  without a certificate (bnc#557752), version 0.0.20 ---
>  webclient/package/check-create-certificate.pl |   22
>  ++++++++++++++++------ webclient/package/yast2-webclient.changes     |   
>  7 +++++++
>  webclient/package/yastwc                      |    8 +++++++-
>  3 files changed, 30 insertions(+), 7 deletions(-)
> 
> diff --git a/webclient/package/check-create-certificate.pl
>  b/webclient/package/check-create-certificate.pl index e63c328..8fb27a2
>  100755
> --- a/webclient/package/check-create-certificate.pl
> +++ b/webclient/package/check-create-certificate.pl
> @@ -70,9 +70,9 @@ emailAddress = root\@$fqdn
>      chomp $CNF;
>      chomp $CERT;
>      chomp $KEY;
> -    if ( not defined $CNF  || $CNF   =~ /^$/  ||
> -         not defined $CERT || $CERT  =~ /^$/  ||
> -         not defined $KEY  || $KEY   =~ /^$/     )
> +    if ( (not defined $CNF ) || $CNF   =~ /^$/  ||
> +         (not defined $CERT) || $CERT  =~ /^$/  ||
> +         (not defined $KEY ) || $KEY   =~ /^$/     )

Hi,
few notes to your script.
I think that this condition needn't use so complex statements. I think helper 
is better ( or lambda function - http://perl.plover.com/lambda/). But I think 
that you need it on more place so use helper.

sub is_blank($){
	my $val = shift;
	return not (defined $val && $val ne "");
}

unless ( is_blank($CNF) || is_blank($CERT) || is_blank($KEY))
{

>      {
>          print STDERR "Could not create temporary files. Aborting.\n";
>          return 0;
> @@ -178,10 +178,20 @@ if (defined $create)
> 
>      $hostname = `hostname --fqdn` unless defined $hostname;
>      chomp $hostname if defined $hostname;
> -    unless (defined $hostname)
> +    if ( (not defined $hostname) || $hostname =~ /^$/)
>      {
> -        print STDERR "Hostname missing or invalid. Aborting.\n";
> -        exit 1;
> +        # do not abort, just create a certificate (bnc#557752)
> +        #print STDERR "Hostname missing or invalid. Aborting.\n";
> +        #exit 1;
^^^
we use source version system, so code changes doesn't loose. Just remove lines 
instead commenting out unless it is temporary or pseudo-code to describe 
function.
> +
> +        print STDERR "No fully qualified domain name can be found. Please
>  fix your DNS setup.\n"; +        print STDERR "Using only the hostname for
>  SSL certificate.\n"; +        $hostname = `hostname`;
> +        chomp $hostname if defined $hostname;
> +        if ( (not defined $hostname) || $hostname =~ /^$/)
^
use helper defined above.

My helper is, that If I must write same code twice then something is bad and 
my code is duplicated.
> +        {
> +            $hostname = 'localhost';
> +        }
>      }
> 
>      if ( create_certificate( $hostname, $certfile, $keyfile, $combinedfile
>  ) ) diff --git a/webclient/package/yast2-webclient.changes
>  b/webclient/package/yast2-webclient.changes index c5f0686..5dbf1cb 100644
> --- a/webclient/package/yast2-webclient.changes
> +++ b/webclient/package/yast2-webclient.changes
> @@ -1,4 +1,11 @@
>  -------------------------------------------------------------------
> +Mon Nov 23 18:15:24 CET 2009 - jdsn@suse.de
> +
> +- create an SSL certificate with the best hostname (bnc#557752)
> +- do not start yastwc without a certificate (bnc#557752)
> +- 0.0.20
> +
> +-------------------------------------------------------------------
>  Mon Nov 23 12:19:02 CET 2009 - jdsn@suse.de
> 
>  - log check-create-certificate output to logfile
> diff --git a/webclient/package/yastwc b/webclient/package/yastwc
> index 99acd07..f25a61a 100755
> --- a/webclient/package/yastwc
> +++ b/webclient/package/yastwc
> @@ -179,7 +179,13 @@ case "$1" in
>      if [ ! -e  $COMBINEDCERTFILE ]
>      then
>          echo "No certificate found. Creating one now."
> -        /usr/sbin/check-create-certificate.pl -c -C $CERTIFICATEFILE -K
>  $CERTKEYFILE -B $COMBINEDCERTFILE
>  >/srv/www/yast/log/check-create-certificate.log 2>&1 +        if !
>  /usr/sbin/check-create-certificate.pl -c -C $CERTIFICATEFILE -K
>  $CERTKEYFILE -B $COMBINEDCERTFILE
>  >/srv/www/yast/log/check-create-certificate.log 2>&1 +        then
> +            echo -n "Can not create certificate. Please see
>  /srv/www/yast/log/check-create-certificate.log for details." +           
>  rc_failed
> +            rc_status -v
> +            rc_exit
> +        fi
>          chown lighttpd:lighttpd $CERTIFICATEFILE $CERTKEYFILE
>  $COMBINEDCERTFILE fi
> 

-- 
Josef Reidinger
YaST team
maintainer of perl-Bootloader, YaST2-Repair, webyast 
(language,time,basesystem,ntp)
-- 
To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org
For additional commands, e-mail: yast-devel+help@opensuse.org

Josef Reidinger

tags

participants (1)