From 2d298e6af3ab7c12e16e7c95b57195539e92de89 Mon Sep 17 00:00:00 2001 From: Jean-Sebastien Legare Date: Wed, 2 Dec 2009 00:19:14 +0000 Subject: [PATCH] XC-476 The installer allows copying a certificate bundle to dom0. The new installation step is executed only when a Transmitter backend is setup. --- .../install/stages/Configure-backend | 3 +- .../install/stages/Configure-cacerts | 139 ++++++++++++++++++ .../install/stages/functions | 9 +- .../install/stages/sequence.graph | 3 +- 4 files changed, 149 insertions(+), 5 deletions(-) create mode 100755 target/generic/target_xenclient_installer_skeleton/install/stages/Configure-cacerts diff --git a/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-backend b/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-backend index 4268721..4f0f2eb 100755 --- a/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-backend +++ b/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-backend @@ -10,6 +10,7 @@ single_string_config "backend" \ "${BACKEND}" \ "BACKEND" \ "${BACKEND_CONF}" \ - "$( not_previous $@ || echo --previous )" + "$( not_previous $@ || echo --previous )" \ + "8 70" OPT="$?" exit ${OPT} diff --git a/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-cacerts b/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-cacerts new file mode 100755 index 0000000..73187f6 --- /dev/null +++ b/target/generic/target_xenclient_installer_skeleton/install/stages/Configure-cacerts @@ -0,0 +1,139 @@ +#!/bin/ash + +# +# This script will install a certificate bundle used to authenticate +# the backend. The bundle can be downloaded from the net, or can be +# installed from a file available to the installer. +# + +. ${SCRIPT_DIR}/functions + +unset CACERTS +[ ! -r ${BACKEND_CONF} ] || . ${BACKEND_CONF} +[ ! -r ${CACERTS_CONF} ] || . ${CACERTS_CONF} + +cacerts_get_settings() +{ + if [ x"${CACERTS}" = x ]; then + # Provide default value for certificate location + NOPROTO="${BACKEND#http*://}" + CACERTS="http://${NOPROTO%/}"/cert/root.pem + fi + + single_string_config \ + "cacerts" \ + "If you wish to install root certificates to authenticate the Transmitter, you may do so here by entering a "\ +"URL (ftp, http, file, nfs) pointing to your cert bundle. "\ +" + +You may also skip this step by leaving the field empty." \ + "${CACERTS}" \ + "CACERTS" \ + "${CACERTS_CONF}" \ + "$( not_previous $@ || echo --previous )" \ + "11 70" + OPT="$?" + + if [ x"$OPT" != x"${Continue}" ]; then + unset CACERTS + exit ${OPT} + fi + + CACERTS="${STRING_VALUE}" +} + +cacerts_install_problem() #str=1 +{ + local errstr="$1" + local errdetails="$2" #optional + + if interactive; then + if [ x"$errdetails" != x ]; then + dialog --colors --ok-label "Continue" --msgbox " \ZbERROR: $1. \ZB + + Please enter an alternative URL. The following error was encountered: + +$errdetails" 15 75 + else + dialog --colors --ok-label "Continue" --msgbox " \ZbERROR: $1. \ZB + + Please enter an alternative URL." 8 75 + fi + exit ${Retry} + else + exit ${Abort} + fi +} + +cacerts_install() +{ + local leaf + local host + local mtpoint + + case "${CACERTS}" in + tftp://*) + leaf=$(echo ${CACERTS} | sed -e 's/^tftp:\/\/[^\/]*\///g' ) + host=$(echo ${CACERTS} | sed -ne 's/^tftp:\/\/\([^\/]*\)\/.*$/\1/p' ) + if [ -z "$host" ]; then + host="dhcp" + fi + tftp -l "${INSTALL_CA_BUNDLE}" -r "$(cat /etc/dhcp-prefix)/$leaf" -g "$host" || { + cacerts_install_problem "Could not retrieve certificate bundle" + } + break + ;; + http://*|ftp://*) + wget "${CACERTS}" -O "${INSTALL_CA_BUNDLE}".tmp >/tmp/wget.output 2>&1 || { + cacerts_install_problem "Could not retrieve certificate bundle" "`cat /tmp/wget.output`" + } + mv "${INSTALL_CA_BUNDLE}".tmp "${INSTALL_CA_BUNDLE}" + break + ;; + nfs://*) + mtpoint=$(mktemp -d) && \ + host=$(echo "${CACERTS}" | sed 's,^nfs://\([^/]\+\)/.*$,\1,') && \ + mount -t nfs "$host" "$mtpoint" && \ + leaf=$(echo "${CACERTS}" | sed 's,^nfs://[^/]\+/,/,') && \ + cp "${mtpoint}/${leaf}" "${INSTALL_CA_BUNDLE}" || { + umount "${mtpoint}" && rmdir "${mtpoint}" + cacerts_install_problem "Could not retrieve certificate bundle" + } + umount "${mtpoint}" + rmdir "${mtpoint}" + break + ;; + https://*) + echo "Downloading SSL certificates over HTTPs is not supported">&2 + cacerts_install_problem "Downloading SSL certificates over HTTPs is not supported" + ;; + file://*|/*) + #local file -- strip optional file:// prefix + CACERTS="${CACERTS#file://}" + if [ -r "${CACERTS}" ]; then + cp "${CACERTS}" "${INSTALL_CA_BUNDLE}" 2>/tmp/copy.err || { + cacerts_install_problem "Could not install file provided" "`cat /tmp/copy.err`" + } + else + cacerts_install_problem "Could not install file provided" + fi + ;; + *) + echo "Invalid URL given for certificate bundle." >&2 + cacerts_install_problem "Unrecognized URL given" + ;; + esac + return ${Continue} +} + +cacerts_get_settings + +# Skip certificates installation +if [ x"$CACERTS" = x ]; then + exit ${Continue} +fi + +# +# CACERTS contains the URL/path to a certificates bundle +# +cacerts_install diff --git a/target/generic/target_xenclient_installer_skeleton/install/stages/functions b/target/generic/target_xenclient_installer_skeleton/install/stages/functions index 580f531..0862d66 100644 --- a/target/generic/target_xenclient_installer_skeleton/install/stages/functions +++ b/target/generic/target_xenclient_installer_skeleton/install/stages/functions @@ -17,16 +17,17 @@ NETWORK_NIC_CONF="${INSTALL_DATA}/network-nic.conf" PASSWORD_CONF="${INSTALL_DATA}/password.conf" LICENSE_KEY_CONF="${INSTALL_DATA}/license-key.conf" BACKEND_CONF="${INSTALL_DATA}/backend.conf" +CACERTS_CONF="${INSTALL_DATA}/cacerts.conf" INSTALL_STATUS_CONF="${INSTALL_DATA}/install-status.conf" OPTICAL_CONF="${INSTALL_DATA}/optical.conf" NETWORK_REPO_CONF="${INSTALL_DATA}/network-repo.conf" INSTALL_MODE_CONF="${INSTALL_DATA}/install-mode.conf" - +INSTALL_CA_BUNDLE="${INSTALL_DATA}/ca-bundle.crt" ALL_CONFIGS="${FULL_ANSWERFILE} ${ANSWERFILE} ${AUTOMATED_CONF} ${DISK_CONF}" ALL_CONFIGS="${ALL_CONFIGS} ${HOST_CAPABILITY_CONF} ${NETWORK_NIC_CONF}" ALL_CONFIGS="${ALL_CONFIGS} ${PASSWORD_CONF} ${LICENSE_KEY_CONF} ${BACKEND_CONF}" ALL_CONFIGS="${ALL_CONFIGS} ${INSTALL_STATUS_CONF} ${OPTICAL_CONF} ${NETWORK_REPO_CONF}" -ALL_CONFIGS="${ALL_CONFIGS} ${INSTALL_MODE_CONF}" +ALL_CONFIGS="${ALL_CONFIGS} ${INSTALL_MODE_CONF} ${CACERTS_CONF}" #----------------------------------------------------------- # Filesystem paths @@ -235,6 +236,7 @@ single_string_config() CONF_KEY="$4" CONF_FILE="$5" ARG_PREVIOUS="$6" + ARG_DIMENSIONS="$7" HANDLE_PREV=0 @@ -255,7 +257,8 @@ single_string_config() show_cursor CAPTURE=$(mktemp) - dialog --cancel-label Previous --inputbox "${QUERY_TITLE}" 0 40 "${DEFAULT_STRING}" 2>${CAPTURE} + [ x"${ARG_DIMENSIONS}" != x ] || ARG_DIMENSIONS="0 40" + dialog --cancel-label Previous --inputbox "${QUERY_TITLE}" ${ARG_DIMENSIONS} "${DEFAULT_STRING}" 2>${CAPTURE} OPT="$?" hide_cursor diff --git a/target/generic/target_xenclient_installer_skeleton/install/stages/sequence.graph b/target/generic/target_xenclient_installer_skeleton/install/stages/sequence.graph index 85d3813..930a653 100644 --- a/target/generic/target_xenclient_installer_skeleton/install/stages/sequence.graph +++ b/target/generic/target_xenclient_installer_skeleton/install/stages/sequence.graph @@ -36,7 +36,8 @@ Warn-disk-erasure, Continue:Set-password | Abort:Fail Set-password, Continue:Optional-backend | Abort:Fail Optional-backend, Backend:Configure-backend | NoBackend:Optional-license -Configure-backend, Continue:Optional-license +Configure-backend, Continue:Configure-cacerts +Configure-cacerts, Continue:Optional-license | Retry:Configure-cacerts Optional-license, License:Configure-license | NoLicense:Ready-to-install Configure-license, Continue:Ready-to-install -- 2.39.5