diff options
| author | Scott Moser <smoser@ubuntu.com> | 2012-03-09 15:12:10 -0500 |
|---|---|---|
| committer | Scott Moser <smoser@ubuntu.com> | 2012-03-09 15:12:10 -0500 |
| commit | 0d4fedc1f7bccd15e12e5f2a3fc829ed16d22c57 (patch) | |
| tree | b318a81529e9778937064124f0016a30eb1dcabd | |
| parent | bff1590def00c3f7653ce34267bbe88e645bd9c6 (diff) | |
| parent | 0334e553a80f48362e5f8fd3fd5bb2f43b2ca3ea (diff) | |
| download | vyos-cloud-init-0d4fedc1f7bccd15e12e5f2a3fc829ed16d22c57.tar.gz vyos-cloud-init-0d4fedc1f7bccd15e12e5f2a3fc829ed16d22c57.zip | |
If the user has chosen to remove default ca-certs, prevent package upgrade
of ca-certificates from adding new trusted certs.
| -rw-r--r-- | cloudinit/CloudConfig/cc_ca_certs.py | 4 | ||||
| -rw-r--r-- | tests/unittests/test_handler/test_handler_ca_certs.py | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index c18821f9..3af6238a 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -16,7 +16,7 @@ import os from subprocess import check_call from cloudinit.util import (write_file, get_cfg_option_list_or_str, - delete_dir_contents) + delete_dir_contents, subp) CA_CERT_PATH = "/usr/share/ca-certificates/" CA_CERT_FILENAME = "cloud-init-ca-certs.crt" @@ -54,6 +54,8 @@ def remove_default_ca_certs(): delete_dir_contents(CA_CERT_PATH) delete_dir_contents(CA_CERT_SYSTEM_PATH) write_file(CA_CERT_CONFIG, "", mode=0644) + debconf_sel = "ca-certificates ca-certificates/trust_new_crts select no" + subp(('debconf-set-selections', '-'), debconf_sel) def handle(_name, cfg, _cloud, log, _args): diff --git a/tests/unittests/test_handler/test_handler_ca_certs.py b/tests/unittests/test_handler/test_handler_ca_certs.py index d6513b5b..21d2442f 100644 --- a/tests/unittests/test_handler/test_handler_ca_certs.py +++ b/tests/unittests/test_handler/test_handler_ca_certs.py @@ -169,10 +169,14 @@ class TestRemoveDefaultCaCerts(MockerTestCase): mock_delete_dir_contents = self.mocker.replace(delete_dir_contents, passthrough=False) mock_write = self.mocker.replace(write_file, passthrough=False) + mock_subp = self.mocker.replace("cloudinit.util.subp", + passthrough=False) mock_delete_dir_contents("/usr/share/ca-certificates/") mock_delete_dir_contents("/etc/ssl/certs/") mock_write("/etc/ca-certificates.conf", "", mode=0644) + mock_subp(('debconf-set-selections', '-'), + "ca-certificates ca-certificates/trust_new_crts select no") self.mocker.replay() remove_default_ca_certs() |