diff options
author | Mike Milner <mike.milner@canonical.com> | 2012-02-24 15:16:56 -0400 |
---|---|---|
committer | Mike Milner <mike.milner@canonical.com> | 2012-02-24 15:16:56 -0400 |
commit | 9f719a8c427f639e1f0ea6725073be3081dd008e (patch) | |
tree | c3a29b5750fb305dea4b5b6e370b1d52446e97a6 /cloudinit | |
parent | 2465470c9133041a3b7f5963c579a0f680390ffb (diff) | |
download | vyos-cloud-init-9f719a8c427f639e1f0ea6725073be3081dd008e.tar.gz vyos-cloud-init-9f719a8c427f639e1f0ea6725073be3081dd008e.zip |
If we don't trust the default certs, don't add new certs from
ca-certificates package upgrades.
Diffstat (limited to 'cloudinit')
-rw-r--r-- | cloudinit/CloudConfig/cc_ca_certs.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index c18821f9..c7bacb78 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -54,6 +54,9 @@ def remove_default_ca_certs(): delete_dir_contents(CA_CERT_PATH) delete_dir_contents(CA_CERT_SYSTEM_PATH) write_file(CA_CERT_CONFIG, "", mode=0644) + check_call([ + "echo 'ca-certificates ca-certificates/trust_new_crts select no' | " + "debconf-set-selections"], shell=True) def handle(_name, cfg, _cloud, log, _args): |