From 974e76eab2e43718802c8ef845e6696637e46930 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@brickies.net>
Date: Sat, 1 Dec 2012 21:46:27 -0500
Subject: make sure no blank lines before cloud-init entry in
 ca-certificates.conf

when /etc/ca-certificates.conf is read by update-ca-certificates
lines after a blank line get ignored.  Here, ensure that
there are no blank lines, and no duplicate entries for cloud-init are
added.

LP: #1077020
---
 ChangeLog                                          |  2 +
 cloudinit/config/cc_ca_certs.py                    |  9 +++-
 .../test_handler/test_handler_ca_certs.py          | 50 +++++++++++++++++++---
 3 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bd52f182..13afb2c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
  - add a debian watch file
  - add 'sudo' entry to ubuntu's default user (LP: #1080717)
  - fix resizefs module when 'noblock' was provided (LP: #1080985)
+ - make sure there is no blank line before cloud-init entry in
+   there are no blank lines in /etc/ca-certificates.conf (LP: #1077020)
 0.7.1:
  - sysvinit: fix missing dependency in cloud-init job for RHEL 5.6 
  - config-drive: map hostname to local-hostname (LP: #1061964)
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 20f24357..4f2a46a1 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -45,8 +45,15 @@ def add_ca_certs(certs):
         # First ensure they are strings...
         cert_file_contents = "\n".join([str(c) for c in certs])
         util.write_file(CA_CERT_FULL_PATH, cert_file_contents, mode=0644)
+
         # Append cert filename to CA_CERT_CONFIG file.
-        util.write_file(CA_CERT_CONFIG, "\n%s" % CA_CERT_FILENAME, omode="ab")
+        # We have to strip the content because blank lines in the file
+        # causes subsequent entries to be ignored. (LP: #1077020)
+        orig = util.load_file(CA_CERT_CONFIG)
+        cur_cont = '\n'.join([l for l in orig.splitlines()
+                              if l != CA_CERT_FILENAME])
+        out = "%s\n%s\n" % (cur_cont.rstrip(), CA_CERT_FILENAME)
+        util.write_file(CA_CERT_CONFIG, out, omode="wb")
 
 
 def remove_default_ca_certs():
diff --git a/tests/unittests/test_handler/test_handler_ca_certs.py b/tests/unittests/test_handler/test_handler_ca_certs.py
index d73c9fa9..0558023a 100644
--- a/tests/unittests/test_handler/test_handler_ca_certs.py
+++ b/tests/unittests/test_handler/test_handler_ca_certs.py
@@ -138,15 +138,47 @@ class TestAddCaCerts(MockerTestCase):
         self.mocker.replay()
         cc_ca_certs.add_ca_certs([])
 
-    def test_single_cert(self):
-        """Test adding a single certificate to the trusted CAs."""
+    def test_single_cert_trailing_cr(self):
+        """Test adding a single certificate to the trusted CAs
+        when existing ca-certificates has trailing newline"""
         cert = "CERT1\nLINE2\nLINE3"
 
+        ca_certs_content = "line1\nline2\ncloud-init-ca-certs.crt\nline3\n"
+        expected = "line1\nline2\nline3\ncloud-init-ca-certs.crt\n"
+
+        mock_write = self.mocker.replace(util.write_file, passthrough=False)
+        mock_load = self.mocker.replace(util.load_file, passthrough=False)
+
+        mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
+                   cert, mode=0644)
+
+        mock_load("/etc/ca-certificates.conf")
+        self.mocker.result(ca_certs_content)
+
+        mock_write("/etc/ca-certificates.conf", expected, omode="wb")
+        self.mocker.replay()
+
+        cc_ca_certs.add_ca_certs([cert])
+
+    def test_single_cert_no_trailing_cr(self):
+        """Test adding a single certificate to the trusted CAs
+        when existing ca-certificates has no trailing newline"""
+        cert = "CERT1\nLINE2\nLINE3"
+
+        ca_certs_content = "line1\nline2\nline3"
+
         mock_write = self.mocker.replace(util.write_file, passthrough=False)
+        mock_load = self.mocker.replace(util.load_file, passthrough=False)
+
         mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
                    cert, mode=0644)
+
+        mock_load("/etc/ca-certificates.conf")
+        self.mocker.result(ca_certs_content)
+
         mock_write("/etc/ca-certificates.conf",
-                   "\ncloud-init-ca-certs.crt", omode="ab")
+                   "%s\n%s\n" % (ca_certs_content, "cloud-init-ca-certs.crt"),
+                   omode="wb")
         self.mocker.replay()
 
         cc_ca_certs.add_ca_certs([cert])
@@ -157,10 +189,18 @@ class TestAddCaCerts(MockerTestCase):
         expected_cert_file = "\n".join(certs)
 
         mock_write = self.mocker.replace(util.write_file, passthrough=False)
+        mock_load = self.mocker.replace(util.load_file, passthrough=False)
+
         mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
                    expected_cert_file, mode=0644)
-        mock_write("/etc/ca-certificates.conf",
-                   "\ncloud-init-ca-certs.crt", omode="ab")
+
+        ca_certs_content = "line1\nline2\nline3"
+        mock_load("/etc/ca-certificates.conf")
+        self.mocker.result(ca_certs_content)
+
+        out = "%s\n%s\n" % (ca_certs_content, "cloud-init-ca-certs.crt")
+        mock_write("/etc/ca-certificates.conf", out, omode="wb")
+
         self.mocker.replay()
 
         cc_ca_certs.add_ca_certs(certs)
-- 
cgit v1.2.3