From 9f719a8c427f639e1f0ea6725073be3081dd008e Mon Sep 17 00:00:00 2001 From: Mike Milner Date: Fri, 24 Feb 2012 15:16:56 -0400 Subject: If we don't trust the default certs, don't add new certs from ca-certificates package upgrades. --- tests/unittests/test_handler_ca_certs.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests/unittests') diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py index d6513b5b..37bd7a08 100644 --- a/tests/unittests/test_handler_ca_certs.py +++ b/tests/unittests/test_handler_ca_certs.py @@ -169,10 +169,15 @@ class TestRemoveDefaultCaCerts(MockerTestCase): mock_delete_dir_contents = self.mocker.replace(delete_dir_contents, passthrough=False) mock_write = self.mocker.replace(write_file, passthrough=False) + mock_check_call = self.mocker.replace("subprocess.check_call", + passthrough=False) mock_delete_dir_contents("/usr/share/ca-certificates/") mock_delete_dir_contents("/etc/ssl/certs/") mock_write("/etc/ca-certificates.conf", "", mode=0644) + mock_check_call([ + "echo 'ca-certificates ca-certificates/trust_new_crts select no'" + " | debconf-set-selections"], shell=True) self.mocker.replay() remove_default_ca_certs() -- cgit v1.2.3 From 0334e553a80f48362e5f8fd3fd5bb2f43b2ca3ea Mon Sep 17 00:00:00 2001 From: Mike Milner Date: Thu, 8 Mar 2012 08:45:43 -0400 Subject: Switch to using util.subp. --- cloudinit/CloudConfig/cc_ca_certs.py | 7 +++---- tests/unittests/test_handler_ca_certs.py | 9 ++++----- 2 files changed, 7 insertions(+), 9 deletions(-) (limited to 'tests/unittests') diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index c7bacb78..3af6238a 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -16,7 +16,7 @@ import os from subprocess import check_call from cloudinit.util import (write_file, get_cfg_option_list_or_str, - delete_dir_contents) + delete_dir_contents, subp) CA_CERT_PATH = "/usr/share/ca-certificates/" CA_CERT_FILENAME = "cloud-init-ca-certs.crt" @@ -54,9 +54,8 @@ def remove_default_ca_certs(): delete_dir_contents(CA_CERT_PATH) delete_dir_contents(CA_CERT_SYSTEM_PATH) write_file(CA_CERT_CONFIG, "", mode=0644) - check_call([ - "echo 'ca-certificates ca-certificates/trust_new_crts select no' | " - "debconf-set-selections"], shell=True) + debconf_sel = "ca-certificates ca-certificates/trust_new_crts select no" + subp(('debconf-set-selections', '-'), debconf_sel) def handle(_name, cfg, _cloud, log, _args): diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py index 37bd7a08..21d2442f 100644 --- a/tests/unittests/test_handler_ca_certs.py +++ b/tests/unittests/test_handler_ca_certs.py @@ -169,15 +169,14 @@ class TestRemoveDefaultCaCerts(MockerTestCase): mock_delete_dir_contents = self.mocker.replace(delete_dir_contents, passthrough=False) mock_write = self.mocker.replace(write_file, passthrough=False) - mock_check_call = self.mocker.replace("subprocess.check_call", - passthrough=False) + mock_subp = self.mocker.replace("cloudinit.util.subp", + passthrough=False) mock_delete_dir_contents("/usr/share/ca-certificates/") mock_delete_dir_contents("/etc/ssl/certs/") mock_write("/etc/ca-certificates.conf", "", mode=0644) - mock_check_call([ - "echo 'ca-certificates ca-certificates/trust_new_crts select no'" - " | debconf-set-selections"], shell=True) + mock_subp(('debconf-set-selections', '-'), + "ca-certificates ca-certificates/trust_new_crts select no") self.mocker.replay() remove_default_ca_certs() -- cgit v1.2.3