1
Author: Scott Moser <smoser@brickies.net>
2
Bug: https://launchpad.net/bugs/1077020
3
Applied-Upstream: revno 744
4
Description: make sure no blank lines before cloud-init entry in ca-certificates.conf
5
when /etc/ca-certificates.conf is read by update-ca-certificates
6
lines after a blank line get ignored. Here, ensure that
7
there are no blank lines, and no duplicate entries for cloud-init are
9
=== modified file 'cloudinit/config/cc_ca_certs.py'
10
--- a/cloudinit/config/cc_ca_certs.py
11
+++ b/cloudinit/config/cc_ca_certs.py
12
@@ -46,9 +46,15 @@ def add_ca_certs(paths, certs):
13
cert_file_fullpath = os.path.join(CA_CERT_PATH, CA_CERT_FILENAME)
14
cert_file_fullpath = paths.join(False, cert_file_fullpath)
15
util.write_file(cert_file_fullpath, cert_file_contents, mode=0644)
17
# Append cert filename to CA_CERT_CONFIG file.
18
- util.write_file(paths.join(False, CA_CERT_CONFIG),
19
- "\n%s" % CA_CERT_FILENAME, omode="ab")
20
+ # We have to strip the content because blank lines in the file
21
+ # causes subsequent entries to be ignored. (LP: #1077020)
22
+ orig = util.load_file(CA_CERT_CONFIG)
23
+ cur_cont = '\n'.join([l for l in orig.splitlines()
24
+ if l != CA_CERT_FILENAME])
25
+ out = "%s\n%s\n" % (cur_cont.rstrip(), CA_CERT_FILENAME)
26
+ util.write_file(CA_CERT_CONFIG, out, omode="wb")
29
def remove_default_ca_certs(paths):
30
--- a/tests/unittests/test_handler/test_handler_ca_certs.py
31
+++ b/tests/unittests/test_handler/test_handler_ca_certs.py
32
@@ -138,15 +138,47 @@ class TestAddCaCerts(MockerTestCase):
34
cc_ca_certs.add_ca_certs(self.paths, [])
36
- def test_single_cert(self):
37
- """Test adding a single certificate to the trusted CAs."""
38
+ def test_single_cert_trailing_cr(self):
39
+ """Test adding a single certificate to the trusted CAs
40
+ when existing ca-certificates has trailing newline"""
41
cert = "CERT1\nLINE2\nLINE3"
43
+ ca_certs_content = "line1\nline2\ncloud-init-ca-certs.crt\nline3\n"
44
+ expected = "line1\nline2\nline3\ncloud-init-ca-certs.crt\n"
46
+ mock_write = self.mocker.replace(util.write_file, passthrough=False)
47
+ mock_load = self.mocker.replace(util.load_file, passthrough=False)
49
+ mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
52
+ mock_load("/etc/ca-certificates.conf")
53
+ self.mocker.result(ca_certs_content)
55
+ mock_write("/etc/ca-certificates.conf", expected, omode="wb")
56
+ self.mocker.replay()
58
+ cc_ca_certs.add_ca_certs(self.paths, [cert])
60
+ def test_single_cert_no_trailing_cr(self):
61
+ """Test adding a single certificate to the trusted CAs
62
+ when existing ca-certificates has no trailing newline"""
63
+ cert = "CERT1\nLINE2\nLINE3"
65
+ ca_certs_content = "line1\nline2\nline3"
67
mock_write = self.mocker.replace(util.write_file, passthrough=False)
68
+ mock_load = self.mocker.replace(util.load_file, passthrough=False)
70
mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
73
+ mock_load("/etc/ca-certificates.conf")
74
+ self.mocker.result(ca_certs_content)
76
mock_write("/etc/ca-certificates.conf",
77
- "\ncloud-init-ca-certs.crt", omode="ab")
78
+ "%s\n%s\n" % (ca_certs_content, "cloud-init-ca-certs.crt"),
82
cc_ca_certs.add_ca_certs(self.paths, [cert])
83
@@ -157,10 +189,18 @@ class TestAddCaCerts(MockerTestCase):
84
expected_cert_file = "\n".join(certs)
86
mock_write = self.mocker.replace(util.write_file, passthrough=False)
87
+ mock_load = self.mocker.replace(util.load_file, passthrough=False)
89
mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
90
expected_cert_file, mode=0644)
91
- mock_write("/etc/ca-certificates.conf",
92
- "\ncloud-init-ca-certs.crt", omode="ab")
94
+ ca_certs_content = "line1\nline2\nline3"
95
+ mock_load("/etc/ca-certificates.conf")
96
+ self.mocker.result(ca_certs_content)
98
+ out = "%s\n%s\n" % (ca_certs_content, "cloud-init-ca-certs.crt")
99
+ mock_write("/etc/ca-certificates.conf", out, omode="wb")
103
cc_ca_certs.add_ca_certs(self.paths, certs)