Univention Bugzilla – Bug 46789
api for app certificate management
Last modified: 2018-06-06 16:16:27 CEST
hey dirk, please have a look https://git.knut.univention.de/univention/ucs/commit/413b970e68520cc06cec906c3e7841729ee25770
Looks good. Please remove the certificate update code specifically for appbox. It will not work as the Docker Host does not have access to the certificate for the Docker Container. Instead, we could do this via the new script. This new script needs to be added in the dev package: actions/local_appcenter.py DevPopulateAppcenter Also, there is a typo: docker.is_running needs to be called as docker.is_running().
merged to 4.3-0 changes * always cp root ca to /usr/local/share/ca-certificates/ucs.crt in container * cp docker host cert to /etc/univention/ssl/docker-host-certificate/cert.pem (canonical name) and /etc/univention/ssl/fqdn/cert.pem * added (hidden) switch --do-not-call-join-scripts (nothing todo with this bug, but we may need this in the future for app appliances and school) added test 80_docker/72_app_update_certificates in ucs-test-docker please reopen even if verified for wiki documentation
--- mirror/ftp/4.3/unmaintained/component/4.3-0-errata/source/univention-appcenter_7.0.1-37A~4.3.0.201804161750.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/univention-appcenter_7.0.1-41A~4.3.0.201804201222.dsc @@ -1,6 +1,18 @@ -7.0.1-37A~4.3.0.201804161750 [Mon, 16 Apr 2018 17:50:42 +0200] Univention builddaemon <buildd@univention.de>: +7.0.1-41A~4.3.0.201804201222 [Fri, 20 Apr 2018 12:22:32 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +7.0.1-41 [Fri, 20 Apr 2018 12:21:18 +0200] Felix Botner <botner@univention.de>: + + * Bug #46789: certificate management + +7.0.1-39 [Thu, 19 Apr 2018 17:31:31 +0200] Felix Botner <botner@univention.de>: + + * Bug #46789: certificate management + +7.0.1-38 [Thu, 19 Apr 2018 14:43:20 +0200] Felix Botner <botner@univention.de>: + + * Bug #46789: certificate management 7.0.1-37 [Mon, 16 Apr 2018 17:49:30 +0200] Felix Botner <botner@univention.de>:
Works just fine. Could you please fix this minor issue: univention-app register takes an argument 'apps'. Could you use this approach instead of '--app' and '--all-apps'?
done
Due to now missing --app: http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-0/job/AutotestJoin/SambaVersion=s4,Systemrolle=member/lastCompletedBuild/testReport/80_docker/72_app_update_certificates/test/ Same here: python/appcenter/actions/install_base.py You now need to call the action like this: call(apps=[app]) In the Docker action: You can safely remove setup_parser() You test os.path.isfile before calling _copy_host_cert and in _copy_host_cert again
fixed ucs-test and univention-appcenter
Ok, works
<http://errata.software-univention.de/ucs/4.3/91.html>