From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 9 May 2006 22:13:35 +0000 (+0000)
Subject: - (re)install any GPG signing keys before running yum
X-Git-Tag: planetlab-3_3-bootcd~2
X-Git-Url: http://git.onelab.eu/?p=nodeupdate.git;a=commitdiff_plain;h=295d56c4f5631d294bbd066d9d11ae290478dbe6

- (re)install any GPG signing keys before running yum
- don't deprecate yum --sslcertdir just yet; check and use it if supported
---

diff --git a/NodeUpdate.py b/NodeUpdate.py
index e3f890a..b555437 100644
--- a/NodeUpdate.py
+++ b/NodeUpdate.py
@@ -65,6 +65,8 @@ YUM_PATH = "/usr/bin/yum"
 
 RPM_PATH = "/bin/rpm"
 
+RPM_GPG_PATH = "/etc/pki/rpm-gpg"
+
 
 # location of file containing http/https proxy info, if needed
 PROXY_FILE = '/etc/planetlab/http_proxy'
@@ -154,6 +156,14 @@ class NodeUpdate:
             return 0
 
 
+    def InstallKeys( self ):
+        Message( "\nRemoving any existing GPG signing keys from the RPM database" )
+        os.system( "%s --allmatches -e gpg-pubkey" % RPM_PATH )
+
+        Message( "\nInstalling all GPG signing keys in %s" % RPM_GPG_PATH )
+        os.system( "%s --import %s/*" % (RPM_PATH, RPM_GPG_PATH) )
+
+
     def ClearRebootFlag( self ):
         os.system( "/bin/rm -rf %s" % REBOOT_FLAG )
 
@@ -165,14 +175,22 @@ class NodeUpdate:
 
         if self.doReboot == 0:
             Message( "\nIgnoring any reboot flags set by RPMs" );
+
+        Message( "\nChecking if yum supports SSL certificate checks" )
+        if os.system( "%s --help | grep -q sslcertdir" % YUM_PATH ) == 0:
+            Message( "Yes, using --sslcertdir option" )
+            sslcertdir = "--sslcertdir=" + SSL_CERT_DIR
+        else:
+            Message( "No, not using --sslcertdir option" )
+            sslcertdir = ""
                     
         Message( "\nUpdating PlanetLab group" )
-        os.system( "%s --sslcertdir=%s -y groupupdate \"PlanetLab\"" %
-                   (YUM_PATH,SSL_CERT_DIR) )
+        os.system( "%s %s -y groupupdate \"PlanetLab\"" %
+                   (YUM_PATH, sslcertdir) )
 
         Message( "\nUpdating rest of system" )
-        os.system( "%s --sslcertdir=%s -y update" %
-                   (YUM_PATH,SSL_CERT_DIR) )
+        os.system( "%s %s -y update" %
+                   (YUM_PATH, sslcertdir) )
 
         Message( "\nChecking for extra groups to update" )
         if os.access(EXTRA_GROUPS_FILE, os.R_OK) and \
@@ -184,8 +202,8 @@ class NodeUpdate:
             else:
                 for group in string.split(extra_groups_contents,"\n"):
                     Message( "\nUpdating %s group" % group )
-                    os.system( "%s --sslcertdir=%s -y groupupdate \"%s\"" %
-                               (YUM_PATH,SSL_CERT_DIR,group) )
+                    os.system( "%s %s -y groupupdate \"%s\"" %
+                               (YUM_PATH, sslcertdir, group) )
         else:
             Message( "No extra groups file found" )
             
@@ -278,6 +296,7 @@ if __name__ == "__main__":
         Error( "Unable to initialize." )
     else:
         nodeupdate.RemoveRPMS()
+        nodeupdate.InstallKeys()
         nodeupdate.CheckForUpdates()
         Message( "\nUpdate complete." )
 
diff --git a/NodeUpdate.spec b/NodeUpdate.spec
index 47fa8a7..31a8a24 100644
--- a/NodeUpdate.spec
+++ b/NodeUpdate.spec
@@ -1,6 +1,6 @@
 %define name NodeUpdate
 %define version 0.4
-%define release 3%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+%define release 4%{?pldistro:.%{pldistro}}%{?date:.%{date}}
 
 Vendor: PlanetLab
 Packager: PlanetLab Central <support@planet-lab.org>