Add snippet to update the Root CA (bsc#1194792)

cbosdo · cbosdo · commit 1f12e7c6aabc · 2025-06-24T15:52:29.000+02:00
Read the root CA from the mounted secret and use its content in an
autoyast script to set it in the client machine.
diff --git a/java/conf/cobbler/snippets/root_ca b/java/conf/cobbler/snippets/root_ca
@@ -0,0 +1,13 @@
+#import uyuni_cobbler_helper
+
+<script>
+    <filename>root-ca-update.sh</filename>
+    <source>
+        <![CDATA[
+cat <<EOF >/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT
+$uyuni_cobbler_helper.get_ssl_ca_cert()
+EOF
+/usr/sbin/update-ca-certificates
+]]>
+    </source>
+</script>
diff --git a/java/spacewalk-java.changes.cbosdo.ca-snippet b/java/spacewalk-java.changes.cbosdo.ca-snippet
@@ -0,0 +1 @@
+- Add snippet to set the SSL root CA (bsc#1194792)
diff --git a/java/spacewalk-java.spec b/java/spacewalk-java.spec
@@ -582,6 +582,7 @@ install -m 644 conf/cobbler/snippets/minion_script    %{buildroot}%{spacewalksni
 install -m 644 conf/cobbler/snippets/sles_no_signature_checks %{buildroot}%{spacewalksnippetsdir}/sles_no_signature_checks
 install -m 644 conf/cobbler/snippets/wait_for_networkmanager_script %{buildroot}%{spacewalksnippetsdir}/wait_for_networkmanager_script
 install -m 644 conf/cobbler/snippets/autoyast_channels %{buildroot}%{spacewalksnippetsdir}/autoyast_channels
+install -m 644 conf/cobbler/snippets/root_ca %{buildroot}%{spacewalksnippetsdir}/root_ca
 
 # special links for rhn-search
 RHN_SEARCH_BUILD_DIR=%{_datadir}/rhn/search/lib
@@ -749,6 +750,7 @@ fi
 %config %{spacewalksnippetsdir}/sles_no_signature_checks
 %config %{spacewalksnippetsdir}/wait_for_networkmanager_script
 %config %{spacewalksnippetsdir}/autoyast_channels
+%config %{spacewalksnippetsdir}/root_ca
 %if 0%{?suse_version}
 %config(noreplace) %{serverdir}/tomcat/webapps/rhn/META-INF/context.xml
 %else
diff --git a/python/uyuni-cobbler-helper/uyuni-cobbler-helper.changes.cbosdo.ca-snippet b/python/uyuni-cobbler-helper/uyuni-cobbler-helper.changes.cbosdo.ca-snippet
@@ -0,0 +1 @@
+- Add snippet helper reading the SSL root CA (bsc#1194792)
diff --git a/python/uyuni-cobbler-helper/uyuni_cobbler_helper.py b/python/uyuni-cobbler-helper/uyuni_cobbler_helper.py
@@ -42,3 +42,11 @@ def _connect_db():
         dbname=config.get("default", "db_name"),
         port=int(config.get("default", "db_port")),
     )
+
+
+def get_ssl_ca_cert():
+    with open(
+            "/etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT", "r", encoding="utf-8"
+    ) as fd:
+        content = fd.read()
+        return content

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+- Add snippet to set the SSL root CA (bsc#1194792)`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+- Add snippet helper reading the SSL root CA (bsc#1194792)`