Browse code
Merge "Replace pip-installed requests CA bundle with link"
Jenkins authored on 2015/06/10 08:00:07Showing 1 changed files
| ... | ... |
@@ -138,3 +138,24 @@ fi |
| 138 | 138 |
# and installing the latest version using pip. |
| 139 | 139 |
uninstall_package python-virtualenv |
| 140 | 140 |
pip_install -U virtualenv |
| 141 |
+ |
|
| 142 |
+# If a non-system python-requests is installed then it will use the |
|
| 143 |
+# built-in CA certificate store rather than the distro-specific |
|
| 144 |
+# CA certificate store. Detect this and symlink to the correct |
|
| 145 |
+# one. If the value for the CA is not rooted in /etc then we know |
|
| 146 |
+# we need to change it. |
|
| 147 |
+capath=$(python -c "from requests import certs; print certs.where()") |
|
| 148 |
+ |
|
| 149 |
+if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then |
|
| 150 |
+ if [[ ! $capath =~ ^/etc/.* && ! -L $capath ]]; then |
|
| 151 |
+ if is_fedora; then |
|
| 152 |
+ sudo rm -f $capath |
|
| 153 |
+ sudo ln -s /etc/pki/tls/certs/ca-bundle.crt $capath |
|
| 154 |
+ elif is_ubuntu; then |
|
| 155 |
+ sudo rm -f $capath |
|
| 156 |
+ sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath |
|
| 157 |
+ else |
|
| 158 |
+ echo "Don't know how to set the CA bundle, expect the install to fail." |
|
| 159 |
+ fi |
|
| 160 |
+ fi |
|
| 161 |
+fi |