x[h" %SrSSKrSSKrSSKJrJrJr SSKJr SSK J r SSK J r SSK Jr \R"\5rSSS S S /S .rS S SSS/S .SSSSS/S .SSSSS/S .SSSSS /S .SS SSS/S .S.rSH r\S\\'M SH r\S\\'M /SQrS\\S S!/S".r\ \S#'S$rS%rS&rS'rS(rS)rS*\S+\ S,\S-\S.S4 S/jr g)0zCA Certs: Add ca certificates.N) lifecyclesubputil)Cloud)Config) MetaSchema) PER_INSTANCEz!/usr/local/share/ca-certificates/z#cloud-init-ca-cert-{cert_index}.crtz/etc/ca-certificates.confzupdate-ca-certificates) ca_cert_pathca_cert_local_pathca_cert_filenameca_cert_configca_cert_update_cmdz/etc/ssl/certs/z#cloud-init-ca-cert-{cert_index}.pemz+/etc/ca-certificates/conf.d/cloud-init.confzupdate-ca-bundlez/etc/pki/ca-trust/z/usr/share/pki/ca-trust-source/z+anchors/cloud-init-ca-cert-{cert_index}.crtzupdate-ca-trustz/etc/pki/trust/z/usr/share/pki/trust/z/etc/pki/tls/certs/zrehash_ca_certificates.sh)aoscfedorarhelopensusephoton)opensuse-microosopensuse-tumbleweed opensuse-leapsle_hpc sle-microslesr) almalinux cloudlinuxr)rrralpinedebianrrrrrrrrrubuntur cc_ca_certsca_certsca-certs)iddistros frequencyactivate_by_schema_keysmetac[RU[5n[RR USUS5US'U$)zReturn a distro-specific ca_certs config dictionary @param distro_name: String providing the distro class name. @returns: Dict of distro configurations for ca_cert. r r ca_cert_full_path)DISTRO_OVERRIDESgetDEFAULT_CONFIGospathjoin) distro_namecfgs >/usr/lib/python3/dist-packages/cloudinit/config/cc_ca_certs.py_distro_ca_certs_configsr2jsF   {N ;C!ww|| !3'9#: C Jc4[R"USSS9 g)z Updates the CA certificate cache on the current machine. @param distro_cfg: A hash providing _distro_ca_certs_configs function. rF)captureN)r distro_cfgs r1update_ca_certsr8ws  IIj-.>r3cU(dg[US5H7up#[U5nUSRUS9n[R"XTSS9 M9 g)a Adds certificates to the system. To actually apply the new certificates you must also call the appropriate distro-specific utility such as L{update_ca_certs}. @param distro_cfg: A hash providing _distro_ca_certs_configs function. @param certs: A list of certificate strings. Nr() cert_indexi)mode) enumeratestrformatr write_file)r7certsr;ccert_file_contentscert_file_names r1 add_ca_certsrEsV "5!,  V#$78??!@  G -r3cUS;a [U5 gUS;a*[U5 US;aSn[R"SUS9 ggg)a Disables all default trusted CA certificates. For Alpine, Debian and Ubuntu to actually apply the changes you must also call L{update_ca_certs}. @param distro_name: String providing the distro class name. @param distro_cfg: A hash providing _distro_ca_certs_configs function. )rr)rrrr)rrz8ca-certificates ca-certificates/trust_new_crts select no)zdebconf-set-selections-)dataN)remove_default_ca_certsdisable_system_ca_certsr)r/r7 debconf_sels r1disable_default_ca_certsrLsR(( + > > + . .O  II5K H / ?r3c<USnU(a$[RRU5(dgSnSn[R"U5R(a[ R "U5n/nUR5HmnXb:XaSnURU5 MUS:Xd USS;aURU5 M?U(dURU5 SnURS U-5 Mo [ R"US RU5S -S S 9 gg) z For every entry in the CA_CERT_CONFIG file prefix the entry with a "!" in order to disable it. @param distro_cfg: A hash providing _distro_ca_certs_configs function. r Nz;# Modified by cloud-init to deselect certs due to user-dataFTr)#!rP wb)omode) r,r-existsstatst_sizerload_text_file splitlinesappendr@r.)r7ca_cert_cfg_fnheader_comment added_headerorig out_lineslines r1rJrJs 01N !?!? FL ww~&&"">2 OO%D%#   &tAw*4  &#$$^4#'L  t,&  DIIi047t 'r3cUScg[RS5 [R"US5 [R"US5 g)z Removes all default trusted CA certificates from the system. @param distro_cfg: A hash providing _distro_ca_certs_configs function. r NzDeleting system CA certificatesr )LOGdebugrdelete_dir_contentsr6s r1rIrIsF .!)II/0Z78Z(<=>r3namer0cloudargsreturncSU;a[R"SSSS9 OSU;a[RSU5 gSU;aSU;a[R S 5 UR SUR S55n[ URR5nS U;a[R"S SS S9 UR S UR S S55(a5[RS5 [URRU5 SU;aH[R"US5nU(a*[RS[U55 [XV5 [RS5 [U5 g)aY Call to handle ca_cert sections in cloud-config file. @param name: The module name "ca_cert" from cloud.cfg @param cfg: A nested dict containing the entire cloud config contents. @param cloud: The L{CloudInit} object in use. @param log: Pre-initialized Python logger object to use for logging. @param args: Any module arguments from cloud.cfg r!zKey 'ca-certs'z22.1zUse 'ca_certs' instead.) deprecateddeprecated_version extra_messager zlistrur3r1rs % ++!#.+ !==134 */AG12  -?I01 -?I01  *5I78 ./A:; ;$LF 0 ;VF 07V   (  *J7 j ?H*I*$ N ?6 6 66 %6 t6 6 r3