security: handle exception on early anaconda certificate import #6114
Conversation
rvykydal
temporarily deployed
to
gh-cockpituous
GitHub Actions
Inactive
|
Instead of traceback on uncaught SecurityInstallationError a message with prompt for reboot is displayed:
|
rvykydal
force-pushed
the
edns-dir-error
branch
from
187771c to
893b962
Compare
rvykydal
temporarily deployed
to
gh-cockpituous
GitHub Actions
Inactive
pyanaconda/startup_utils.py
Outdated
| def prompt_for_reboot(): | ||
| print(_("The installation cannot continue and the system will be rebooted")) | ||
| print(_("Press ENTER to continue")) | ||
| input() |
There was a problem hiding this comment.
Wouldn't this block installation in non-interactive / cmdline mode?
There was a problem hiding this comment.
Good question, I'll check.
There was a problem hiding this comment.
So, to check if we are in interactive mode would be non-trivial but doable at this early stage (asking runtime module for kickstart settings and perhaps also checking cmdline options).
But given sys.exit does not reboot at this stage I think we can just remove the prompt. Then the behaviour would be the same as with kickstart parsing error.
updated the PR, @jkonecny12 what do you think?
rvykydal
force-pushed
the
edns-dir-error
branch
from
893b962 to
c15ebc0
Compare
rvykydal
temporarily deployed
to
gh-cockpituous
GitHub Actions
Inactive
Present human readable error message. The case for this fix is missing --dir option. The option will be probably made required in pykickstart but we still want to handle import exceptions in user friendly way. Related: INSTALLER-4030 Resolves: rhbz#2342245
rvykydal
force-pushed
the
edns-dir-error
branch
from
c15ebc0 to
0390870
Compare
rvykydal
temporarily deployed
to
gh-cockpituous
GitHub Actions
Inactive
|
/kickstart-test reboot-initial-setup-tui |
|
/kickstart-test --testtype smoke |
| sync_run_task(task_proxy) | ||
| except SecurityInstallationError as e: | ||
| log.error(e) | ||
| print(_("\nAn error occurred during certificate import:" |
There was a problem hiding this comment.
This is so far ever going only via kickstart, right ? Then I would suggest adding that to the error message, something like:
An error occurred during certificate import from kickstart:
That should make it easier to track down & fix the issue, especially if its a third party seeing the error message and reporting it back (eq. an automated kickstart based deployment going wrong somewhere).
Present human readable error message.
The case for this fix is missing --dir option. The option will be probably made required in pykickstart but we still want to handle import exceptions in user friendly way.
Related: INSTALLER-4030