From ade0eded09176fd687d1ee30724468c048d15065 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Fri, 11 Jan 2013 09:16:49 +0900
Subject: fix for missing cacert bundle

frozen app cannot find requests cacert bundle.
added to Resources to get us going.
---
 pkg/osx/Makefile                        | 33 ++++++++++++++++++---------------
 pkg/osx/install/install-leapc.sh        |  2 ++
 pkg/osx/leap-client.spec                |  5 ++++-
 src/leap/eip/checks.py                  | 16 +++++++++++++---
 src/leap/gui/firstrun/providerselect.py |  2 --
 src/leap/util/certs.py                  | 17 +++++++++++++++++
 6 files changed, 54 insertions(+), 21 deletions(-)
 create mode 100644 src/leap/util/certs.py

diff --git a/pkg/osx/Makefile b/pkg/osx/Makefile
index b302fa31..f2520fcf 100644
--- a/pkg/osx/Makefile
+++ b/pkg/osx/Makefile
@@ -1,6 +1,10 @@
 #WARNING: You need to run this with an activated VIRTUALENV.
 
 OSX = dist/LEAP\ Client.app/Contents/MacOS/
+GITC = `git rev-parse --short HEAD`
+DMG = "dist/leap-client-$(GITC).dmg"
+INST = "dist/LEAP Client installer.app"
+INSTR = "dist/LEAP Client installer.app/Contents/Resources"
 
 pkg :  dist trim installer dmg
 
@@ -16,28 +20,27 @@ trim:
 
 installer:
 	#XXX need to fix some paths there (binary, etc)
-	platypus -P install/leap-installer.platypus -y dist/LEAPClient_installer.app
+	platypus -P install/leap-installer.platypus -y $(INST)
 	#XXX should build tuntap extensions ourselves
-	mkdir "dist/LEAPClient_installer.app/Contents/Resources/StartupItems"
-	mkdir "dist/LEAPClient_installer.app/Contents/Resources/Extensions/"
-	cp -r /opt/local/Library/StartupItems/tun "dist/LEAPClient_installer.app/Contents/Resources/StartupItems/"
-	cp -r /opt/local/Library/StartupItems/tap "dist/LEAPClient_installer.app/Contents/Resources/StartupItems/"
-	cp -r /opt/local/Library/Extensions/tun.kext "dist/LEAPClient_installer.app/Contents/Resources/Extensions/"
-	cp -r /opt/local/Library/Extensions/tap.kext "dist/LEAPClient_installer.app/Contents/Resources/Extensions/"
+	mkdir $(INSTR)/StartupItems
+	mkdir $(INSTR)/Extensions
+	cp -r /opt/local/Library/StartupItems/tun $(INSTR)/StartupItems
+	cp -r /opt/local/Library/StartupItems/tap $(INSTR)/StartupItems
+	cp -r /opt/local/Library/Extensions/tun.kext $(INSTR)/Extensions
+	cp -r /opt/local/Library/Extensions/tap.kext $(INSTR)/Extensions
 	#copy the binary that we have previously built
 	#XXX not building it yet...
-	cp ../../openvpn/build/openvpn.leap "dist/LEAPClient_installer.app/Contents/Resources/"
+	cp ../../openvpn/build/openvpn.leap $(INSTR)
 	#copy startup scripts
-	cp install/client.up.sh "dist/LEAP Client.app/Contents/Resources"
-	cp install/client.down.sh "dist/LEAP Client.app/Contents/Resources"
-	cp install/ProcessNetworkChanges.plist.template "dist/LEAP Client.app/Contents/Resources"
+	cp install/client.up.sh $(INSTR) 
+	cp install/client.down.sh $(INSTR)
+	cp install/ProcessNetworkChanges.plist.template $(INSTR) 
 	#Finally, copy application bundle...
-	cp -r "dist/LEAP Client.app" "dist/LEAPClient_installer.app/Contents/Resources/"
+	cp -r "dist/LEAP Client.app" $(INSTR) 
 
 dmg :
-	#TODO: remove if already present
-	#rm dist/LEAPClient.dmg
-	hdiutil create -format UDBZ -srcfolder "dist/LEAPClient_installer.app/" "dist/LEAP Client Installer.dmg"
+	rm -f $(DMG)
+	hdiutil create -format UDBZ -srcfolder $(INST) $(DMG)
 
 clean :
 	rm -rf dist/ build/
diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh
index d47b8f45..7a0d3a5e 100755
--- a/pkg/osx/install/install-leapc.sh
+++ b/pkg/osx/install/install-leapc.sh
@@ -14,3 +14,5 @@ echo "Loading tun/tap kernel extension"
 /Library/StartupItems/tun/tun start
 
 echo "Installation Finished!"
+
+open /Applications/LEAP\ Client.app/
diff --git a/pkg/osx/leap-client.spec b/pkg/osx/leap-client.spec
index 4a34bb7c..04f45253 100644
--- a/pkg/osx/leap-client.spec
+++ b/pkg/osx/leap-client.spec
@@ -15,7 +15,10 @@ exe = EXE(pyz,
           upx=True,
           console=False)
 coll = COLLECT(exe,
-               a.binaries,
+               a.binaries +
+	       # this will easitly break if we setup the venv
+	       # somewhere else. FIXME
+	       [('cacert.pem', '../../../../lib/python2.6/site-packages/requests/cacert.pem', 'DATA')],
                a.zipfiles,
                a.datas,
                strip=True,
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index bd158e1e..cc395bcb 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -3,6 +3,7 @@ import logging
 #import platform
 import time
 import os
+import sys
 
 import gnutls.crypto
 #import netifaces
@@ -20,6 +21,7 @@ from leap.eip import config as eipconfig
 from leap.eip import constants as eipconstants
 from leap.eip import exceptions as eipexceptions
 from leap.eip import specs as eipspecs
+from leap.util.certs import get_mac_cabundle
 from leap.util.fileutil import mkdir_p
 from leap.util.web import get_https_domain_and_port
 from leap.util.misc import null_check
@@ -165,13 +167,15 @@ class ProviderCertChecker(object):
         if autocacert and verify is True and self.cacert is not None:
             logger.debug('verify cert: %s', self.cacert)
             verify = self.cacert
+        if sys.platform == "darwin": 
+            verify = get_mac_cabundle()
         logger.debug('checking https connection')
         logger.debug('uri: %s (verify:%s)', uri, verify)
+
         try:
             self.fetcher.get(uri, verify=verify)
 
-        except requests.exceptions.SSLError:  # as exc:
-            logger.error("SSLError")
+        except requests.exceptions.SSLError as exc:
             raise eipexceptions.HttpsBadCertError
 
         except requests.exceptions.ConnectionError:
@@ -448,9 +452,15 @@ class EIPConfigChecker(object):
                 domain = config.get('provider', None)
             uri = self._get_provider_definition_uri(domain=domain)
 
+        if sys.platform == "darwin": 
+            verify = get_mac_cabundle()
+        else:
+            verify = True
+
         self.defaultprovider.load(
             from_uri=uri,
-            fetcher=self.fetcher)
+            fetcher=self.fetcher,
+            verify=verify)
         self.defaultprovider.save()
 
     def fetch_eip_service_config(self, skip_download=False,
diff --git a/src/leap/gui/firstrun/providerselect.py b/src/leap/gui/firstrun/providerselect.py
index 28fb829c..ccecd519 100644
--- a/src/leap/gui/firstrun/providerselect.py
+++ b/src/leap/gui/firstrun/providerselect.py
@@ -287,8 +287,6 @@ class SelectProviderPage(InlineValidationPage):
                 wizard.set_providerconfig(
                     eipconfigchecker.defaultprovider.config)
             except requests.exceptions.SSLError:
-                # XXX we should have catched this before.
-                # but cert checking is broken.
                 return self.fail(self.tr(
                     "Could not get info from provider."))
             except requests.exceptions.ConnectionError:
diff --git a/src/leap/util/certs.py b/src/leap/util/certs.py
new file mode 100644
index 00000000..304db08a
--- /dev/null
+++ b/src/leap/util/certs.py
@@ -0,0 +1,17 @@
+import os
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def get_mac_cabundle():
+    # hackaround bundle error
+    # XXX this needs a better fix!
+    f = os.path.split(__file__)[0]
+    sep = os.path.sep
+    f_ = sep.join(f.split(sep)[:-2])
+    verify = os.path.join(f_, 'cacert.pem')
+    #logger.error('VERIFY PATH = %s' % verify)
+    exists = os.path.isfile(verify)
+    #logger.error('do exist? %s', exists)
+    return verify
-- 
cgit v1.2.3