gp: Support update-ca-trust helper

This is used on RHEL/Fedora instead of update-ca-certificates. They
behave similarly so it's enough to change the command name.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>

diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index 1b90ab46e904c91d1747ea5312488bd7f14cc0e3..cefdafa21b2ab244e266ce6b70e609533276732e 100644 (file)
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -258,6 +258,10 @@ def find_global_trust_dir():
             return trust_dir
     return global_trust_dirs[0]
 
+def update_ca_command():
+    """Return the command to update the CA trust store."""
+    return which('update-ca-certificates') or which('update-ca-trust')
+
 def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
     """Install the root certificate chain."""
     data = dict({'files': [], 'templates': []}, **ca)
@@ -283,7 +287,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
             # already exists. Ignore the FileExistsError. Preserve the
             # existing symlink in the unapply data.
             data['files'].append(dst)
-    update = which('update-ca-certificates')
+    update = update_ca_command()
     if update is not None:
         Popen([update]).wait()
     # Setup Certificate Auto Enrollment