URL: https://github.com/freeipa/freeipa/pull/5876
Author: flo-renaud
Title: #5876: [ipa-4-6] Switch to external ca: fix certmonger script
Action: opened
PR body:
"""
The script renew_ca_cert produces a Traceback when switching
from self-signed to external CA:
Traceback (most recent call last):
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 224, in <module>
main()
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 218, in main
_main()
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 184, in _main
ca_flags = dict(cc[1:] for cc in ca_certs)[ca_nick]
KeyError: 'CN=Cert Auth,O=FloAuth.
It is trying to find a cert in a dict using a str as key,
while the keys are bytes.
Related: https://pagure.io/freeipa/issue/8879
Fixes: https://pagure.io/freeipa/issue/8893
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5876/head:pr5876
git checkout pr5876
From 2ac929d02caef0e0de38e3a01c4d5809341ac744 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <[email protected]>
Date: Tue, 6 Jul 2021 12:10:59 +0200
Subject: [PATCH 1/2] Switch to external ca: fix certmonger script
The script renew_ca_cert produces a Traceback when switching
from self-signed to external CA:
Traceback (most recent call last):
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 224, in <module>
main()
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 218, in main
_main()
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 184, in _main
ca_flags = dict(cc[1:] for cc in ca_certs)[ca_nick]
KeyError: 'CN=Cert Auth,O=FloAuth.
It is trying to find a cert in a dict using a str as key,
while the keys are bytes.
Related: https://pagure.io/freeipa/issue/8879
Fixes: https://pagure.io/freeipa/issue/8893
---
install/restart_scripts/renew_ca_cert | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index 374a76d186c..231d609d258 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -181,7 +181,8 @@ def _main():
# Pass Dogtag's self-tests
for ca_nick in db.find_root_cert(nickname)[-2:-1]:
- ca_flags = dict(cc[1:] for cc in ca_certs)[ca_nick]
+ ca_flags = dict(
+ cc[1:] for cc in ca_certs)[ca_nick.encode('utf-8')]
usages = ca_flags.usages or set()
ca_flags_modified = TrustFlags(ca_flags.has_key,
True, True,
From 4c6df6d82f03a79d01cc381fb113bd4a6e05ad86 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <[email protected]>
Date: Tue, 6 Jul 2021 12:17:29 +0200
Subject: [PATCH 2/2] Temp commit
---
.freeipa-pr-ci.yaml | 2 +-
ipatests/prci_definitions/temp_commit.yaml | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b634..80656690080 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index cc5737a8488..edc5ecd056e 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -62,14 +62,14 @@ jobs:
timeout: 1800
topology: *build
- fedora-27/temp_commit:
+ fedora-27/test_external_ca_TestSelfExternalSelf:
requires: [fedora-27/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
- test_suite: test_integration/test_REPLACEME.py
+ test_suite: test_integration/test_external_ca.py::TestSelfExternalSelf
template: *ci-master-f27
timeout: 3600
- topology: *master_1repl_1client
+ topology: *master_1repl
_______________________________________________
FreeIPA-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
