On Thu, Jun 02, 2016 at 11:45:43PM -0500, Endi Sukma Dewata wrote: > On 5/31/2016 11:45 PM, Fraser Tweedale wrote: > > G'day comrades, > > > > Please review the attached two patches, which... > > > > (Patch 0120) > > > > - provide for passing of configuration (from CS.cfg) to KeyRetriever > > implementations > > > > - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever, > > which executes a configured executable rather than a hardcoded one > > > > (Patch 0121) > > > > - remove pki-ipa-retrieve-key script; it is being moved to FreeIPA > > repo > > > > Cheers, > > Fraser > > ACK. > > Separate issue. Instead of returning multiple binary attributes delimited > with 0 byte through standard output, it might be better to use JSON file > instead. So the command can be defined something like this: > > features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key > -o {output} > > The ExternalProcessKeyRetriever will replace the {output} with a temporary > file, then later parse the result from that file. > Thanks Endi; pushed to master:
419ca3000142c60f176aabc68a2c5c3a1a3c1ea9 Lightweight CAs: remove pki-ipa-retrieve-key script f11e0b372e3a0736050dd9e2858fce3178171ee6 Lightweight CAs: generalise subprocess-based key retrieval I agree with the JSON enhancement, but not with using a temporary file; we can just send the JSON through stdout. I filed ticket: https://fedorahosted.org/pki/ticket/2351 Cheers, Fraser _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel