Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates
Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but I would prefer if the code did not silently ignore when the CA is not found. Honza Ok, modified patch attached. Nitpick: no periods at the end of exception messages please. Otherwise ACK. -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates
On 10/14/2014 09:32 AM, Jan Cholasta wrote:
Dne 14.10.2014 v 08:55 David Kupka napsal(a):
On 10/10/2014 04:04 PM, Jan Cholasta wrote:
Hi,
Dne 7.10.2014 v 16:56 David Kupka napsal(a):
https://fedorahosted.org/freeipa/ticket/4618
This works, but I would prefer if the code did not silently ignore when
the CA is not found.
Honza
Ok, modified patch attached.
Nitpick: no periods at the end of exception messages please.
Otherwise ACK.
Removed.
--
David Kupka
From 17c0c34cd50c3e2493cef717be6287183d68 Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Tue, 14 Oct 2014 03:40:43 -0400
Subject: [PATCH] Set IPA CA for freeipa certificates.
In previous versions (before moving certmonger.py to DBus) it was set and some
tools and modules depends on it. For example: ipa-getcert uses this to filter
freeipa certificates.
https://fedorahosted.org/freeipa/ticket/4618
---
ipapython/certmonger.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index b46d65b2fb0149aceee0864774e2ab76623e7730..84f04a62e5e94716310efcd7847bc7f89460b73c 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -279,7 +279,7 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
certmonger to run when it renews a certificate. This command must
reside in /usr/lib/ipa/certmonger to work with SELinux.
-Returns True or False
+Returns certificate nickname.
cm = _connect_to_certmonger()
params = {'TRACK': True}
@@ -289,6 +289,10 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
params['key-nickname'] = nickname
params['key-database'] = os.path.abspath(secdir)
params['key-storage'] = 'NSSDB'
+ca_path = cm.obj_if.find_ca_by_nickname('IPA')
+if not ca_path:
+raise RuntimeError('IPA CA not found')
+params['ca'] = ca_path
if command:
params['cert-postsave-command'] = command
if password_file:
--
1.9.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates
Dne 14.10.2014 v 09:43 David Kupka napsal(a): On 10/14/2014 09:32 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but I would prefer if the code did not silently ignore when the CA is not found. Honza Ok, modified patch attached. Nitpick: no periods at the end of exception messages please. Otherwise ACK. Removed. Thanks, ACK. -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates
On 10/14/2014 09:49 AM, Jan Cholasta wrote: Dne 14.10.2014 v 09:43 David Kupka napsal(a): On 10/14/2014 09:32 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but I would prefer if the code did not silently ignore when the CA is not found. Honza Ok, modified patch attached. Nitpick: no periods at the end of exception messages please. Otherwise ACK. Removed. Thanks, ACK. Pushed to: master: c8f7cb0163c766aa46a3435dfc9984bf8761f27d ipa-4-1: eea9da2a1b751534035aea71aa4f0ad5ecf31b09 ipa-4-0: 2e7f8da23810babf9d0e7312c495e86535593a83 -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates
Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but I would prefer if the code did not silently ignore when the CA is not found. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates
https://fedorahosted.org/freeipa/ticket/4618
--
David Kupka
From ab15f67ee35d29cd30b6b6d703a000c3cfe3188b Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Tue, 7 Oct 2014 10:19:09 -0400
Subject: [PATCH] Set IPA CA for freeipa certificates.
In previous versions (before moving certmonger.py to DBus) it was set and some
tools and modules depends on it. For example: ipa-getcert uses this to filter
freeipa certificates.
https://fedorahosted.org/freeipa/ticket/4618
---
ipapython/certmonger.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index b46d65b2fb0149aceee0864774e2ab76623e7730..0291d01b42aa6701b24dcb6905dcffab68a9ba63 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -289,6 +289,9 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
params['key-nickname'] = nickname
params['key-database'] = os.path.abspath(secdir)
params['key-storage'] = 'NSSDB'
+ca_path = cm.obj_if.find_ca_by_nickname('IPA')
+if ca_path:
+params['ca'] = ca_path
if command:
params['cert-postsave-command'] = command
if password_file:
--
1.9.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
