On Thu, Jun 02, 2016 at 11:45:43PM -0500, Endi Sukma Dewata wrote:
> On 5/31/2016 11:45 PM, Fraser Tweedale wrote:
> > G'day comrades,
> >
> > Please review the attached two patches, which...
> >
> > (Patch 0120)
> >
> > - provide for passing of configuration (from CS.cfg) to KeyRetriever
> > implementations
> >
> > - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
> > which executes a configured executable rather than a hardcoded one
> >
> > (Patch 0121)
> >
> > - remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
> > repo
> >
> > Cheers,
> > Fraser
>
> ACK.
>
> Separate issue. Instead of returning multiple binary attributes delimited
> with 0 byte through standard output, it might be better to use JSON file
> instead. So the command can be defined something like this:
>
> features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key
> -o {output}
>
> The ExternalProcessKeyRetriever will replace the {output} with a temporary
> file, then later parse the result from that file.
>
Thanks Endi; pushed to master:
419ca3000142c60f176aabc68a2c5c3a1a3c1ea9 Lightweight CAs: remove
pki-ipa-retrieve-key script
f11e0b372e3a0736050dd9e2858fce3178171ee6 Lightweight CAs: generalise
subprocess-based key retrieval
I agree with the JSON enhancement, but not with using a temporary
file; we can just send the JSON through stdout. I filed ticket:
https://fedorahosted.org/pki/ticket/2351
Cheers,
Fraser
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel