Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 11:45:43PM -0500, Endi Sukma Dewata wrote:
> On 5/31/2016 11:45 PM, Fraser Tweedale wrote:
> > G'day comrades,
> > 
> > Please review the attached two patches, which...
> > 
> > (Patch 0120)
> > 
> > - provide for passing of configuration (from CS.cfg) to KeyRetriever
> >   implementations
> > 
> > - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
> >   which executes a configured executable rather than a hardcoded one
> > 
> > (Patch 0121)
> > 
> > - remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
> >   repo
> > 
> > Cheers,
> > Fraser
> 
> ACK.
> 
> Separate issue. Instead of returning multiple binary attributes delimited
> with 0 byte through standard output, it might be better to use JSON file
> instead. So the command can be defined something like this:
> 
> features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key
> -o {output}
> 
> The ExternalProcessKeyRetriever will replace the {output} with a temporary
> file, then later parse the result from that file.
> 
Thanks Endi; pushed to master:

419ca3000142c60f176aabc68a2c5c3a1a3c1ea9 Lightweight CAs: remove 
pki-ipa-retrieve-key script
f11e0b372e3a0736050dd9e2858fce3178171ee6 Lightweight CAs: generalise 
subprocess-based key retrieval

I agree with the JSON enhancement, but not with using a temporary
file; we can just send the JSON through stdout.  I filed ticket:
https://fedorahosted.org/pki/ticket/2351

Cheers,
Fraser

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script

2016-06-02 Thread Endi Sukma Dewata

On 5/31/2016 11:45 PM, Fraser Tweedale wrote:

G'day comrades,

Please review the attached two patches, which...

(Patch 0120)

- provide for passing of configuration (from CS.cfg) to KeyRetriever
  implementations

- generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
  which executes a configured executable rather than a hardcoded one

(Patch 0121)

- remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
  repo

Cheers,
Fraser


ACK.

Separate issue. Instead of returning multiple binary attributes 
delimited with 0 byte through standard output, it might be better to use 
JSON file instead. So the command can be defined something like this:


features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key 
-o {output}


The ExternalProcessKeyRetriever will replace the {output} with a 
temporary file, then later parse the result from that file.


--
Endi S. Dewata

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel