Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 312586 Details for
Bug 455064
Move the self-signed CA serialno file
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
move the serialno file
freeipa-62-serialno.patch (text/plain), 4.25 KB, created by
Rob Crittenden
on 2008-07-24 18:45:05 UTC
(
hide
)
Description:
move the serialno file
Filename:
MIME Type:
Creator:
Rob Crittenden
Created:
2008-07-24 18:45:05 UTC
Size:
4.25 KB
patch
obsolete
>From fcad877eec770b75781255ab877a2e5c04342817 Mon Sep 17 00:00:00 2001 >From: Rob Crittenden <rcrit@ipa.greyoak.com> >Date: Thu, 24 Jul 2008 14:34:43 -0400 >Subject: [PATCH] Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS > >455064 >--- > ipa-server/ipa-install/ipa-replica-prepare | 2 +- > ipa-server/ipa-server.spec.in | 8 +++++++- > ipa-server/ipaserver/certs.py | 14 ++++++++------ > 3 files changed, 16 insertions(+), 8 deletions(-) > >diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare >index 8f551ee..54dc2f3 100644 >--- a/ipa-server/ipa-install/ipa-replica-prepare >+++ b/ipa-server/ipa-install/ipa-replica-prepare >@@ -165,7 +165,7 @@ def main(): > > replica_fqdn = args[1] > >- if not ipautil.file_exists("/usr/share/ipa/serial") and not options.dirsrv_pin: >+ if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin: > sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") > > print "Determining current realm name" >diff --git a/ipa-server/ipa-server.spec.in b/ipa-server/ipa-server.spec.in >index f8b07dd..acc932b 100644 >--- a/ipa-server/ipa-server.spec.in >+++ b/ipa-server/ipa-server.spec.in >@@ -1,6 +1,6 @@ > Name: ipa-server > Version: VERSION >-Release: 2%{?dist} >+Release: 3%{?dist} > Summary: IPA authentication server > > Group: System Environment/Base >@@ -89,6 +89,9 @@ if [ $1 = 1 ]; then > /sbin/chkconfig --add ipa_kpasswd > /sbin/chkconfig --add ipa_webgui > fi >+if [ -e /usr/share/ipa/serial ]; then >+ mv /usr/share/ipa/serial /var/lib/ipa/ca_serialno >+fi > /bin/touch /var/log/ipa_error.log > /bin/chown apache /var/log/ipa_error.log > /bin/chmod 600 /var/log/ipa_error.log >@@ -168,6 +171,9 @@ fi > %{_mandir}/man1/ipa-server-install.1.gz > > %changelog >+* Wed Jul 23 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3 >+- Move location of the self-signed CA serial number >+ > * Tue May 5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2 > - Add ipa-upgradeconfig command and run it at post > >diff --git a/ipa-server/ipaserver/certs.py b/ipa-server/ipaserver/certs.py >index ca2db22..52b0546 100644 >--- a/ipa-server/ipaserver/certs.py >+++ b/ipa-server/ipaserver/certs.py >@@ -24,6 +24,8 @@ import errno > from ipa import sysrestore > from ipa import ipautil > >+CA_SERIALNO="/var/lib/ipa/ca_serialno" >+ > class CertDB(object): > def __init__(self, dir, fstore=None): > self.secdir = dir >@@ -69,7 +71,7 @@ class CertDB(object): > > self.cur_serial = self.find_cacert_serial() > try: >- f=open("/usr/share/ipa/serial","w") >+ f=open(CA_SERIALNO,"w") > f.write(str(self.cur_serial)) > f.close() > except IOError, e: >@@ -77,24 +79,24 @@ class CertDB(object): > > def next_serial(self): > try: >- f=open("/usr/share/ipa/serial","r") >+ f=open(CA_SERIALNO,"r") > r = f.readline() > try: > self.cur_serial = int(r) + 1 > except ValueError: >- raise RuntimeError("The value in /usr/share/ipa/serial is not an integer") >+ raise RuntimeError("The value in %s is not an integer" % CA_SERIALNO) > f.close() > except IOError, e: > if e.errno == errno.ENOENT: > self.cur_serial = 1000 >- f=open("/usr/share/ipa/serial","w") >+ f=open(CA_SERIALNO,"w") > f.write(str(self.cur_serial)) > f.close() > else: > raise RuntimeError("Unable to determine serial number: %s" % str(e)) > > try: >- f=open("/usr/share/ipa/serial","w") >+ f=open(CA_SERIALNO,"w") > f.write(str(self.cur_serial)) > f.close() > except IOError, e: >@@ -396,7 +398,7 @@ class CertDB(object): > # This file implies that we have our own self-signed CA. Ensure > # that it no longer exists (from previous installs, for example). > try: >- os.remove("/usr/share/ipa/serial") >+ os.remove(CA_SERIALNO) > except: > pass > >-- >1.5.4.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=312586">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 455064
: 312586