Bug 493418
| Summary: | silent install -save_p12 option creates file mode 644 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Rob Crittenden <rcritten> | ||||
| Component: | Installer (pkicreate/pkiremove) | Assignee: | Ade Lee <alee> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 1.0 | CC: | aakkiang, alee, awnuk, benl, jgalipea, jmagne | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-06-04 20:33:48 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 445047, 533313 | ||||||
| Attachments: |
|
||||||
|
Description
Rob Crittenden
2009-04-01 17:15:37 UTC
Created attachment 341643 [details]
patch to fix
Added optional flag to specify file location and name
defaults to /root
Also provides correct permissions.
awnuk, please review
attachment (id=341643) +awnuk [builder@dhcp231-124 dogtag-src]$ svn ci -m "Bugzilla BZ 493418: silent install -save_p12 option creates file mode 644" pki/base/silent/ pki/dogtag/silent/ Sending pki/base/silent/src/ca/ConfigureCA.java Sending pki/dogtag/silent/pki-silent.spec Transmitting file data .. Committed revision 418. save_p12 set to true for CA - p12 created in root's home directory with permissions of 600, however all other p12s are created in /tmp still with permissions of 644. I think this fix is incomplete. What is the flag to change the location? /root may not exist on Solaris. Jenny, A couple of questions: 1. what other p12 files? There is only one pk12 file created 2. Use -backup_fname foo to change the location 1. tmp-kra.p12, tmp-tks.p12, tmp-ocsp.p12 .... 2. Thank you - I will try that. Attachments id=375817 id=375819 jmagne+ With caveat of checking for an empty string in the function: checkRequireArgs. Checked in as part of fixes to 504030: Checked into tip: [builder@dhcp231-70 silent]$ svn ci -m "fixes for BZ 510774,531162,504030, 493418" Sending silent/scripts/pkisilent Sending silent/src/argparser/ArgParser.java Sending silent/src/ca/ConfigureCA.java Sending silent/src/common/ComCrypto.java Sending silent/src/drm/ConfigureDRM.java Sending silent/src/ocsp/ConfigureOCSP.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/src/tks/ConfigureTKS.java Sending silent/src/tps/ConfigureTPS.java Transmitting file data ......... Committed revision 877. Checked into 8.1 [builder@oliver silent]$ svn ci -m "fixes for BZ 510774,531162, 504030, 493418" Sending silent/scripts/pkisilent Sending silent/src/argparser/ArgParser.java Sending silent/src/ca/ConfigureCA.java Sending silent/src/drm/ConfigureDRM.java Sending silent/src/ocsp/ConfigureOCSP.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/src/tks/ConfigureTKS.java Sending silent/src/tps/ConfigureTPS.java Transmitting file data ........ Committed revision 878. QE/ docs: This was fixed before for the CA only. It has now been fixed for the other subsystems. Note: it does not apply to the TPS Note: it has not been added to the subCA. Currently, the code in the subCA does not save the certs in a pk12 file. I didn't change it - if someone really wants it, they can ask for it. The SaveP12Panel failure mentioned in comment #12 is due to the pkisilent ocsp and tks configuration problem. pkisilent for CA, DRM, OCSP and TKS with -backup_fname option creates p12 file with permissions of 600. Marking this bug Verified. |