[Freeipa-devel] [PATCH] 903 normalize paths in certmonger

Rob Crittenden rcritten at redhat.com
Wed Dec 7 20:04:53 UTC 2011


Martin Kosek wrote:
> On Tue, 2011-11-08 at 18:33 -0500, Rob Crittenden wrote:
>> There are times we need to hunt through the certmonger request files
>> trying (such as trying to stop tracking a cert). One criteria is the
>> cert database and they need to match exactly. We weren't normalizing
>> this so something as simple as a trailing slash would cause a match to fail.
>>
>> Normalize both values to address this.
>>
>> rob
>
> Looks good.
>
> I just found few nitpicks that may be fixed before push:
>
> 1) I didn't like constructs like this one:
> '%s' % os.path.abspath(secdir)

OK

>
> Simple "os.path.abspath(secdir)" would be enough
>
> 2) I think get_request_id() function documentation should contain
> recognized value types:
>      None: Any type
>      1: File path

Not sure what you mean. The function takes a tuple and seems fairly well 
documented to me.

> 3) We may want also to normalize path to PW file. This is what we use
> now in ipa-server-install:
>
> 2011-12-07T10:11:25Z DEBUG args=/usr/bin/ipa-getcert start-tracking
> -d /etc/dirsrv/slapd-PKI-IPA -n    Server-Cert
> -p /etc/dirsrv/slapd-PKI-IPA//pwdfile.txt
> This shoud be enough:
> -        args.append(passwd_fname)
> +        args.append(os.path.abspath(passwd_fname))

done

rob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-903-2-certmonger.patch
Type: text/x-patch
Size: 2012 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/bc5a51ba/attachment.bin>


More information about the Freeipa-devel mailing list