[Freeipa-devel] [PATCHES] 152-158 ipa-server-certinstall fixes

Petr Viktorin pviktori at redhat.com
Mon Aug 19 12:02:15 UTC 2013 

On 07/15/2013 10:16 AM, Jan Cholasta wrote:
> On 11.7.2013 14:10, Jan Cholasta wrote:
>> Hi,
>>
>> this is the first batch of patches for
>> <https://fedorahosted.org/freeipa/ticket/3641>. It contains port of
>> ipa-server-certinstall to the admintool framework and fixes some bugs.
>>
>> Note that there's still some work I have to do to make
>> ipa-server-certinstall work properly for installs with CA, currently it
>> works reliably only on CA-less installs.
>>
>> This patchset also does not make it possible to change the CA
>> certificate (as requested in the ticket). We discussed this with Rob and
>> agreed that it should instead be done as part of
>> <https://fedorahosted.org/freeipa/ticket/3737>. Unless there are any
>> objections, that's what is going to happen.
>
> Added patches (157 and 158) to support installs with CA.
>
> Honza

Thanks!
I've read the patches and have some initial comments; I'll get to 
functional testing (and writing related CA-less tests) right away.

The patches need a small rebase (attached since I did it anyway).

Patch 152: OK (I saw some issues but they're fixed later on)
Patch 153: You can use log_file_name = '/var/log/ipa/default.log' on the 
ServerCertInstall class to keep the default log file.
Patch 154: OK
Patch 155: All this is removed by patch 157, please squash them together.
Patch 156: OK
Patch 157: Please add the delete_cert method to the NSSDatabase class, 
and have CertDB call it (see e.g. run_certutil, find_server_certs, 
import_pkcs12). The CertDB is only meant for IPA-specific functionality.
Patch 158: OK

-- 
Petr³

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 153-Port-ipa-server-certinstall-to-the-admintool-framewo.patch
Type: text/x-patch
Size: 12009 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130819/366dce7d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 154-Remove-unused-NSSDatabase-and-CertDB-method-find_roo.patch
Type: text/x-patch
Size: 3009 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130819/366dce7d/attachment-0001.bin>

More information about the Freeipa-devel mailing list