[Freeipa-devel] [PATCH 0075] Change group ownership of CRL publish directory
Martin Kosek
mkosek at redhat.com
Thu Jun 20 15:47:55 UTC 2013
On 06/20/2013 05:44 PM, Simo Sorce wrote:
> On Thu, 2013-06-20 at 17:33 +0200, Martin Kosek wrote:
>> On 06/20/2013 05:15 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> Spec file modified so that /var/lib/ipa/pki-ca/publish/ is owned
>>> by pkiuser group.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3727
>>>
>>> Tomas
>>>
>>
>> NACK. This won't fly. pkiuser is created by FreeIPA when server is installed,
>> thus you cannot just simply change ownership in our spec file because in the
>> time when package is installed or updated, pkiuser may not exist.
>>
>> I think you need to delete the %attr from spec file and set the correct
>> ownership during ipa-{server,ca}-install. When CA is configured, we should also
>> probably let ipa-upgradeconfig check this directory and amend when necessary
>> (to fix affected IPA CA instances).
>
> Probably even better to not create the directory via rpm at all, but
> make ipa-ca-install create it and remove it when --uninstall is run.
>
> Simo.
This could also work, sure. Could we then at least mark this directory in our
spec file as %ghost? So that "rpm -qf /var/lib/ipa/pki-ca/publish/" gives some
information?
Martin
More information about the Freeipa-devel
mailing list