|
 |
ac7d03 |
From 10e74165a827377ed3318d4d2b974fdbf0fab9db Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
ac7d03 |
Date: Wed, 8 Mar 2017 14:24:15 +0000
|
|
|
ac7d03 |
Subject: [PATCH] httpinstance: clean up /etc/httpd/alias on uninstall
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Restore cert8.db, key3.db, pwdfile.txt and secmod.db in /etc/httpd/alias
|
|
|
ac7d03 |
from backup on uninstall.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Files modified by IPA are kept with .ipasave suffix.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/4639
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
ipapython/certdb.py | 13 +++++++++++++
|
|
|
ac7d03 |
ipaserver/install/certs.py | 3 +++
|
|
|
ac7d03 |
ipaserver/install/httpinstance.py | 3 +++
|
|
|
ac7d03 |
3 files changed, 19 insertions(+)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
|
|
|
ac7d03 |
index 6c89e778068d9ed1e9939077f7114463776e3516..f1410e5ae4290263573e9554ab4e66873d4344a1 100644
|
|
|
ac7d03 |
--- a/ipapython/certdb.py
|
|
|
ac7d03 |
+++ b/ipapython/certdb.py
|
|
|
ac7d03 |
@@ -169,6 +169,19 @@ class NSSDatabase(object):
|
|
|
ac7d03 |
new_mode = filemode
|
|
|
ac7d03 |
os.chmod(path, new_mode)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
+ def restore(self):
|
|
|
ac7d03 |
+ for filename in NSS_FILES:
|
|
|
ac7d03 |
+ path = os.path.join(self.secdir, filename)
|
|
|
ac7d03 |
+ backup_path = path + '.orig'
|
|
|
ac7d03 |
+ save_path = path + '.ipasave'
|
|
|
ac7d03 |
+ try:
|
|
|
ac7d03 |
+ if os.path.exists(path):
|
|
|
ac7d03 |
+ os.rename(path, save_path)
|
|
|
ac7d03 |
+ if os.path.exists(backup_path):
|
|
|
ac7d03 |
+ os.rename(backup_path, path)
|
|
|
ac7d03 |
+ except OSError as e:
|
|
|
ac7d03 |
+ root_logger.debug(e)
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
def list_certs(self):
|
|
|
ac7d03 |
"""Return nicknames and cert flags for all certs in the database
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
|
|
|
ac7d03 |
index 9f340b8678c55cffe2872df97c643c34857cfaa9..0ca971358030db6a6e7e410e58a984675bcf53ac 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/certs.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/certs.py
|
|
|
ac7d03 |
@@ -234,6 +234,9 @@ class CertDB(object):
|
|
|
ac7d03 |
backup=True)
|
|
|
ac7d03 |
self.set_perms(self.passwd_fname, write=True)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
+ def restore(self):
|
|
|
ac7d03 |
+ self.nssdb.restore()
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
def list_certs(self):
|
|
|
ac7d03 |
"""
|
|
|
ac7d03 |
Return a tuple of tuples containing (nickname, trust)
|
|
|
ac7d03 |
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
|
|
|
ac7d03 |
index ca3bcc87eec2c93a664db517df3eddecaaf565c2..f6f0b0c4f6acd648aa9f6f5d7400617613245473 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/httpinstance.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/httpinstance.py
|
|
|
ac7d03 |
@@ -555,6 +555,9 @@ class HTTPInstance(service.Service):
|
|
|
ac7d03 |
ca_iface.Set('org.fedorahosted.certmonger.ca',
|
|
|
ac7d03 |
'external-helper', helper)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
+ db = certs.CertDB(self.realm, paths.HTTPD_ALIAS_DIR)
|
|
|
ac7d03 |
+ db.restore()
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
for f in [paths.HTTPD_IPA_CONF, paths.HTTPD_SSL_CONF, paths.HTTPD_NSS_CONF]:
|
|
|
ac7d03 |
try:
|
|
|
ac7d03 |
self.fstore.restore_file(f)
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.1
|
|
|
ac7d03 |
|