pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0008-certs-do-not-implicitly-create-DS-pin.txt.patch

ac7d03
From 846b1c9b72f539cbe4b8d6e23de81e03b1afec9e Mon Sep 17 00:00:00 2001
ac7d03
From: Jan Cholasta <jcholast@redhat.com>
ac7d03
Date: Tue, 14 Mar 2017 09:32:17 +0100
ac7d03
Subject: [PATCH] certs: do not implicitly create DS pin.txt
ac7d03
ac7d03
Do not implicitly create DS pin.txt in `CertDB.init_from_pkcs12()`, create
ac7d03
it explicitly in `DSInstance.__enable_ssl()`.
ac7d03
ac7d03
This stops the file from being created in /etc/httpd/alias during classic
ac7d03
replica install.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/4639
ac7d03
ac7d03
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ac7d03
---
ac7d03
 ipaserver/install/certs.py      | 1 -
ac7d03
 ipaserver/install/dsinstance.py | 3 ++-
ac7d03
 2 files changed, 2 insertions(+), 2 deletions(-)
ac7d03
ac7d03
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
ac7d03
index 63e7887c4e73a8346d4eb5d865ddc89c07247573..9f340b8678c55cffe2872df97c643c34857cfaa9 100644
ac7d03
--- a/ipaserver/install/certs.py
ac7d03
+++ b/ipaserver/install/certs.py
ac7d03
@@ -635,7 +635,6 @@ class CertDB(object):
ac7d03
         self.cacert_name = ca_names[-1]
ac7d03
         self.trust_root_cert(self.cacert_name, trust_flags)
ac7d03
 
ac7d03
-        self.create_pin_file()
ac7d03
         self.export_ca_cert(nickname, False)
ac7d03
 
ac7d03
     def publish_ca_cert(self, location):
ac7d03
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
ac7d03
index 91cc180e62b9532e716c07c493b359567b20c749..79dc90e92cac49a2b64ff6645f75dc3a8cbcc104 100644
ac7d03
--- a/ipaserver/install/dsinstance.py
ac7d03
+++ b/ipaserver/install/dsinstance.py
ac7d03
@@ -838,7 +838,8 @@ class DsInstance(service.Service):
ac7d03
                 certmonger.modify_ca_helper('IPA', prev_helper)
ac7d03
 
ac7d03
             self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
ac7d03
-            dsdb.create_pin_file()
ac7d03
+
ac7d03
+        dsdb.create_pin_file()
ac7d03
 
ac7d03
         self.cacert_name = dsdb.cacert_name
ac7d03
 
ac7d03
-- 
ac7d03
2.12.1
ac7d03