From 846b1c9b72f539cbe4b8d6e23de81e03b1afec9e Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 14 Mar 2017 09:32:17 +0100 Subject: [PATCH] certs: do not implicitly create DS pin.txt Do not implicitly create DS pin.txt in `CertDB.init_from_pkcs12()`, create it explicitly in `DSInstance.__enable_ssl()`. This stops the file from being created in /etc/httpd/alias during classic replica install. https://pagure.io/freeipa/issue/4639 Reviewed-By: Martin Babinsky --- ipaserver/install/certs.py | 1 - ipaserver/install/dsinstance.py | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 63e7887c4e73a8346d4eb5d865ddc89c07247573..9f340b8678c55cffe2872df97c643c34857cfaa9 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -635,7 +635,6 @@ class CertDB(object): self.cacert_name = ca_names[-1] self.trust_root_cert(self.cacert_name, trust_flags) - self.create_pin_file() self.export_ca_cert(nickname, False) def publish_ca_cert(self, location): diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 91cc180e62b9532e716c07c493b359567b20c749..79dc90e92cac49a2b64ff6645f75dc3a8cbcc104 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -838,7 +838,8 @@ class DsInstance(service.Service): certmonger.modify_ca_helper('IPA', prev_helper) self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False) - dsdb.create_pin_file() + + dsdb.create_pin_file() self.cacert_name = dsdb.cacert_name -- 2.12.1