From dc00a5c3aaf84f8fb2a3c0473e31646b9d57badc Mon Sep 17 00:00:00 2001
From: Dinesh Prasanth M K <SilleBille@users.noreply.github.com>
Date: Wed, 25 Mar 2020 16:02:15 -0400
Subject: [PATCH] Patch ECAdminCertProfile upgrade script
Backport of PR #355
The caECAdminCert profile was added 2 years ago but was never patched
to be added to the CS.cfg. Hence, when a user tries to upgrade, the path
did not exist and so, the upgrade failed. This patch adds the missing
attribute to ensure smooth upgradation process
Move 10.8.2 upgrade script to 10.8.3
Resolves: BZ#1814242
Upstream: https://pagure.io/dogtagpki/issue/3168
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
---
.../10.8.2/01-FixECAdminCertProfile.py | 39 -------------
.../10.8.3/01-FixECAdminCertProfile.py | 55 +++++++++++++++++++
2 files changed, 55 insertions(+), 39 deletions(-)
delete mode 100644 base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py
create mode 100644 base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py
diff --git a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py
deleted file mode 100644
index ebdb98304..000000000
--- a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py
+++ /dev/null
@@ -1,39 +0,0 @@
-# Authors:
-# Endi S. Dewata <edewata@redhat.com>
-#
-# Copyright Red Hat, Inc.
-#
-# SPDX-License-Identifier: GPL-2.0-or-later
-
-from __future__ import absolute_import
-import logging
-import os
-
-import pki
-
-logger = logging.getLogger(__name__)
-
-
-class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet):
-
- def __init__(self):
- super(FixECAdminCertProfile, self).__init__()
- self.message = 'Fix EC admin certificate profile'
-
- def upgrade_subsystem(self, instance, subsystem):
-
- if subsystem.name != 'ca':
- return
-
- self.backup(subsystem.cs_conf)
-
- path = subsystem.config.get('profile.caECAdminCert.config')
- logger.info('Current path: %s', path)
-
- dirname = os.path.dirname(path)
-
- path = os.path.join(dirname, 'caECAdminCert.cfg')
- logger.info('New path: %s', path)
-
- subsystem.config['profile.caECAdminCert.config'] = path
- subsystem.save()
diff --git a/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py
new file mode 100644
index 000000000..92664d292
--- /dev/null
+++ b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py
@@ -0,0 +1,55 @@
+# Authors:
+# Endi S. Dewata <edewata@redhat.com>
+#
+# Copyright Red Hat, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+from __future__ import absolute_import
+import logging
+import os
+
+import pki
+
+logger = logging.getLogger(__name__)
+
+
+class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet):
+
+ def __init__(self):
+ super(FixECAdminCertProfile, self).__init__()
+ self.message = 'Fix EC admin certificate profile'
+
+ def upgrade_subsystem(self, instance, subsystem):
+
+ if subsystem.name != 'ca':
+ return
+
+ self.backup(subsystem.cs_conf)
+
+ path = subsystem.config.get('profile.caECAdminCert.config')
+ if path is None:
+ # Add missing path
+ logger.info('Missing profile.caECAdminCert.config')
+
+ path = "{0}/profiles/{1}/caECAdminCert.cfg".format(
+ subsystem.base_dir, subsystem.name)
+
+ else:
+ # Fix existing path
+ logger.info("Fixing profile.caECAdminCert.config")
+ dirname = os.path.dirname(path)
+ path = os.path.join(dirname, 'caECAdminCert.cfg')
+
+ logger.info('New path: %s', path)
+ subsystem.config['profile.caECAdminCert.config'] = path
+
+ subsystem.config['profile.caECAdminCert.class_id'] = 'caEnrollImpl'
+
+ # check if caECAdminCert is part of profile.list
+ profile_list = subsystem.config['profile.list'].split(',')
+ if 'caECAdminCert' not in profile_list:
+ profile_list.append('caECAdminCert')
+ subsystem.config['profile.list'] = ','.join(profile_list)
+
+ subsystem.save()
--
2.23.0