From dc00a5c3aaf84f8fb2a3c0473e31646b9d57badc Mon Sep 17 00:00:00 2001 From: Dinesh Prasanth M K Date: Wed, 25 Mar 2020 16:02:15 -0400 Subject: [PATCH] Patch ECAdminCertProfile upgrade script Backport of PR #355 The caECAdminCert profile was added 2 years ago but was never patched to be added to the CS.cfg. Hence, when a user tries to upgrade, the path did not exist and so, the upgrade failed. This patch adds the missing attribute to ensure smooth upgradation process Move 10.8.2 upgrade script to 10.8.3 Resolves: BZ#1814242 Upstream: https://pagure.io/dogtagpki/issue/3168 Signed-off-by: Dinesh Prasanth M K --- .../10.8.2/01-FixECAdminCertProfile.py | 39 ------------- .../10.8.3/01-FixECAdminCertProfile.py | 55 +++++++++++++++++++ 2 files changed, 55 insertions(+), 39 deletions(-) delete mode 100644 base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py create mode 100644 base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py diff --git a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py deleted file mode 100644 index ebdb98304..000000000 --- a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py +++ /dev/null @@ -1,39 +0,0 @@ -# Authors: -# Endi S. Dewata -# -# Copyright Red Hat, Inc. -# -# SPDX-License-Identifier: GPL-2.0-or-later - -from __future__ import absolute_import -import logging -import os - -import pki - -logger = logging.getLogger(__name__) - - -class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet): - - def __init__(self): - super(FixECAdminCertProfile, self).__init__() - self.message = 'Fix EC admin certificate profile' - - def upgrade_subsystem(self, instance, subsystem): - - if subsystem.name != 'ca': - return - - self.backup(subsystem.cs_conf) - - path = subsystem.config.get('profile.caECAdminCert.config') - logger.info('Current path: %s', path) - - dirname = os.path.dirname(path) - - path = os.path.join(dirname, 'caECAdminCert.cfg') - logger.info('New path: %s', path) - - subsystem.config['profile.caECAdminCert.config'] = path - subsystem.save() diff --git a/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py new file mode 100644 index 000000000..92664d292 --- /dev/null +++ b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py @@ -0,0 +1,55 @@ +# Authors: +# Endi S. Dewata +# +# Copyright Red Hat, Inc. +# +# SPDX-License-Identifier: GPL-2.0-or-later + +from __future__ import absolute_import +import logging +import os + +import pki + +logger = logging.getLogger(__name__) + + +class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + super(FixECAdminCertProfile, self).__init__() + self.message = 'Fix EC admin certificate profile' + + def upgrade_subsystem(self, instance, subsystem): + + if subsystem.name != 'ca': + return + + self.backup(subsystem.cs_conf) + + path = subsystem.config.get('profile.caECAdminCert.config') + if path is None: + # Add missing path + logger.info('Missing profile.caECAdminCert.config') + + path = "{0}/profiles/{1}/caECAdminCert.cfg".format( + subsystem.base_dir, subsystem.name) + + else: + # Fix existing path + logger.info("Fixing profile.caECAdminCert.config") + dirname = os.path.dirname(path) + path = os.path.join(dirname, 'caECAdminCert.cfg') + + logger.info('New path: %s', path) + subsystem.config['profile.caECAdminCert.config'] = path + + subsystem.config['profile.caECAdminCert.class_id'] = 'caEnrollImpl' + + # check if caECAdminCert is part of profile.list + profile_list = subsystem.config['profile.list'].split(',') + if 'caECAdminCert' not in profile_list: + profile_list.append('caECAdminCert') + subsystem.config['profile.list'] = ','.join(profile_list) + + subsystem.save() -- 2.23.0