Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS

455064

3 files changed, 16 insertions, 8 deletions

diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare
index 8f551ee9b..54dc2f3d9 100644
--- a/ipa-server/ipa-install/ipa-replica-prepare
+++ b/ipa-server/ipa-install/ipa-replica-prepare
@@ -165,7 +165,7 @@ def main():
 
     replica_fqdn = args[1]
 
-    if not ipautil.file_exists("/usr/share/ipa/serial") and not options.dirsrv_pin:
+    if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin:
         sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
 
     print "Determining current realm name"
diff --git a/ipa-server/ipa-server.spec.in b/ipa-server/ipa-server.spec.in
index f8b07dd8c..acc932bfa 100644
--- a/ipa-server/ipa-server.spec.in
+++ b/ipa-server/ipa-server.spec.in
@@ -1,6 +1,6 @@
 Name:           ipa-server
 Version:        VERSION
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        IPA authentication server
 
 Group:          System Environment/Base
@@ -89,6 +89,9 @@ if [ $1 = 1 ]; then
     /sbin/chkconfig --add ipa_kpasswd
     /sbin/chkconfig --add ipa_webgui
 fi
+if [ -e /usr/share/ipa/serial ]; then
+    mv /usr/share/ipa/serial /var/lib/ipa/ca_serialno
+fi
 /bin/touch /var/log/ipa_error.log
 /bin/chown apache /var/log/ipa_error.log
 /bin/chmod 600 /var/log/ipa_error.log
@@ -168,6 +171,9 @@ fi
 %{_mandir}/man1/ipa-server-install.1.gz
 
 %changelog
+* Wed Jul 23 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
+- Move location of the self-signed CA serial number
+
 * Tue May  5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
 - Add ipa-upgradeconfig command and run it at post
 
diff --git a/ipa-server/ipaserver/certs.py b/ipa-server/ipaserver/certs.py
index ca2db2286..52b054658 100644
--- a/ipa-server/ipaserver/certs.py
+++ b/ipa-server/ipaserver/certs.py
@@ -24,6 +24,8 @@ import errno
 from ipa import sysrestore
 from ipa import ipautil
 
+CA_SERIALNO="/var/lib/ipa/ca_serialno"
+
 class CertDB(object):
     def __init__(self, dir, fstore=None):
         self.secdir = dir
@@ -69,7 +71,7 @@ class CertDB(object):
 
         self.cur_serial = self.find_cacert_serial()
         try:
-            f=open("/usr/share/ipa/serial","w")
+            f=open(CA_SERIALNO,"w")
             f.write(str(self.cur_serial))
             f.close()
         except IOError, e:
@@ -77,24 +79,24 @@ class CertDB(object):
 
     def next_serial(self):
         try:
-            f=open("/usr/share/ipa/serial","r")
+            f=open(CA_SERIALNO,"r")
             r = f.readline()
             try:
                 self.cur_serial = int(r) + 1
             except ValueError:
-                raise RuntimeError("The value in /usr/share/ipa/serial is not an integer")
+                raise RuntimeError("The value in %s is not an integer" % CA_SERIALNO)
             f.close()
         except IOError, e:
             if e.errno == errno.ENOENT:
                 self.cur_serial = 1000
-                f=open("/usr/share/ipa/serial","w")
+                f=open(CA_SERIALNO,"w")
                 f.write(str(self.cur_serial))
                 f.close()
             else:
                 raise RuntimeError("Unable to determine serial number: %s" % str(e))
 
         try:
-            f=open("/usr/share/ipa/serial","w")
+            f=open(CA_SERIALNO,"w")
             f.write(str(self.cur_serial))
             f.close()
         except IOError, e:
@@ -396,7 +398,7 @@ class CertDB(object):
         # This file implies that we have our own self-signed CA. Ensure
         # that it no longer exists (from previous installs, for example).
         try:
-            os.remove("/usr/share/ipa/serial")
+            os.remove(CA_SERIALNO)
         except:
             pass