diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-09-17 15:04:11 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:01:38 +0200 |
| commit | 734afdf936913726b0310ca1d24731b1bdf1b5bd (patch) | |
| tree | 8e7b3a0d2fbaf920882c773f3621bea494c8d938 /freeipa.spec.in | |
| parent | 4e680467517365caca596244ffc86e69037bde83 (diff) | |
| download | freeipa-734afdf936913726b0310ca1d24731b1bdf1b5bd.tar.gz freeipa-734afdf936913726b0310ca1d24731b1bdf1b5bd.tar.xz freeipa-734afdf936913726b0310ca1d24731b1bdf1b5bd.zip | |
Remove ipa-ca.crt from systemwide CA store on client uninstall and cert update
The file was used by previous versions of IPA to provide the IPA CA certificate
to p11-kit and has since been obsoleted by ipa.p11-kit, a file which contains
all the CA certificates and associated trust policy from the LDAP certificate
store.
Since p11-kit is hooked into /etc/httpd/alias, ipa-ca.crt must be removed to
prevent certificate import failures in installer code.
Also add ipa.p11-kit to the files owned by the freeipa-python package.
https://fedorahosted.org/freeipa/ticket/3259
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'freeipa.spec.in')
| -rw-r--r-- | freeipa.spec.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 6e9747fde..b0d4b06a0 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -815,6 +815,7 @@ fi %ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db %ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db %ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt +%ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit %if ! %{ONLY_CLIENT} %files tests -f tests-python.list |