Fix IPA install for secure umask

Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.ldif created during installation.

https://fedorahosted.org/freeipa/ticket/1282

1 files changed, 5 insertions, 1 deletions

diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 0c8d7fcd8..4ac309288 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -114,7 +114,11 @@ def check_certs():
     if not os.path.exists("/usr/share/ipa/html/ca.crt"):
         ca_file = "/etc/httpd/alias/cacert.asc"
         if os.path.exists(ca_file):
-            shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt")
+            old_umask = os.umask(022)   # make sure its readable by httpd
+            try:
+                shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt")
+            finally:
+                os.umask(old_umask)
         else:
             print "Missing Certification Authority file."
             print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt"