diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-17 15:04:11 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:01:38 +0200 |
commit | 734afdf936913726b0310ca1d24731b1bdf1b5bd (patch) | |
tree | 8e7b3a0d2fbaf920882c773f3621bea494c8d938 /ipaplatform/base | |
parent | 4e680467517365caca596244ffc86e69037bde83 (diff) | |
download | freeipa-734afdf936913726b0310ca1d24731b1bdf1b5bd.tar.gz freeipa-734afdf936913726b0310ca1d24731b1bdf1b5bd.tar.xz freeipa-734afdf936913726b0310ca1d24731b1bdf1b5bd.zip |
Remove ipa-ca.crt from systemwide CA store on client uninstall and cert update
The file was used by previous versions of IPA to provide the IPA CA certificate
to p11-kit and has since been obsoleted by ipa.p11-kit, a file which contains
all the CA certificates and associated trust policy from the LDAP certificate
store.
Since p11-kit is hooked into /etc/httpd/alias, ipa-ca.crt must be removed to
prevent certificate import failures in installer code.
Also add ipa.p11-kit to the files owned by the freeipa-python package.
https://fedorahosted.org/freeipa/ticket/3259
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaplatform/base')
-rw-r--r-- | ipaplatform/base/paths.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index a810e6573..1d936016a 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -80,6 +80,7 @@ class BasePathNamespace(object): PAM_LDAP_CONF = "/etc/pam_ldap.conf" PASSWD = "/etc/passwd" ETC_PKI_CA_DIR = "/etc/pki-ca" + SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/" IPA_P11_KIT = "/etc/pki/ca-trust/source/ipa.p11-kit" NSS_DB_DIR = "/etc/pki/nssdb" NSSDB_CERT8_DB = "/etc/pki/nssdb/cert8.db" |