Don't assume local directory is valid or writable.

certutil writes to the local directory when issuing a certificate.
Change to the security database directory when issuing the self-signed CA.

Also handle the case where a user is in a non-existent directory when doing
the install.

1 files changed, 6 insertions, 1 deletions

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index e01795db3..2df7cb38d 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -190,7 +190,10 @@ class CertDB(object):
         self.certreq_fname = None
         self.certder_fname = None
         self.host_name = host_name
-        self.cwd = os.getcwd()
+        try:
+            self.cwd = os.getcwd()
+        except OSError, e:
+            raise RuntimeError("Unable to determine the current directory: %s" % str(e))
 
         self.self_signed_ca = ipa_self_signed()
 
@@ -352,6 +355,7 @@ class CertDB(object):
         return False
 
     def create_ca_cert(self):
+        os.chdir(self.secdir)
         p = subprocess.Popen(["/usr/bin/certutil",
                               "-d", self.secdir,
                               "-S", "-n", self.cacert_name,
@@ -382,6 +386,7 @@ class CertDB(object):
         p.stdin.write("y\n\ny\n")
         p.stdin.write("5\n6\n7\n9\nn\n")
         p.wait()
+        os.chdir(self.cwd)
 
     def export_ca_cert(self, nickname, create_pkcs12=False):
         """create_pkcs12 tells us whether we should create a PKCS#12 file