diff options
-rw-r--r-- | ipa.spec.in | 13 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 29 |
2 files changed, 19 insertions, 23 deletions
diff --git a/ipa.spec.in b/ipa.spec.in index 74b690e81..3c93aeab1 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -97,7 +97,8 @@ Requires: selinux-policy %endif Requires(post): selinux-policy-base Requires: slapi-nis >= 0.15 -Requires: pki-ca +Requires: pki-ca >= 1.3.6 +Requires: pki-silent >= 1.3.4 Conflicts: mod_ssl %description server @@ -139,8 +140,8 @@ Requires: nss_ldap Requires: wget Requires: xmlrpc-c Requires: libcurl -Requires: sssd >= 1.1.1 -Requires: certmonger +Requires: sssd >= 1.2.1 +Requires: certmonger >= 0.26 %description client IPA is an integrated solution to provide centrally managed Identity (machine, @@ -501,6 +502,12 @@ fi %endif %changelog +* Fri Aug 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-27 +- Set minimum version of certmonger to 0.26 (to pck up #621670) +- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm) +- Set minimum version of pki-ca to 1.3.6 +- Set minimum version of sssd to 1.2.1 + * Tue Aug 10 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-26 - Add BuildRequires for authconfig diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 035d6315f..6babd440f 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -434,10 +434,12 @@ class CAInstance(service.Service): self.step("creating certificate server user", self.__create_ca_user) if not ipautil.dir_exists("/var/lib/pki-ca"): self.step("creating pki-ca instance", self.create_instance) + self.step("restarting certificate server", self.__restart_instance) self.step("configuring certificate server instance", self.__configure_instance) # Step 1 of external is getting a CSR so we don't need to do these # steps until we get a cert back from the external CA. if self.external != 1: + self.step("restarting certificate server", self.__restart_instance) if not self.clone: self.step("creating CA agent PKCS#12 file in /root", self.__create_ca_agent_pkcs12) self.step("creating RA agent certificate database", self.__create_ra_agent_db) @@ -497,19 +499,6 @@ class CAInstance(service.Service): self.backup_state("user_exists", user_exists) def __configure_instance(self): - # Turn off Nonces - if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: - raise RuntimeError("Disabling nonces failed") - pent = pwd.getpwnam(self.pki_user) - os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) - - logging.debug("restarting ca instance") - try: - self.restart() - logging.debug("done restarting ca instance") - except ipautil.CalledProcessError, e: - print "failed to restart ca instance", e - preop_pin = get_preop_pin(self.server_root, PKI_INSTANCE_NAME) try: @@ -535,6 +524,7 @@ class CAInstance(service.Service): "-db_name", "ipaca", "-key_size", "2048", "-key_type", "rsa", + "-key_algorithm", "SHA256withRSA", "-save_p12", "true", "-backup_pwd", self.admin_password, "-subsystem_name", self.service_name, @@ -620,13 +610,12 @@ class CAInstance(service.Service): logging.debug("completed creating ca instance") except ipautil.CalledProcessError, e: logging.critical("failed to restart ca instance %s" % e) - logging.debug("restarting ca instance") - try: - self.restart() - logging.debug("done restarting ca instance") - except ipautil.CalledProcessError, e: - print "failed to restart ca instance", e - logging.debug("failed to restart ca instance %s" % e) + + # Turn off Nonces (again) + if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: + raise RuntimeError("Disabling nonces failed") + pent = pwd.getpwnam(self.pki_user) + os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) # pkisilent makes a copy of the CA PKCS#12 file for us but gives # it a lousy name. |