From 33a30fef121dbbf588a73f55c96e040e60b16c06 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 3 Feb 2010 17:40:18 -0500 Subject: Don't assume local directory is valid or writable. certutil writes to the local directory when issuing a certificate. Change to the security database directory when issuing the self-signed CA. Also handle the case where a user is in a non-existent directory when doing the install. --- ipaserver/install/certs.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ipaserver/install') diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index e01795db3..2df7cb38d 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -190,7 +190,10 @@ class CertDB(object): self.certreq_fname = None self.certder_fname = None self.host_name = host_name - self.cwd = os.getcwd() + try: + self.cwd = os.getcwd() + except OSError, e: + raise RuntimeError("Unable to determine the current directory: %s" % str(e)) self.self_signed_ca = ipa_self_signed() @@ -352,6 +355,7 @@ class CertDB(object): return False def create_ca_cert(self): + os.chdir(self.secdir) p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir, "-S", "-n", self.cacert_name, @@ -382,6 +386,7 @@ class CertDB(object): p.stdin.write("y\n\ny\n") p.stdin.write("5\n6\n7\n9\nn\n") p.wait() + os.chdir(self.cwd) def export_ca_cert(self, nickname, create_pkcs12=False): """create_pkcs12 tells us whether we should create a PKCS#12 file -- cgit