summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-03-04 13:09:19 -0500
committerRob Crittenden <rcritten@redhat.com>2011-03-08 10:23:03 -0500
commit61d70657ab93bb4ce74013dcfef9b9592460caaf (patch)
tree08a3950743ea355b42a04a129af4613ddf02b8bb
parent46221e57bf31bdba833da7d4f61ad215d8d083f3 (diff)
downloadfreeipa-61d70657ab93bb4ce74013dcfef9b9592460caaf.zip
freeipa-61d70657ab93bb4ce74013dcfef9b9592460caaf.tar.gz
freeipa-61d70657ab93bb4ce74013dcfef9b9592460caaf.tar.xz
Always try to stop tracking the server cert when uninstalling client.
stop_tracking() is robust enough to do the right thing if no certificate exists so go ahead and always call it. If the certificate failed to be issued for some reason the request will still in certmonger after uninstalling. This would cause problems when trying to reinstall the client. This will go ahead and always tell certmonger to stop tracking it. ticket 1028
-rwxr-xr-xipa-client/ipa-install/ipa-client-install23
1 files changed, 13 insertions, 10 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index af7a2d2..390e600 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -192,17 +192,18 @@ def uninstall(options, env):
run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", "IPA CA"])
except Exception, e:
print "Failed to remove IPA CA from /etc/pki/nssdb: %s" % str(e)
+
+ # Always start certmonger. We can't untrack something if it isn't
+ # running
+ try:
+ service('certmonger', 'start')
+ except:
+ pass
+ try:
+ certmonger.stop_tracking('/etc/pki/nssdb', nickname=client_nss_nickname)
+ except (CalledProcessError, RuntimeError), e:
+ logging.error("certmonger failed to stop tracking certificate: %s" % str(e))
if nickname_exists(client_nss_nickname):
- # Always start certmonger. We can't untrack something if it isn't
- # running
- try:
- service('certmonger', 'start')
- except:
- pass
- try:
- certmonger.stop_tracking('/etc/pki/nssdb', nickname=client_nss_nickname)
- except (CalledProcessError, RuntimeError), e:
- logging.error("certmonger failed to stop tracking certificate: %s" % str(e))
try:
run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", client_nss_nickname])
except Exception, e:
@@ -939,3 +940,5 @@ except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt:
sys.exit(1)
+except RuntimeError, e:
+ sys.exit(e)