diff options
author | Ade Lee <alee@redhat.com> | 2015-07-28 14:58:00 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2015-07-28 18:47:21 -0400 |
commit | becc7fdd56407941d47bfc6281b5c90bfdae5fa9 (patch) | |
tree | 642ca9cc88449f8bc21bbbc66ad4ab495017e2ec /base/server/python/pki/server/deployment/scriptlets | |
parent | ff0cb61874b26b1e4e4c55623324cb3097a42912 (diff) | |
download | pki-becc7fdd56407941d47bfc6281b5c90bfdae5fa9.tar.gz pki-becc7fdd56407941d47bfc6281b5c90bfdae5fa9.tar.xz pki-becc7fdd56407941d47bfc6281b5c90bfdae5fa9.zip |
Remove noise file generation code
Noise file does not actually need to have random data because
NSS does not actually use this data. Certutil still needs
the file though, so we will put dummy data in there. This
solves potential problems with the random() method used and also
issues like BZ 1244382
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/security_databases.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 3f8623af1..c3d4d9e49 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -91,9 +91,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_self_signed_nickname'], password_file=deployer.mdict['pki_shared_pfile']) if not rv: - deployer.file.generate_noise_file( - deployer.mdict['pki_self_signed_noise_file'], - deployer.mdict['pki_self_signed_noise_bytes']) + # note: in the function below, certutil is used to generate + # the request for the self signed cert. The keys are generated + # by NSS, which does not actually use the data in the noise + # file, so it does not matter what is in this file. Certutil + # still requires it though, otherwise it waits for keyboard + # input + with open( + deployer.mdict['pki_self_signed_noise_file'], 'w') as f: + f.write("not_so_random_data") deployer.certutil.generate_self_signed_certificate( deployer.mdict['pki_database_path'], deployer.mdict['pki_cert_database'], |