diff options
| author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-17 00:15:39 +0000 |
|---|---|---|
| committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-17 00:15:39 +0000 |
| commit | 75a5865b21fc295d036d6e25c6f26acc72ceaefb (patch) | |
| tree | 27ff2af0b661e0d0c3d2406e6ec83469bd24ac60 /pki/base/ra | |
| parent | 537e2ed88dc73912d27cd519af948deeb6c7799b (diff) | |
| download | pki-75a5865b21fc295d036d6e25c6f26acc72ceaefb.tar.gz pki-75a5865b21fc295d036d6e25c6f26acc72ceaefb.tar.xz pki-75a5865b21fc295d036d6e25c6f26acc72ceaefb.zip | |
Bugzilla Bug #493122 - Proper invocation and use of mod_revocator (enable on
RHEL only)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@393 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra')
| -rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DonePanel.pm | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index eda7745cf..bc8eaa919 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -327,11 +327,39 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } - # Append security domain getCRL URL to end of "revocator.conf" - open(REVOCATOR_CONF, ">>$instDir/conf/revocator.conf"); - print REVOCATOR_CONF "CRLFile \"" . $sdom + # Rewrite "revocator.conf", activating the CRLEngine, and appending + # the security domain getCRL URL to end of the file + open( TMP_REVOCATOR_CONF, ">$instDir/conf/revocator.conf.tmp" ); + system( "chmod 00660 $instDir/conf/revocator.conf.tmp" ); + open( REVOCATOR_CONF, "<$instDir/conf/revocator.conf" ); + while( <REVOCATOR_CONF> ) { + if( /^CRLEngine/ ) { + # Bugzilla Bug #493122: Activate CRLEngine on RHEL, + # but NOT on Fedora! + if( -e "/etc/fedora-release" ) { + print TMP_REVOCATOR_CONF "CRLEngine off\n"; + } else { + print TMP_REVOCATOR_CONF "CRLEngine on\n"; + } + } else { + print TMP_REVOCATOR_CONF $_; + } + } + # Append security domain getCRL URL to end of "revocator.conf.tmp" + print TMP_REVOCATOR_CONF "CRLFile \"" . $sdom . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; - close(REVOCATOR_CONF); + close( REVOCATOR_CONF ); + close( TMP_REVOCATOR_CONF ); + + # Create a copy of the original file which + # preserves the original file permissions + system( "cp -p $instDir/conf/revocator.conf.tmp " + . "$instDir/conf/revocator.conf" ); + + # Remove the original file only if the backup copy was successful + if( -e "$instDir/conf/revocator.conf" ) { + system( "rm $instDir/conf/revocator.conf.tmp" ); + } &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); |