Avoid CRL migration error message

When CRL files are being migrated to a new directory, the upgrade
log may contain an error message raised during MasterCRL.bin symlink
migration. This is actually being caused by `chown' operation which
tried to chown a symlinked file that was not migrated yet.

Sort migrated files before the migration process and put symlinks
at the end of the list. Also do not run chown on the symlinks as
it is a redundant operation since the symlinked file will be
chown'ed on its own.

https://fedorahosted.org/freeipa/ticket/3336

1 files changed, 7 insertions, 3 deletions

diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 096d4d64..0130fc14 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -513,8 +513,8 @@ def copy_crl_file(old_path, new_path=None):
         os.symlink(realpath, new_path)
     else:
         shutil.copy2(old_path, new_path)
-    pent = pwd.getpwnam(cainstance.PKI_USER)
-    os.chown(new_path, pent.pw_uid, pent.pw_gid)
+        pent = pwd.getpwnam(cainstance.PKI_USER)
+        os.chown(new_path, pent.pw_uid, pent.pw_gid)
 
     services.restore_context(new_path)
 
@@ -555,10 +555,14 @@ def migrate_crl_publish_dir(ca):
     # Copy all CRLs to new directory
     root_logger.info('Copy all CRLs to new publish directory')
     try:
-        crl_files = cainstance.get_crl_files(old_publish_dir)
+        crl_files_unsorted = cainstance.get_crl_files(old_publish_dir)
     except OSError, e:
         root_logger.error('Cannot move CRL files to new directory: %s', e)
     else:
+        # Move CRL files at the end of the list to make sure that the actual
+        # CRL files are copied first
+        crl_files = sorted(crl_files_unsorted,
+                           key=lambda f: os.path.islink(f))
         for f in crl_files:
             try:
                 copy_crl_file(f)