diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-07-16 12:10:54 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-07-16 12:17:40 +0200 |
commit | 7a105604e265222cf6f96b0ac060d4f1b2504b6c (patch) | |
tree | 22a9b92905f5f36259dc29b00f21a3931334eaae /ipaserver | |
parent | 0fa42af840579d641ceb76974fb4c0277c9c6d6b (diff) | |
download | freeipa.git-7a105604e265222cf6f96b0ac060d4f1b2504b6c.tar.gz freeipa.git-7a105604e265222cf6f96b0ac060d4f1b2504b6c.tar.xz freeipa.git-7a105604e265222cf6f96b0ac060d4f1b2504b6c.zip |
Change group ownership of CRL publish directory
Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no
longer owned by created with package installation. The directory
is rather created/removed with the CA instance itself.
This ensures proper creation/removeal, group ownership
and SELinux context.
https://fedorahosted.org/freeipa/ticket/3727
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/cainstance.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index d83fd7a1..ca3ee69f 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1107,6 +1107,10 @@ class CAInstance(service.Service): Returns a path to the CRL publishing directory """ publishdir = self.dogtag_constants.CRL_PUBLISH_PATH + + if not os.path.exists(publishdir): + os.mkdir(publishdir) + os.chmod(publishdir, 0775) pent = pwd.getpwnam(PKI_USER) os.chown(publishdir, 0, pent.pw_gid) @@ -1334,6 +1338,15 @@ class CAInstance(service.Service): root_logger.debug("Remove %s", f) installutils.remove_file(f) + # remove CRL directory + root_logger.info("Remove CRL directory") + if os.path.exists(self.dogtag_constants.CRL_PUBLISH_PATH): + try: + shutil.rmtree(self.dogtag_constants.CRL_PUBLISH_PATH) + except OSError, e: + root_logger.warning("Error while removing CRL publish " + "directory: %s" % e) + def publish_ca_cert(self, location): args = ["-L", "-n", self.canickname, "-a"] (cert, err, returncode) = self.__run_certutil(args) |