diff options
author | Jan Cholasta <jcholast@redhat.com> | 2016-02-22 15:05:35 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-02-24 10:53:28 +0100 |
commit | 11592dde1b232a70f318e01f5271b38890090648 (patch) | |
tree | 5aaeafb3a23893af2bc506c06c18404d930bd7f7 /freeipa.spec.in | |
parent | 775ee77bcc091ba31fdd3e59f8d45d0b646a44a0 (diff) | |
download | freeipa-11592dde1b232a70f318e01f5271b38890090648.tar.gz freeipa-11592dde1b232a70f318e01f5271b38890090648.tar.xz freeipa-11592dde1b232a70f318e01f5271b38890090648.zip |
client: stop using /etc/pki/nssdb
Don't put any IPA certificates to /etc/pki/nssdb - IPA itself uses
/etc/ipa/nssdb and IPA CA certificates are provided to the system using
p11-kit. Remove leftovers on upgrade.
https://fedorahosted.org/freeipa/ticket/5592
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'freeipa.spec.in')
-rw-r--r-- | freeipa.spec.in | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 54a11bfc8..48fec9742 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -937,15 +937,8 @@ if [ $1 -gt 1 ] ; then fi fi - if [ ! -f '/etc/ipa/nssdb/cert8.db' -a $restore -ge 2 ]; then - python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1 - tempfile=$(mktemp) - if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tempfile" 2>/var/log/ipaupgrade.log; then - certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tempfile" >/var/log/ipaupgrade.log 2>&1 - elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tempfile" 2>/var/log/ipaupgrade.log; then - certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tempfile" >/var/log/ipaupgrade.log 2>&1 - fi - rm -f "$tempfile" + if [ $restore -ge 2 ]; then + python2 -c 'from ipapython.certdb import update_ipa_nssdb; update_ipa_nssdb()' >/var/log/ipaupgrade.log 2>&1 fi fi |