diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-09-18 16:28:59 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:01:38 +0200 |
| commit | 231f57cedb4fea26d3317fe2b1f30d043c7d2524 (patch) | |
| tree | 568ca28e1e09751d0d8296d1d4338af813002e59 /freeipa.spec.in | |
| parent | 2421b13a9b8bd79084e9cfe488690057445d7aa7 (diff) | |
| download | freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.gz freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.xz freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.zip | |
Introduce NSS database /etc/ipa/nssdb
This is the new default NSS database for IPA.
/etc/pki/nssdb is still maintained for backward compatibility.
https://fedorahosted.org/freeipa/ticket/3259
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'freeipa.spec.in')
| -rw-r--r-- | freeipa.spec.in | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index e3ffc0bad..6e9747fde 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -424,6 +424,7 @@ mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup mkdir -p %{buildroot}%{_sysconfdir}/ipa/ /bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf /bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt +mkdir -p %{buildroot}%{_sysconfdir}/ipa/nssdb mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore mkdir -p %{buildroot}%{_sysconfdir}/bash_completion.d install -pm 644 contrib/completion/ipa.bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/ipa @@ -538,6 +539,17 @@ if [ $1 -gt 1 ] ; then /bin/systemctl condrestart ntpd.service 2>&1 || : fi fi + + if [ ! -f '/etc/ipa/nssdb/cert8.db' -a $restore -ge 2 ]; then + python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1 + tempfile=$(mktemp) + if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tempfile" 2>/var/log/ipaupgrade.log; then + certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tempfile" >/var/log/ipaupgrade.log 2>&1 + elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tempfile" 2>/var/log/ipaupgrade.log; then + certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tempfile" >/var/log/ipaupgrade.log 2>&1 + fi + rm -f "$tempfile" + fi fi %triggerin -n freeipa-client -- openssh-server @@ -798,6 +810,11 @@ fi %dir %attr(0755,root,root) %{_sysconfdir}/ipa/ %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt +%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb +%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db +%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db +%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db +%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt %if ! %{ONLY_CLIENT} %files tests -f tests-python.list |