diff options
| author | Florence Blanc-Renaud <flo@redhat.com> | 2017-01-23 18:06:53 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-01 12:46:50 +0100 |
| commit | c49320435ddc67210c0d95be273e971ea8ffad6d (patch) | |
| tree | bd48203a1ed62946f490adebec43b9bd06d85afc | |
| parent | 10494b1bb34b6ff9c1b810cc0739c761b017202c (diff) | |
| download | freeipa-c49320435ddc67210c0d95be273e971ea8ffad6d.tar.gz freeipa-c49320435ddc67210c0d95be273e971ea8ffad6d.tar.xz freeipa-c49320435ddc67210c0d95be273e971ea8ffad6d.zip | |
Define template version in certmap.conf
A previous commit (ffb9a09a0d63f7edae2b647b5c1d503d1d4d7a6e) removed the
definition of VERSION 2 in certmap.conf.template.
ipa-server-upgrade tool compares the template version with the version in
certmap.conf. As VERSION is not defined in either file, it concludes that
version = 0 for both and does not make a backup of certmap.conf even though
it prints that it will.
The fix re-defines VERSION in the template and adapts the code because the
template has changed (it is using $ISSUER_DN instead of
CN=Certificate Authority,$SUBJECT_BASE).
The fix also logs an error when a template file is not versioned.
https://fedorahosted.org/freeipa/ticket/6354
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
| -rw-r--r-- | install/share/certmap.conf.template | 4 | ||||
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 5 |
2 files changed, 8 insertions, 1 deletions
diff --git a/install/share/certmap.conf.template b/install/share/certmap.conf.template index d59b095fa..bf4f4d0cd 100644 --- a/install/share/certmap.conf.template +++ b/install/share/certmap.conf.template @@ -1,3 +1,7 @@ +# VERSION 3 - DO NOT REMOVE THIS LINE +# +# This file is managed by IPA and will be overwritten on upgrades. +# # # This file configures how a certificate is mapped to an LDAP entry. See the # documentation for more information on this file. diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index eef675577..d3fd4329a 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -168,6 +168,9 @@ def upgrade_file(sub_dict, filename, template, add=False): if new < 0: root_logger.error("%s not found." % template) + if new == 0: + root_logger.error("Template %s is not versioned." % template) + if old == 0: # The original file does not have a VERSION entry. This means it's now # managed by IPA, but previously was not. @@ -1526,7 +1529,7 @@ def upgrade_configuration(): subject_base = find_subject_base() if subject_base: - sub_dict['SUBJECT_BASE'] = subject_base + sub_dict['ISSUER_DN'] = 'CN=Certificate Authority,' + subject_base ca = cainstance.CAInstance( api.env.realm, host_name=api.env.host) |