diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-10-23 16:31:37 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-11-01 10:52:36 -0400 |
| commit | 3d7ff982ec281935ca3c2b55eea03a08723fe1e2 (patch) | |
| tree | 5b2a0f5c072e7278b241c5babcecca0e5d95032d /install/tools/ipa-server-install | |
| parent | d180d3c10145d4f2ad2d4dfd5243f9f1eb1083b3 (diff) | |
| download | freeipa-3d7ff982ec281935ca3c2b55eea03a08723fe1e2.tar.gz freeipa-3d7ff982ec281935ca3c2b55eea03a08723fe1e2.tar.xz freeipa-3d7ff982ec281935ca3c2b55eea03a08723fe1e2.zip | |
After unininstall see if certmonger is still tracking any of our certs.
Rather than providing a list of nicknames I'm going to look at the NSS
databases directly. Anything in there is suspect and this will help
future-proof us.
certmonger may be tracking other certificates but we only care about
a subset of them, so don't complain if there are other tracked certificates.
This reads the certmonger files directly so the service doesn't need
to be started.
https://fedorahosted.org/freeipa/ticket/2702
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 6d1e6998c..70e5153d7 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -52,6 +52,7 @@ from ipaserver.install import sysupgrade from ipaserver.install import service, installutils from ipapython import version +from ipapython import certmonger from ipaserver.install.installutils import * from ipaserver.plugins.ldap2 import ldap2 @@ -527,7 +528,14 @@ def uninstall(): rv = 1 if has_state: - root_logger.warning('Some installation state has not been restored.\nThis will cause re-installation to fail.\nIt should be safe to remove /var/lib/ipa/sysrestore.state but it may\nmean your system hasn\'t be restored to its pre-installation state.') + root_logger.error('Some installation state has not been restored.\nThis may cause re-installation to fail.\nIt should be safe to remove /var/lib/ipa/sysrestore.state but it may\nmean your system hasn\'t be restored to its pre-installation state.') + + # Note that this name will be wrong after the first uninstall. + dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm)) + dirs = [dirname, dogtag.configured_constants().ALIAS_DIR, certs.NSS_DIR] + ids = certmonger.check_state(dirs) + if ids: + root_logger.error('Some certificates may still be tracked by certmonger.\nThis will cause re-installation to fail.\nStart the certmonger service and list the certificates being tracked\n # getcert list\nThese may be untracked by executing\n # getcert stop-tracking -i <request_id>\nfor each id in: %s' % ', '.join(ids)) return rv |