Issue6386 nss dir #143
Issue6386 nss dir #143
Conversation
tiran
force-pushed
the
issue6386_nss_dir
branch
from
3739cb8
to
92d50c2
Compare
| @@ -752,8 +751,7 @@ def forward(self, *args, **options): | |||
| error=_('Invalid vault type')) | |||
|
|
|||
| # initialize NSS database | |||
| current_dbdir = paths.IPA_NSSDB_DIR | |||
There was a problem hiding this comment.
NACK, current_dbdir is a global variable, the value must be changed here otherwise NSS initialization might explode later.
There was a problem hiding this comment.
No, it's not a global. The variable is only in the local scope. You are probably confusing the plugin with ipapython/nsslib.py.
There was a problem hiding this comment.
I stand corrected. But it looks suspicious anyway. I think that the original intent was to actually use nsslib.current_dbdir and that the local variable is used by mistake. But given that nobody complained about NSS initialization failures in vault so far, it is probably OK this way.
There was a problem hiding this comment.
I rather think the author of the code copy and pasted some code and kept the style.
| @@ -912,8 +910,7 @@ def forward(self, *args, **options): | |||
| vault_type = vault['ipavaulttype'][0] | |||
|
|
|||
| # initialize NSS database | |||
| current_dbdir = paths.IPA_NSSDB_DIR | |||
There was a problem hiding this comment.
NACK, same as above.
| @@ -518,6 +518,10 @@ def _finalize_core(self, **defaults): | |||
| self._merge_from_file(self.conf) | |||
| self._merge_from_file(self.conf_default) | |||
|
|
|||
| # Set nss_dir to nssdb directory in confdir | |||
| if 'nss_dir' not in self: | |||
| self.nss_dir = self._join('confdir', 'nssdb') | |||
There was a problem hiding this comment.
NACK, the default should be whatever is defined in ipaplatform.paths, changing the default is out of the scope of this fix.
|
NACK, see inline comments. |
tiran
force-pushed
the
issue6386_nss_dir
branch
from
92d50c2
to
aaf29bb
Compare
tiran
force-pushed
the
issue6386_nss_dir
branch
from
aaf29bb
to
4008a96
Compare
|
Please ack. |
|
Functional ACK. In the ticket, you mention other places where |
ipaclient plugins are now using nss_dir from api.env instead of hard-coded paths.IPA_NSSDB_DIR. Closes: https://fedorahosted.org/freeipa/ticket/6386 Signed-off-by: Christian Heimes <cheimes@redhat.com>
tiran
force-pushed
the
issue6386_nss_dir
branch
from
4008a96
to
648dc4f
Compare
|
I have fixed all places that don't depend on hard-coded paths. The other places are used for client enrolment and depend on hard-coded paths for sysrestore. Some places use the path before ipalib.api is initialized. |
|
OK, but you should at least make sure that where the code depends on hard-coded paths, the API is bootstrapped with a hard coded |
|
The other locations are used for FreeIPA installation and therefore out of scope for this change. |
|
Sure, just please keep this in mind for your other changes. |
|
I don't understand your comment. |
|
For example, if your |
|
No, #182 does not break |
|
Fixed upstream |
See https://fedorahosted.org/freeipa/ticket/6386