Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define template version in certmap.conf #412

Closed
wants to merge 1 commit into from
Closed

Define template version in certmap.conf #412

wants to merge 1 commit into from

Conversation

flo-renaud
Copy link
Contributor

@flo-renaud flo-renaud commented Jan 24, 2017
edited by MartinBasti

A previous commit (ffb9a09) removed the
definition of VERSION 2 in certmap.conf.template.

ipa-server-upgrade tool compares the template version with the version in
certmap.conf. As VERSION is not defined in either file, it concludes that
version = 0 for both and does not make a backup of certmap.conf even though
it prints that it will.

The fix re-defines VERSION in the template and adapts the code because the
template has changed (it is using $ISSUER_DN instead of
CN=Certificate Authority,$SUBJECT_BASE).

The fix also logs an error when a template file is not versioned.

https://fedorahosted.org/freeipa/ticket/6354

frasertweedale
frasertweedale reviewed Jan 30, 2017
View reviewed changes
ipaserver/install/server/upgrade.py
@@ -1562,7 +1565,7 @@ def upgrade_configuration():

subject_base = find_subject_base()
if subject_base:
sub_dict['SUBJECT_BASE'] = subject_base
sub_dict['ISSUER_DN'] = 'CN=Certificate Authority,' + subject_base
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I missed this in "full customisation for subject DN" patchset. Good pickup.

@flo-renaud
Copy link
Contributor Author

Bump for review

@tkrizek tkrizek self-assigned this Feb 23, 2017
@tkrizek
Copy link
Contributor

tkrizek commented Feb 23, 2017

Works as expected.

@tkrizek tkrizek added the ack Pull Request approved, can be merged label Feb 23, 2017
@MartinBasti
Copy link
Contributor

needs rebase

@flo-renaud
Define template version in certmap.conf
6293651 
A previous commit (ffb9a09) removed the
definition of VERSION 2 in certmap.conf.template.

ipa-server-upgrade tool compares the template version with the version in
certmap.conf. As VERSION is not defined in either file, it concludes that
version = 0 for both and does not make a backup of certmap.conf even though
it prints that it will.

The fix re-defines VERSION in the template and adapts the code because the
template has changed (it is using $ISSUER_DN instead of
CN=Certificate Authority,$SUBJECT_BASE).

The fix also logs an error when a template file is not versioned.

https://fedorahosted.org/freeipa/ticket/6354
@flo-renaud
Copy link
Contributor Author

Hi @MartinBasti ,
patch rebased

@MartinBasti
Copy link
Contributor

master:

  • c493204 Define template version in certmap.conf

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Mar 1, 2017
@MartinBasti MartinBasti closed this Mar 1, 2017
@flo-renaud flo-renaud deleted the t6354 branch March 14, 2017 07:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frasertweedale frasertweedale frasertweedale left review comments

Assignees

@tkrizek tkrizek

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
4 participants
@flo-renaud @tkrizek @MartinBasti @frasertweedale