httpinstance.disable_system_trust: Don't fail if module 'Root Certs' … #655
Conversation
ipaserver/install/httpinstance.py
Outdated
| env={}, | ||
| capture_output=True) | ||
| except ipautil.CalledProcessError: | ||
| root_logger.debug( |
There was a problem hiding this comment.
This catches and ignores all call error. I would rather limit the exception to exit code 29:
$ mkdir /tmp/nssdb
$ certutil -N -d /tmp/nssdb/ --empty-password
$ modutil -dbdir /tmp/nssdb/ -force -list 'Root Certs'
ERROR: Module "Root Certs" not found in database.
$ echo $?
29
|
Hm, I believe the |
|
For the record: [slaznick@machine ~]$ sudo modutil -dbdir nssdb/ -disable 'Root Certs' -force
ERROR: Module "Root Certs" not found in database.
[slaznick@machine ~]$ echo $?
29
[slaznick@machine ~]$ |
|
@stlaz The broad except also catches and ignores typos in the command line or missing |
|
@tiran I of course agree on narrowing the broad except down, my point is we should rather remove the whole edit: I would like to better base it on return code rather than stderr string. |
|
@stlaz, you can't do just |
…is not available Server installation failed when attmpting to disable module 'Root Certs' and the module was not available in HTTP_ALIAS_DIR. When the module is not available there's no need to disable it and the error may be treated as success. https://pagure.io/freeipa/issue/6803
|
@HonzaCholasta You're right, I completely forgot about that one. |
|
This fixes the mentioned issue. I did not test whether the actual disable works but I should hope so as I don't see how this could break it. |
…is not available
Server installation failed when attmpting to disable module 'Root Certs' and
the module was not available in HTTP_ALIAS_DIR. When the module is not
available there's no need to disable it and the error may be treated as
success.
https://pagure.io/freeipa/issue/6803