Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1003326 - generate pulp CA on initial install. #627

Merged
merged 4 commits into from Sep 25, 2013

Conversation

Projects
None yet
2 participants
@jortel
Copy link
Contributor

commented Sep 19, 2013

pulp-dev.py Outdated
os.system('chown -R apache:apache /etc/pki/pulp')
# Generate certificates
print 'generating certificates'
os.system('server/bin/pulp-gen-ca-certificate')

This comment has been minimized.

Copy link
@mhrivnak

mhrivnak Sep 25, 2013

Contributor

both of these paths should be joined with the currdir value

@@ -0,0 +1,61 @@
#!/bin/bash
# Copyright (c) 2012 Red Hat, Inc.

This comment has been minimized.

Copy link
@mhrivnak

mhrivnak Sep 25, 2013

Contributor

It's 2013 ;)

pulp.spec Outdated
/srv/%{name}/webservices.wsgi
%ghost %{_sysconfdir}/pki/%{name}/ca.key

This comment has been minimized.

Copy link
@mhrivnak

mhrivnak Sep 25, 2013

Contributor

Should these be owned by root instead of apache? It seems like we don't want apache to be able to write to these files, from a security standpoint, for the same reasons we don't want apache to have write access to the code it's executing.

This comment has been minimized.

Copy link
@jortel

jortel Sep 25, 2013

Author Contributor

Agreed. root should own these.

# install
cp $TMP/ca.key $CA_KEY
cp $TMP/ca.crt $CA_CRT
chown apache:apache $CA_KEY

This comment has been minimized.

Copy link
@mhrivnak

mhrivnak Sep 25, 2013

Contributor

same question as above: should these be owned by root instead of apache?

@ghost ghost assigned jortel Sep 25, 2013

@mhrivnak

This comment has been minimized.

Copy link
Contributor

commented Sep 25, 2013

LGTM

jortel added a commit that referenced this pull request Sep 25, 2013

Merge pull request #627 from pulp/jortel-1003326
1003326 - generate pulp CA on initial install.

@jortel jortel merged commit 2cf107c into master Sep 25, 2013

@jortel jortel deleted the jortel-1003326 branch Sep 25, 2013

@jortel jortel restored the jortel-1003326 branch Sep 25, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.