ipa-backup: backup the PKCS module config files setup by IPA

ipa installer creates /etc/pkcs11/modules/softhsm2.module in order to disable global p11-kit configuration for NSS. This file was not included in the backups, and not restored. The fix adds the file to the list of files to include in a backup. Fixes: https://pagure.io/freeipa/issue/8073 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-01-26 16:16:31 -06:00 · 2019-09-19 15:21:52 +02:00 · 2019-09-19 15:21:52 +02:00 · 055ea253df
commit 055ea253df
parent c11fd328bc
3 changed files with 13 additions and 1 deletions
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@ -338,6 +338,11 @@ class BaseTaskNamespace:
        """
        raise NotImplementedError

+    def get_pkcs11_modules(self):
+        """Return the list of module config files setup by IPA.
+        """
+        return ()
+
    def configure_nsswitch_database(self, fstore, database, services,
                                    preserve=True, append=True,
                                    default_value=()):
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@ -744,6 +744,13 @@ class RedHatTaskNamespace(BaseTaskNamespace):

        return filenames

+    def get_pkcs11_modules(self):
+        """Return the list of module config files setup by IPA
+        """
+        return tuple(os.path.join(paths.ETC_PKCS11_MODULES_DIR,
+                                  "{}.module".format(name))
+                     for name, _module, _disabled in PKCS11_MODULES)
+
    def enable_ldap_automount(self, statestore):
        """
        Point automount to ldap in nsswitch.conf.
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@ -194,7 +194,7 @@ class Backup(admintool.AdminTool):
    ) + tuple(
        os.path.join(paths.IPA_NSSDB_DIR, file)
        for file in (certdb.NSS_DBM_FILES + certdb.NSS_SQL_FILES)
-    )
+    ) + tasks.get_pkcs11_modules()

    logs=(
      paths.VAR_LOG_PKI_DIR,