Always define the path DNSSEC_OPENSSL_CONF

The variable was None by default and set to /etc/ipa/dnssec/openssl.cnf for fedora only because the code is specific to the support of pkcs11 engine for bind. As a consequence ipa-backup had a "None" value in the list of files to backup and failed on Exception. ipa-backup code is able to handle missing files, and the code using the pkcs11 engine is called only when NAMED_OPENSSL_ENGINE is set (only in fedora so far). It is safe to always define a value for DNSSEC_OPENSSL_CONF even on os where it does not exist. The fix also improves the method used to verify that a path exists. Fixes: https://pagure.io/freeipa/issue/8597 Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2025-02-25 18:55:28 -06:00 · 2020-11-25 16:28:36 +01:00
parent f777314e5c
commit 3b007b7bba
3 changed files with 2 additions and 3 deletions
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -626,7 +626,7 @@ class Backup(admintool.AdminTool):
    def file_backup(self, options):

        def verify_directories(dirs):
-            return [s for s in dirs if os.path.exists(s)]
+            return [s for s in dirs if s and os.path.exists(s)]

        self.tarfile = os.path.join(self.dir, 'files.tar')