freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.

This commit is contained in:
Timo Aaltonen 2015-09-24 06:10:10 +03:00
parent 75fd43a8ef
commit 44a774c3cb
4 changed files with 20 additions and 2 deletions

1
debian/changelog vendored
View File

@ -21,6 +21,7 @@ freeipa (4.1.4-1) UNRELEASED; urgency=medium
* control: Server needs newer python-ldap, bump build-dep too. * control: Server needs newer python-ldap, bump build-dep too.
* control: Bump certmonger depends. * control: Bump certmonger depends.
* control: Bump python-nss depends. * control: Bump python-nss depends.
* freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 13:16:49 +0300 -- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 13:16:49 +0300

View File

@ -1,3 +1,4 @@
etc/ipa etc/ipa
etc/ipa/nssdb
etc/pki/nssdb etc/pki/nssdb
var/lib/ipa-client/sysrestore var/lib/ipa-client/sysrestore

View File

@ -2,14 +2,23 @@
set -e set -e
if [ "$1" = configure ]; then if [ "$1" = configure ]; then
if [ ! -e /etc/pki/nssdb ]; then if [ ! -f /etc/pki/nssdb/cert8.db ]; then
tmp=$(mktemp) || exit tmp=$(mktemp) || exit
printf "\n" > $tmp printf "\n" > $tmp
mkdir -p /etc/pki/nssdb
certutil -N -d /etc/pki/nssdb -f $tmp certutil -N -d /etc/pki/nssdb -f $tmp
chmod 644 /etc/pki/nssdb/* chmod 644 /etc/pki/nssdb/*
rm $tmp rm $tmp
fi fi
if [ ! -f /etc/ipa/nssdb/cert8.db ]; then
python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1
tmp=$(mktemp) || exit
if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
fi
rm -f "$tmp"
fi
fi fi
if [ ! -e /run/ipa ]; then if [ ! -e /run/ipa ]; then

View File

@ -7,6 +7,13 @@ if [ "$1" = purge ]; then
rm -f /etc/pki/nssdb/cert8.db \ rm -f /etc/pki/nssdb/cert8.db \
/etc/pki/nssdb/key3.db \ /etc/pki/nssdb/key3.db \
/etc/pki/nssdb/secmod.db /etc/pki/nssdb/secmod.db
rm -f /etc/ipa/nssdb/cert8.db \
/etc/ipa/nssdb/key3.db \
/etc/ipa/nssdb/pwdfile.txt \
/etc/ipa/nssdb/secmod.db
rmdir /etc/pki/nssdb
rmdir /etc/ipa/nssdb
rmdir /etc/ipa
fi fi
#DEBHELPER# #DEBHELPER#