mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
This commit is contained in:
parent
75fd43a8ef
commit
44a774c3cb
1
debian/changelog
vendored
1
debian/changelog
vendored
@ -21,6 +21,7 @@ freeipa (4.1.4-1) UNRELEASED; urgency=medium
|
|||||||
* control: Server needs newer python-ldap, bump build-dep too.
|
* control: Server needs newer python-ldap, bump build-dep too.
|
||||||
* control: Bump certmonger depends.
|
* control: Bump certmonger depends.
|
||||||
* control: Bump python-nss depends.
|
* control: Bump python-nss depends.
|
||||||
|
* freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
|
||||||
|
|
||||||
-- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 13:16:49 +0300
|
-- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 13:16:49 +0300
|
||||||
|
|
||||||
|
1
debian/freeipa-client.dirs
vendored
1
debian/freeipa-client.dirs
vendored
@ -1,3 +1,4 @@
|
|||||||
etc/ipa
|
etc/ipa
|
||||||
|
etc/ipa/nssdb
|
||||||
etc/pki/nssdb
|
etc/pki/nssdb
|
||||||
var/lib/ipa-client/sysrestore
|
var/lib/ipa-client/sysrestore
|
||||||
|
13
debian/freeipa-client.postinst
vendored
13
debian/freeipa-client.postinst
vendored
@ -2,14 +2,23 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ "$1" = configure ]; then
|
if [ "$1" = configure ]; then
|
||||||
if [ ! -e /etc/pki/nssdb ]; then
|
if [ ! -f /etc/pki/nssdb/cert8.db ]; then
|
||||||
tmp=$(mktemp) || exit
|
tmp=$(mktemp) || exit
|
||||||
printf "\n" > $tmp
|
printf "\n" > $tmp
|
||||||
mkdir -p /etc/pki/nssdb
|
|
||||||
certutil -N -d /etc/pki/nssdb -f $tmp
|
certutil -N -d /etc/pki/nssdb -f $tmp
|
||||||
chmod 644 /etc/pki/nssdb/*
|
chmod 644 /etc/pki/nssdb/*
|
||||||
rm $tmp
|
rm $tmp
|
||||||
fi
|
fi
|
||||||
|
if [ ! -f /etc/ipa/nssdb/cert8.db ]; then
|
||||||
|
python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1
|
||||||
|
tmp=$(mktemp) || exit
|
||||||
|
if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
|
||||||
|
certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
|
||||||
|
elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
|
||||||
|
certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
|
||||||
|
fi
|
||||||
|
rm -f "$tmp"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -e /run/ipa ]; then
|
if [ ! -e /run/ipa ]; then
|
||||||
|
7
debian/freeipa-client.postrm
vendored
7
debian/freeipa-client.postrm
vendored
@ -7,6 +7,13 @@ if [ "$1" = purge ]; then
|
|||||||
rm -f /etc/pki/nssdb/cert8.db \
|
rm -f /etc/pki/nssdb/cert8.db \
|
||||||
/etc/pki/nssdb/key3.db \
|
/etc/pki/nssdb/key3.db \
|
||||||
/etc/pki/nssdb/secmod.db
|
/etc/pki/nssdb/secmod.db
|
||||||
|
rm -f /etc/ipa/nssdb/cert8.db \
|
||||||
|
/etc/ipa/nssdb/key3.db \
|
||||||
|
/etc/ipa/nssdb/pwdfile.txt \
|
||||||
|
/etc/ipa/nssdb/secmod.db
|
||||||
|
rmdir /etc/pki/nssdb
|
||||||
|
rmdir /etc/ipa/nssdb
|
||||||
|
rmdir /etc/ipa
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#DEBHELPER#
|
#DEBHELPER#
|
||||||
|
Loading…
Reference in New Issue
Block a user