NSSDB: Let certutil decide its default db type

CertDB no longer makes any assumptions about the default db type of a NSS DB. Instead it let's certutil decide when dbtype is set to 'auto'. This makes it much easier to support F27 and F28 from a single code base. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-02-08 13:40:34 +01:00
parent c5fb6c8502
commit 492e3c9b1e
7 changed files with 89 additions and 35 deletions
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -35,7 +35,6 @@ from six import StringIO

 from ipapython import ipautil
 from ipaplatform.paths import paths
-from ipaplatform.constants import constants
 from ipapython.dn import DN
 from ipalib import errors
 from ipalib.util import get_reverse_zone_default, verify_host_resolvable
@@ -1267,9 +1266,8 @@ def run_server_del(host, server_to_delete, force=False,

 def run_certutil(host, args, reqdir, dbtype=None,
                 stdin=None, raiseonerr=True):
-    if dbtype is None:
-        dbtype = constants.NSS_DEFAULT_DBTYPE
-    new_args = [paths.CERTUTIL, '-d', '{}:{}'.format(dbtype, reqdir)]
+    dbdir = reqdir if dbtype is None else '{}:{}'.format(dbtype, reqdir)
+    new_args = [paths.CERTUTIL, '-d', dbdir]
    new_args.extend(args)
    return host.run_command(new_args, raiseonerr=raiseonerr,
                            stdin_text=stdin)
--- a/ipatests/test_ipaplatform/test_importhook.py
+++ b/ipatests/test_ipaplatform/test_importhook.py
@@ -50,5 +50,5 @@ def test_importhook(mod, name):
    (os.path.join(DATA, 'os-release-ubuntu'), ['ubuntu', 'debian']),
 ])
 def test_parse_os_release(filename, expected_platforms):
-    parsed = metaimporter._parse_osrelease(filename)
+    parsed = metaimporter._parse_platform(filename)
    assert parsed == expected_platforms
--- a/ipatests/test_ipapython/test_certdb.py
+++ b/ipatests/test_ipapython/test_certdb.py
@@ -1,9 +1,21 @@
 import os

-from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
+import pytest

+from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
+from ipaplatform._importhook import metaimporter
+
+OSRELEASE = metaimporter.parse_osrelease()
 CERTNICK = 'testcert'

+if OSRELEASE['ID'] == 'fedora':
+    if int(OSRELEASE['VERSION_ID']) >= 28:
+        NSS_DEFAULT = 'sql'
+    else:
+        NSS_DEFAULT = 'dbm'
+else:
+    NSS_DEFAULT = None
+

 def create_selfsigned(nssdb):
    # create self-signed cert + key
@@ -137,3 +149,20 @@ def test_convert_db_nokey():
        assert nssdb.certdb in nssdb.filenames
        assert os.path.basename(nssdb.keydb) == 'key4.db'
        assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
+
+
+def test_auto_db():
+    with NSSDatabase() as nssdb:
+        assert nssdb.dbtype == 'auto'
+        assert nssdb.filenames is None
+        assert not nssdb.exists()
+        with pytest.raises(RuntimeError):
+            nssdb.list_certs()
+
+        nssdb.create_db()
+        assert nssdb.dbtype in ('dbm', 'sql')
+        if NSS_DEFAULT is not None:
+            assert nssdb.dbtype == NSS_DEFAULT
+        assert nssdb.filenames is not None
+        assert nssdb.exists()
+        nssdb.list_certs()