mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
platform: use systemwide certificate store
This commit is contained in:
Timo Aaltonen
7
debian/changelog
vendored
7
debian/changelog
vendored
@@ -42,8 +42,11 @@ freeipa (4.3.0-1) UNRELEASED; urgency=medium
|
||||
* server.postinst, tmpfile: Create state directories for
|
||||
mod_auth_gssapi.
|
||||
* fix-kdcproxy-paths.diff: Fix paths in kdcproxy configs.
|
||||
* add-debian-platform.diff: Update paths.py to include all variables,
|
||||
comment out ones we don't modify.
|
||||
* add-debian-platform.diff:
|
||||
- Update paths.py to include all variables, comment out ones we don't
|
||||
modify.
|
||||
- Use systemwide certificate store; put ipa-ca.crt in
|
||||
/usr/local/share/ca-certificates, and run update-ca-certificates
|
||||
* rules, server.install: Install scripts under /usr/lib instead of
|
||||
multiarch path to avoid hacking the code too much.
|
||||
* fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in
|
||||
|
||||
12
debian/patches/add-debian-platform.diff
vendored
12
debian/patches/add-debian-platform.diff
vendored
@@ -131,7 +131,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
|
||||
+# PAM_LDAP_CONF = "/etc/pam_ldap.conf"
|
||||
+# PASSWD = "/etc/passwd"
|
||||
+# SYSTEMWIDE_IPA_CA_CRT = "/etc/pki/ca-trust/source/anchors/ipa-ca.crt"
|
||||
+# IPA_P11_KIT = "/etc/pki/ca-trust/source/ipa.p11-kit"
|
||||
+ IPA_P11_KIT = "/usr/local/share/ca-certificates/ipa-ca.crt"
|
||||
+# NSS_DB_DIR = "/etc/pki/nssdb"
|
||||
+# PKI_TOMCAT = "/etc/pki/pki-tomcat"
|
||||
+# PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
|
||||
@@ -217,7 +217,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
|
||||
+# SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
|
||||
+# SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
|
||||
+# BIN_TIMEOUT = "/usr/bin/timeout"
|
||||
+# UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
|
||||
+ UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
|
||||
+# BIN_CURL = "/usr/bin/curl"
|
||||
+# ZIP = "/usr/bin/zip"
|
||||
+ BIND_LDAP_SO = "/usr/share/doc/bind9-dyndb-ldap/copyright"
|
||||
@@ -592,7 +592,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
|
||||
+knownservices = DebianServices()
|
||||
--- /dev/null
|
||||
+++ b/ipaplatform/debian/tasks.py
|
||||
@@ -0,0 +1,53 @@
|
||||
@@ -0,0 +1,47 @@
|
||||
+# Authors:
|
||||
+# Timo Aaltonen <tjaalton@ubuntu.com>
|
||||
+#
|
||||
@@ -636,12 +636,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
|
||||
+ def modify_pam_to_use_krb5(self, statestore):
|
||||
+ return True
|
||||
+
|
||||
+ def insert_ca_cert_into_systemwide_ca_store(self, ca_certs):
|
||||
+ return True
|
||||
+
|
||||
+ def remove_ca_certs_from_systemwide_ca_store(self):
|
||||
+ return True
|
||||
+
|
||||
+ def restore_network_configuration(self, fstore, statestore):
|
||||
+ return True
|
||||
+
|
||||
|
||||
Reference in New Issue
Block a user