Support opendnssec 2.1.6

The installation of IPA DNS server is using ods-ksmutil, but openddnssec 2.1.6 does not ship any more /usr/bin/ods-ksmutil. The tool is replaced by /usr/sbin/ods-enforcer and /usr/sbin/ods-enforcer-db-setup. The master branch currently supports fedora 30+, but fedora 30 and 31 are still shipping opendnssec 1.4 while fedora 32+ is shipping opendnssec 2.1.6. Because of this, the code needs to check at run-time if the ods-ksmutil command is available. If the file is missing, the code falls back to the new ods-enforcer and ods-enforcer-db-setup commands. This commit defines paths.ODS_ENFORCER and paths.ODS_ENFORCER_DB_SETUP for all platforms, but the commands are used only if ods-ksmutil is not found. Fixes: https://pagure.io/freeipa/issue/8214 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-03-02 16:49:48 +01:00 · 2020-03-02 16:49:48 +01:00 · 7ae1352c72
commit 7ae1352c72
parent b88562b2c8
3 changed files with 6 additions and 6 deletions
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@ -191,8 +191,8 @@ class BasePathNamespace:
    NSUPDATE = "/usr/bin/nsupdate"
    ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
    ODS_SIGNER = "/usr/sbin/ods-signer"
-    ODS_ENFORCER = None
-    ODS_ENFORCER_DB_SETUP = None
+    ODS_ENFORCER = "/usr/sbin/ods-enforcer"
+    ODS_ENFORCER_DB_SETUP = "/usr/sbin/ods-enforcer-db-setup"
    OPENSSL = "/usr/bin/openssl"
    PK12UTIL = "/usr/bin/pk12util"
    SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@ -290,9 +290,11 @@ class BaseTaskNamespace:
    def run_ods_setup(self):
        """Initialize a new kasp.db
        """
-        if paths.ODS_KSMUTIL is not None:
+        if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
+            # OpenDNSSEC 1.4
            cmd = [paths.ODS_KSMUTIL, 'setup']
        else:
+            # OpenDNSSEC 2.x
            cmd = [paths.ODS_ENFORCER_DB_SETUP]
        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)

@ -305,7 +307,7 @@ class BaseTaskNamespace:
        """
        assert params[0] != 'setup'

-        if paths.ODS_KSMUTIL is not None:
+        if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
            # OpenDNSSEC 1.4
            cmd = [paths.ODS_KSMUTIL]
        else:
--- a/ipaplatform/debian/paths.py
+++ b/ipaplatform/debian/paths.py
@ -68,8 +68,6 @@ class DebianPathNamespace(BasePathNamespace):
    SBIN_SERVICE = "/usr/sbin/service"
    CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
    ODS_KSMUTIL = None
-    ODS_ENFORCER = "/usr/sbin/ods-enforcer"
-    ODS_ENFORCER_DB_SETUP = "/usr/sbin/ods-enforcer-db-setup"
    UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
    BIND_LDAP_DNS_IPA_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/"
    BIND_LDAP_DNS_ZONE_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/master/"