From 872d5903d0d278914d740575b4ef92fa75c44a45 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Tue, 23 Feb 2016 12:10:34 +0100
Subject: [PATCH] Move freeipa certmonger helpers to libexecdir.

The scripts in this directory are simple python scripts, nothing arch-specific
in them. Having them under libexec would simplify the code a bit too, since
there would be no need to worry about lib vs lib64 (which also cause trouble
on Debian).

https://fedorahosted.org/freeipa/ticket/5586

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 freeipa.spec.in                     |  4 ++--
 install/restart_scripts/Makefile.am |  2 +-
 ipaplatform/base/paths.py           |  2 +-
 ipapython/certmonger.py             | 13 ++-----------
 ipaserver/install/certs.py          |  6 +-----
 ipaserver/install/server/upgrade.py |  8 ++------
 6 files changed, 9 insertions(+), 26 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 48fec9742..74b260b5d 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1019,8 +1019,8 @@ fi
 %attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
 %config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf
-%dir %{_libdir}/ipa/certmonger
-%attr(755,root,root) %{_libdir}/ipa/certmonger/*
+%dir %{_libexecdir}/ipa/certmonger
+%attr(755,root,root) %{_libexecdir}/ipa/certmonger/*
 # NOTE: systemd specific section
 %attr(644,root,root) %{_unitdir}/ipa.service
 %attr(644,root,root) %{_unitdir}/ipa-otpd.socket
diff --git a/install/restart_scripts/Makefile.am b/install/restart_scripts/Makefile.am
index c4bf8195e..dd949a940 100644
--- a/install/restart_scripts/Makefile.am
+++ b/install/restart_scripts/Makefile.am
@@ -1,6 +1,6 @@
 NULL =
 
-appdir = $(libdir)/ipa/certmonger
+appdir = $(libexecdir)/ipa/certmonger
 app_DATA =                              \
 	restart_dirsrv			\
 	restart_httpd			\
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index ee383711a..bdff4f393 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -149,7 +149,7 @@ class BasePathNamespace(object):
     TMP_CA_P12 = "/tmp/ca.p12"
     TMP_KRB5CC = "/tmp/krb5cc_%d"
     USR_DIR = "/usr"
-    CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s"
+    CERTMONGER_COMMAND_TEMPLATE = "/usr/libexec/ipa/certmonger/%s"
     PKCS12EXPORT = "/usr/bin/PKCS12Export"
     CERTUTIL = "/usr/bin/certutil"
     CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index effb7bb15..db0360fce 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -25,7 +25,6 @@
 from __future__ import print_function
 
 import os
-import sys
 import time
 import dbus
 import shlex
@@ -497,19 +496,11 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
         params['KEY_PIN_FILE'] = os.path.abspath(pinfile)
     if pre_command:
         if not os.path.isabs(pre_command):
-            if sys.maxsize > 2**32:
-                libpath = 'lib64'
-            else:
-                libpath = 'lib'
-            pre_command = certmonger_cmd_template % (libpath, pre_command)
+            pre_command = certmonger_cmd_template % (pre_command)
         params['cert-presave-command'] = pre_command
     if post_command:
         if not os.path.isabs(post_command):
-            if sys.maxsize > 2**32:
-                libpath = 'lib64'
-            else:
-                libpath = 'lib'
-            post_command = certmonger_cmd_template % (libpath, post_command)
+            post_command = certmonger_cmd_template % (post_command)
         params['cert-postsave-command'] = post_command
     if profile:
         params['ca-profile'] = profile
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index f74b76090..c220ffdb3 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -296,11 +296,7 @@ class CertDB(object):
         /usr/lib[64]/ipa/certmonger.
         """
         if command is not None and not os.path.isabs(command):
-            if sys.maxsize > 2**32:
-                libpath = 'lib64'
-            else:
-                libpath = 'lib'
-            command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command)
+            command = paths.CERTMONGER_COMMAND_TEMPLATE % (command)
         try:
             request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command)
         except RuntimeError as e:
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 1b6b0cd3a..d6e6b2e0d 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -797,16 +797,12 @@ def certificate_renewal_update(ca, ds, http):
     Update certmonger certificate renewal configuration.
     """
 
-    if sys.maxsize > 2**32:
-        libpath = 'lib64'
-    else:
-        libpath = 'lib'
-    template = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, '%s')
+    template = paths.CERTMONGER_COMMAND_TEMPLATE
     serverid = installutils.realm_to_serverid(api.env.realm)
     dirsrv_dir = dsinstance.config_dirname(serverid)
 
     # bump version when requests is changed
-    version = 4
+    version = 5
     requests = (
         (
             paths.PKI_TOMCAT_ALIAS_DIR,