Dogtag: Remove set_audit_renewal step

The step set_audit_renewal modifies Dogtag's caSignedLogCert.cfg to bump renewal to 2 years. The problem was fixed in Dogtag upstream in 2012 before Dogtag 10.0 came out, see f5b8ea5b08 The update step would also no longer work. Profiles have been migrated to LDAP several FreeIPA releases ago. pkispawn populates LDAP with all of Dogtag's default profiles. FreeIPA does not overwrite any existing profiles. Related: https://pagure.io/freeipa/issue/8521 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-09-25 11:53:28 +02:00
parent 9eccaf6269
commit 8882680ee1
2 changed files with 0 additions and 52 deletions
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -435,8 +435,6 @@ class CAInstance(DogtagInstance):
                              self.__import_ra_cert)

            if not ra_only:
-                self.step("setting audit signing renewal to 2 years", self.set_audit_renewal)
-                self.step("restarting certificate server", self.restart_instance)
                if not self.clone:
                    self.step("publishing the CA certificate",
                              self.__export_ca_chain)
@@ -1089,41 +1087,6 @@ class CAInstance(DogtagInstance):
        if stop_certmonger:
            services.knownservices.certmonger.stop()

-
-    def set_audit_renewal(self):
-        """
-        The default renewal time for the audit signing certificate is
-        six months rather than two years. Fix it. This is BZ 843979.
-        """
-        # Check the default validity period of the audit signing cert
-        # and set it to 2 years if it is 6 months.
-        cert_range = directivesetter.get_directive(
-            paths.CASIGNEDLOGCERT_CFG,
-            'policyset.caLogSigningSet.2.default.params.range',
-            separator='='
-        )
-        logger.debug(
-            'caSignedLogCert.cfg profile validity range is %s', cert_range)
-        if cert_range == "180":
-            directivesetter.set_directive(
-                paths.CASIGNEDLOGCERT_CFG,
-                'policyset.caLogSigningSet.2.default.params.range',
-                '720',
-                quotes=False,
-                separator='='
-            )
-            directivesetter.set_directive(
-                paths.CASIGNEDLOGCERT_CFG,
-                'policyset.caLogSigningSet.2.constraint.params.range',
-                '720',
-                quotes=False,
-                separator='='
-            )
-            logger.debug(
-                'updated caSignedLogCert.cfg profile validity range to 720')
-            return True
-        return False
-
    def is_renewal_master(self, fqdn=None):
        if fqdn is None:
            fqdn = api.env.host