Dogtag: Remove set_audit_renewal step

The step set_audit_renewal modifies Dogtag's caSignedLogCert.cfg to bump renewal to 2 years. The problem was fixed in Dogtag upstream in 2012 before Dogtag 10.0 came out, see f5b8ea5b08 The update step would also no longer work. Profiles have been migrated to LDAP several FreeIPA releases ago. pkispawn populates LDAP with all of Dogtag's default profiles. FreeIPA does not overwrite any existing profiles. Related: https://pagure.io/freeipa/issue/8521 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-09-25 11:53:28 +02:00
parent 9eccaf6269
commit 8882680ee1
2 changed files with 0 additions and 52 deletions
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -502,20 +502,6 @@ def ca_disable_publish_cert(ca):
    return True  # restart needed


-def upgrade_ca_audit_cert_validity(ca):
-    """
-    Update the Dogtag audit signing certificate.
-
-    Returns True if restart is needed, False otherwise.
-    """
-    logger.info('[Verifying that CA audit signing cert has 2 year validity]')
-    if ca.is_configured():
-        return ca.set_audit_renewal()
-    else:
-        logger.info('CA is not configured')
-        return False
-
-
 def ca_initialize_hsm_state(ca):
    """Initializse HSM state as False / internal token
    """
@@ -1774,7 +1760,6 @@ def upgrade_configuration():
    ca_restart = any([
        ca_restart,
        ca_upgrade_schema(ca),
-        upgrade_ca_audit_cert_validity(ca),
        certificate_renewal_update(ca, kra, ds, http),
        ca_enable_pkix(ca),
        ca_configure_profiles_acl(ca),