Remove dogtag-ipa-retrieve-agent-submit.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>

freeipa.spec.in

@@ -635,7 +635,6 @@ fi
 %{_sbindir}/ipactl
 %{_sbindir}/ipa-upgradeconfig
 %{_sbindir}/ipa-advise
-%{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit
 %{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
 %{_libexecdir}/ipa-otpd
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached

install/certmonger/Makefile.am

@@ -2,7 +2,6 @@ NULL =
 
 appdir = $(libexecdir)/certmonger/
 app_SCRIPTS =					\
-	dogtag-ipa-retrieve-agent-submit	\
 	dogtag-ipa-ca-renew-agent-submit	\
 	$(NULL)
 

install/certmonger/dogtag-ipa-retrieve-agent-submit

@@ -1,92 +0,0 @@
-#!/usr/bin/python2 -E
-#
-# Authors:
-#   Rob Crittenden <rcritten@redhat.com>
-#
-# Copyright (C) 2012  Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# The certificate rewewal is done on only one dogtag CA. The others
-# retrieve the updated certificate from IPA.
-
-import os
-# Prevent garbage from readline on standard output
-# (see https://fedorahosted.org/freeipa/ticket/4064)
-if not os.isatty(1):
-    os.environ['TERM'] = 'dumb'
-import sys
-import shutil
-import tempfile
-import syslog
-import base64
-import traceback
-from ipalib import api
-from ipapython.dn import DN
-from ipalib import errors
-from ipalib import x509
-from ipapython import services as ipaservices
-from ipapython import ipautil
-from ipaserver.install import certs
-from ipaserver.plugins.ldap2 import ldap2
-
-def main():
-    # We cheat and pass in the nickname as the CA profile to execute against.
-    # Some way is needed to determine which entry to retrieve from LDAP
-    operation = os.environ.get('CERTMONGER_OPERATION')
-    nickname = os.environ.get('CERTMONGER_CA_PROFILE')
-
-    if operation not in ['SUBMIT', 'POLL']:
-        sys.exit(6) # unsupported operation
-
-    api.bootstrap(context='renew')
-    api.finalize()
-
-    # Update or add it
-    tmpdir = tempfile.mkdtemp(prefix = "tmp-")
-    try:
-        dn = DN(('cn', nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
-        principal = str('host/%s@%s' % (api.env.host, api.env.realm))
-        ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal)
-        conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
-        conn.connect(ccache=ccache)
-        try:
-            syslog.syslog(syslog.LOG_NOTICE, "Updating certificate for %s" % nickname)
-            entry_attrs = conn.get_entry(dn, ['usercertificate'])
-            cert = entry_attrs['usercertificate'][0]
-            cert = base64.b64encode(cert)
-            print x509.make_pem(cert)
-        except errors.NotFound:
-            syslog.syslog(syslog.LOG_INFO, "Updated certificate for %s not available" % nickname)
-            # No cert available yet, tell certmonger to wait another 8 hours
-            print 8 * 60 * 60
-            sys.exit(5)
-        finally:
-            conn.disconnect()
-    except Exception, e:
-        syslog.syslog(syslog.LOG_ERR, "Exception trying to retrieve %s: %s" % (nickname, e))
-        # Unhandled error
-        sys.exit(3)
-    finally:
-        shutil.rmtree(tmpdir)
-
-    sys.exit(0)
-
-try:
-    main()
-except Exception:
-    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
-    print "Internal error"
-    sys.exit(3)