Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS

455064
2025-02-25 18:55:28 -06:00 · 2008-07-24 14:34:43 -04:00 · 2008-07-24 14:34:43 -04:00 · a19d27717a
commit a19d27717a
parent 4d88900c22
3 changed files with 16 additions and 8 deletions
--- a/ipa-server/ipa-install/ipa-replica-prepare
+++ b/ipa-server/ipa-install/ipa-replica-prepare
@ -165,7 +165,7 @@ def main():

    replica_fqdn = args[1]

-    if not ipautil.file_exists("/usr/share/ipa/serial") and not options.dirsrv_pin:
+    if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin:
        sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")

    print "Determining current realm name"
--- a/ipa-server/ipa-server.spec.in
+++ b/ipa-server/ipa-server.spec.in
@ -1,6 +1,6 @@
 Name:           ipa-server
 Version:        VERSION
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        IPA authentication server

 Group:          System Environment/Base
@ -89,6 +89,9 @@ if [ $1 = 1 ]; then
    /sbin/chkconfig --add ipa_kpasswd
    /sbin/chkconfig --add ipa_webgui
 fi
+if [ -e /usr/share/ipa/serial ]; then
+    mv /usr/share/ipa/serial /var/lib/ipa/ca_serialno
+fi
 /bin/touch /var/log/ipa_error.log
 /bin/chown apache /var/log/ipa_error.log
 /bin/chmod 600 /var/log/ipa_error.log
@ -168,6 +171,9 @@ fi
 %{_mandir}/man1/ipa-server-install.1.gz

 %changelog
+* Wed Jul 23 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
+- Move location of the self-signed CA serial number
+
 * Tue May  5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
 - Add ipa-upgradeconfig command and run it at post

--- a/ipa-server/ipaserver/certs.py
+++ b/ipa-server/ipaserver/certs.py
@ -24,6 +24,8 @@ import errno
 from ipa import sysrestore
 from ipa import ipautil

+CA_SERIALNO="/var/lib/ipa/ca_serialno"
+
 class CertDB(object):
    def __init__(self, dir, fstore=None):
        self.secdir = dir
@ -69,7 +71,7 @@ class CertDB(object):

        self.cur_serial = self.find_cacert_serial()
        try:
-            f=open("/usr/share/ipa/serial","w")
+            f=open(CA_SERIALNO,"w")
            f.write(str(self.cur_serial))
            f.close()
        except IOError, e:
@ -77,24 +79,24 @@ class CertDB(object):

    def next_serial(self):
        try:
-            f=open("/usr/share/ipa/serial","r")
+            f=open(CA_SERIALNO,"r")
            r = f.readline()
            try:
                self.cur_serial = int(r) + 1
            except ValueError:
-                raise RuntimeError("The value in /usr/share/ipa/serial is not an integer")
+                raise RuntimeError("The value in %s is not an integer" % CA_SERIALNO)
            f.close()
        except IOError, e:
            if e.errno == errno.ENOENT:
                self.cur_serial = 1000
-                f=open("/usr/share/ipa/serial","w")
+                f=open(CA_SERIALNO,"w")
                f.write(str(self.cur_serial))
                f.close()
            else:
                raise RuntimeError("Unable to determine serial number: %s" % str(e))

        try:
-            f=open("/usr/share/ipa/serial","w")
+            f=open(CA_SERIALNO,"w")
            f.write(str(self.cur_serial))
            f.close()
        except IOError, e:
@ -396,7 +398,7 @@ class CertDB(object):
        # This file implies that we have our own self-signed CA. Ensure
        # that it no longer exists (from previous installs, for example).
        try:
-            os.remove("/usr/share/ipa/serial")
+            os.remove(CA_SERIALNO)
        except:
            pass