Replace nss.conf with zero-length file instead of removing

Empty nss.conf avoids recreation of nss.conf in case `mod_nss` package is reinstalled. It is needed because by default (e.g. recreated) nss.conf has `Listen 8443` while this port is used by dogtag. Fixes: https://pagure.io/freeipa/issue/7745 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-12-11 14:00:25 +01:00
parent 18cac46092
commit f28a8177a9
2 changed files with 23 additions and 4 deletions
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -226,7 +226,9 @@ class HTTPInstance(service.Service):

    def disable_nss_conf(self):
        """
-        Backs up and removes the original nss.conf file.
+        Backs up the original nss.conf file and replace it with the empty one.
+        Empty file avoids recreation of nss.conf in case the package is
+        reinstalled.

        There is no safe way to co-exist since there is no safe port
        to make mod_nss use, disable it completely.
@@ -236,7 +238,8 @@ class HTTPInstance(service.Service):
            # (mod_nss -> mod_ssl upgrade scenario)
            if not self.fstore.has_file(paths.HTTPD_NSS_CONF):
                self.fstore.backup_file(paths.HTTPD_NSS_CONF)
-            installutils.remove_file(paths.HTTPD_NSS_CONF)
+
+        open(paths.HTTPD_NSS_CONF, 'w').close()

    def set_mod_ssl_protocol(self):
        directivesetter.set_directive(paths.HTTPD_SSL_CONF,
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -144,8 +144,12 @@ class Restore(admintool.AdminTool):
        paths.DNSSEC_TOKENS_DIR,
    ]

-    FILES_TO_BE_REMOVED = [
-        paths.HTTPD_NSS_CONF,
+    FILES_TO_BE_REMOVED = []
+
+    # files listed here cannot be removed and these files will be
+    # replaced with zero-length files
+    FILES_TO_BE_CLEARED = [
+        paths.HTTPD_NSS_CONF
    ]

    def __init__(self, options, args):
@@ -404,6 +408,7 @@ class Restore(admintool.AdminTool):
            # We do either a full file restore or we restore data.
            if restore_type == 'FULL':
                self.remove_old_files()
+                self.clear_old_files()
                self.cert_restore_prepare()
                self.file_restore(options.no_logs)
                self.cert_restore()
@@ -721,6 +726,17 @@ class Restore(admintool.AdminTool):
                if e.errno != 2:  # 2: file does not exist
                    logger.warning("Could not remove file: %s (%s)", f, e)

+    def clear_old_files(self):
+        """
+        Replace exist files that cannot be removed with zero-length files
+        before backup
+        """
+        for f in self.FILES_TO_BE_CLEARED:
+            if os.access(f, os.W_OK):
+                open(f, 'w').close()
+            else:
+                logger.warning('Could not open file for writing: %s', f)
+
    def file_restore(self, nologs=False):
        '''
        Restore all the files in the tarball.