Commit Graph

8 Commits

Author SHA1 Message Date
Tomas Babej
c7edd7b68c ipaplatform: Remove redundant imports of ipaservices
Also fixes few incorrect imports.

https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-16 19:48:20 +02:00
Tomas Babej
49fcd42f8f ipaplatform: Change service code in freeipa to use ipaplatform services
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-16 19:48:19 +02:00
Jan Cholasta
8e98690409 Log unhandled exceptions in certificate renewal scripts.
https://fedorahosted.org/freeipa/ticket/4093

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-03-10 18:41:10 +01:00
Martin Kosek
554d43d689 Revert restart scripts file permissions change
Previous commit accidentally added executable permission to
restart_pkicad and stop_pkicad.
2014-01-08 09:54:53 +01:00
Jan Cholasta
911f5e9eb7 PKI service restart after CA renewal failed
Fix both the service restart procedure and registration of old
pki-cad well known service name.

This patch was adapted from original patch of Jan Cholasta 178 to
fix ticket 4092.

https://fedorahosted.org/freeipa/ticket/4092
2014-01-08 09:47:23 +01:00
Xiao-Long Chen
5e96fbc22a Use /usr/bin/python2
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.

FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2

https://fedorahosted.org/freeipa/ticket/3438

Updated by pviktori@redhat.com
2014-01-03 09:46:05 +01:00
Jan Cholasta
3f053437c9 Do actually stop pki_cad in stop_pkicad instead of starting it.
https://fedorahosted.org/freeipa/ticket/3554
2013-04-09 16:22:23 +02:00
Rob Crittenden
045b6e6ed9 Use new certmonger locking to prevent NSS database corruption.
dogtag opens its NSS database in read/write mode so we need to be very
careful during renewal that we don't also open it up read/write. We
basically need to serialize access to the database. certmonger does the
majority of this work via internal locking from the point where it generates
a new key/submits a rewewal through the pre_save and releases the lock after
the post_save command. This lock is held per NSS database so we're save
from certmonger. dogtag needs to be shutdown in the pre_save state so
certmonger can safely add the certificate and we can manipulate trust
in the post_save command.

Fix a number of bugs in renewal. The CA wasn't actually being restarted
at all due to a naming change upstream. In python we need to reference
services using python-ish names but the service is pki-cad. We need a
translation for non-Fedora systems as well.

Update the CA ou=People entry when he CA subsystem certificate is
renewed. This certificate is used as an identity certificate to bind
to the DS instance.

https://fedorahosted.org/freeipa/ticket/3292
https://fedorahosted.org/freeipa/ticket/3322
2013-01-29 11:16:38 -05:00