IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
54fb1173f9
freeipa/install/Makefile.am
Christian Heimes beffa7bcda Move Custodia secrets handler to scripts 
Implement the import and export handlers for Custodia keys as external
scripts. It's a prerequisite to drop DAC override permission and proper
SELinux rules for ipa-custodia.

Except for DMLDAP,  handlers no longer run as root but as handler
specific users with reduced privileges. The Dogtag-related handlers run
as pkiuser, which also help with HSM support.

The export and import handles are designed to be executed by sudo, too.
In the future, ipa-custodia could be executed as an unprivileged process
that runs the minimal helper scripts with higher privileges.

Fixes: https://pagure.io/freeipa/issue/6888
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-26 12:09:22 +02:00

41 lines
1.3 KiB
Makefile
Raw Blame History

# This file will be processed with automake-1.7 to create Makefile.in
#
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
certmonger \
custodia \
html \
migration \
share \
ui \
tools \
updates \
restart_scripts \
wsgi \
oddjob \
$(NULL)
install-exec-local:
$(INSTALL) -d -m 700 $(DESTDIR)$(IPA_SYSCONF_DIR)/custodia
$(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/backup
$(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/gssproxy
$(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
$(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysupgrade
$(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa/pki-ca
$(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa/certs
$(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/private
$(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/passwds
uninstall-local:
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysupgrade
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/certs
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/private
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/passwds
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa
EXTRA_DIST = README.schema
Reference in New Issue View Git Blame Copy Permalink