mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 00:41:25 -06:00
045b6e6ed9
dogtag opens its NSS database in read/write mode so we need to be very careful during renewal that we don't also open it up read/write. We basically need to serialize access to the database. certmonger does the majority of this work via internal locking from the point where it generates a new key/submits a rewewal through the pre_save and releases the lock after the post_save command. This lock is held per NSS database so we're save from certmonger. dogtag needs to be shutdown in the pre_save state so certmonger can safely add the certificate and we can manipulate trust in the post_save command. Fix a number of bugs in renewal. The CA wasn't actually being restarted at all due to a naming change upstream. In python we need to reference services using python-ish names but the service is pki-cad. We need a translation for non-Fedora systems as well. Update the CA ou=People entry when he CA subsystem certificate is renewed. This certificate is used as an identity certificate to bind to the DS instance. https://fedorahosted.org/freeipa/ticket/3292 https://fedorahosted.org/freeipa/ticket/3322
20 lines
413 B
Makefile
20 lines
413 B
Makefile
NULL =
|
|
|
|
appdir = $(libdir)/ipa/certmonger
|
|
app_DATA = \
|
|
restart_dirsrv \
|
|
restart_httpd \
|
|
restart_pkicad \
|
|
renew_ca_cert \
|
|
renew_ra_cert \
|
|
stop_pkicad \
|
|
$(NULL)
|
|
|
|
EXTRA_DIST = \
|
|
$(app_DATA) \
|
|
$(NULL)
|
|
|
|
MAINTAINERCLEANFILES = \
|
|
*~ \
|
|
Makefile.in
|