freeipa/.gitignore
Christian Heimes beffa7bcda Move Custodia secrets handler to scripts
Implement the import and export handlers for Custodia keys as external
scripts. It's a prerequisite to drop DAC override permission and proper
SELinux rules for ipa-custodia.

Except for DMLDAP,  handlers no longer run as root but as handler
specific users with reduced privileges. The Dogtag-related handlers run
as pkiuser, which also help with HSM support.

The export and import handles are designed to be executed by sudo, too.
In the future, ipa-custodia could be executed as an unprivileged process
that runs the minimal helper scripts with higher privileges.

Fixes: https://pagure.io/freeipa/issue/6888
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-26 12:09:22 +02:00

183 lines
4.0 KiB
Plaintext

# Autotools files - generated by autoreconf -i
/m4
# gettext infrastructure
/ABOUT-NLS
/po/*.gmo
/po/*~
/po/ipa.pot
/po/Makefile.hack
/po/Makefile.in.in
/po/Makevars.template
/po/POTFILES
/po/POTFILES.in
/po/remove-potcdate.sed
/po/Rules-quot
/po/stamp-po
# In-tree build files
configure
config.h
config.h.in
Makefile
Makefile.in
.deps/
.libs/
*.la
*.lo
*.log
*.o
*.trs
*~
version.m4
aclocal.m4
autom4te.cache/
config.guess
config.log
config.rpath
config.status
config.sub
depcomp
install-sh
ltmain.sh
missing
stamp-h1
libtool
build/
compile
test-driver
freeipa-*.tar.gz
.tarball_name
.version
# Python compilation
*.pyc
py-compile
# Developer documentation
freeipa2-dev-doc
~/doc/guide/Makefile
# Root directory
/freeipa.spec
/dist/
/.tox/
/.cache/
/*/dist/
/RELEASE
/rpmbuild/
# Build
/ipasetup.py
/.wheelconstraints
*.egg-info
# Subdirectories
/daemons/dnssec/ipa-dnskeysyncd.service
/daemons/dnssec/ipa-ods-exporter.service
/daemons/dnssec/ipa-ods-exporter.socket
/daemons/ipa-kdb/ipa_kdb_tests
/daemons/ipa-kdb/tests/.dirstamp
/daemons/ipa-otpd/ipa-otpd
/daemons/ipa-otpd/ipa-otpd.socket
/daemons/ipa-otpd/ipa-otpd@.service
/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_tests
/daemons/ipa-slapi-plugins/ipa-extdom-extop/extdom_cmocka_tests
/daemons/ipa-slapi-plugins/libotp/t_hotp
/daemons/ipa-version.h
/daemons/test-driver
/po/test.po
/po/test_locale/xh_ZA/LC_MESSAGES/ipa.mo
/init/ipa_memcached
/init/systemd/ipa-custodia.service
/init/systemd/ipa.service
/init/systemd/ipa_memcached.service
/init/tmpfilesd/ipa.conf
!/install/ui/doc/Makefile.in
/install/ui/node_modules/
/install/ui/package-lock.json
# package-lock file can be commited, but it makes sense for npm packages.
# It stores informations about changes in node_modules. For now it is not
# very useful
# More info: https://docs.npmjs.com/files/package-lock.json
/install/ui/release
/install/ui/css/ipa.css
/install/ui/src/dojo
/install/ui/src/build
/install/ui/src/libs/loader.js
/install/ui/src/plugins
!/install/ui/doc/Makefile
/client/ipa-getkeytab
/client/ipa-join
/client/ipa-rmkeytab
/ipaplatform/override.py
/ipapython/version.py
/ipapython/.DEFAULT_PLUGINS
/ipatests/.cache/
# Python scripts with auto-generated shebang
ipa
makeaci
makeapi
client/ipa-certupdate
client/ipa-client-automount
client/ipa-client-install
daemons/dnssec/ipa-dnskeysyncd
daemons/dnssec/ipa-dnskeysync-replica
daemons/dnssec/ipa-ods-exporter
install/certmonger/dogtag-ipa-ca-renew-agent-submit
install/certmonger/ipa-server-guard
install/custodia/ipa-custodia-dmldap
install/custodia/ipa-custodia-pki-tomcat
install/custodia/ipa-custodia-pki-tomcat-wrapped
install/custodia/ipa-custodia-ra-agent
install/oddjob/com.redhat.idm.trust-fetch-domains
install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
install/restart_scripts/renew_ca_cert
install/restart_scripts/renew_kdc_cert
install/restart_scripts/renew_ra_cert
install/restart_scripts/renew_ra_cert_pre
install/restart_scripts/restart_dirsrv
install/restart_scripts/restart_httpd
install/restart_scripts/stop_pkicad
install/tools/ipa-adtrust-install
install/tools/ipa-advise
install/tools/ipa-backup
install/tools/ipa-cacert-manage
install/tools/ipa-ca-install
install/tools/ipa-compat-manage
install/tools/ipa-csreplica-manage
install/tools/ipactl
install/tools/ipa-crlgen-manage
install/tools/ipa-custodia
install/tools/ipa-custodia-check
install/tools/ipa-dns-install
install/tools/ipa-httpd-kdcproxy
install/tools/ipa-kra-install
install/tools/ipa-ldap-updater
install/tools/ipa-managed-entries
install/tools/ipa-nis-manage
install/tools/ipa-otptoken-import
install/tools/ipa-pkinit-manage
install/tools/ipa-pki-retrieve-key
install/tools/ipa-pki-wait-running
install/tools/ipa-replica-conncheck
install/tools/ipa-replica-install
install/tools/ipa-replica-manage
install/tools/ipa-replica-prepare
install/tools/ipa-restore
install/tools/ipa-server-certinstall
install/tools/ipa-server-install
install/tools/ipa-server-upgrade
install/tools/ipa-winsync-migrate
ipatests/i18n.py
ipatests/ipa-run-tests
ipatests/ipa-test-config
ipatests/ipa-test-task