rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import ipa-4.9.2-4.module+el8.4.0+11156+94d209c1

Browse Source
This commit is contained in:
CentOS Sources 2021-06-29 10:02:42 -04:00 committed by Andrew Lukoshko
parent c837b107f7
commit aca3dbcb48
2 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
SOURCES/0011-Only-attempt-to-upgrade-ACME-configuration-files-if-_rhbz#1959984.patch Normal file
View File

@ -0,0 +1,54 @@
From 1aa3f7a7fd24c651aafde150351328148fd517be Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 6 May 2021 14:10:44 -0400
Subject: [PATCH] Only attempt to upgrade ACME configuration files if deployed
This can happen on upgrades from older deployments that lack
an ACME installation and don't meet the minimum requirements
to deploy one automatically.
Also don't consider missing ACME schema a total failure, just
log and skip it.
https://pagure.io/freeipa/issue/8832
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
ipaserver/install/server/upgrade.py | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index e60524084..75bf26b8e 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1122,7 +1122,8 @@ def ca_upgrade_schema(ca):
acme_schema_ldif = path
break
else:
- raise RuntimeError('ACME schema file not found')
+ logger.info('ACME schema is not available')
+ return False
schema_files=[
'/usr/share/pki/server/conf/schema-certProfile.ldif',
@@ -1530,6 +1531,16 @@ def ca_update_acme_configuration(ca, fqdn):
"""
Re-apply the templates in case anyting has been updated.
"""
+ logger.info('[Updating ACME configuration]')
+ if not os.path.isdir(os.path.join(paths.PKI_TOMCAT, 'acme')):
+ logger.info('ACME is not deployed, skipping')
+ return
+
+ if not os.path.exists(paths.PKI_ACME_ISSUER_CONF):
+ logger.info('ACME configuration file %s is missing',
+ paths.PKI_ACME_ISSUER_CONF)
+ return
+
password = directivesetter.get_directive(
paths.PKI_ACME_ISSUER_CONF,
'password',
--
2.31.1

9
SPECS/ipa.spec
View File

@ -128,7 +128,7 @@
%if 0%{?rhel} == 8
# PKIConnection has been modified to always validate certs.
# https://pagure.io/freeipa/issue/8379
%global pki_version 10.9.0-0.4
%global pki_version 10.10.5-2
%else
# New KRA profile, ACME support
# https://pagure.io/freeipa/issue/8545
@ -176,7 +176,7 @@
Name: %{package_name}
Version: %{IPA_VERSION}
Release: 3%{?rc_version:.%rc_version}%{?dist}
Release: 4%{?rc_version:.%rc_version}%{?dist}
Summary: The Identity, Policy and Audit system
License: GPLv3+
@ -206,6 +206,7 @@ Patch0007: 0007-ipatests_ipa-cert-fix_renews_pagure#7885_rhbz#1932289.patch
Patch0008: 0008-ipatests-use-whole-date-when-calling-journalctl-sinc_rhbz#1932289.patch
Patch0009: 0009-ipa-kdb-do-not-use-OpenLDAP-functions-with-NULL-LDAP_rhbz#1932784.patch
Patch0010: 0010-ipa-client-install-output-a-warning-if-sudo-is-not-p_rhbz#1939371.patch
Patch0011: 0011-Only-attempt-to-upgrade-ACME-configuration-files-if-_rhbz#1959984.patch
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
%endif
%endif
@ -1680,6 +1681,10 @@ fi
%changelog
* Wed May 26 2021 Thomas Woerner <twoerner@redhat.com> - 4.9.2-4
- Only attempt to upgrade ACME configuration files if deployed
Resolves: RHBZ#1959984
* Fri Mar 19 2021 Thomas Woerner <twoerner@redhat.com> - 4.9.2-3
- ipa-client-install displays false message
'sudo binary does not seem to be present on this system'