import ipa-4.9.2-4.module+el8.4.0+11156+94d209c1
This commit is contained in:
CentOS Sources
parent
c837b107f7
commit
aca3dbcb48
|
|
@ -0,0 +1,54 @@
|
|||
From 1aa3f7a7fd24c651aafde150351328148fd517be Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Thu, 6 May 2021 14:10:44 -0400
|
||||
Subject: [PATCH] Only attempt to upgrade ACME configuration files if deployed
|
||||
|
||||
This can happen on upgrades from older deployments that lack
|
||||
an ACME installation and don't meet the minimum requirements
|
||||
to deploy one automatically.
|
||||
|
||||
Also don't consider missing ACME schema a total failure, just
|
||||
log and skip it.
|
||||
|
||||
https://pagure.io/freeipa/issue/8832
|
||||
|
||||
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
||||
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
||||
---
|
||||
ipaserver/install/server/upgrade.py | 13 ++++++++++++-
|
||||
1 file changed, 12 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
||||
index e60524084..75bf26b8e 100644
|
||||
--- a/ipaserver/install/server/upgrade.py
|
||||
+++ b/ipaserver/install/server/upgrade.py
|
||||
@@ -1122,7 +1122,8 @@ def ca_upgrade_schema(ca):
|
||||
acme_schema_ldif = path
|
||||
break
|
||||
else:
|
||||
- raise RuntimeError('ACME schema file not found')
|
||||
+ logger.info('ACME schema is not available')
|
||||
+ return False
|
||||
|
||||
schema_files=[
|
||||
'/usr/share/pki/server/conf/schema-certProfile.ldif',
|
||||
@@ -1530,6 +1531,16 @@ def ca_update_acme_configuration(ca, fqdn):
|
||||
"""
|
||||
Re-apply the templates in case anyting has been updated.
|
||||
"""
|
||||
+ logger.info('[Updating ACME configuration]')
|
||||
+ if not os.path.isdir(os.path.join(paths.PKI_TOMCAT, 'acme')):
|
||||
+ logger.info('ACME is not deployed, skipping')
|
||||
+ return
|
||||
+
|
||||
+ if not os.path.exists(paths.PKI_ACME_ISSUER_CONF):
|
||||
+ logger.info('ACME configuration file %s is missing',
|
||||
+ paths.PKI_ACME_ISSUER_CONF)
|
||||
+ return
|
||||
+
|
||||
password = directivesetter.get_directive(
|
||||
paths.PKI_ACME_ISSUER_CONF,
|
||||
'password',
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
|
@ -128,7 +128,7 @@
|
|||
%if 0%{?rhel} == 8
|
||||
# PKIConnection has been modified to always validate certs.
|
||||
# https://pagure.io/freeipa/issue/8379
|
||||
%global pki_version 10.9.0-0.4
|
||||
%global pki_version 10.10.5-2
|
||||
%else
|
||||
# New KRA profile, ACME support
|
||||
# https://pagure.io/freeipa/issue/8545
|
||||
|
|
@ -176,7 +176,7 @@
|
|||
|
||||
Name: %{package_name}
|
||||
Version: %{IPA_VERSION}
|
||||
Release: 3%{?rc_version:.%rc_version}%{?dist}
|
||||
Release: 4%{?rc_version:.%rc_version}%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
License: GPLv3+
|
||||
|
|
@ -206,6 +206,7 @@ Patch0007: 0007-ipatests_ipa-cert-fix_renews_pagure#7885_rhbz#1932289.patch
|
|||
Patch0008: 0008-ipatests-use-whole-date-when-calling-journalctl-sinc_rhbz#1932289.patch
|
||||
Patch0009: 0009-ipa-kdb-do-not-use-OpenLDAP-functions-with-NULL-LDAP_rhbz#1932784.patch
|
||||
Patch0010: 0010-ipa-client-install-output-a-warning-if-sudo-is-not-p_rhbz#1939371.patch
|
||||
Patch0011: 0011-Only-attempt-to-upgrade-ACME-configuration-files-if-_rhbz#1959984.patch
|
||||
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
||||
%endif
|
||||
%endif
|
||||
|
|
@ -1680,6 +1681,10 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed May 26 2021 Thomas Woerner <twoerner@redhat.com> - 4.9.2-4
|
||||
- Only attempt to upgrade ACME configuration files if deployed
|
||||
Resolves: RHBZ#1959984
|
||||
|
||||
* Fri Mar 19 2021 Thomas Woerner <twoerner@redhat.com> - 4.9.2-3
|
||||
- ipa-client-install displays false message
|
||||
'sudo binary does not seem to be present on this system'
|
||||
|
|
|
|||
Loading…
Reference in New Issue