This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.1
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push:
new ae87936 Issue 50734 - lib389 creates non-SSCA cert DBs with misleading
README.txt
ae87936 is described below
commit ae87936e479e7fda4ee19ede56f45214f82c14a5
Author: Matus Honek <mhonek(a)redhat.com>
AuthorDate: Thu Aug 8 11:31:34 2019 +0200
Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt
Bug Description:
`NssSsl` always creates `README.txt` which describes the purpose of SSCA, even
when creating only an instance-specific certificate database.
Fix Description:
Create the README.txt only when creating cert DB for a specified DS instance.
Fixes
https://pagure.io/389-ds-base/issue/50734
Author: Matus Honek <mhonek(a)redhat.com>
Review by: Mark, William (thanks!)
---
src/lib389/lib389/instance/setup.py | 2 +-
src/lib389/lib389/nss_ssl.py | 13 +++++++------
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
index bb0ff32..073c7c7 100644
--- a/src/lib389/lib389/instance/setup.py
+++ b/src/lib389/lib389/instance/setup.py
@@ -822,7 +822,7 @@ class SetupDs(object):
assert_c(ds_instance.exists(), "Instance failed to install, does not exist
when expected")
# Create a certificate database.
- tlsdb = NssSsl(dbpath=slapd['cert_dir'])
+ tlsdb = NssSsl(dirsrv=ds_instance, dbpath=slapd['cert_dir'])
if not tlsdb._db_exists():
tlsdb.reinit()
diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py
index 9801274..587adcd 100644
--- a/src/lib389/lib389/nss_ssl.py
+++ b/src/lib389/lib389/nss_ssl.py
@@ -151,18 +151,19 @@ class NssSsl(object):
except FileExistsError:
pass
- # Write a README to let people know what this is
- readme_file = '%s/%s' % (self._certdb, 'README.txt')
- if not os.path.exists(readme_file):
- with open(readme_file, 'w') as f:
- f.write("""
+ if self.dirsrv is None:
+ # Write a README to let people know what this is
+ readme_file = '%s/%s' % (self._certdb, 'README.txt')
+ if not os.path.exists(readme_file):
+ with open(readme_file, 'w') as f:
+ f.write("""
SSCA - Simple Self-Signed Certificate Authority
This is part of the 389 Directory Server project's lib389 toolkit. It
creates a simple, standalone certificate authority for testing and
development purposes. It's suitable for evaluation and testing purposes
only.
- """)
+ """)
# In the future we may add the needed option to avoid writing the pin
# files.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.