[389-commits] [389-ds-base] branch 389-ds-base-1.4.1 updated: Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt

This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.4.1 in repository 389-ds-base. The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push: new ae87936 Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt ae87936 is described below commit ae87936e479e7fda4ee19ede56f45214f82c14a5 Author: Matus Honek <mhonek(a)redhat.com&gt; AuthorDate: Thu Aug 8 11:31:34 2019 +0200 Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt Bug Description: `NssSsl` always creates `README.txt` which describes the purpose of SSCA, even when creating only an instance-specific certificate database. Fix Description: Create the README.txt only when creating cert DB for a specified DS instance. Fixes https://pagure.io/389-ds-base/issue/50734 Author: Matus Honek <mhonek(a)redhat.com&gt; Review by: Mark, William (thanks!) --- src/lib389/lib389/instance/setup.py | 2 +- src/lib389/lib389/nss_ssl.py | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py index bb0ff32..073c7c7 100644 --- a/src/lib389/lib389/instance/setup.py +++ b/src/lib389/lib389/instance/setup.py @@ -822,7 +822,7 @@ class SetupDs(object): assert_c(ds_instance.exists(), "Instance failed to install, does not exist when expected") # Create a certificate database. - tlsdb = NssSsl(dbpath=slapd['cert_dir']) + tlsdb = NssSsl(dirsrv=ds_instance, dbpath=slapd['cert_dir']) if not tlsdb._db_exists(): tlsdb.reinit() diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py index 9801274..587adcd 100644 --- a/src/lib389/lib389/nss_ssl.py +++ b/src/lib389/lib389/nss_ssl.py @@ -151,18 +151,19 @@ class NssSsl(object): except FileExistsError: pass - # Write a README to let people know what this is - readme_file = '%s/%s' % (self._certdb, 'README.txt') - if not os.path.exists(readme_file): - with open(readme_file, 'w') as f: - f.write(""" + if self.dirsrv is None: + # Write a README to let people know what this is + readme_file = '%s/%s' % (self._certdb, 'README.txt') + if not os.path.exists(readme_file): + with open(readme_file, 'w') as f: + f.write(""" SSCA - Simple Self-Signed Certificate Authority This is part of the 389 Directory Server project's lib389 toolkit. It creates a simple, standalone certificate authority for testing and development purposes. It's suitable for evaluation and testing purposes only. - """) + """) # In the future we may add the needed option to avoid writing the pin # files. -- To stop receiving notification emails like this one, please contact the administrator of this repository.