[freeipa PR#5489][opened] Better support for unreadable NSS database
by rcritten
URL: https://github.com/freeipa/freeipa/pull/5489
Author: rcritten
Title: #5489: Better support for unreadable NSS database
Action: opened
PR body:
"""
Ignore database errors when trying to extract ipaCert on upgrade
If NSSDatabase() throws a ValueError it means we can't open it
to look for an existing ipaCert to migrate. Chances are there is
no certificate to migrate at this point in Fedora so don't let
it blow up the entire installation/upgrade. Warn the user and let
them figure it out.
We have no real path forward on this and by proceeding it could
lead to more errors (like no RA) but it is extremely unlikely and
would require a user to upgrade from very old Fedora to very
new Fedora in one step.
https://pagure.io/freeipa/issue/8675
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
I added no specific test for this because it a corner case. This code is just to mitigate the problem and make it more understandable.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5489/head:pr5489
git checkout pr5489
3 years, 2 months