Alex Lourie has posted comments on this change.
Change subject: pki: use PKCS#12 format to store keys
......................................................................
Patch Set 7: (5 inline comments)
....................................................
File packaging/fedora/setup/engine-setup.py
Line 767: pubtemp = None
Line 768:
Line 769: try:
Line 770: # Create new CA only if none available
Line 771: if not os.path.exists(os.path.join(basedefs.DIR_OVIRT_PKI,
"ca.pem")):
basedefs.FILE_CA_CRT_SRC ?
Line 772: _updateCaCrtTemplate()
Line 773:
Line 774: # time.timezone is in seconds
Line 775: tzOffset = time.timezone / 3600
....................................................
File packaging/fedora/setup/engine-upgrade.py
Line 578:
Line 579: def prepare(self):
Line 580: if os.path.exists(self.JKSKEYSTORE):
Line 581: logging.debug("PKI: convert JKS to PKCS#12")
Line 582: output, rc = utils. execCmd(
Can you please take cmd out of the execCmd? I prefer ALL execCmd executions to
be the same.
Line 583: cmdList=[
Line 584: basedefs.EXEC_KEYTOOL,
Line 585: "-importkeystore",
Line 586: "-noprompt",
Line 620: raise
Line 621:
Line 622: utils.updateVDCOption("keystoreUrl",
basedefs.FILE_ENGINE_KEYSTORE, (), "text")
Line 623: utils.updateVDCOption("TruststoreUrl",
basedefs.FILE_TRUSTSTORE, (), "text")
Line 624: utils.updateVDCOption("CertAlias", "1", (), "text")
+1
Line 625:
Line 626: def commit(self):
Line 627: if os.path.exists(self.JKSKEYSTORE):
Line 628: logging.debug("PKI: removing JKS keystore")
Line 630: os.remove(self.JKSKEYSTORE)
Line 631: except OsError:
Line 632: logging.error("PKI: cannot remove JKS keystore '%s'"
% self.JKSKEYSTORE)
Line 633:
Line 634: if not
stat.S_ISLNK(os.lstat(basedefs.FILE_ENGINE_PRIVATE_KEY).st_mode):
shouldn't FILE_PRIVATE_SSH_KEY be checked instead?
Line 635: try:
Line 636: os.remove(basedefs.FILE_PRIVATE_SSH_KEY)
Line 637: except OSError:
Line 638: logging.error("PKI: cannot remove '%s'" %
basedefs.FILE_PRIVATE_SSH_KEY)
Line 644: logging.error("PKI: cannot symlink '%s'->'%s'" %
(basedefs.FILE_PRIVATE_SSH_KEY, basedefs.FILE_ENGINE_PRIVATE_KEY) )
Line 645: raise
Line 646:
Line 647: def rollback(self):
Line 648: if os.path.exists(self.JKSKEYSTORE):
What happens if during os.remove(basedefs.FILE_PRIVATE_SSH_KEY) (in commit
function) there's a system error and exception gets called? This is the state
Barak is talking about - JKSKEYSTORE is already removed, but link is not yet
created.
Now the rollback will be called, without complete commit and without
JKSKEYSTORE.
Line 649: for f in (basedefs.FILE_ENGINE_KEYSTORE,
basedefs.FILE_ENGINE_PRIVATE_KEY):
Line 650: try:
Line 651: os.remove(f)
Line 652: except OSError:
--
To view, visit http://gerrit.ovirt.org/6883
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I2abda5778477faff09798a43cf3dc96435efb272
Gerrit-PatchSet: 7
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Alex Lourie <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Barak Azulay <[email protected]>
Gerrit-Reviewer: Doron Fediuck <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Ofer Schreiber <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
