Upgrading an installation that was installed with selfsign CA will fail
in ipa-upgradeconfig because it doesn't handle the case where dogtag
isn't installed.
rob
>From 0bf202793ee74f0dd10121acdbcb8ee49211498c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 10 Oct 2011 10:15:41 -0400
Subject: [PATCH] Fix upgrades of selfsign server
In checking to see if the dogtag proxy configuration needed to be updated
we didn't handle the case where dogtag isn't installed at all.
https://fedorahosted.org/freeipa/ticket/1951
---
install/tools/ipa-upgradeconfig | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 406da93..8c4d9a2 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -145,6 +145,9 @@ def upgrade_pki():
This requires enabling SSL renegotiation.
"""
+ if not os.path.exists('/etc/pki-ca/CS.cfg'):
+ return
+
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
http = httpinstance.HTTPInstance(fstore)
http.enable_mod_nss_renegotiate()
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
