pkisilent now shell escapes its arguments so we no longer need to do so,
and in fact, if we do it ends up with double-escaping breaking all
installs of IPA with a dogtag CA.
rob
>From e47c2786f37827b75b897abdd9cd4b3ed4f6b9b6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 13 Mar 2012 21:53:06 -0400
Subject: [PATCH] No longer shell escape the DM password when calling
pkisilent.
pkisilent was modified to handle escaping characters itself in
BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388
This removes the workaround from ticket 1636.
https://fedorahosted.org/freeipa/ticket/2529
---
freeipa.spec.in | 18 +++++-------------
ipaserver/install/cainstance.py | 3 ---
2 files changed, 5 insertions(+), 16 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 9ac4509bc487622ce8947dc4cf88a5b8107e9d71..1682c320bde893d9e5b8355c188b3116f3394d67 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -128,23 +128,15 @@ Requires: selinux-policy >= 3.9.7-27
%endif
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.21
+Requires: pki-ca >= 9.0.18
+Requires: pki-silent >= 9.0.18
+Requires: pki-setup >= 9.0.18
+Requires: dogtag-pki-common-theme
+Requires: dogtag-pki-ca-theme
%if 0%{?fedora} >= 16
-Requires: pki-ca >= 9.0.15
-Requires: pki-silent >= 9.0.15
# Only tomcat6 greater than this version provides proper systemd support
Requires: tomcat6 >= 6.0.32-17
-%else
-%if 0%{?fedora} >= 15
-Requires: pki-ca >= 9.0.15
-Requires: pki-silent >= 9.0.15
-Requires: pki-setup >= 9.0.15
-%else
-Requires: pki-ca >= 9.0.5
-Requires: pki-silent >= 9.0.5
-%endif
%endif
-Requires: dogtag-pki-common-theme
-Requires: dogtag-pki-ca-theme
%if 0%{?rhel}
Requires: subscription-manager
%endif
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 948bc2d02861dfbae7bbed3f7cbae67e81b95707..f953100be9d8e99abf402ae8453ca39a26758da1 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -660,9 +660,6 @@ class CAInstance(service.Service):
args.append("-clone")
args.append("false")
- # pkisilent does not escape the arguments before passing them to shell
- args[2:] = [ipautil.shell_quote(i) for i in args[2:]]
-
# Define the things we don't want logged
nolog = (self.admin_password, self.dm_password,)
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel