On 04/19/2013 03:58 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Ana Krivokapic wrote:
>>> Hello,
>>>
>>> Make sure /etc/ipa is created and owned by freeipa-python package.
>>>
>>> Report correct error to user if /etc/ipa is missing during client
>>> installation.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3551
>>
>> The server also owns this directory. It should only be owned by the
>> python subpackage.
>>
>> %dir %{_sysconfdir}/ipa
>>
>> rob
>
> The mode should probably be 0755.
>
> rob
>

Thanks, fixed.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From d00050946c3d478b4e289e3755ab7c74b2e87519 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akriv...@redhat.com>
Date: Fri, 19 Apr 2013 14:32:20 +0200
Subject: [PATCH] Handle missing /etc/ipa in ipa-client-install

Make sure /etc/ipa is created and owned by freeipa-python package.

Report correct error to user if /etc/ipa is missing during client installation.

https://fedorahosted.org/freeipa/ticket/3551
---
 freeipa.spec.in                           | 2 +-
 ipa-client/ipa-install/ipa-client-install | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 9448a4b485f4bd638b6e080926febbf772839ca8..bf53a3de42e2e941daddb7c83f42b17699aa4b00 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -655,7 +655,6 @@ fi
 %dir %{_usr}/share/ipa/ui/images
 %{_usr}/share/ipa/ui/images/*.png
 %{_usr}/share/ipa/ui/images/*.gif
-%dir %{_sysconfdir}/ipa
 %dir %{_sysconfdir}/ipa/html
 %config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
 %config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
@@ -790,6 +789,7 @@ fi
 %{python_sitelib}/ipapython-*.egg-info
 %{python_sitelib}/freeipa-*.egg-info
 %{python_sitearch}/python_default_encoding-*.egg-info
+%dir %attr(0755,root,apache) %config(noreplace) %{_sysconfdir}/ipa/
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 126611a824f072bbfba1a7fe28584a5b921d5704..29adc93f3bcb3ccc81c31237af314af0ba61b8c9 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1608,6 +1608,9 @@ def get_ca_cert(fstore, options, server, basedn):
         url = file_url()
         try:
             get_ca_cert_from_file(url)
+        except errors.FileError, e:
+            root_logger.debug(e)
+            raise
         except Exception, e:
             root_logger.debug(e)
             raise errors.NoCertificateError(entry=url)
@@ -1658,6 +1661,9 @@ def get_ca_cert(fstore, options, server, basedn):
                 except Exception, e:
                     os.unlink(ca_file)
                     raise
+            except errors.FileError, e:
+                root_logger.debug(e)
+                raise
             except (errors.NoCertificateError, errors.LDAPError), e:
                 root_logger.debug(str(e))
                 url = http_url()
@@ -2106,6 +2112,9 @@ def install(options, env, fstore, statestore):
                 os.environ['KRB5_CONFIG'] = env['KRB5_CONFIG']
                 get_ca_cert(fstore, options, cli_server[0], cli_basedn)
                 del os.environ['KRB5_CONFIG']
+            except errors.FileError, e:
+                root_logger.error(e)
+                return CLIENT_INSTALL_ERROR
             except Exception, e:
                 root_logger.error("Cannot obtain CA certificate\n%s", e)
                 return CLIENT_INSTALL_ERROR
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to