On 06/07/2013 10:23 AM, Tomas Babej wrote: > On 05/15/2013 01:36 PM, Ana Krivokapic wrote: >> On 05/15/2013 12:29 PM, Petr Viktorin wrote: >>> On 05/15/2013 12:04 PM, Tomas Babej wrote: >>>> On 05/15/2013 11:40 AM, Ana Krivokapic wrote: >>>>> Hello, >>>>> >>>>> See the commit message for details. >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/3594 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Freeipa-devel mailing list >>>>> Freeipa-devel@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>>> + def regenerate_ca_file(self, ca_file): >>>> + dm_pwd_fd, dm_pwd_fname = tempfile.mkstemp() >>>> + keydb_pwd_fd, keydb_pwd_fname = tempfile.mkstemp() >>>> + >>>> + os.write(dm_pwd_fd, self.dirman_password) >>>> + os.close(dm_pwd_fd) >>>> + >>>> + keydb_pwd = '' >>>> + with open('/etc/pki/pki-tomcat/password.conf') as f: >>>> + for line in f.readlines(): >>>> + key, value = line.strip().split('=') >>>> + if key == 'internal': >>>> + keydb_pwd = value >>>> + break >>>> + >>>> + os.write(keydb_pwd_fd, keydb_pwd) >>>> + os.close(keydb_pwd_fd) >>>> + >>>> + ipautil.run([ >>>> + '/usr/bin/PKCS12Export', >>>> + '-d', '/etc/pki/pki-tomcat/alias/', >>>> + '-p', keydb_pwd_fname, >>>> + '-w', dm_pwd_fname, >>>> + '-o', ca_file >>>> + ]) >>>> + >>>> >>>> If the PKCS12Export call fails (returns non-zero code), we raise >>>> exception here, and the temporary files are never removed. >>>> >>>> + os.remove(dm_pwd_fname) >>>> + os.remove(keydb_pwd_fname) >>>> >>>> This might not be a big issue since mkstemp() call creates temporary >>>> file readable and writable only be given user ID, >>>> however, we should not leave files with passwords in plaintext on the >>>> disk if it is not necessary. >>>> >>>> This can be easily prevented by wrapping the call up with >>>> try-chatch-finally block, or using raiseonerr=False options of run >>>> method. >>> Or by using ipautil.write_tmp_file() -- the file it creates is always >>> removed after it's closed/garbage collected, and it has a name attribute. >>> >> Updated patch uses `ipautil.write_tmp_file()`. >> >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > I'm testing on a fairly updated F19 VM: > > I'm getting the following error when preparing the replica info file: > > [root@vm-002 ~]# ipa-replica-prepare vm-003.ipa.com --ip-address > 192.168.122.213 > Directory Manager (existing master) password: > > Preparing replica for vm-003.ipa.com from vm-002.ipa.com > Command '/usr/bin/PKCS12Export -d /etc/pki/pki-tomcat/alias/ -p > /tmp/tmp15Je9R -w /tmp/tmpCGD5Sr -o /root/cacert.p12' returned non > > When trying that manually: > > [root@vm-002 ~]# /usr/bin/PKCS12Export -d /etc/pki/pki-tomcat/alias/ > -p /tmp/tmp15Je9R -w /tmp/tmpCGD5Sr -o /root/cacert.p12 > Exception in thread "main" java.lang.NoClassDefFoundError: > org/mozilla/jss/util/PasswordCallback > at java.lang.Class.getDeclaredMethods0(Native Method) > at java.lang.Class.privateGetDeclaredMethods(Class.java:2451) > at java.lang.Class.getMethod0(Class.java:2694) > at java.lang.Class.getMethod(Class.java:1622) > at sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494) > at > sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486) > Caused by: java.lang.ClassNotFoundException: > org.mozilla.jss.util.PasswordCallback > at java.net.URLClassLoader$1.run(URLClassLoader.java:366) > at java.net.URLClassLoader$1.run(URLClassLoader.java:355) > at java.security.AccessController.doPrivileged(Native Method) > at java.net.URLClassLoader.findClass(URLClassLoader.java:354) > at java.lang.ClassLoader.loadClass(ClassLoader.java:423) > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) > at java.lang.ClassLoader.loadClass(ClassLoader.java:356) > ... 6 more > > We might need to investigate what causes this, and if the issue is not > on our side, file appropriate bugs. > > Tomas
This is an bug in the PKCS12Export utility. I opened a Bugzilla for it: https://bugzilla.redhat.com/show_bug.cgi?id=972753. Below is a workaround, as suggested by Ade: <alee> as for a workaround, you could simply edit the file that starts PKCS12Export <alee> edit /usr/bin/PKCS12Export <alee> after line 134, simply add the line : CP=/usr/lib/java/jss4.jar <alee> but thats just a temp fix for f19 only <alee> not the real fix, <alee> you'll need the real fix checked in to pass the patch -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc.
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel