Dne 18.11.2014 v 16:53 Martin Basti napsal(a):
On 18/11/14 15:01, Jan Cholasta wrote:
Dne 13.11.2014 v 14:50 Martin Basti napsal(a):
On 13/11/14 13:59, Jan Cholasta wrote:
Dne 12.11.2014 v 13:33 Martin Basti napsal(a):
On 11/11/14 16:58, Jan Cholasta wrote:
Dne 11.11.2014 v 16:22 Martin Basti napsal(a):
Using specfile to create file doesn't work if named user is not on
Appropriate permission have to be set during ipa-dns installation.
Why is the directory set up in dnskeysyncinstance instead of
Because, dnskeysyncinstance is the daemon which requires permission
(dir is created by dyndb-ldap plugin)
OK. But please rename the method to something more suitable
(fix_dyndb_ldap_workdir_permissions?) and add a docstring/comment.
Also please change the ticket link to
<https://fedorahosted.org/freeipa/ticket/4716> (cloned from BZ).
The original patch was released with 4.1.1, shouldn't there be update
1) fresh RPM install, no named user during RPM install -> named
start, user had to fix it immediately, can't wait until next release.
2) fresh RPM install, named user -> no impact
3) upgrade IPA with DNS -> no impact
4) upgrade IPA without DNS -> after DNS installation, same as 1)
5) IPA 4.1.0 with installed DNS, upgrade to 4.1.2 -> DNSSEC will not
work (If user doesnt use DNSSEC)
Only 5) looks serious for me, so here is updated patch.
Could you do the update without the code duplication? In similar code
an appropriate *instance method is usually called.
The uid/gid resolution in ipa-upgradeconfig still looks like
duplicated code to me. I would suggest doing something along these
lines in ipa-upgradeconfig:
dnskeysync = dnskeysyncinstance.DNSKeySyncInstance()
and have DNSKeySyncInstance.set_dyndb_ldap_workdir_permissions() do
all the real work.
Updated patch attached.
Freeipa-devel mailing list