My bad. Copy and paste error. Updated patch attached.

Thanks,

Gabe

On Fri, Dec 4, 2015 at 12:17 PM, Martin Basti <mba...@redhat.com> wrote:

>
>
> On 01.12.2015 15:00, Gabe Alford wrote:
>
> Hello,
>
> Fix for https://fedorahosted.org/freeipa/ticket/5458
>
> Thanks,
>
> Gabe
>
>
> Hello,
>
> I haven't looked closer, but your patch is causing this:
>
> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
> seconds
>   [1/27]: creating certificate server user
>   [2/27]: configuring certificate server instance
>   [3/27]: stopping certificate server instance to update CS.cfg
>   [4/27]: backing up CS.cfg
>   [5/27]: disabling nonces
>   [6/27]: set up CRL publishing
>   [7/27]: enable PKIX certificate path discovery and validation
>   [8/27]: starting certificate server instance
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
> the Dogtag instance.See the installation log for details.
>   [9/27]: creating RA agent certificate database
>   [10/27]: importing CA chain to RA certificate database
>   [11/27]: fixing RA database permissions
>   [12/27]: setting up signing cert profile
>   [13/27]: setting audit signing renewal to 2 years
>   [14/27]: restarting certificate server
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
> the Dogtag instance.See the installation log for details.
>   [15/27]: requesting RA certificate from CA
>   [16/27]: issuing RA agent certificate
>   [17/27]: adding RA agent as a trusted user
>   [18/27]: authorizing RA to modify profiles
>   [19/27]: configure certmonger for renewals
>   [20/27]: configure certificate renewals
>   [21/27]: configure RA certificate renewal
>   [22/27]: configure Server-Cert certificate renewal
>   [23/27]: Configure HTTP to proxy connections
>   [24/27]: restarting certificate server
>
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
> the Dogtag instance.See the installation log for details.
>   [25/27]: migrating certificate profiles to LDAP
>   [26/27]: importing IPA certificate profiles
>   [27/27]: adding default CA ACL
>
>
> CA is operational and ready, but IPA installer is not able to detect it
> correctly
>
> 2015-12-04T19:08:54Z DEBUG stderr=curl: option --connect-timeout 30: is
> unknown
> curl: try 'curl --help' or 'curl --manual' for more information
>
> Martin^2
>
From bbeac791988e3bc9a2dc98b9d782b397baab4ba1 Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Fri, 4 Dec 2015 14:52:03 -0700
Subject: [PATCH] Migrate wget references and usage to curl

https://fedorahosted.org/freeipa/ticket/5458
---
 freeipa.spec.in                            |  4 ++--
 ipa-client/ipa-install/ipa-client-install  |  2 +-
 ipaplatform/base/paths.py                  |  2 +-
 ipaplatform/redhat/services.py             |  8 ++++----
 ipaserver/advise/plugins/legacy_clients.py | 14 +++++++-------
 ipatests/test_integration/test_advise.py   | 10 +++++-----
 6 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index a60d9b63f363773b6ca1b0969fa56b369a94092f..0d022a915bb89245c96ab9c02e10a41b38646a9c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -262,7 +262,7 @@ Requires: ntp
 Requires: krb5-workstation
 Requires: authconfig
 Requires: pam_krb5
-Requires: wget
+Requires: curl
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.13.1
@@ -330,7 +330,7 @@ Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico >= 1.2.3
 Requires: python-sss-murmur
-Requires: wget
+Requires: curl
 Requires: dbus-python
 Requires: python-setuptools
 Requires: python-six
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 974dd1da8bf3f5836170ca67d2f4c298e7ec6844..20c9b05532c10b1c5789f26f87c2aebfc9a859b3 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1922,7 +1922,7 @@ def get_ca_certs_from_http(url, warn=True):
     root_logger.debug("trying to retrieve CA cert via HTTP from %s", url)
     try:
 
-        stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
+        stdout, stderr, rc = run([paths.BIN_CURL, "-o", "-", url])
     except CalledProcessError as e:
         raise errors.NoCertificateError(entry=url)
 
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 9ee488f9fdef19cb409752d66775bcbee6665ba8..762a38136e6c612767705389ee667b6f2ddab397 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -179,7 +179,7 @@ class BasePathNamespace(object):
     SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
     BIN_TIMEOUT = "/usr/bin/timeout"
     UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
-    BIN_WGET = "/usr/bin/wget"
+    BIN_CURL = "/usr/bin/curl"
     ZIP = "/usr/bin/zip"
     BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
     BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 0902215a56191032a1a65d0c2d05ddd5b7dab67f..75bf57bc25b115297d45d8091a2c563e7d339bdf 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -213,10 +213,10 @@ class RedHatCAService(RedHatService):
                 }
 
                 args = [
-                    paths.BIN_WGET,
-                    '-S', '-O', '-',
-                    '--timeout=30',
-                    '--no-check-certificate',
+                    paths.BIN_CURL,
+                    '-o', '-',
+                    '--connect-timeout', '30',
+                    '-k',
                     url
                 ]
 
diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py
index e673cb45f58901ddee70a0ec6cea62531bba965b..b6e1fc5a1549787fbe2805b0297d79211ae21d77 100644
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -51,13 +51,13 @@ class config_base_legacy_client(Advice):
                             'cacertdir_rehash?format=txt')
         self.log.comment('Download the CA certificate of the IPA server')
         self.log.command('mkdir -p -m 755 /etc/openldap/cacerts')
-        self.log.command('wget http://%s/ipa/config/ca.crt -O '
+        self.log.command('curl http://%s/ipa/config/ca.crt -o '
                          '/etc/openldap/cacerts/ipa.crt\n' % api.env.host)
 
         self.log.comment('Generate hashes for the openldap library')
         self.log.command('command -v cacertdir_rehash')
         self.log.command('if [ $? -ne 0 ] ; then')
-        self.log.command(' wget "%s" -O cacertdir_rehash ;' % cacertdir_rehash)
+        self.log.command(' curl "%s" -o cacertdir_rehash ;' % cacertdir_rehash)
         self.log.command(' chmod 755 ./cacertdir_rehash ;')
         self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;')
         self.log.command('else')
@@ -98,7 +98,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y sssd authconfig wget openssl\n')
+        self.log.command('yum install -y sssd authconfig curl openssl\n')
 
         self.configure_ca_cert()
 
@@ -140,7 +140,7 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
 
         self.log.comment('Install required packages using your system\'s '
                          'package manager. E.g:')
-        self.log.command('apt-get -y install sssd wget openssl\n')
+        self.log.command('apt-get -y install sssd curl openssl\n')
 
         self.configure_ca_cert()
 
@@ -188,7 +188,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y wget openssl nss-pam-ldapd pam_ldap '
+        self.log.command('yum install -y curl openssl nss-pam-ldapd pam_ldap '
                          'authconfig\n')
 
         self.configure_ca_cert()
@@ -232,7 +232,7 @@ class config_generic_linux_nss_pam_ldapd(config_base_legacy_client):
 
         self.log.comment('Install required packages using your system\'s '
                          'package manager. E.g:')
-        self.log.command('apt-get -y install wget openssl libnss-ldapd '
+        self.log.command('apt-get -y install curl openssl libnss-ldapd '
                          'libpam-ldapd nslcd\n')
 
         self.configure_ca_cert()
@@ -356,7 +356,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y wget openssl nss_ldap '
+        self.log.command('yum install -y curl openssl nss_ldap '
                          'authconfig\n')
 
         self.configure_ca_cert()
diff --git a/ipatests/test_integration/test_advise.py b/ipatests/test_integration/test_advise.py
index b5abe30a5cea5018b16c2f6c993791200cf17d04..613096f1caed3efb7db33076da5e57bea58cfa13 100644
--- a/ipatests/test_integration/test_advise.py
+++ b/ipatests/test_integration/test_advise.py
@@ -80,7 +80,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_GenericNSSPAM(self):
         advice_id = 'config-generic-linux-nss-pam-ldapd'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "apt\-get[\s]+\-y[\s]+install[\s]+wget[\s]+openssl[\s]+" \
+                       "apt\-get[\s]+\-y[\s]+install[\s]+curl[\s]+openssl[\s]+" \
                        "libnss\-ldapd[\s]+libpam\-ldapd[\s]+nslcd.*" \
                        "service[\s]+nscd[\s]+stop[\s]+\&\&[\s]+service[\s]+" \
                        "nslcd[\s]+restart"
@@ -92,7 +92,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_GenericSSSDBefore19(self):
         advice_id = 'config-generic-linux-sssd-before-1-9'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "apt\-get[\s]+\-y[\s]+install sssd wget openssl.*" \
+                       "apt\-get[\s]+\-y[\s]+install sssd curl openssl.*" \
                        "service[\s]+sssd[\s]+start"
         raiseerr = True
 
@@ -102,7 +102,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_RedHatNSS(self):
         advice_id = 'config-redhat-nss-ldap'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "yum[\s]+install[\s]+\-y[\s]+wget[\s]+openssl[\s]+nss_ldap" \
+                       "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+nss_ldap" \
                        "[\s]+authconfig.*authconfig[\s]+\-\-updateall" \
                        "[\s]+\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
                        "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
@@ -114,7 +114,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_RedHatNSSPAM(self):
         advice_id = 'config-redhat-nss-pam-ldapd'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "yum[\s]+install[\s]+\-y[\s]+wget[\s]+openssl[\s]+" \
+                       "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+" \
                        "nss\-pam\-ldapd[\s]+pam_ldap[\s]+authconfig.*" \
                        "authconfig[\s]+\-\-updateall[\s]+" \
                        "\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
@@ -128,7 +128,7 @@ class TestAdvice(IntegrationTest):
         advice_id = 'config-redhat-sssd-before-1-9'
         advice_regex = "\#\!\/bin\/sh.*" \
                        "yum[\s]+install[\s]+\-y[\s]+sssd[\s]+authconfig[\s]+" \
-                       "wget[\s]+openssl.*service[\s]+sssd[\s]+start"
+                       "curl[\s]+openssl.*service[\s]+sssd[\s]+start"
         raiseerr = True
 
         run_advice(self.master, advice_id, advice_regex, raiseerr)
-- 
1.8.3.1

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to