On 29.06.2016 13:04, Martin Basti wrote:


On 28.06.2016 16:57, Florence Blanc-Renaud wrote:
On 06/28/2016 11:05 AM, Martin Basti wrote:


On 28.06.2016 10:51, Florence Blanc-Renaud wrote:
On 06/27/2016 10:18 PM, Rob Crittenden wrote:
Florence Blanc-Renaud wrote:
Hi all,

thanks for your suggestions. Updated patch attached.
Flo.


The invocation in ipactl should say server, not client.

Otherwise LGTM (untested).

rob

Hi all,

thanks to Rob for catching the typo.
Patch with updated message is attached,
Flo.



Thank you for the patch I have two comments:

1)
+    except Exception:
+        # Consider that the host is not fips-enabled if the file does
not exist
+        pass

exceptions should be as much specific as possible, otherwise it may mask
real issues
please use 'except IOError' if you want catch the case that file does
not exist

2)
in replicainstall.py and install.py please raise exception
(RuntimeError) instead of sys.exit() to keep proper logging, cleanup, etc.

Sys.exit() should not be used in modules, it is hard to debug etc. It
can be used only in scripts (ipa-client-install, ipa-replica-manage, etc..)

Martin^2

Hi,

hopefully converging with this updated patch :)
Thanks for all the comments, I'm learning tips with each iteration.

Flo.

I propose following changes (in attached patch). If you agree I can squash patches and push it.

Martin^2



ACK

pushed to
master:
* 3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271 Do not allow installation in FIPS mode

ipa-4-3:
* 4ce0ff61a8e46de4a2f2dfca41610323f9569d8a Do not allow installation in FIPS mode
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to