URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
 Title: #524: Remove NSPRError exception from platform tasks
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524
From 44ab7a6f56c3838dacb08156818ba641390ef38b Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 1 Mar 2017 11:19:08 +0100
Subject: [PATCH] Remove NSPRError exception from platform tasks

ipalib.x509 no longer raises NSPRError. PyCA cryptography raises
ValueError for invalid certs.

https://fedorahosted.org/freeipa/ticket/5695

Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaplatform/redhat/tasks.py | 11 +++++------
 ipaplatform/setup.py        |  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 123595e..018e0bb 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -33,18 +33,17 @@
 import traceback
 import errno
 
-from cffi import FFI
 from ctypes.util import find_library
 from functools import total_ordering
-
 from subprocess import CalledProcessError
-from nss.error import NSPRError
+
+from cffi import FFI
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
 
 from ipapython.ipa_log_manager import root_logger, log_mgr
 from ipapython import ipautil
-import ipapython.errors
+from ipapython import errors
 
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
@@ -252,7 +251,7 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
                 issuer = x509.get_der_issuer(cert, x509.DER)
                 serial_number = x509.get_der_serial_number(cert, x509.DER)
                 public_key_info = x509.get_der_public_key_info(cert, x509.DER)
-            except (NSPRError, PyAsn1Error, ValueError) as e:
+            except (PyAsn1Error, ValueError, errors.CertificateError) as e:
                 root_logger.warning(
                     "Failed to decode certificate \"%s\": %s", nickname, e)
                 continue
@@ -407,7 +406,7 @@ def get_setsebool_args(changes):
                 failed_vars.update(updated_vars)
 
         if failed_vars:
-            raise ipapython.errors.SetseboolError(
+            raise errors.SetseboolError(
                 failed=failed_vars,
                 command=' '.join(get_setsebool_args(failed_vars)))
 
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 6637830..501e2bc 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -45,7 +45,6 @@
             # "ipalib",  # circular dependency
             "ipapython",
             "pyasn1",
-            "python-nss",
             "six",
         ],
     )
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to