Ludwig Krispenz via FreeIPA-users wrote:
> On 01/11/2018 02:36 PM, Rob Crittenden via FreeIPA-users wrote:
>> lejeczek via FreeIPA-users wrote:
>>> hi everyone
>>> when I see this in replica install log:
>>> ..
>>> 2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d
>>> /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n
>>> PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -a -f
>>> /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
>>> 2018-01-11T12:46:31Z DEBUG Process finished, return code=255
>>> 2018-01-11T12:46:31Z DEBUG stdout=
>>> 2018-01-11T12:46:31Z DEBUG stderr=certutil: Could not find cert:
>>> PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA
>>> : PR_FILE_NOT_FOUND_ERROR: File not found
>>> ..
>>> Is that just the log or actual surrounding quotes are missing in
>>> replica-install code?
>>> For, when I manually in bash exec this on replica candidate:
>>> $ certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n
>>> "PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA" -a -f
>>> /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
>>> ...
>> Arguments passed into exec don't need to be shell-escaped or quoted.
> but "PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA" contains spaces, if you don't
> quiote it how would certutil handle it ?

Because we are calling it using python subprocess and not forking out
into a shell to execute it. Each argument is independent and doesn't
need to be scanned by the shell to see where each arg begins and ends.

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to