On 06/14/2013 10:31 AM, Petr Viktorin wrote:
On 06/14/2013 03:37 PM, Josh wrote:
I'm trying to install freeipa on RHEL6.4 running version
ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the
"Configuration of CA failed".  I believe the problem is that the python
used to generate the perl command doesn't wrap any of the arguments in
quotes.


The command doesn't go through the shell so quoting is not necessary. I can see how the the log line is confusing, though; I filed https://fedorahosted.org/freeipa/ticket/3724.

While that may be true, the attached patch fixed it so that I could run the installer. I agree that according to the code it should not have choked on the spaces because of the subprocess.Popen doesn't specify shell=True. Any ideas why it needed the spaces quoted?

-josh
<snip>
Adding Ade (a Dogtag developer) to CC, he might be able to help.


--- cainstance.py       2013-06-18 13:20:02.840964013 -0400
+++ cainstance.py.shell 2013-06-18 13:21:12.879281242 -0400
@@ -806,7 +806,7 @@ class CAInstance(service.Service):
                     "-agent_cert_subject", str(DN(('CN', 'ipa-ca-agent'), 
self.subject_base)),
                     "-ldap_host", self.fqdn,
                     "-ldap_port", str(self.ds_port),
-                    "-bind_dn", "cn=Directory Manager",
+                    "-bind_dn", ipautil.shell_quote("cn=Directory Manager"),
                     "-bind_password", self.dm_password,
                     "-base_dn", str(self.basedn),
                     "-db_name", "ipaca",
@@ -817,12 +817,12 @@ class CAInstance(service.Service):
                     "-backup_pwd", self.admin_password,
                     "-subsystem_name", self.service_name,
                     "-token_name", "internal",
-                    "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA 
Subsystem'), self.subject_base)),
-                    "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA 
Subsystem'), self.subject_base)),
-                    "-ca_ocsp_cert_subject_name", str(DN(('CN', 'OCSP 
Subsystem'), self.subject_base)),
+                    "-ca_subsystem_cert_subject_name", 
ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))),
+                    "-ca_subsystem_cert_subject_name", 
ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))),
+                    "-ca_ocsp_cert_subject_name", 
ipautil.shell_quote(str(DN(('CN', 'OCSP Subsystem'), self.subject_base))),
                     "-ca_server_cert_subject_name", str(DN(('CN', self.fqdn), 
self.subject_base)),
-                    "-ca_audit_signing_cert_subject_name", str(DN(('CN', 'CA 
Audit'), self.subject_base)),
-                    "-ca_sign_cert_subject_name", str(DN(('CN', 'Certificate 
Authority'), self.subject_base)) ]
+                    "-ca_audit_signing_cert_subject_name", 
ipautil.shell_quote(str(DN(('CN', 'CA Audit'), self.subject_base))),
+                    "-ca_sign_cert_subject_name", 
ipautil.shell_quote(str(DN(('CN', 'Certificate Authority'), 
self.subject_base))) ]
             if self.external == 1:
                 args.append("-external")
                 args.append("true")
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to