URL: https://github.com/freeipa/freeipa/pull/1019 Author: tomaskrizek Title: #1019: Backport PR 999 to ipa-4-5 Action: opened
PR body: """ This PR was opened automatically because PR #999 was pushed to master and backport to ipa-4-5 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1019/head:pr1019 git checkout pr1019
From 6cc6561b6276c8a33d2f32ea55426db60839bc73 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Wed, 23 Aug 2017 16:53:31 +0200 Subject: [PATCH] dnssec: fix localhsm.py utility script See e6b2ed6b68589ff7ee39b95559836af54f39e2de for details. Fixes https://pagure.io/freeipa/issue/7116 Signed-off-by: Tomas Krizek <tkri...@redhat.com> --- ipaserver/dnssec/localhsm.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/dnssec/localhsm.py b/ipaserver/dnssec/localhsm.py index 12b40cc8da..34105018ca 100755 --- a/ipaserver/dnssec/localhsm.py +++ b/ipaserver/dnssec/localhsm.py @@ -11,13 +11,14 @@ import os from pprint import pprint +from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL from ipaplatform.paths import paths - from ipaserver import p11helper as _ipap11helper from ipaserver.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM, keytype_id2name, keytype_name2id, ldap2p11helper_api_params) + private_key_api_params = set(["label", "id", "data", "unwrapping_key", "wrapping_mech", "key_type", "cka_always_authenticate", "cka_copyable", "cka_decrypt", "cka_derive", "cka_extractable", "cka_modifiable", @@ -190,7 +191,7 @@ def import_private_key(self, source, data, unwrapping_key): if __name__ == '__main__': if 'SOFTHSM2_CONF' not in os.environ: os.environ['SOFTHSM2_CONF'] = paths.DNSSEC_SOFTHSM2_CONF - localhsm = LocalHSM(paths.LIBSOFTHSM2_SO, 0, + localhsm = LocalHSM(paths.LIBSOFTHSM2_SO, SOFTHSM_DNSSEC_TOKEN_LABEL, open(paths.DNSSEC_SOFTHSM_PIN).read()) print('replica public keys: CKA_WRAP = TRUE')
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org