URL: https://github.com/freeipa/freeipa/pull/2672 Author: xxblx Title: #2672: Replace nss.conf with zero-length file instead of removing Action: opened
PR body: """ Empty nss.conf avoids recreation of nss.conf in case `mod_nss` package is reinstalled. It is needed because by default (e.g. recreated) nss.conf has `Listen 8443` while this port is also used by dogtag. Fixes: https://pagure.io/freeipa/issue/7745 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2672/head:pr2672 git checkout pr2672
From f6634248daa5730af5402081d29c01a35a8731cc Mon Sep 17 00:00:00 2001 From: Oleg Kozlov <okoz...@redhat.com> Date: Tue, 11 Dec 2018 14:00:25 +0100 Subject: [PATCH] Replace nss.conf with zero-length file instead of removing Empty nss.conf avoids recreation of nss.conf in case `mod_nss` package is reinstalled. It is needed because by default (e.g. recreated) nss.conf has `Listen 8443` while this port is used by dogtag. Fixes: https://pagure.io/freeipa/issue/7745 --- ipaserver/install/httpinstance.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 1b1e7a03d4..cbab7bc6de 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -226,7 +226,9 @@ def backup_ssl_conf(self): def disable_nss_conf(self): """ - Backs up and removes the original nss.conf file. + Backs up the original nss.conf file and replace it with the empty one. + Empty file avoids recreation of nss.conf in case the package is + reinstalled. There is no safe way to co-exist since there is no safe port to make mod_nss use, disable it completely. @@ -236,7 +238,8 @@ def disable_nss_conf(self): # (mod_nss -> mod_ssl upgrade scenario) if not self.fstore.has_file(paths.HTTPD_NSS_CONF): self.fstore.backup_file(paths.HTTPD_NSS_CONF) - installutils.remove_file(paths.HTTPD_NSS_CONF) + + open(paths.HTTPD_NSS_CONF, 'w').close() def set_mod_ssl_protocol(self): directivesetter.set_directive(paths.HTTPD_SSL_CONF,
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org