[Freeipa-devel] [freeipa PR#2672][opened] Replace nss.conf with zero-length file instead of removing

Tue, 11 Dec 2018 05:46:13 -0800 

   URL: https://github.com/freeipa/freeipa/pull/2672
Author: xxblx
 Title: #2672: Replace nss.conf with zero-length file instead of removing
Action: opened

PR body:
"""
Empty nss.conf avoids recreation of nss.conf in case `mod_nss` package is 
reinstalled. It is needed because by default (e.g. recreated) nss.conf has 
`Listen 8443` while this port is also used by dogtag. 

Fixes: https://pagure.io/freeipa/issue/7745
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2672/head:pr2672
git checkout pr2672

From f6634248daa5730af5402081d29c01a35a8731cc Mon Sep 17 00:00:00 2001
From: Oleg Kozlov <okoz...@redhat.com>
Date: Tue, 11 Dec 2018 14:00:25 +0100
Subject: [PATCH] Replace nss.conf with zero-length file instead of removing

Empty nss.conf avoids recreation of nss.conf in case `mod_nss` package is reinstalled. It is needed because by default (e.g. recreated) nss.conf has `Listen 8443` while this port is used by dogtag.

Fixes: https://pagure.io/freeipa/issue/7745
---
 ipaserver/install/httpinstance.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 1b1e7a03d4..cbab7bc6de 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -226,7 +226,9 @@ def backup_ssl_conf(self):
 
     def disable_nss_conf(self):
         """
-        Backs up and removes the original nss.conf file.
+        Backs up the original nss.conf file and replace it with the empty one.
+        Empty file avoids recreation of nss.conf in case the package is
+        reinstalled.
 
         There is no safe way to co-exist since there is no safe port
         to make mod_nss use, disable it completely.
@@ -236,7 +238,8 @@ def disable_nss_conf(self):
             # (mod_nss -> mod_ssl upgrade scenario)
             if not self.fstore.has_file(paths.HTTPD_NSS_CONF):
                 self.fstore.backup_file(paths.HTTPD_NSS_CONF)
-            installutils.remove_file(paths.HTTPD_NSS_CONF)
+
+            open(paths.HTTPD_NSS_CONF, 'w').close()
 
     def set_mod_ssl_protocol(self):
         directivesetter.set_directive(paths.HTTPD_SSL_CONF,

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to