subject:"\[Freeipa\-devel\] \[PATCH 0066\] Migrate wget references to curl"

Re: [Freeipa-devel] [PATCH 0066] Migrate wget references to curl

2015-12-11 Thread Martin Basti


ACK

Pushed to master: 5c9b9089b7b0d40b7e924177f99c2568aaa1b5b2

On 04.12.2015 22:55, Gabe Alford wrote:

My bad. Copy and paste error. Updated patch attached.

Thanks,

Gabe

On Fri, Dec 4, 2015 at 12:17 PM, Martin Basti > wrote:




On 01.12.2015 15:00, Gabe Alford wrote:

Hello,

Fix for https://fedorahosted.org/freeipa/ticket/5458

Thanks,

Gabe



Hello,

I haven't looked closer, but your patch is causing this:

Configuring certificate server (pki-tomcatd). Estimated time: 3
minutes 30 seconds
  [1/27]: creating certificate server user
  [2/27]: configuring certificate server instance
  [3/27]: stopping certificate server instance to update CS.cfg
  [4/27]: backing up CS.cfg
  [5/27]: disabling nonces
  [6/27]: set up CRL publishing
  [7/27]: enable PKIX certificate path discovery and validation
  [8/27]: starting certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
restart the Dogtag instance.See the installation log for details.
  [9/27]: creating RA agent certificate database
  [10/27]: importing CA chain to RA certificate database
  [11/27]: fixing RA database permissions
  [12/27]: setting up signing cert profile
  [13/27]: setting audit signing renewal to 2 years
  [14/27]: restarting certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
restart the Dogtag instance.See the installation log for details.
  [15/27]: requesting RA certificate from CA
  [16/27]: issuing RA agent certificate
  [17/27]: adding RA agent as a trusted user
  [18/27]: authorizing RA to modify profiles
  [19/27]: configure certmonger for renewals
  [20/27]: configure certificate renewals
  [21/27]: configure RA certificate renewal
  [22/27]: configure Server-Cert certificate renewal
  [23/27]: Configure HTTP to proxy connections
  [24/27]: restarting certificate server

ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
restart the Dogtag instance.See the installation log for details.
  [25/27]: migrating certificate profiles to LDAP
  [26/27]: importing IPA certificate profiles
  [27/27]: adding default CA ACL


CA is operational and ready, but IPA installer is not able to
detect it correctly

2015-12-04T19:08:54Z DEBUG stderr=curl: option --connect-timeout
30: is unknown
curl: try 'curl --help' or 'curl --manual' for more information

Martin^2




-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0066] Migrate wget references to curl

2015-12-04 Thread Gabe Alford

My bad. Copy and paste error. Updated patch attached.

Thanks,

Gabe

On Fri, Dec 4, 2015 at 12:17 PM, Martin Basti  wrote:

>
>
> On 01.12.2015 15:00, Gabe Alford wrote:
>
> Hello,
>
> Fix for https://fedorahosted.org/freeipa/ticket/5458
>
> Thanks,
>
> Gabe
>
>
> Hello,
>
> I haven't looked closer, but your patch is causing this:
>
> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
> seconds
>   [1/27]: creating certificate server user
>   [2/27]: configuring certificate server instance
>   [3/27]: stopping certificate server instance to update CS.cfg
>   [4/27]: backing up CS.cfg
>   [5/27]: disabling nonces
>   [6/27]: set up CRL publishing
>   [7/27]: enable PKIX certificate path discovery and validation
>   [8/27]: starting certificate server instance
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
> the Dogtag instance.See the installation log for details.
>   [9/27]: creating RA agent certificate database
>   [10/27]: importing CA chain to RA certificate database
>   [11/27]: fixing RA database permissions
>   [12/27]: setting up signing cert profile
>   [13/27]: setting audit signing renewal to 2 years
>   [14/27]: restarting certificate server
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
> the Dogtag instance.See the installation log for details.
>   [15/27]: requesting RA certificate from CA
>   [16/27]: issuing RA agent certificate
>   [17/27]: adding RA agent as a trusted user
>   [18/27]: authorizing RA to modify profiles
>   [19/27]: configure certmonger for renewals
>   [20/27]: configure certificate renewals
>   [21/27]: configure RA certificate renewal
>   [22/27]: configure Server-Cert certificate renewal
>   [23/27]: Configure HTTP to proxy connections
>   [24/27]: restarting certificate server
>
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
> the Dogtag instance.See the installation log for details.
>   [25/27]: migrating certificate profiles to LDAP
>   [26/27]: importing IPA certificate profiles
>   [27/27]: adding default CA ACL
>
>
> CA is operational and ready, but IPA installer is not able to detect it
> correctly
>
> 2015-12-04T19:08:54Z DEBUG stderr=curl: option --connect-timeout 30: is
> unknown
> curl: try 'curl --help' or 'curl --manual' for more information
>
> Martin^2
>
From bbeac791988e3bc9a2dc98b9d782b397baab4ba1 Mon Sep 17 00:00:00 2001
From: Gabe 
Date: Fri, 4 Dec 2015 14:52:03 -0700
Subject: [PATCH] Migrate wget references and usage to curl

https://fedorahosted.org/freeipa/ticket/5458
---
 freeipa.spec.in|  4 ++--
 ipa-client/ipa-install/ipa-client-install  |  2 +-
 ipaplatform/base/paths.py  |  2 +-
 ipaplatform/redhat/services.py |  8 
 ipaserver/advise/plugins/legacy_clients.py | 14 +++---
 ipatests/test_integration/test_advise.py   | 10 +-
 6 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index a60d9b63f363773b6ca1b0969fa56b369a94092f..0d022a915bb89245c96ab9c02e10a41b38646a9c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -262,7 +262,7 @@ Requires: ntp
 Requires: krb5-workstation
 Requires: authconfig
 Requires: pam_krb5
-Requires: wget
+Requires: curl
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.13.1
@@ -330,7 +330,7 @@ Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico >= 1.2.3
 Requires: python-sss-murmur
-Requires: wget
+Requires: curl
 Requires: dbus-python
 Requires: python-setuptools
 Requires: python-six
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 974dd1da8bf3f5836170ca67d2f4c298e7ec6844..20c9b05532c10b1c5789f26f87c2aebfc9a859b3 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1922,7 +1922,7 @@ def get_ca_certs_from_http(url, warn=True):
 root_logger.debug("trying to retrieve CA cert via HTTP from %s", url)
 try:
 
-stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
+stdout, stderr, rc = run([paths.BIN_CURL, "-o", "-", url])
 except CalledProcessError as e:
 raise errors.NoCertificateError(entry=url)
 
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 9ee488f9fdef19cb409752d66775bcbee6665ba8..762a38136e6c612767705389ee667b6f2ddab397 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -179,7 +179,7 @@ class BasePathNamespace(object):
 SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
 BIN_TIMEOUT = "/usr/bin/timeout"
 UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
-BIN_WGET = "/usr/bin/wget"
+BIN_CURL = "/usr/bin/curl"
 ZIP = "/usr/bin/zip"
 BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
 BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services

Re: [Freeipa-devel] [PATCH 0066] Migrate wget references to curl

2015-12-04 Thread Martin Basti




On 01.12.2015 15:00, Gabe Alford wrote:

Hello,

Fix for https://fedorahosted.org/freeipa/ticket/5458

Thanks,

Gabe



Hello,

I haven't looked closer, but your patch is causing this:

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 
30 seconds

  [1/27]: creating certificate server user
  [2/27]: configuring certificate server instance
  [3/27]: stopping certificate server instance to update CS.cfg
  [4/27]: backing up CS.cfg
  [5/27]: disabling nonces
  [6/27]: set up CRL publishing
  [7/27]: enable PKIX certificate path discovery and validation
  [8/27]: starting certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart 
the Dogtag instance.See the installation log for details.

  [9/27]: creating RA agent certificate database
  [10/27]: importing CA chain to RA certificate database
  [11/27]: fixing RA database permissions
  [12/27]: setting up signing cert profile
  [13/27]: setting audit signing renewal to 2 years
  [14/27]: restarting certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart 
the Dogtag instance.See the installation log for details.

  [15/27]: requesting RA certificate from CA
  [16/27]: issuing RA agent certificate
  [17/27]: adding RA agent as a trusted user
  [18/27]: authorizing RA to modify profiles
  [19/27]: configure certmonger for renewals
  [20/27]: configure certificate renewals
  [21/27]: configure RA certificate renewal
  [22/27]: configure Server-Cert certificate renewal
  [23/27]: Configure HTTP to proxy connections
  [24/27]: restarting certificate server

ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart 
the Dogtag instance.See the installation log for details.

  [25/27]: migrating certificate profiles to LDAP
  [26/27]: importing IPA certificate profiles
  [27/27]: adding default CA ACL


CA is operational and ready, but IPA installer is not able to detect it 
correctly


2015-12-04T19:08:54Z DEBUG stderr=curl: option --connect-timeout 30: is 
unknown

curl: try 'curl --help' or 'curl --manual' for more information

Martin^2
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0066] Migrate wget references to curl

2015-12-01 Thread Gabe Alford

Hello,

Fix for https://fedorahosted.org/freeipa/ticket/5458

Thanks,

Gabe
From 490bb5aceb2c1ea3385c15bb85aea5c29c77f70b Mon Sep 17 00:00:00 2001
From: Gabe 
Date: Tue, 1 Dec 2015 06:45:59 -0700
Subject: [PATCH] Migrate wget references and usage to curl

https://fedorahosted.org/freeipa/ticket/5458
---
 freeipa.spec.in|  4 ++--
 ipa-client/ipa-install/ipa-client-install  |  2 +-
 ipaplatform/base/paths.py  |  2 +-
 ipaplatform/redhat/services.py |  8 
 ipaserver/advise/plugins/legacy_clients.py | 14 +++---
 ipatests/test_integration/test_advise.py   | 10 +-
 6 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index a60d9b63f363773b6ca1b0969fa56b369a94092f..0d022a915bb89245c96ab9c02e10a41b38646a9c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -262,7 +262,7 @@ Requires: ntp
 Requires: krb5-workstation
 Requires: authconfig
 Requires: pam_krb5
-Requires: wget
+Requires: curl
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.13.1
@@ -330,7 +330,7 @@ Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico >= 1.2.3
 Requires: python-sss-murmur
-Requires: wget
+Requires: curl
 Requires: dbus-python
 Requires: python-setuptools
 Requires: python-six
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 05a550b11e74db84e46a126798c4db728226865c..2437bb0bc8247a447da99e663bdf39b9fd8cfa61 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1919,7 +1919,7 @@ def get_ca_certs_from_http(url, warn=True):
 root_logger.debug("trying to retrieve CA cert via HTTP from %s", url)
 try:
 
-stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
+stdout, stderr, rc = run([paths.BIN_CURL, "-o", "-", url])
 except CalledProcessError as e:
 raise errors.NoCertificateError(entry=url)
 
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 9ee488f9fdef19cb409752d66775bcbee6665ba8..762a38136e6c612767705389ee667b6f2ddab397 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -179,7 +179,7 @@ class BasePathNamespace(object):
 SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
 BIN_TIMEOUT = "/usr/bin/timeout"
 UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
-BIN_WGET = "/usr/bin/wget"
+BIN_CURL = "/usr/bin/curl"
 ZIP = "/usr/bin/zip"
 BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
 BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 0902215a56191032a1a65d0c2d05ddd5b7dab67f..7f9e85e37f8f6aac3d20874e04fe5576ed426e3c 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -213,10 +213,10 @@ class RedHatCAService(RedHatService):
 }
 
 args = [
-paths.BIN_WGET,
-'-S', '-O', '-',
-'--timeout=30',
-'--no-check-certificate',
+paths.BIN_CURL,
+'-i', '-o', '-',
+'--connect-timeout 30',
+'-k',
 url
 ]
 
diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py
index e673cb45f58901ddee70a0ec6cea62531bba965b..b6e1fc5a1549787fbe2805b0297d79211ae21d77 100644
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -51,13 +51,13 @@ class config_base_legacy_client(Advice):
 'cacertdir_rehash?format=txt')
 self.log.comment('Download the CA certificate of the IPA server')
 self.log.command('mkdir -p -m 755 /etc/openldap/cacerts')
-self.log.command('wget http://%s/ipa/config/ca.crt -O '
+self.log.command('curl http://%s/ipa/config/ca.crt -o '
  '/etc/openldap/cacerts/ipa.crt\n' % api.env.host)
 
 self.log.comment('Generate hashes for the openldap library')
 self.log.command('command -v cacertdir_rehash')
 self.log.command('if [ $? -ne 0 ] ; then')
-self.log.command(' wget "%s" -O cacertdir_rehash ;' % cacertdir_rehash)
+self.log.command(' curl "%s" -o cacertdir_rehash ;' % cacertdir_rehash)
 self.log.command(' chmod 755 ./cacertdir_rehash ;')
 self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;')
 self.log.command('else')
@@ -98,7 +98,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
 self.check_compat_plugin()
 
 self.log.comment('Install required packages via yum')
-self.log.command('yum install -y sssd authconfig wget openssl\n')
+self.log.command('yum install -y sssd authconfig curl openssl\n')
 
 self.configure_ca_cert()

Re: [Freeipa-devel] [PATCH 0066] Migrate wget references to curl

Re: [Freeipa-devel] [PATCH 0066] Migrate wget references to curl

Re: [Freeipa-devel] [PATCH 0066] Migrate wget references to curl

[Freeipa-devel] [PATCH 0066] Migrate wget references to curl

4 matches

Site Navigation

Mail list logo

Footer information