URL: https://github.com/freeipa/freeipa/pull/1074 Author: stlaz Title: #1074: [Backport][ipa-4-6] ipa-pki-retrieve-key: ensure we do not crash Action: opened
PR body: """ This PR was opened automatically because PR #996 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1074/head:pr1074 git checkout pr1074
From 873c8e50f54359299aa6cb2a2676f963ee435755 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 23 Aug 2017 11:22:48 +1000 Subject: [PATCH] ipa-pki-retrieve-key: ensure we do not crash If ipa-pki-retrieve-key fails for some reason (which may be a "legitimate" reason, e.g. the server it is attempting to contact being offline), the program terminates with an uncaught exception, resulting in crash report. Catch all exceptions; if an exception gets raised, report the traceback and exit with nonzero status. Fixes: https://pagure.io/freeipa/issue/7115 --- install/tools/ipa-pki-retrieve-key | 42 +++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/install/tools/ipa-pki-retrieve-key b/install/tools/ipa-pki-retrieve-key index 505ed238ef..5056682c3c 100755 --- a/install/tools/ipa-pki-retrieve-key +++ b/install/tools/ipa-pki-retrieve-key @@ -4,29 +4,39 @@ from __future__ import print_function import os import sys +import traceback from ipalib import constants from ipalib.config import Env from ipaplatform.paths import paths from ipaserver.secrets.client import CustodiaClient -env = Env() -env._finalize() -keyname = "ca_wrapped/" + sys.argv[1] -servername = sys.argv[2] +def main(): + env = Env() + env._finalize() -service = constants.PKI_GSSAPI_SERVICE_NAME -client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys') -client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab') + keyname = "ca_wrapped/" + sys.argv[1] + servername = sys.argv[2] -# pylint: disable=no-member -client = CustodiaClient( - client_service='%s@%s' % (service, env.host), server=servername, - realm=env.realm, ldap_uri="ldaps://" + env.host, - keyfile=client_keyfile, keytab=client_keytab, - ) + service = constants.PKI_GSSAPI_SERVICE_NAME + client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys') + client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab') -# Print the response JSON to stdout; it is already in the format -# that Dogtag's ExternalProcessKeyRetriever expects -print(client.fetch_key(keyname, store=False)) + # pylint: disable=no-member + client = CustodiaClient( + client_service='%s@%s' % (service, env.host), server=servername, + realm=env.realm, ldap_uri="ldaps://" + env.host, + keyfile=client_keyfile, keytab=client_keytab, + ) + + # Print the response JSON to stdout; it is already in the format + # that Dogtag's ExternalProcessKeyRetriever expects + print(client.fetch_key(keyname, store=False)) + + +try: + main() +except BaseException: + traceback.print_exc() + sys.exit(1)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
