Re: [Freeipa-devel] [PATCH] 0087 uninstall: untrack lightweight CA certs

2016-07-12 Thread Petr Vobornik 
On 07/04/2016 10:18 AM, Martin Babinsky wrote:
> On 07/04/2016 05:10 AM, Fraser Tweedale wrote:
>> The attached patch fixes
>> https://fedorahosted.org/freeipa/ticket/6020
>>
>> Thanks,
>> Fraser
>>
>>
>>
> ACK.
> 

master:
* 88841a561922fd9a57f3c473833f2ff26c8061ec uninstall: untrack
lightweight CA certs

-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0087 uninstall: untrack lightweight CA certs

2016-07-04 Thread Martin Babinsky 

On 07/04/2016 05:10 AM, Fraser Tweedale wrote:

The attached patch fixes
https://fedorahosted.org/freeipa/ticket/6020

Thanks,
Fraser




ACK.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] 0087 uninstall: untrack lightweight CA certs

2016-07-03 Thread Fraser Tweedale 
The attached patch fixes
https://fedorahosted.org/freeipa/ticket/6020

Thanks,
Fraser
From 15cca8e108c6d47a647cbc1dc647dcecbf334b9d Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Mon, 4 Jul 2016 13:05:28 +1000
Subject: [PATCH] uninstall: untrack lightweight CA certs

Fixes: https://fedorahosted.org/freeipa/ticket/6020
---
 ipaserver/install/cainstance.py | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 
5e3e8c7f9a1845b82d23de589f804aa065387b38..070498fe8a394802ea55f848a268e2b6563ec472
 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1127,6 +1127,12 @@ class CAInstance(DogtagInstance):
 """
 super(CAInstance, self).stop_tracking_certificates(False)
 
+# stop tracking lightweight CA signing certs
+for request_id in certmonger.get_requests_for_dir(self.nss_db):
+nickname = certmonger.get_request_value(request_id, 'key-nickname')
+if nickname.startswith('caSigningCert cert-pki-ca '):
+certmonger.stop_tracking(self.nss_db, nickname=nickname)
+
 try:
 certmonger.stop_tracking(paths.HTTPD_ALIAS_DIR, nickname='ipaCert')
 except RuntimeError as e:
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code