[Freeipa-devel] [freeipa PR#524][synchronized] Remove NSPRError exception from platform tasks

2017-03-01 Thread tiran 
   URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
 Title: #524: Remove NSPRError exception from platform tasks
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524
From 7ed05a05433cd3dd068da0f1212ac6496f46d49d Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 1 Mar 2017 11:19:08 +0100
Subject: [PATCH] Remove NSPRError exception from platform tasks

ipalib.x509 no longer raises NSPRError. PyCA cryptography raises
ValueError for invalid certs.

https://fedorahosted.org/freeipa/ticket/5695

Signed-off-by: Christian Heimes 
---
 ipaplatform/redhat/tasks.py | 8 
 ipaplatform/setup.py| 1 -
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 123595e..8f9b39b 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -33,12 +33,11 @@
 import traceback
 import errno
 
-from cffi import FFI
 from ctypes.util import find_library
 from functools import total_ordering
-
 from subprocess import CalledProcessError
-from nss.error import NSPRError
+
+from cffi import FFI
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
 
@@ -223,6 +222,7 @@ def reload_systemwide_ca_store(self):
 
 def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
 from ipalib import x509  # FixMe: break import cycle
+from ipalib.errors import CertificateError
 
 new_cacert_path = paths.SYSTEMWIDE_IPA_CA_CRT
 
@@ -252,7 +252,7 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
 issuer = x509.get_der_issuer(cert, x509.DER)
 serial_number = x509.get_der_serial_number(cert, x509.DER)
 public_key_info = x509.get_der_public_key_info(cert, x509.DER)
-except (NSPRError, PyAsn1Error, ValueError) as e:
+except (PyAsn1Error, ValueError, CertificateError) as e:
 root_logger.warning(
 "Failed to decode certificate \"%s\": %s", nickname, e)
 continue
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 6637830..501e2bc 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -45,7 +45,6 @@
 # "ipalib",  # circular dependency
 "ipapython",
 "pyasn1",
-"python-nss",
 "six",
 ],
 )
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#524][synchronized] Remove NSPRError exception from platform tasks

2017-03-01 Thread tiran 
   URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
 Title: #524: Remove NSPRError exception from platform tasks
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524
From 44ab7a6f56c3838dacb08156818ba641390ef38b Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 1 Mar 2017 11:19:08 +0100
Subject: [PATCH] Remove NSPRError exception from platform tasks

ipalib.x509 no longer raises NSPRError. PyCA cryptography raises
ValueError for invalid certs.

https://fedorahosted.org/freeipa/ticket/5695

Signed-off-by: Christian Heimes 
---
 ipaplatform/redhat/tasks.py | 11 +--
 ipaplatform/setup.py|  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 123595e..018e0bb 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -33,18 +33,17 @@
 import traceback
 import errno
 
-from cffi import FFI
 from ctypes.util import find_library
 from functools import total_ordering
-
 from subprocess import CalledProcessError
-from nss.error import NSPRError
+
+from cffi import FFI
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
 
 from ipapython.ipa_log_manager import root_logger, log_mgr
 from ipapython import ipautil
-import ipapython.errors
+from ipapython import errors
 
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
@@ -252,7 +251,7 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
 issuer = x509.get_der_issuer(cert, x509.DER)
 serial_number = x509.get_der_serial_number(cert, x509.DER)
 public_key_info = x509.get_der_public_key_info(cert, x509.DER)
-except (NSPRError, PyAsn1Error, ValueError) as e:
+except (PyAsn1Error, ValueError, errors.CertificateError) as e:
 root_logger.warning(
 "Failed to decode certificate \"%s\": %s", nickname, e)
 continue
@@ -407,7 +406,7 @@ def get_setsebool_args(changes):
 failed_vars.update(updated_vars)
 
 if failed_vars:
-raise ipapython.errors.SetseboolError(
+raise errors.SetseboolError(
 failed=failed_vars,
 command=' '.join(get_setsebool_args(failed_vars)))
 
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 6637830..501e2bc 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -45,7 +45,6 @@
 # "ipalib",  # circular dependency
 "ipapython",
 "pyasn1",
-"python-nss",
 "six",
 ],
 )
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code