From b91c93e7b1738868675444f8150f4c3e7e71299d Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Oct 26 2018 21:03:20 +0000 Subject: Fixed default token normalization in initialization.py --- diff --git a/0001-Fixed-default-token-normalization-in-initialization..patch b/0001-Fixed-default-token-normalization-in-initialization..patch new file mode 100644 index 0000000..b79af16 --- /dev/null +++ b/0001-Fixed-default-token-normalization-in-initialization..patch @@ -0,0 +1,55 @@ +From 54edd1a7dd4e7e49bff4ef4fde15fc4d97802b00 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Fri, 26 Oct 2018 04:29:20 -0400 +Subject: [PATCH] Fixed default token normalization in initialization.py (#83) + +Previously the initialization.py did not normalize the default +token name in pki_self_signed_token which was blank. This caused +an error when installing an additional subsystem into the same +instance since the code could not find the existing internal +token password from the first subsystem installation. + +The code has been modified to normalize the default token name +into 'internal' such that it can find the existing internal token +password. + +https://pagure.io/dogtagpki/issue/3073 +--- + .../python/pki/server/deployment/scriptlets/initialization.py | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py +index 112c2e8e9..a75592736 100644 +--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py ++++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py +@@ -46,21 +46,26 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): + instance.load() + + internal_token = deployer.mdict['pki_self_signed_token'] ++ if not pki.nssdb.normalize_token(internal_token): ++ internal_token = pki.nssdb.INTERNAL_TOKEN_NAME + + # if instance already exists and has password, reuse the password + if internal_token in instance.passwords: ++ logger.info('Reusing server NSS database password') + deployer.mdict['pki_server_database_password'] = instance.passwords.get(internal_token) + + # otherwise, use user-provided password if specified + elif deployer.mdict['pki_server_database_password']: +- pass ++ logger.info('Using specified server NSS database password') + + # otherwise, use user-provided pin if specified + elif deployer.mdict['pki_pin']: ++ logger.info('Using specified PIN as server NSS database password') + deployer.mdict['pki_server_database_password'] = deployer.mdict['pki_pin'] + + # otherwise, generate a random password + else: ++ logger.info('Generating random server NSS database password') + deployer.mdict['pki_server_database_password'] = pki.generate_password() + + # generate random password for client database if not specified +-- +2.14.4 + diff --git a/pki-core.spec b/pki-core.spec index db5e713..6bf3573 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -16,7 +16,7 @@ ExcludeArch: s390 s390x %endif Version: 10.6.7 -Release: 2%{?_timestamp}%{?_commit_id}%{?dist} +Release: 3%{?_timestamp}%{?_commit_id}%{?dist} # global _phase -a1 # To create a tarball from a version tag: @@ -34,9 +34,10 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -# TODO: The following patch has landed in master and is necessary to fix +# TODO: The following patches have landed in master and are necessary to fix # FreeIPA integration. Please remove next time PKI is released. Patch1: tiran-fix-certutil-token.patch +Patch2: 0001-Fixed-default-token-normalization-in-initialization..patch ################################################################################ # NSS @@ -1602,6 +1603,12 @@ fi ################################################################################ %changelog +* Fri Oct 26 2018 Dogtag PKI Team - 10.6.7-3 +- Fixed default token normalization in initialization.py + +* Thu Oct 25 2018 Dogtag PKI Team - 10.6.7-2 +- Fixed missing token in verify_certificate_exists + * Thu Oct 04 2018 Dogtag PKI Team - 10.6.7-1 - Rebased to PKI 10.6.7