Skip to content

Commit

Permalink
Update PKIDeployer.init_server_nssdb() to use self.instance
Browse files Browse the repository at this point in the history
  • Loading branch information
@edewata
edewata committed Aug 17, 2023
1 parent a387de3 commit d865f1f
Showing 1 changed file with 15 additions and 17 deletions.
32 changes: 15 additions & 17 deletions base/server/python/pki/server/deployment/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -493,48 +493,46 @@ def update_external_certs_conf(self, external_path):

def init_server_nssdb(self, subsystem):

instance = subsystem.instance

# Since 'certutil' does NOT strip the 'token=' portion of
# the 'token=password' entries, create a temporary server 'pfile'
# which ONLY contains the 'password' for the purposes of
# allowing 'certutil' to generate the security databases

pki_shared_pfile = os.path.join(instance.conf_dir, 'pfile')
pki_shared_pfile = os.path.join(self.instance.conf_dir, 'pfile')

logger.info('Creating password file: %s', pki_shared_pfile)
self.password.create_password_conf(
pki_shared_pfile,
self.mdict['pki_server_database_password'], pin_sans_token=True)
self.file.modify(instance.password_conf)
self.file.modify(self.instance.password_conf)

if not os.path.isdir(instance.nssdb_dir):
instance.makedirs(instance.nssdb_dir, exist_ok=True)
if not os.path.isdir(self.instance.nssdb_dir):
self.instance.makedirs(self.instance.nssdb_dir, exist_ok=True)

nssdb = pki.nssdb.NSSDatabase(
directory=instance.nssdb_dir,
directory=self.instance.nssdb_dir,
password_file=pki_shared_pfile)

try:
if not nssdb.exists():
logger.info('Creating NSS database: %s', instance.nssdb_dir)
logger.info('Creating NSS database: %s', self.instance.nssdb_dir)
nssdb.create()
finally:
nssdb.close()

if not os.path.islink(instance.nssdb_link):
instance.symlink(
instance.nssdb_dir,
instance.nssdb_link,
if not os.path.islink(self.instance.nssdb_link):
self.instance.symlink(
self.instance.nssdb_dir,
self.instance.nssdb_link,
exist_ok=True)

# Link /var/lib/pki/<instance>/<subsystem>/alias
# to /var/lib/pki/<instance>/alias

subsystem_nssdb_link = os.path.join(subsystem.base_dir, 'alias')

instance.symlink(
instance.nssdb_link,
self.instance.symlink(
self.instance.nssdb_link,
subsystem_nssdb_link,
exist_ok=True)

Expand All @@ -549,14 +547,14 @@ def init_server_nssdb(self, subsystem):
# set the initial NSS database ownership and permissions

pki.util.chown(
instance.nssdb_dir,
self.instance.nssdb_dir,
self.mdict['pki_uid'],
self.mdict['pki_gid'])
pki.util.chmod(
instance.nssdb_dir,
self.instance.nssdb_dir,
config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
os.chmod(
instance.nssdb_dir,
self.instance.nssdb_dir,
pki.server.DEFAULT_DIR_MODE)

# Always delete the temporary 'pfile'
Expand Down

0 comments on commit d865f1f

Please sign in to comment.