[Freeipa-devel] [PATCH] 290 set cert_t context on some files for selfsign plugin

[Rob Crittenden]

Jenny Galipeau wrote:
> John Dennis wrote:
>> On 10/08/2009 05:22 PM, Rob Crittenden wrote:
>>> John Dennis wrote:
>>>> Thanks Rob. BTW, I was going to add a try/except block around that
>>>> code in selfsign and return a non-zero status if it fails. Do we have
>>>> predefined status codes I should be using?
>>>>
>>>
>>> I'm assuming you mean around the certs.next_serial() call?
>>
>> yes
>>
>>> Not really sure. This is really a "server blew up" sort of error, I'm
>>> not sure what the best thing to return to the client is in this case. I
>>> think something that says "the server is hosed, you can't fix it from
>>> there" sort of error would be nice. AFAIK we don't currently define such
>>> a beastie.
>>
>> Well, looking at errors.py it looks like it should be an 
>> ExecutionError in the 4000-4999 range. How about adding 
>> UnableToCompleteCertificateOperation as a generic error for any 
>> certificate operation we can't run to completion,
> It would also be nice to reference the log, as in "Please see mylog.log 
> for details."

Well, this is a pretty common, generic problem. We don't want to give 
too many specifics to a client. The assumption is that they'll go bug 
their administrator.

We could add the "See your system administrator" but that is truly 
annoying when you're the administrator trying to debug the problem. I 
myself have shouted any number of time "But I *am* the %#$@!@ system 
administrator" when presented with similar messages on other systems.

What we'll have to do is document somewhere that tracebacks can be found 
in the Apache error log.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091009/9bca7994/attachment.bin>