[Freeipa-devel] [PATCH 0075] Change group ownership of CRL publish directory
Simo Sorce
simo at redhat.com
Thu Jun 20 15:44:08 UTC 2013
On Thu, 2013-06-20 at 17:33 +0200, Martin Kosek wrote:
> On 06/20/2013 05:15 PM, Tomas Babej wrote:
> > Hi,
> >
> > Spec file modified so that /var/lib/ipa/pki-ca/publish/ is owned
> > by pkiuser group.
> >
> > https://fedorahosted.org/freeipa/ticket/3727
> >
> > Tomas
> >
>
> NACK. This won't fly. pkiuser is created by FreeIPA when server is installed,
> thus you cannot just simply change ownership in our spec file because in the
> time when package is installed or updated, pkiuser may not exist.
>
> I think you need to delete the %attr from spec file and set the correct
> ownership during ipa-{server,ca}-install. When CA is configured, we should also
> probably let ipa-upgradeconfig check this directory and amend when necessary
> (to fix affected IPA CA instances).
Probably even better to not create the directory via rpm at all, but
make ipa-ca-install create it and remove it when --uninstall is run.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list