[Freeipa-devel] Reasons for not using certmonger DBus API
Jan Cholasta
jcholast at redhat.com
Wed Jul 23 08:33:24 UTC 2014
On 23.7.2014 10:12, Martin Kosek wrote:
> On 07/23/2014 09:56 AM, David Kupka wrote:
>> While solving ticket #4280 I noticed that we are messing with certmonger's
>> files right under its hands. That can lead to some unpleasant race condition
>> issues.
>> Is there any reason why not to call certmonger via DBus and ask it to stop
>> tracking the requests?
>
> +1 for using the dbus API. When I saw the hacky way of parsing certmonger
> internal configuration files in ipapython/certmonger.py, I suggested the dbus
> way as IMO it would not be difficult to implement, it would make us more future
> proof and it would remove intermittent problems like #4280.
I have already started using the API, e.g. for adding/removing of the CA
helper in cainstance. Word of warning, the API apparently does not
exercised much and there might be bugs (I found one causing certmonger
to segfault which Nalin promptly fixed).
>
> Certmonger API looked complete enough to pull this off:
> https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/api.txt
>
> If I am wrong, please tell me.
IIRC some of the properties in requests might not be accessible using
the API. But I'm not sure if this is true or if it affects us.
>
> Thanks,
> Martin
--
Jan Cholasta
More information about the Freeipa-devel
mailing list