[Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode
Martin Basti
mbasti at redhat.com
Wed Jun 29 11:04:48 UTC 2016
On 28.06.2016 16:57, Florence Blanc-Renaud wrote:
> On 06/28/2016 11:05 AM, Martin Basti wrote:
>>
>>
>> On 28.06.2016 10:51, Florence Blanc-Renaud wrote:
>>> On 06/27/2016 10:18 PM, Rob Crittenden wrote:
>>>> Florence Blanc-Renaud wrote:
>>>>> Hi all,
>>>>>
>>>>> thanks for your suggestions. Updated patch attached.
>>>>> Flo.
>>>>>
>>>>
>>>> The invocation in ipactl should say server, not client.
>>>>
>>>> Otherwise LGTM (untested).
>>>>
>>>> rob
>>>
>>> Hi all,
>>>
>>> thanks to Rob for catching the typo.
>>> Patch with updated message is attached,
>>> Flo.
>>>
>>>
>>
>> Thank you for the patch I have two comments:
>>
>> 1)
>> + except Exception:
>> + # Consider that the host is not fips-enabled if the file does
>> not exist
>> + pass
>>
>> exceptions should be as much specific as possible, otherwise it may mask
>> real issues
>> please use 'except IOError' if you want catch the case that file does
>> not exist
>>
>> 2)
>> in replicainstall.py and install.py please raise exception
>> (RuntimeError) instead of sys.exit() to keep proper logging, cleanup,
>> etc.
>>
>> Sys.exit() should not be used in modules, it is hard to debug etc. It
>> can be used only in scripts (ipa-client-install, ipa-replica-manage,
>> etc..)
>>
>> Martin^2
>
> Hi,
>
> hopefully converging with this updated patch :)
> Thanks for all the comments, I'm learning tips with each iteration.
>
> Flo.
>
I propose following changes (in attached patch). If you agree I can
squash patches and push it.
Martin^2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0000-FIPS-reviewer-proposed-changes.patch
Type: text/x-patch
Size: 1480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160629/4aacaad8/attachment.bin>
More information about the Freeipa-devel
mailing list