[Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode
Florence Blanc-Renaud
frenaud at redhat.com
Wed Jun 29 11:14:48 UTC 2016
On 06/29/2016 01:04 PM, Martin Basti wrote:
>
>
> On 28.06.2016 16:57, Florence Blanc-Renaud wrote:
>> On 06/28/2016 11:05 AM, Martin Basti wrote:
>>>
>>>
>>> On 28.06.2016 10:51, Florence Blanc-Renaud wrote:
>>>> On 06/27/2016 10:18 PM, Rob Crittenden wrote:
>>>>> Florence Blanc-Renaud wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> thanks for your suggestions. Updated patch attached.
>>>>>> Flo.
>>>>>>
>>>>>
>>>>> The invocation in ipactl should say server, not client.
>>>>>
>>>>> Otherwise LGTM (untested).
>>>>>
>>>>> rob
>>>>
>>>> Hi all,
>>>>
>>>> thanks to Rob for catching the typo.
>>>> Patch with updated message is attached,
>>>> Flo.
>>>>
>>>>
>>>
>>> Thank you for the patch I have two comments:
>>>
>>> 1)
>>> + except Exception:
>>> + # Consider that the host is not fips-enabled if the file does
>>> not exist
>>> + pass
>>>
>>> exceptions should be as much specific as possible, otherwise it may mask
>>> real issues
>>> please use 'except IOError' if you want catch the case that file does
>>> not exist
>>>
>>> 2)
>>> in replicainstall.py and install.py please raise exception
>>> (RuntimeError) instead of sys.exit() to keep proper logging, cleanup,
>>> etc.
>>>
>>> Sys.exit() should not be used in modules, it is hard to debug etc. It
>>> can be used only in scripts (ipa-client-install, ipa-replica-manage,
>>> etc..)
>>>
>>> Martin^2
>>
>> Hi,
>>
>> hopefully converging with this updated patch :)
>> Thanks for all the comments, I'm learning tips with each iteration.
>>
>> Flo.
>>
> I propose following changes (in attached patch). If you agree I can
> squash patches and push it.
>
> Martin^2
Hi Martin,
thanks for the proposal, OK for me.
Flo.
More information about the Freeipa-devel
mailing list