[Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode
Florence Blanc-Renaud
frenaud at redhat.com
Tue Jun 28 14:57:35 UTC 2016
On 06/28/2016 11:05 AM, Martin Basti wrote:
>
>
> On 28.06.2016 10:51, Florence Blanc-Renaud wrote:
>> On 06/27/2016 10:18 PM, Rob Crittenden wrote:
>>> Florence Blanc-Renaud wrote:
>>>> Hi all,
>>>>
>>>> thanks for your suggestions. Updated patch attached.
>>>> Flo.
>>>>
>>>
>>> The invocation in ipactl should say server, not client.
>>>
>>> Otherwise LGTM (untested).
>>>
>>> rob
>>
>> Hi all,
>>
>> thanks to Rob for catching the typo.
>> Patch with updated message is attached,
>> Flo.
>>
>>
>
> Thank you for the patch I have two comments:
>
> 1)
> + except Exception:
> + # Consider that the host is not fips-enabled if the file does
> not exist
> + pass
>
> exceptions should be as much specific as possible, otherwise it may mask
> real issues
> please use 'except IOError' if you want catch the case that file does
> not exist
>
> 2)
> in replicainstall.py and install.py please raise exception
> (RuntimeError) instead of sys.exit() to keep proper logging, cleanup, etc.
>
> Sys.exit() should not be used in modules, it is hard to debug etc. It
> can be used only in scripts (ipa-client-install, ipa-replica-manage, etc..)
>
> Martin^2
Hi,
hopefully converging with this updated patch :)
Thanks for all the comments, I'm learning tips with each iteration.
Flo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-frenaud-0008-4-Do-not-allow-installation-in-FIPS-mode.patch
Type: text/x-patch
Size: 5261 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160628/d4dd83dc/attachment.bin>
More information about the Freeipa-devel
mailing list