[Freeipa-devel] Design document: Integration Improvements
Christian Heimes
cheimes at redhat.com
Fri Nov 11 17:45:11 UTC 2016
On 2016-11-11 18:33, Rob Crittenden wrote:
> Martin Basti wrote:
>> 2) if I understand correctly, you want to separate client installer code
>> and client CLI code. In past we had freeipa-admintools but it was
>> removed because it was really tightly bounded to installed client. Do
>> you want to revive it and make it independent?
>
> The admintools package consisted only of the ipa command so I don't see
> the relevance.
>
> This should have no impact on the installers. I think the only proposal
> is to ignore the IPA_CONFDIR variable in all installer contexts. I think
> I'd prefer it if it were simply wiped from the environment on startup of
> *install commands prior to bootstrap so it can't leak it at all.
With the latest patch, all installers, updaters and similar tools with
an exception when a IPA_CONFDIR env var is present. I have also
considered to fail for geteuid() == 0. On the other hand the env var is
useful for containered application and people sure love to run all their
containers as root.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20161111/a99628ea/attachment.sig>
More information about the Freeipa-devel
mailing list