[Pki-devel] patch pushed - Re: patches for review - Bug 744207 - Key archival fails when KRA is configured with lunasa

Christina Fu cfu at redhat.com
Thu May 3 00:51:29 UTC 2012 

patch pushed to

DOGTAG_9_BRANCH

  kra]$ git push
Counting objects: 17, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (9/9), 976 bytes, done.
Total 9 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/pki.git
    98fed48..f103db3  DOGTAG_9_BRANCH ->  DOGTAG_9_BRANCH

JSS is to be in next build


On 05/01/2012 03:11 PM, John Magne wrote:
> ACK
>
> Patches address wrapping on Luna and improve error handling and logging.
>
>
>
> ----- Original Message -----
> From: "Christina Fu"<cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Tuesday, May 1, 2012 8:42:47 AM
> Subject: [Pki-devel] patches for review - Bug 744207 - Key archival fails when KRA is configured with lunasa
>
>
> Please review the following patches for Bug 744207 - Key archival fails when KRA is configured with lunasa:
>
> JSS:
> https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&context=patch&collapsed=&headers=1&format=raw
>
> DRM/KRA:
> https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&context=patch&collapsed=&headers=1&format=raw
>
> The JSS patch alone allows key archival (both RSA and ECC) to work with lunasa token
> where the lunasa token has to be KE-capable. Work done specifically on the following model:
> Model: Luna SA v5 w/ PED auth and CKE
> Part No: 908-000093-001
>
> The DRM/KRA patch are just some debugging to make recovery debugging easier with an addition of non-static salt.
> The recovery is not working currently, failing with wrapping operation during PBE creation:
> Bug 817423 - Key recovery fails when KRA is configured with lunasa
> which will be fixed at a later time.
>
> To test these patches for key archival on the said model of lunasa, one must turn on the prototype mode for recovery.
>
> thanks,
> Christina
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list