[Pki-devel] [PATCH] 199 Added interactive subsystem installation.

Ade Lee alee at redhat.com
Tue Jan 8 20:25:42 UTC 2013 

More feedback:

1. What does python -u do?

In general, the code changes look fine.
Ade

On Tue, 2013-01-08 at 14:53 -0500, Ade Lee wrote:
> Some immediate feedback.
> 
> 1. We ought to have some code to ensure that only one invocation of
> pkispawn or pkidestroy is running at a time.  This is important for
> selinux.  Maybe this is a separate ticket.
> 
> 2. We should prompt for passwords twice and confirm that the passwords
> match (as they are not displayed).
> 
> 3. After all inputs are entered, it would be good to output something
> like "Starting installation ...".  It would also be good to print out
> the choices made, and allow them to go back and change them by typing
> "back" - just like DS does.
> 
> 4. Man page for pkispawn and pkidestroy needs to be updated.  Similarly
> for pkispawn -h.
> 
> 5. For subsystem type - entering something incorrect - like RAT for
> example, causes an unsightly traceback.
> 
> 6.  When installing a KRA, you are prompted for a security domain admin
> certificate --why?
> 
> 7.  When installing KRA (and OCSP and TKS), you need to be prompted for
> connection info to two CA's -- the security domain CA, and the issuing
> CA.  These need not be the same. 
> 
> 8. How do you handle the admin cert ie. whether to create a new admin or
> reuse the cert of an old admin?  I suspect this is related to question 6
> above.
> 
> 9.  It would be nice if the interactive script wrong out a config file
> (maybe with passwords XXX'ed out) after the install.
> 
> Looking at code next ...
> 
> 
> 
> 
> On Fri, 2013-01-04 at 05:11 +0700, Endi Sukma Dewata wrote:
> > On 1/3/2013 7:58 PM, Endi Sukma Dewata wrote:
> > > The pkispawn has been modified such that if there is no configuration
> > > file specified it will enter an interactive mode.
> > >
> > > Ticket #380
> > >
> > > The pkidestroy will be modified in a separate patch.
> > 
> > Nevermind. The new patch contains cleanups and the pkidestroy changes.
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list