[Pki-devel] [PATCH] 713-716 Simplifying existing CA installation.

Endi Sukma Dewata edewata at redhat.com
Fri Apr 15 16:35:13 UTC 2016


On 4/15/2016 10:31 AM, Ade Lee wrote:
> ack on patches with a couple of small provisos.

Thanks!

> 1. Please ensure that IPA is not using the replaced parameters.  If so,
> create a ticket to give them heads-up that they are changing.

I revised patch #713 (see attachments) to add aliases instead of 
renaming the properties, so the existing properties are still working 
the same way. So now pki_pkcs12_path is an alias for 
pki_external_pkcs12_path.

I also verified that IPA is not using any these parameters yet.

Patch #714 has been rebased. The other patches are unchanged.

> 2. Make sure man pages do not documents these replaced parameters.  If
> so, fix them.  Otherwise add ticket to document these new parameters.
> Man page fix if necessary can be a separate patch.

We actually have a man page for pki_server_pkcs12_path to import 3rd 
party certificates, but it's used differently. Ideally we should merge 
all these PKCS #12 properties, but they are unchanged for now. In these 
patches I'm only adding aliases.

> 3. The last patch (716) moves a bunch of code to a different scriptlet.
>   Thats fine, but please encapsulate that code in a helper function.
>   The spawn() functions are already too massive and need to be
> refactored.

I'm planning to do that in a separate patch. There are methods in the 
nssdb module that can simplify that.

>
> Ade

-- 
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-edewata-0713-1-Added-PKCS-12-deployment-properties.patch
Type: text/x-patch
Size: 3962 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160415/b7dfef5f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-edewata-0714-1-Simplified-deployment-properties-for-existing-CA-cas.patch
Type: text/x-patch
Size: 10440 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160415/b7dfef5f/attachment-0001.bin>


More information about the Pki-devel mailing list