[Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script
Endi Sukma Dewata
edewata at redhat.com
Fri Jun 3 04:45:43 UTC 2016
On 5/31/2016 11:45 PM, Fraser Tweedale wrote:
> G'day comrades,
>
> Please review the attached two patches, which...
>
> (Patch 0120)
>
> - provide for passing of configuration (from CS.cfg) to KeyRetriever
> implementations
>
> - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
> which executes a configured executable rather than a hardcoded one
>
> (Patch 0121)
>
> - remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
> repo
>
> Cheers,
> Fraser
ACK.
Separate issue. Instead of returning multiple binary attributes
delimited with 0 byte through standard output, it might be better to use
JSON file instead. So the command can be defined something like this:
features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key
-o {output}
The ExternalProcessKeyRetriever will replace the {output} with a
temporary file, then later parse the result from that file.
--
Endi S. Dewata
More information about the Pki-devel
mailing list