From 5bf6a39ceab02e0dca0626a556eadfe6a853a61a Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sep 23 2019 09:53:52 +0000 Subject: ipa-backup: backup the PKCS module config files setup by IPA ipa installer creates /etc/pkcs11/modules/softhsm2.module in order to disable global p11-kit configuration for NSS. This file was not included in the backups, and not restored. The fix adds the file to the list of files to include in a backup. Fixes: https://pagure.io/freeipa/issue/8073 Reviewed-By: Rob Crittenden Reviewed-By: Rob Crittenden --- diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index d626e2f..a279b5a 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -337,5 +337,10 @@ class BaseTaskNamespace(object): """ raise NotImplementedError + def get_pkcs11_modules(self): + """Return the list of module config files setup by IPA. + """ + return () + tasks = BaseTaskNamespace() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index b430340..d7495b8 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -745,4 +745,12 @@ class RedHatTaskNamespace(BaseTaskNamespace): return filenames + def get_pkcs11_modules(self): + """Return the list of module config files setup by IPA + """ + return tuple(os.path.join(paths.ETC_PKCS11_MODULES_DIR, + "{}.module".format(name)) + for name, _module, _disabled in PKCS11_MODULES) + + tasks = RedHatTaskNamespace() diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 099c5f5..ac82071 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -194,7 +194,7 @@ class Backup(admintool.AdminTool): ) + tuple( os.path.join(paths.IPA_NSSDB_DIR, file) for file in (certdb.NSS_DBM_FILES + certdb.NSS_SQL_FILES) - ) + ) + tasks.get_pkcs11_modules() logs=( paths.VAR_LOG_PKI_DIR,