From e263cb46cba604421d5ed2e1dbf5dd1d66ce0221 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mar 22 2017 13:58:18 +0000 Subject: httpinstance: clean up /etc/httpd/alias on uninstall Restore cert8.db, key3.db, pwdfile.txt and secmod.db in /etc/httpd/alias from backup on uninstall. Files modified by IPA are kept with .ipasave suffix. https://pagure.io/freeipa/issue/4639 Reviewed-By: Martin Babinsky --- diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 6c89e77..f1410e5 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -169,6 +169,19 @@ class NSSDatabase(object): new_mode = filemode os.chmod(path, new_mode) + def restore(self): + for filename in NSS_FILES: + path = os.path.join(self.secdir, filename) + backup_path = path + '.orig' + save_path = path + '.ipasave' + try: + if os.path.exists(path): + os.rename(path, save_path) + if os.path.exists(backup_path): + os.rename(backup_path, path) + except OSError as e: + root_logger.debug(e) + def list_certs(self): """Return nicknames and cert flags for all certs in the database diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 9f340b8..0ca9713 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -234,6 +234,9 @@ class CertDB(object): backup=True) self.set_perms(self.passwd_fname, write=True) + def restore(self): + self.nssdb.restore() + def list_certs(self): """ Return a tuple of tuples containing (nickname, trust) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index ca3bcc8..f6f0b0c 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -555,6 +555,9 @@ class HTTPInstance(service.Service): ca_iface.Set('org.fedorahosted.certmonger.ca', 'external-helper', helper) + db = certs.CertDB(self.realm, paths.HTTPD_ALIAS_DIR) + db.restore() + for f in [paths.HTTPD_IPA_CONF, paths.HTTPD_SSL_CONF, paths.HTTPD_NSS_CONF]: try: self.fstore.restore_file(f)