From e934da09d5e738c735f874931dd1b54d79b3150b Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mar 28 2017 07:01:37 +0000 Subject: dogtag-ipa-ca-renew-agent-submit: fix the is_replicated() function dogtag-ipa-ca-renew-agent-submit behaves differently depending on the certificate it needs to renew. For instance, some certificates (such as IPA RA) are the same on all the hosts and the renewal is actually done only on the renewal master. On other nodes, the new cert is downloaded from LDAP. The function is_replicated() is returning the opposite as what it should. If the cert nickname is IPA RA, it should return that the cert is replicated but it doesn't, and this leads to a wrong code path to renew the cert. https://pagure.io/freeipa/issue/6813 Reviewed-By: Jan Cholasta --- diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index cc690b8..5782db7 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -119,7 +119,7 @@ def is_renewable(): def is_replicated(): - return not get_nickname() + return bool(get_nickname()) def is_renewal_master():