Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script

On 5/31/2016 11:45 PM, Fraser Tweedale wrote: > G'day comrades, > > Please review the attached two patches, which... > > (Patch 0120) > > - provide for passing of configuration (from CS.cfg) to KeyRetriever > implementations > > - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever, > which executes a configured executable rather than a hardcoded one > > (Patch 0121) > > - remove pki-ipa-retrieve-key script; it is being moved to FreeIPA > repo > > Cheers, > Fraser ACK. Separate issue. Instead of returning multiple binary attributes delimited with 0 byte through standard output, it might be better to use JSON file instead. So the command can be defined something like this: features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key -o {output} The ExternalProcessKeyRetriever will replace the {output} with a temporary file, then later parse the result from that file.